Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.
My college has a website. And I simply wanted to find a vulnerability, exploit it, and post troll pictures on the front-page. While that’s not a very nice thing to do, but that’s irrelevant here. I knew the site ran wordpress, as my teacher vaguely recited in the webdev class.
So I googled “how to hack wordpress”, and after a couple results, I found a tool called “wpscan”, which examines a wordpress site and shows you a list of possible vulnerabilities.
It isn’t that simple though. The scan doesn’t automatically attack the website and magically understands what a script kiddie wants to do. It just puts out a list of possible issues.
Anyways, it gave me some pretty good info. The interesting bits for our story are…
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
“How we broke PHP, hacked Pornhub and earned $20,000”
Ubuntu forums hacked; 1.82M logins and email addresses stolen
Grep for forensic log parsing and analysis on Windows Server IIS
A cheat-sheet for password crackers
Windows privilege escalation guide
Help Net Security reviewed Acunetix 11