CMS WordPress vulnerbility Cyber Security Notes

CMS WordPress vulnerbility Cyber Security Notes

————————-
WORDPESS :- For creating a whole new website, you just need to drag and drop the site’s element only. You do not need to have very awesome knowledge of HTML, JS, PHP and all…. So you are just required to have a good knowledge of english and grammer.
WordPress also provides the CMS
——————————-

How to recognise the site is in wordpress

1. Wappalyser
2. add wp-admin or wp-login in the end of thr url
3. we will see “wp-content”, when we look up for the image location
Download WordPress —> www.wordpress.org —> 4.8
http://127.0.0.1/wordpress/wp-content/uploads/2017/11/bharti-210×300.jpg
Hacking into wordpress website
——————————
wpscan –> Inbuild tool for kali linux. Used for enumerating and scanning the WordPress Website.
http://wpvulndb.com/
https://www.exploit-db.com/search/?action=search&q=Wordpress&g-recaptcha-response=03AEMEkElbXryPzjQ4qO96WxcRtuAUiuH1kOQbLeoKXs_f0OcnjAkk2Ky1SMMf8UU974FBo5k2SAcl3_o_AthoC3rPANI-zfzDWdFlmb5I0D-NiSybekULcFSNddw5b5OIdjy8vXihyh9y3SV2giTsE-_tpi8eCayAmyXudMI9zlfjCNvTrrtAkQlkfiZbXci-9T6UBc29VeFXe3angg-vIlZ10spH6NGKa1CepUJ7gYcq2tAz9vtfTWGt6vFGUfn_GRBBu7lDhrNsK5xwzLcC2N4jQmnZefx4MA
#wpscan
 #wpscan –url 172.16.79.141/wordpress
#wpscan –url 172.16.79.141/wordpress –enumerate t –> to enumerate the data about theme
#wpscan –url 172.16.79.141/wordpress –enumerate p –> to enumerate the data about plugins
#wpscan –url 172.16.79.141/wordpress –enumerate u –> to enumerate the data about username
wpscan –url 172.16.79.141/wordpress –wordlist /usr/share/wordlists/rockyou.txt –username root   —-> for bruteforcing the password
wp-login changer —-> wp-admin —->
www.xyz.com/wp-admin —> login page
www.xyz.com/helloDudes.php

Login Limiter

—————————————————————————————————————————–
The OpenVAS (Open Vulnerability Assessment System) scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. OpenVAS is updated through the Network Vulnerability Tests (NVTs) feed. It is pre-installed in Kali 2.0 (2015) version. It uses Greenbone Security Assessment as the Control Authority of it. It is also listed in the best Network Scanning Report Generation tools.
Scan Types :
= Full Scan for a full test of network, server and web application vulnerabilities.
= Web Server Scan a more focused test for web server and web application vulnerabilities.
= WordPress Scan testing for known WordPress vulnerabilities and web server issues.
= Joomla Scan testing for known Joomla vulnerabilities and web server issues.
Running OpenVAS
===============
Requirements : Kali 2.0 (2015.1) , Iceweasel Browser, OpenVAS
———————————
BUFFER OVERFLOWS – https://www.youtube.com/watch?v=1S0aBV-Waeo
https://ufile.io/r5342

Follow Us On Cyber Point Solution Youtube Channel : Click Here

Follow Us on Social Platforms to get Updated : twiter,  facebookGoogle Plus

Learn More Ethical Hacking and Cyber Security click on this link. cyber security

Leave a Reply

Your email address will not be published. Required fields are marked *