Watch me hack a WordPress website..
In this video, I hacked a WordPress blog!
$1000 OFF your Cyber Security Springboard Boot camp with my code TECHRAJ. See if you qualify for the JOB GUARANTEE! 👉 https://www.springboard.com/landing/influencer/techraj/?utm_medium=influencer&utm_source=techraj&utm_campaign=csc2&utm_term=paid&utm_content=revewyoutubevideo
I first enumerate the directories of the website that lead me to the WordPress login page, and then I enumerate the users of the blog. Performing a dictionary attack revealed the password of one of the user which enabled me to get an initial foothold on the blog. From there, I exploit a WordPress vulnerability to escalate my privileges and ultimately take over the whole website. How easy!
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
Join my Discord: https://discord.gg/6TjBzgt
Follow me on Instagram: https://instagram.com/teja.techraj
Website: https://techraj156.com
Blog: https://blog.techraj156.com
Thanks for watching!
SUBSCRIBE for more videos!
by Tech Raj
linux web server
What’s that JSON viewer?
This guy: installs extension to make sure its wordpress
Me: Just looks at it and insepcts the source and just knows its wordpress
Not putting you down but I just thought it was funny
There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff
what stopped you from just changing the hash once u had database access?
You could have swapped the password hashes over from kwheel to bjoel in mysql to to login as bjoel, ID 1 is almost always an admin.
Good job, but any wordpress dev worth their salt would have blocked user and directory enumeration.
no devs are gonna leave those sort of bins for your the sake of your privilege escalation, but sure, nice video before that.
Sir attack start hote hi website down ho jata he
does wp-login only accept 7 times password guessing tries?
I tried it and I can get unlimited tries.
Everything else was realistic except the Linux privilege escalation part. Like what's the probability of finding something like this checker binary file which sets the uid to 0.
Great video. Learned a lot
Another wordlist bruteforce crap. Btw, you can hack wp without any tool, its so vulnerable that you cant imagine.
you can also update the wp-login.php file to log the password in plain text file and after logging either an email can be sent using wp_mail or an api endpoint of your own server can be called with the logged credentials.
awesome way to promote sponsor courses 😂
WARNING : USE SPONSERBLOCK ADDON ON YOUR BROWSER CHROME OR FIREFOX
Pro tip,
Keep the old password hash so that you change it back when you are done
if target wordpress website is not oldy and has no vulnerability then try to find exploit in plugins.all wordress websites at least depends on some shitty plugin
I havent thought I will watch the full video.. But suddenly you finished your task 🫥😂👌
Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.
25:57 can't you just use "kwheel" hashed password? Rather than generating new one.
Using wordlist? Super! If I set my password like this: "SAisad444štč886čw+" – You NEVER found it via wordlist. Wordlist is stupid way to hack no only WordPress, but everything. Oh god..
Script kiddie lol
You earned a new sub, I'm a reverse engineer and have little knowledge to pentesting. You make it really interesting and clear!
great video
This will never work in reality :)))
Great video, but what was your next step gonna be if xmlrpc was disabled?