what's up internet on here from Don does 30.com bringing you a hacking tutorial today on hacking WordPress websites using an updated method from prior examples that I gave and this is going to be a really good tutorial using a new tool by I guess new P called WP force it's a wordpress attack suite that not only helps you crack a password using a kind of dictionary attack group for scenario type thing but it also allows you to upload get this shells PHP shells are shells that you could use to kind of really get into the website and mess things up or you know because we're responsible hackers let the site owner know so the two previous wordpress tutorials thought i gave we have brute-forcing wordpress passwords and in an ever increasing security world people are using a lot of plugins so this new tool according to the author uses the API instead of the login form so it allows you to bypass a lot of the methods protection methods that these websites might have and also finding vulnerabilities to hack WordPress sites so these are the two previous ones that we showed you but this is the new tool that we're going to be using it's exciting so first we have to download the tool I haven't downloaded it yet this way it just kind of doing a fresh start for you guys or all on the same page and generally what I like to do I'm going to make a directory first called newbie and go into that directory oops of course if I could spell newbie all right and to get the to download it we're going to download it from github so get clone HTTPS and see github com and new P is actually spelled n 00 py so those aren't capital o's that's those are zeros and WP Force dot get and this will download all the files that we need now I set up a wordpress site on my test server so that way we could test this against that and it looks like it's downloading already or finished downloading already I should say so let's check it out so created a directory called WP force will go into that and it's just a couple of files not very many at all so the wp force is what we're going to be using to crack the password I guess this is your ttle Yertle is going to allow us to upload a shell using the hacked credentials so that way we get a shell back to our computer or watch we use an interactive shell for this example and 3d file read media files are always good to look at so you have an understanding of what's going on so this is what it's going to look like and let's see where the steps were the steps here we go I'll actually let's take a look at some of the features right so brute force via API which is what when I mentioned earlier so it can bypass some form protection login form protection automatically upload an interactive shell which is really cool can be used to spawn a full-featured reverse shell which is even better because this particular thing this tool will go ahead and utilize metasploit as kind of a extra extra options for you it's going to dump the wordpress password hashes if you tell it to backdoor authentication function for plaintext password collection which is pretty cool it's a keylogger inject beef hooks into all the pages which is really fun if you noticed on one of my other tutorials that there's an introduction to beef and how the beef hooks will go ahead and allow you to use the beef the browser exploitation commands and functions to do some cool stuff as well and then again pivot to an interpreter session if needed so we already went and installed everything and this is our usage for the wp force so as you can see it's a Python script it does require a user name list and a password list so if you have a word list of mine for your passwords that's awesome if you use maybe one of the other methods such as brute forcing the word for WordPress passwords or finding vulnerabilities if you go back to those tutorials you may be able to go ahead and enumerate some of the user names that you could use and then just the website the website name so let's get hacking but first of all like I said we're going to have to create some word lists and all that junk so some kind of ones or WordPress this is the admin so do administrate or WP admin admin super user I don't know web master site admin so these are usually some very common user names for an administrator sometimes they don't use their names they use just the general account so I'm just going to use these as an example I'm going to head we'll save that yes I do want to save it user dot txt and we'll do the same thing with passwords will do some common passwords will say password let's not use that one I'll show you why in a minute so we'll do a pass 123 let me in wordpress password password password 123 no no that's probably good right I mean you could do as many passwords as you want and the more passwords you have in your password list probably the higher or you know your chances are going to be higher I'm cracking it so I'm just going to leave it to that will just use just a for this example because I already know what the username is password are so let's do it let's do Python and WP force not pie and see I already forgot this is why these files or readme files are so helpful so I and W and you so I user text IW past texts i wonder what the reason behind these naming conventions work alright so don test server com WP big easy because it's going to be a big easy hack alright so we just run the script will let it run it looks like I've got about a pretty decent combination of username and passwords again you could have millions of passwords millions of usernames it's going to go through and try each one so again because I knew the credentials I purposely put them into the username and password file it found valid credentials and the account is admin so this is perfect because this is a very shitty username and password easily crackable obviously but this is great for our example so we're going to use these credentials right here to upload that interactive shell so now we have to go back to that help file we'll take a look at your toll just like saying that you for username p for password t4 I guess target and this will use that ready ready ready ready alright so Python ear it'll would we say user name was admin password was password target use the target again Don test server calm and WordPress Big Easy i almost put big easy hack all right now there's to let me do this so there's two options you can either do a reverse shell which i'm not going to get into because i'll get a million questions about for forwarding and shit like that i just don't have the time for those questions right now so we'll just do a interactive shell which is really cool because there's really not anything else to set up so well type all that credential stuff in again we'll do interactive to take a second and hopefully we get a positive response from Yertle and we have a shell set up fingers crossed all right perfect so the back door was uploaded yeah I guess here's a temporary upload directory to where it uploads and we have our shell so first thing I like to do is either type in help or ? to find out what we could do so in this case its technical ? and enter and here the command so ? is our help menu the beef command injects a beef hook into the website exit exit the session hash dump dumps all the word wordpress password hashes help was again the help menu the keylogger again now this will log any type of plaintext credentials that might come through so if you see a wordpress site that doesn't have encryption which there are many out there to where the username and login form screen doesn't have encryption it gives you basically the option of logging those passwords and that goes for site users as well and then you check the key log you could tap an interpreter session to connect back to metasploit quit again terminates the session you can set up a shell the that'll send a tcp reverse shell to a net cat listener and i'm not getting into reverse shells right now for obvious reasons but let's just for shits and gigs will set up a keylogger this modifies the core sure let's modify the core whatever alright so the sign-in function is patched do not run this more than once apparently and use key log to check the log file so as people are logging in with their plaintext passwords we'll go ahead and lock that so we have other users just besides the admin that we could come back and get into as well so anyway cool tool by new p thumbs up for me awesome way to get around some of the login protections that WordPress is now implementing and yeah test it out try it download it from github try a couple things if there's anything that you like specifically about it put it down in the comments anything that you hate about it put it down the comments and I'll talk to you guys later
0 Comments