Hack WordPress Sites

Bruteforcing

Apr 14, 2018

WordBrutePress – A Multithreaded WordPress Bruteforcing Tool

WordBrutePress is a Python-based Multithreaded WordPress bruteforcing tool. Features: Multithreading XML-RPC brute force mode HTTP and https protocols support Random User Agent Big wordlist support Usage: Standard login request: python wordbrutepress.py -S -t http[s]://target.com[:port] -u username -w wordlist [–timeout in sec] Xml-rpc login request: python wordbrutepress.py -X -t http[s]://target.com[:port] -u username -w wordlist [–timeout in […]

root

Information Gathering

Jan 11, 2018

Plecost – WordPress Fingerprinting Tool

Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine. Installation Using Pypi: > python3 -m pip install plecost Remember that Plecost3 only runs in Python 3. Using Docker: You can run Plecost using Docker: > docker run –rm iniqua/plecost {ARGS} Where {ARGS} is any valid argument of Plecost. A real example could be: > […]

root

Incidents

Apr 12, 2017

Home Routers Used to Hack WordPress Sites

There’s a group of hackers who are hijacking unsecured home routers and using these devices to launch coordinated brute-force attacks on the administration panel of WordPress sites. The purpose of these attacks is for the hackers to guess the password for the admin account and take over the attacked site. The routers play a crucial […]

root