Penetration Testing with Kali Linux - Brute Force Wordpress (WPSCAN)

How To Brute Force Wordpress in Kali Linux using Wpscan

kali linux tutorial wpscan k4linux

As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security and today in k4linux.com we will show you how to brute force Wordpress password in Kali Linux using Wpscan to checking your Password Strength.

Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.

As we now WPScan is a black box WordPress vulnerability scanner, and it is installed by default in kali linux we will use it for brute forcing wordpress.

We will use our wordpress platform that we already installed. If you have not already done visit our article: HowTo install Wordpress in localhost on Kali Linux.

To Start Open your terminal and start Xampp:

root@k4linux: /opt/lampp/lampp start

Now we need to Enumerate users, type in terminal

root@k4linux: wpscan -u 127.0.0.1/wordpress --enumerate u

Wpscan will automatically search the admin username.

Now Do wordlist password brute force on the username, type in terminal:

root@k4linux: wpscan --url 127.0.0.1/wordpress --wordlist /root/pass --username k4linux

--wordlist set the location of your Password Wordlist

--username set the administrator username that you have found

After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.

Efficiency of the Brute Force depend on how much strong is your wordlist and how many password contains it.

Watch the video tutorial for more explanation (Wpscan)

If you have encountered a problem or you have any questions or remarks please feel free to set a comment.

Source : Penetration Testing With Kali Linux - Brute Force Wordpress (WPSCAN)