Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Reading Time: 1 Minute
It's only fair to share...
Share on Facebook2Tweet about this on TwitterShare on LinkedIn4Share on Google+3

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

Advertisement:

My college has a website. And I simply wanted to find a vulnerability, exploit it, and post troll pictures on the front-page. While that’s not a very nice thing to do, but that’s irrelevant here. I knew the site ran wordpress, as my teacher vaguely recited in the webdev class.

So I googled “how to hack wordpress”, and after a couple results, I found a tool called “wpscan”, which examines a wordpress site and shows you a list of possible vulnerabilities.

It isn’t that simple though. The scan doesn’t automatically attack the website and magically understands what a script kiddie wants to do. It just puts out a list of possible issues.

Anyways, it gave me some pretty good info. The interesting bits for our story are…

It's only fair to share...
Share on Facebook2Tweet about this on TwitterShare on LinkedIn4Share on Google+3

Advertisement:

Related:   XSS Vulnerability Affecting Multiple WordPress Plugins

Hi! Join the discussion, leave a reply!