Watch me hack a Wordpress website..
VloĆŸit
- Äas pĆidĂĄn 9. 06. 2024
- In this video, I hacked a Wordpress blog!
$1000 OFF your Cyber Security Springboard Boot camp with my code TECHRAJ. See if you qualify for the JOB GUARANTEE! đ www.springboard.com/landing/i...
I first enumerate the directories of the website that lead me to the Wordpress login page, and then I enumerate the users of the blog. Performing a dictionary attack revealed the password of one of the user which enabled me to get an initial foothold on the blog. From there, I exploit a Wordpress vulnerability to escalate my privileges and ultimately take over the whole website. How easy!
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.comâââââ
Blog: blog.techraj156.com
Thanks for watching!
SUBSCRIBE for more videos! - VÄda a technologie
Pro tip,
Keep the old password hash so that you change it back when you are done
đđ
thanks black collar stuff
"billy" joel and karen "wheeler" - hmm "strange things" happening
lol this was very fun to watch! Always loved your fresh content!
As someone who has limited knowledge on web hosting I've used Wordpress a lot in the past. The idea that it's this simple to get a list of all usernames and hack into the website is quite interesting. I really appreciate you uploading this. Subbed.
I havent thought I will watch the full video.. But suddenly you finished your task đ«„đđ
Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.
Simply amazing... got to know many things about the insights of how some things work!
Once you got into the db you couldve literally just changed the account to an admin, or just change the admins password. no need for hashcat at that point
True. But I was also trying to escalate privileges on the machine and not just get admin on the blog. But I agree the hashcat part was unnecessary.
â@@TechRaj156
Perfect
â@@TechRaj156depends on the objective. Many times people use the same email and password on other sites so if you crack the leaked hashes, the same credentials could be attempting on the other sites.
â@@TechRaj156 ltrace however is not installed by default on all distros
Was just about to comment the same thing đđ
There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff
This kind of videos we need keep making this kind of videos
why didnt you use sudo -l when you were trying to root?
I may sound like a simpleton and compared to you I am but since you say you are trying to help people protect themselves, as a Wordpress user, what would be your most valuable tips to give, this video is too advanced for most people, but if you could give a list of say, the 10 or 20 most valuable techniques to protect yourself from most common attacks, or something like that...If you have time and feel like it... Subscribed, very informative, thanks!
Do you have to be a root user to change values in a db? Just curious because then the other steps are not necessary
wpscan gives various vulnerabilities available in different plugins of the websites but can't find poc of them. Please guide
Awesome job amazing content :)
It so willingly reveals everything
Great Video đđ»
You do not quit youtube
dear at 20:06 you have database access you can just create new admin user in database
But the goal could also have been to stay hidden for further investigation, so a new user would rise way more suspicion. đ€·ââđ
Moreover the password recovered from wordpress site can also be used in emails or at other places, including the sudo user in the bash
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
@@digitzero3613 no, he can change the WordPress admin account password, no restriction can be put in a MySQL user to prevent changing the data of a specific row of a table, MySQL user can only be restricted from updating the entire database.
Beside the user mentioned in wp-config is the one that creates all the table in the place, that's the only db user WordPress know and that's the only user WordPress will use to update the password when the admin user chooses to change the password from WordPress's dashboard
Whatâs that JSON viewer?
Can you explain how did you gain root access again?
Does it work on the latest version?
Amazing !!
if target wordpress website is not oldy and has no vulnerability then try to find exploit in plugins.all wordress websites at least depends on some shitty plugin
Are u using a window manager or is it a kali theme
It looks like Kali
Bro come back
Not a real hacking in real time btw ! @Tech Raj.
This was pre-setup for the video
Youre really good ar your jobđ
what is the name of this softwere ?
If you already have access to the server, you should install the WP CLI, then create a new admin user or change the password of any user (of course I don't want to leave any traces so I'll make a new user, then get what I need and delete all traces).
He can also update the wp-login.php file to log the password in plain text file and after logging either an email can be sent using wp_mail or an api endpoint of his own server can be called with the logged credentials, so whenever someone logs in again with the same user he gets a notification.
Nice but can you get cpanel also?
Can you guide what's the procedure to manually enumerate to find the user id? coz this method did not work
google it đ
Well if you got access the the second user, then when you got access to the wp_user table, you could have updated the first user encrypted password with the second user encrypted password and then access the admin user with the second user password...
That would be a smart move! But I was also trying to root the whole machine and not just get admin rights on the blog.
@TechRaj156 yeah I do understand for sure, but wordpress password encryption is based on the codes available in the config.php file which you accessed at the begining, so the password you generated at the website would not work in newer versions unless you create password on same keys in config or the easier path is to switch passwords or switch role to admin for the user account.. but still, you have done qn awesome work đ
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
Everything else was realistic except the Linux privilege escalation part. Like what's the probability of finding something like this checker binary file which sets the uid to 0.
Once you got access to the db, why didn't you just change the password?
All you need to do is clear the hash, type in the new password and hash it and boom you've got access to any user. I do this all the time whenever I loose a password for a site.
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
It still shocks me that wordpress has features to protect you against brute force and telling you if you have the correct username but incorrect password, but you have to manually configure and turn them on, and most of the people who use wordpress use it because its simple to use to make a website and you dont need any coding knowledge so they dont know about these extremely important features... it should be default
Can you show us how to make wordpress unhackable?
do you provide private classes
How did his gain root access?
When you have database access, just add a new user to db as user type admin and you can get the admin access.đ
This is long process unless u know what u r doing and if this hack is needed otherwise the main way to login to WordPress is wp-admin and enter username and password then u enter into the dashboard. If you don't know ur login details u ask ur hosting company to help.
Try in latest version of WordPress.
The latest version of WP breaks all themes so nobody updates. :P
@@afdkj i updated latest version of my wordpress 6.4 or something. My site is working fine
@@afdkj No decent website worth hacking for bug bounties uses wordpress anyways. CMSs like wordpress are generally only used for personal blogs of no name individuals or companies.
â@@afdkjLol that's why you use a good theme.
@@afdkjwhat are you even talking about? thereâs absolutely no issue with themes in the latest version of wordpress
You earned a new sub, I'm a reverse engineer and have little knowledge to pentesting. You make it really interesting and clear!
Sir attack start hote hi website down ho jata he
Peak scriptkiddie content
Good job, but any wordpress dev worth their salt would have blocked user and directory enumeration.
Getting This Error
{
"code": "rest_user_cannot_view",
"message": "Sorry, you are not allowed to list users.",
"data": {
"status": 401
}
}
is there any othere way to list users ?
no devs are gonna leave those sort of bins for your the sake of your privilege escalation, but sure, nice video before that.
Tips:
Always use webflow
Can it work if the wp site is tunneled to Cloudflare?
Short answer yes.
Long answer depends on your configuration, there are many ways that can be blocked by cloudflare rules. For example you may block a url to be accessible from your static IP only.
And keep in mind that cloudflare is not a firewall.
great video
does wp-login only accept 7 times password guessing tries?
I tried it and I can get unlimited tries.
Depends on plugins, WAF
Great video. Learned a lot
what if there is no xmlrpc?
Bad luck. You need to find an other vector.
Guys Iâm 89% sure he can center a div
Great video, but what was your next step gonna be if xmlrpc was disabled?
awesome way to promote sponsor courses đ
it does not work on latest version
sad
I'm a WordPress developer, seeing all this makes me đą
Lol
its common password attack they would never crack random passwords
Tech raj on top
This will never work in reality :)))
Do joomla next time
you destroyed ur own discord server
Hello tech raaj bro im big fan of you.. please help me
My pubg global account is hacked just days ago and my all emails phone nmbrs including facebook all are wiped from my game acount and now someone else is using it please help me how do i recover it †love you from pakistan
Hey pubg player , it's not a pubg support channel.
@@ankush6129 iam not asked you,do your own work not to interect someone els's issues if you have no any work than count your family members all day.only jobless usless persons ask these type of questions.
@@ankush6129 who asked you about this.
Mans like you are the bone of contentions in country
@@ankush6129 or han apna kaam kro dosry issue mn mudakhilat na kro jo tmhary bus ki baat nhi hai is lye khud kuch kr nhi paty bus dosry k issue mn ghusty rehty ho đđ€Ł
sema bro
amazinggggggggg
đ€đ»
Script kiddie lol
Yay
ohhhhhhhhhhhh
This only shows how stupid it is to use WordPress, like come on! Public endpoints that gives you access to do many things threatening the security and also the privacy of the website!!
đ€Łđ€Ł
@@YasarGroot what's funny my friend
Another wordlist bruteforce crap. Btw, you can hack wp without any tool, its so vulnerable that you cant imagine.
First to comment
No kid. I'm faster
First viewer first comment
congrats u want a cookie?
@@user-sh9eh3wb8p nooe i want urr mummma
@@user-sh9eh3wb8p no bro. I wantURmummađȘ
@@user-sh9eh3wb8p you need it because you barely have any food to feed your family đ€Ł
"Hope you learned something new"
Me thinking th is he talking about?? What is he doing?? What am I doing?? Why am I here??đ
What is up with this Accent Raj, be real!
Hey Man, don't do that. Everyone is allowed to evolve and try new things and that doesn't mean he's not being authentic. Allow him do him!
What do you mean? This is a great accent
That's his accent, I am watching him for a long time and Hindi isn't probably his mother tongue
Old technique disappointed ! *
This guy: installs extension to make sure its wordpress
Me: Just looks at it and insepcts the source and just knows its wordpress
Not putting you down but I just thought it was funny
Actually I use the same extension and it's easy to check not just the application but other features about the website
what stopped you from just changing the hash once u had database access?
Lack of experience.
@@ift3k đđđđ