O'Reilly logo

Kali Linux Intrusion and Exploitation Cookbook by Ishan Girdhar, Dhruv Shah

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cracking HTTP logins using custom wordlist

We saw that Stapler had a web application running on port 12380, with WordPress hosted. In this recipe, we are going to look at how to perform password-cracking attacks on the login panel of WordPress. The tool we will be using in this case is WPScan.

Getting ready

WPScan is a WordPress scanner. It has many functionalities, such as enumerating WordPress version, vulnerable plugins, listing available plugins, wordlist-based password cracking.

How to do it...

  1. We will first enumerate the available WordPress logins using the enumerate user script. Enter the following command in the terminal:
    wpscan -u https://<IP address>:12380/blogblog/ --enumerate u
    

    The output will be as shown in the following screenshot:

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required