WordPress for Pentesters
Learn how to enumerate and exploit WordPress CMS
Description
This course teaches you how to enumerate WordPress CMS.
Wordpress cms is one of most popular cms to build blogs , shopping websites and more
Wordpress comes with lot of 3rd party plugins and themes
so does vulnerabilities and misconfigurations
We need to know how hackers attack wordpress thus protecting ourself from the attacks
We will see how to enumerate and bruteforce with python , burp , wpscan , metasploit etc
tools like wpscan does awesome job at enumeration and also at bruteforce attacks thus testing our password security
Metasploit have some auxiliary scanners and wordpress exploits to test aganist wordpress
we can script our code in python to bruteforce the login credentials and hence some what faster than burp community edition
Burp professional edition have the option of multi threading thus testing passwords faster
but in this course we will not discuss about professional edition as it is not free
we will also get the reverse shell from the vulnerable wordpress machine
Bonus video includes how we attack a Drupal CMS using droopescan
we can use droopescan to scan wordpress , joomla , drupal , moodle etc
but for wordpress we better use wpscan first
later we see some try hack me writeup which involves pentesting wordpress cms and exploiting it
after this course you can try mrrobot room from tryhackme and test your skills
What You Will Learn!
- Enumerate WordPress
- Enumerate Users , Themes , Plugins in WordPress
- Bruteforce Attacks using XMLRPC , Python , BurpSuite and Hydra
- Bruteforce Attacks using Metasploit
- Exploit Themes , Plugins and Pop a Shell
- Shell Upload using Metasploit
Who Should Attend!
- Anyone who is interested in Pentesting
- Anyone who wants to learn how to pentest Wordpress or any other CMS