Wordpress

Manual Enumeration

# Confirm that it is a wordpress site
curl -s <http://blog.sitet.local> | grep WordPress

# Check installede themes
curl -s <http://blog.site.local/> | grep themes

# Check for plugins installed
curl -s <http://blog.site.local/> | grep plugins

WPScan

# Normal Scan 
sudo wpscan --url <http://blog.site.local> --enumerate --api-token dEOFB<SNIP>

# brute forcing with xmlrpc type
sudo wpscan --password-attack xmlrpc -t 20 -U john -P /usr/share/wordlists/rockyou.txt --url <http://blog.site.local>

Attacking Wordpress

Login Bruteforce

Code Execution

PreviousCMS (Content Management System)NextJoomla

Last updated