WordPress is the most popular CMS in the world. Previously we have talked more bout WordPress on our WPScan article, we can find vulnerabilities on WordPress sites using WPScan. But what if there are no vulnerabilities. It is possible in many cases that there are no vulnerabilities (or harmless vulnerabilities) found by WPScan. Then what to do?
As a cybersecurity expert we need to check all the possibilities. So if WPScan fails then we should check the low quality username and passwords. If admin/user using low quality credentials then we can easily find out them by brute forcing it.
In today’s article we are going to learn how we can brute force any WordPress admin login.
To do this we are going to use a WP Crack Tool WordPress-Brute-Force. This ia python script which is on GitHub and we need to clone it from GitHub by using following command:
git clone https://github.com/22XploiterCrew-Team/WordPress-Brute-Force
After cloning this script we need to go inside the directory this by using cd command:
cd WordPress-Brute-Force
Now we are in the directory now we can run WpCrack.py script but before that we give executable permission by using following command:
chmod +x WpCrack.py
Now we can run this tool. But wait, this is a brute force attack
Source: Read More