Learning Management Website > IT & Software > Network & Security > WordPress for Pentesters
5 out of 5
5
1 review on Udemy

WordPress for Pentesters

Learn how to enumerate and exploit WordPress CMS
Instructor:
Naga Sai Nikhil
34 students enrolled
English [Auto]
Enumerate WordPress
Enumerate Users , Themes , Plugins in WordPress
Bruteforce Attacks using XMLRPC , Python , BurpSuite and Hydra
Bruteforce Attacks using Metasploit
Exploit Themes , Plugins and Pop a Shell
Shell Upload using Metasploit

This course teaches you how to enumerate WordPress CMS.

WordPress cms is one of most popular cms to build blogs , shopping websites and more

WordPress comes with lot of 3rd party plugins and themes

so does vulnerabilities and misconfigurations

We need to know how hackers attack wordpress thus protecting ourself from the attacks

We will see how to enumerate and bruteforce with python , burp , wpscan , metasploit etc

tools like wpscan does awesome job at enumeration and also at bruteforce attacks thus testing our password security

Metasploit have some auxiliary scanners and wordpress exploits to test aganist wordpress

we can script our code in python to bruteforce the login credentials and hence some what faster than burp community edition

Burp professional edition have the option of multi threading thus testing passwords faster

but in this course we will not discuss about professional edition as it is not free

we will also get the reverse shell from the vulnerable wordpress machine

Bonus video includes how we attack a Drupal CMS using droopescan

we can use droopescan to scan wordpress , joomla , drupal , moodle etc

but for wordpress we better use wpscan first

later we see some try hack me writeup  which involves pentesting wordpress cms and exploiting it

after this course you can try mrrobot room from tryhackme and test your skills

Installation

1
Installing Wordpress

Enumeration

1
WordPress Directory Enumeration
2
Enumeration with WPScan

Bruteforce Attacks

1
WordPress XMLRPC
2
WPScan XMLRPC
3
Metasploit XMLRPC
4
Login Bruteforcing with Burp and Hydra

Exploiting Themes and Plugins to RCE

1
Exploiting themes to get reverse shell
2
Exploiting Plugins to get reverse shell
3
Metasploit admin shell upload module

Drupal CMS and Writeup

1
Pentesting Drupal CMS
2
TryHackMe - Blog Writeup
Faq Content 1
Faq Content 2

Productivity Hacks to Get More Done in 2018

— 28 February 2017

  1. Facebook News Feed Eradicator (free chrome extension) Stay focused by removing your Facebook newsfeed and replacing it with an inspirational quote. Disable the tool anytime you want to see what friends are up to!
  2. Hide My Inbox (free chrome extension for Gmail) Stay focused by hiding your inbox. Click "show your inbox" at a scheduled time and batch processs everything one go.
  3. Habitica (free mobile + web app) Gamify your to do list. Treat your life like a game and earn gold goins for getting stuff done!


5
5 out of 5
1 Ratings

Detailed Rating

Stars 5
1
Stars 4
0
Stars 3
0
Stars 2
0
Stars 1
0

Related Courses

d01a675e7effbed383d08fc23729554c
Membership
Amazon (AWS) QuickSight, Glue, Athena and S3 Fundamentals
Business
Advanced
1 Lectures
3.5 total hours
8b95bcd5950026279fbbd7846e399411
Membership
ChatGPT for Data Science and Machine Learning
Data Science
1 Lectures
4 total hours
55f00e99628dfa68df261face52f39ab
Membership
[NEW] Full-Stack Java Development with Spring Boot 3 & React
Development
Advanced
1 Lectures
19.5 total hours
4d85ce1b0ce9c8b13b0d564559c40ef8
Get course
Available in "SEMI PRO LEAGUE" plan Available in "PRO LEAGUE" plan

Includes

2 hours on-demand video
Certificate of Completion