I would be using Metasploit to do so. I assume the attacker by
any means comes to know your username and he bruteforces it against some
word-list.
So, starting up the msfconsole on the terminal as:
Here we are concerned with WordPress auxiliary module that’s already present in Metasploit. Just use it as shown below:
Type in ‘show options‘ to check out the whole lot of options available.
Since I am performing this in under test environment on localhost, I will be using RHOST as 127.0.0.1, USERNAME as admin and RPORT as 2145. Also I created a sample wordlist file named pass.txt which looks something like:
Next, I will be setting the options, which you can see it below:
All done. Typing ‘exploit‘ and pressing ‘Enter‘ starts the bruteforce and we can see that the password has been successfully been found out.
Cool!
We have successfully found out the wordpress admin’s password.
Therefore it means a lot keeping strong passwords else it takes minutes
or even seconds to crack the weaker ones.
I hope this post was worth liking. Do post in your comments and suggestions. Thank you all.
So, starting up the msfconsole on the terminal as:
Here we are concerned with WordPress auxiliary module that’s already present in Metasploit. Just use it as shown below:Type in ‘show options‘ to check out the whole lot of options available.Since I am performing this in under test environment on localhost, I will be using RHOST as 127.0.0.1, USERNAME as admin and RPORT as 2145. Also I created a sample wordlist file named pass.txt which looks something like:Next, I will be setting the options, which you can see it below:All done. Typing ‘exploit‘ and pressing ‘Enter‘ starts the bruteforce and we can see that the password has been successfully been found out.Cool!
We have successfully found out the wordpress admin’s password.
Therefore it means a lot keeping strong passwords else it takes minutes
or even seconds to crack the weaker ones.I hope this post was worth liking. Do post in your comments and suggestions. Thank you all.
Post a Comment