————————-

WORDPESS :- For creating a whole new website, you just need to drag and drop the site’s element only. You do not need to have very awesome knowledge of HTML, JS, PHP and all…. So you are just required to have a good knowledge of english and grammer.

WordPress also provides the CMS

——————————-

1. Wappalyser

2. add wp-admin or wp-login in the end of thr url

3. we will see “wp-content”, when we look up for the image location

Download WordPress —> www.wordpress.org —> 4.8

http://127.0.0.1/wordpress/wp-content/uploads/2017/11/bharti-210×300.jpg

Hacking into wordpress website

——————————

wpscan –> Inbuild tool for kali linux. Used for enumerating and scanning the WordPress Website.

http://wpvulndb.com/

https://www.exploit-db.com/search/?action=search&q=Wordpress&g-recaptcha-response=03AEMEkElbXryPzjQ4qO96WxcRtuAUiuH1kOQbLeoKXs_f0OcnjAkk2Ky1SMMf8UU974FBo5k2SAcl3_o_AthoC3rPANI-zfzDWdFlmb5I0D-NiSybekULcFSNddw5b5OIdjy8vXihyh9y3SV2giTsE-_tpi8eCayAmyXudMI9zlfjCNvTrrtAkQlkfiZbXci-9T6UBc29VeFXe3angg-vIlZ10spH6NGKa1CepUJ7gYcq2tAz9vtfTWGt6vFGUfn_GRBBu7lDhrNsK5xwzLcC2N4jQmnZefx4MA

#wpscan

 #wpscan –url 172.16.79.141/wordpress

#wpscan –url 172.16.79.141/wordpress –enumerate t –> to enumerate the data about theme

#wpscan –url 172.16.79.141/wordpress –enumerate p –> to enumerate the data about plugins

#wpscan –url 172.16.79.141/wordpress –enumerate u –> to enumerate the data about username

wpscan –url 172.16.79.141/wordpress –wordlist /usr/share/wordlists/rockyou.txt –username root   —-> for bruteforcing the password

wp-login changer —-> wp-admin —->

www.xyz.com/wp-admin —> login page

www.xyz.com/helloDudes.php

—————————————————————————————————————————–

The OpenVAS (Open Vulnerability Assessment System) scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. OpenVAS is updated through the Network Vulnerability Tests (NVTs) feed. It is pre-installed in Kali 2.0 (2015) version. It uses Greenbone Security Assessment as the Control Authority of it. It is also listed in the best Network Scanning Report Generation tools.

Scan Types :

= Full Scan for a full test of network, server and web application vulnerabilities.

= Web Server Scan a more focused test for web server and web application vulnerabilities.

= WordPress Scan testing for known WordPress vulnerabilities and web server issues.

= Joomla Scan testing for known Joomla vulnerabilities and web server issues.

Running OpenVAS

===============

Requirements : Kali 2.0 (2015.1) , Iceweasel Browser, OpenVAS

———————————

BUFFER OVERFLOWS – https://www.youtube.com/watch?v=1S0aBV-Waeo

https://ufile.io/r5342