Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.
My college has a website. And I simply wanted to find a vulnerability, exploit it, and post troll pictures on the front-page. While that’s not a very nice thing to do, but that’s irrelevant here. I knew the site ran wordpress, as my teacher vaguely recited in the webdev class.
So I googled “how to hack wordpress”, and after a couple results, I found a tool called “wpscan”, which examines a wordpress site and shows you a list of possible vulnerabilities.
It isn’t that simple though. The scan doesn’t automatically attack the website and magically understands what a script kiddie wants to do. It just puts out a list of possible issues.
Anyways, it gave me some pretty good info. The interesting bits for our story are…
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.
A cheat-sheet for password crackers
Windows privilege escalation guide
Help Net Security reviewed Acunetix 11
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Penetration Testers’ Guide to Windows 10 Privacy & Security
Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit
Samsung’s smart camera. A tale of IoT & network security
“How we broke PHP, hacked Pornhub and earned $20,000”