Watch me hack a Wordpress website..
Рет қаралды 127,125
Ай бұрынIn this video, I hacked a Wordpress blog!
$1000 OFF your Cyber Security Springboard Boot camp with my code TECHRAJ. See if you qualify for the JOB GUARANTEE! 👉 www.springboard.com/landing/i...
I first enumerate the directories of the website that lead me to the Wordpress login page, and then I enumerate the users of the blog. Performing a dictionary attack revealed the password of one of the user which enabled me to get an initial foothold on the blog. From there, I exploit a Wordpress vulnerability to escalate my privileges and ultimately take over the whole website. How easy!
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj156.com
Thanks for watching!
SUBSCRIBE for more videos!
@gibrains 16 күн бұрын
Lesson learned: Just use static html ! =))
@user-cs1ld9hn2k 14 күн бұрын
static is the best anyways for blogs and basic websites.
@PIRATA_TV 8 күн бұрын
If you don't know, when your website has SSL certificate (non self sign) and your host has the worst firewall sql injections are blocked and you can't do nothing.🙃
@CoreyThompson73 3 күн бұрын
Actually 70%+ of Wordpress sites could move to something like Hugo and have the same webpage functionality.
@malzkaffee3581 2 күн бұрын
other the tool "simply static"
@bootsycoll 2 күн бұрын
What a lot of “devs” tend to overlook is the main selling point of Wordpress is it’s a cms and easily updated/managed by non-technical clients, one of the reasons why it’s still so popular,…sure, static sites are faster and more secure but how does a non-techie update them? They’re definitely not going to be uploading markdown files to a server for example, another option would be to go headless but then you have to configure a headless cms to manage it…more development time…or u could just install Wordpress and it’s pretty much good to go out of the box
@abhinavkrishna3164 Ай бұрын
"billy" joel and karen "wheeler" - hmm "strange things" happening
@shi-nee7966 Ай бұрын
lol this was very fun to watch! Always loved your fresh content!
@yousefal-hadhrami7853 29 күн бұрын
Pro tip, Keep the old password hash so that you change it back when you are done
@peterkim9696 29 күн бұрын
😎💀
@Codebyakshay 28 күн бұрын
thanks black collar stuff
@RandomFishtankClips Ай бұрын
As someone who has limited knowledge on web hosting I've used Wordpress a lot in the past. The idea that it's this simple to get a list of all usernames and hack into the website is quite interesting. I really appreciate you uploading this. Subbed.
@Tararais_god 15 күн бұрын
always keep your stuff up to date
@1brokkolibaum 29 күн бұрын
I havent thought I will watch the full video.. But suddenly you finished your task 🫥😂👌 Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.
@monkaSisLife Ай бұрын
Once you got into the db you couldve literally just changed the account to an admin, or just change the admins password. no need for hashcat at that point
@TechRaj156 Ай бұрын
True. But I was also trying to escalate privileges on the machine and not just get admin on the blog. But I agree the hashcat part was unnecessary.
@L0zzer Ай бұрын
@@TechRaj156 Perfect
@benargee 29 күн бұрын
@@TechRaj156depends on the objective. Many times people use the same email and password on other sites so if you crack the leaked hashes, the same credentials could be attempting on the other sites.
@vaibhavsingh8122 29 күн бұрын
@@TechRaj156 ltrace however is not installed by default on all distros
@emresanden 28 күн бұрын
Was just about to comment the same thing 😛😂
@TechnicalHeavenSM 26 күн бұрын
Simply amazing... got to know many things about the insights of how some things work!
@osherezra131 15 күн бұрын
Great lesson bro thank you. nice process keep it up with this kind of videos
@yassinesafraoui 28 күн бұрын
There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff
@seephor 12 күн бұрын
Obviously. This is a setup hack challenge so you know there's some vector you need to find.
@annahri 15 күн бұрын
I don't think there's something like that in the wild. That `checker` thing is so unlikely. But great video nevertheless.
@hoholebaguette7298 Ай бұрын
why didnt you use sudo -l when you were trying to root?
@MizManFryingP 16 күн бұрын
Wouldn't most of these attack surfaces be shut down with simple too many requests protection?
@anolbe Күн бұрын
This is one of the reasons i always make my own hash and salting algorithms; and also a reason that i prefer making the software i'm using myself, despite how much work is needed.
@rdi7371 15 күн бұрын
This was very interesting, and your explanation was also very instructive. I understood the steps you took to overcome each difficulty you encountered. Thank you, because now I know what to study before becoming a cybersecurity analyst.
@memorysmelody4589 24 күн бұрын
wpscan gives various vulnerabilities available in different plugins of the websites but can't find poc of them. Please guide
@letslearnwordpress 4 күн бұрын
Interesting! Thanks.
@louislouislouislouisssss 15 күн бұрын
BTW, the password value in Wordpress DB is just an MD5 hash. You can create the hash right in terminal.
@fun12222 16 күн бұрын
Amazed by your skills thank you
@Heisenberg696 Ай бұрын
This kind of videos we need keep making this kind of videos
@n0tzuck Ай бұрын
Can you explain how did you gain root access again?
@justchecking2470 Ай бұрын
Awesome job amazing content :)
@spiritcaress 15 күн бұрын
Hi, please where can I get fuzz word lists?
@yuvrajarora8840 27 күн бұрын
What’s that JSON viewer?
@TheNamesJT 5 күн бұрын
This is why you need a plugin like wordfence and perma ban ips that request more then 5 failed login attempts
@DeathNote00021 Ай бұрын
Great Video 👌🏻
@user-eo1vz9lt8g 22 күн бұрын
I may sound like a simpleton and compared to you I am but since you say you are trying to help people protect themselves, as a Wordpress user, what would be your most valuable tips to give, this video is too advanced for most people, but if you could give a list of say, the 10 or 20 most valuable techniques to protect yourself from most common attacks, or something like that...If you have time and feel like it... Subscribed, very informative, thanks!
@ghostofakina8747 12 күн бұрын
Sure here's 3 big ones: - Keep your WordPress, themes and plugins up to date - Don't use the default username and have a strong password - Don't use pirates/nulled or crappy plugins
@stefanjohansson2373 4 күн бұрын
There’s a lot of free security plugins like WP Security that blocks some of the different attack steps. A strong password and everything updated is most important, but if you also change everything that’s default like the login link and so on you don’t look like the low hanging fruit I guess. 😂
@stefanjohansson2373 4 күн бұрын
Newbie question: How much of this is possible in general on the latest WP version and with WP security or any other similar security plugin? Security plugins can block user enumeration, IP number after wrong username/password. They also change default settings like the login URL. Of course no backup of important files are stored on the server. Also add the fact that a lot of hosting companies block sites in shared hosting if they don’t keep their sites updated. Combining a security plugin with everything updated and using a long and strong password (not with English words in it!) maybe is the best way to avoid being the low hanging fruit for all script kiddies? 🤔
@alexlove2012 17 күн бұрын
If you have admin access to database, you can just change the hashed password no?
@zen.ali238 Ай бұрын
Amazing !!
@hatnis 28 күн бұрын
what stopped you from just changing the hash once u had database access?
@ift3k 22 күн бұрын
Lack of experience.
@philipehusani 21 күн бұрын
@@ift3k 😂😂😂😂
@gabydewilde 25 күн бұрын
It so willingly reveals everything
@michalkorneluk2186 16 күн бұрын
"ignore those warnings, i'm going to fix them later" them metasploit warnings are never getting fixed are they? XD
@tpevers1048 Ай бұрын
You do not quit youtube
@CodeX-xyxy 29 күн бұрын
if target wordpress website is not oldy and has no vulnerability then try to find exploit in plugins.all wordress websites at least depends on some shitty plugin
@GadgetLove.007 24 күн бұрын
Youre really good ar your job🎉
@imnbsp 15 күн бұрын
I lost faith in you completely at 18:00 You don't need to guess the password if you already have database access. You can just set the admin password to whatever you want, or even better, you can just create a php file like a.php that gets the first admin user and creates a logged in session for you, without even having to update the admin password at all. It's super easy just by using the WordPress methods on the docs.
@editorbundle 10 күн бұрын
Bro do u have any complete hacking course😒
@Merajshaikh22 Ай бұрын
Bro come back
@digitzero3613 28 күн бұрын
Everything else was realistic except the Linux privilege escalation part. Like what's the probability of finding something like this checker binary file which sets the uid to 0.
@ExcitedDna-rg3sl 22 күн бұрын
How did his gain root access?
@Elia33337 6 күн бұрын
I'm new at hacking, but couldn't you use sudo to get root?
@d3layd Ай бұрын
Once you got access to the db, why didn't you just change the password? All you need to do is clear the hash, type in the new password and hash it and boom you've got access to any user. I do this all the time whenever I loose a password for a site.
@digitzero3613 28 күн бұрын
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
@honestfrieza 21 күн бұрын
Getting This Error { "code": "rest_user_cannot_view", "message": "Sorry, you are not allowed to list users.", "data": { "status": 401 } } is there any othere way to list users ?
@Unknown_4771 Ай бұрын
Nice but can you get cpanel also?
@emanueleborghini3186 25 күн бұрын
Peak scriptkiddie content
@wndr0 21 күн бұрын
Guys I’m 89% sure he can center a div
@rameensuresh 3 күн бұрын
Please show us how to null a plugin. Example tablesome plugin
@thilakreddy1904 27 күн бұрын
Are u using a window manager or is it a kali theme
@hridaybhatia5643 21 күн бұрын
It looks like Kali
@yjawhar 13 күн бұрын
Nice video. But, since you already gained access to the database, it's as good as being an admin on the website since you can modify everything but it's gonna be more difficult!
@FinallyFreedomYT 15 күн бұрын
How can i secure wordpress the best to avoid this?
@ShriSumitJi Ай бұрын
do you provide private classes
@anowarulhassan5117 21 күн бұрын
When you have database access, just add a new user to db as user type admin and you can get the admin access.😅
@gamishreyansh9940 29 күн бұрын
dear at 20:06 you have database access you can just create new admin user in database
@1brokkolibaum 29 күн бұрын
But the goal could also have been to stay hidden for further investigation, so a new user would rise way more suspicion. 🤷♂😁
@vaibhavsingh8122 29 күн бұрын
Moreover the password recovered from wordpress site can also be used in emails or at other places, including the sudo user in the bash
@digitzero3613 28 күн бұрын
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
@vaibhavsingh8122 28 күн бұрын
@@digitzero3613 no, he can change the WordPress admin account password, no restriction can be put in a MySQL user to prevent changing the data of a specific row of a table, MySQL user can only be restricted from updating the entire database. Beside the user mentioned in wp-config is the one that creates all the table in the place, that's the only db user WordPress know and that's the only user WordPress will use to update the password when the admin user chooses to change the password from WordPress's dashboard
@isaachiroman Ай бұрын
If you already have access to the server, you should install the WP CLI, then create a new admin user or change the password of any user (of course I don't want to leave any traces so I'll make a new user, then get what I need and delete all traces).
@vaibhavsingh8122 29 күн бұрын
He can also update the wp-login.php file to log the password in plain text file and after logging either an email can be sent using wp_mail or an api endpoint of his own server can be called with the logged credentials, so whenever someone logs in again with the same user he gets a notification.
@anshhmehta Ай бұрын
Can you guide what's the procedure to manually enumerate to find the user id? coz this method did not work
@ibrahimdevx 29 күн бұрын
google it 👏
@YOSHSTUDIO-zg6ss 16 күн бұрын
still working now?
@Unknown_4771 28 күн бұрын
Sir attack start hote hi website down ho jata he
@Rajeshevhu Ай бұрын
Try in latest version of WordPress.
@afdkj 29 күн бұрын
The latest version of WP breaks all themes so nobody updates. :P
@Rajeshevhu 29 күн бұрын
@@afdkj i updated latest version of my wordpress 6.4 or something. My site is working fine
@webrevolution. 29 күн бұрын
@@afdkj No decent website worth hacking for bug bounties uses wordpress anyways. CMSs like wordpress are generally only used for personal blogs of no name individuals or companies.
@nick-leffler 29 күн бұрын
@@afdkjLol that's why you use a good theme.
@tomxygen5963 28 күн бұрын
@@afdkjwhat are you even talking about? there’s absolutely no issue with themes in the latest version of wordpress
@RevvyShorts 29 күн бұрын
great video
@novianindy887 28 күн бұрын
does wp-login only accept 7 times password guessing tries? I tried it and I can get unlimited tries.
@STFUandFY 27 күн бұрын
Depends on plugins, WAF
@mostafaharb81 Ай бұрын
Well if you got access the the second user, then when you got access to the wp_user table, you could have updated the first user encrypted password with the second user encrypted password and then access the admin user with the second user password...
@TechRaj156 Ай бұрын
That would be a smart move! But I was also trying to root the whole machine and not just get admin rights on the blog.
@mostafaharb81 Ай бұрын
@TechRaj156 yeah I do understand for sure, but wordpress password encryption is based on the codes available in the config.php file which you accessed at the begining, so the password you generated at the website would not work in newer versions unless you create password on same keys in config or the easier path is to switch passwords or switch role to admin for the user account.. but still, you have done qn awesome work 👌
@digitzero3613 28 күн бұрын
He got access to "wordpressuser" database account. It most probably doesn't have administrator access so can't really change admin password and can't create a new account either.
@amajangbah9265 23 күн бұрын
Tips: Always use webflow
@s0kulite 28 күн бұрын
no devs are gonna leave those sort of bins for your the sake of your privilege escalation, but sure, nice video before that.
@NaZeYs 29 күн бұрын
Great video. Learned a lot
@Robin-ce6jd 13 күн бұрын
Very good and detailed tutorial, thank you very much! However, I don't see the reason why you absolutely have to be root on the server. As soon as you have access to the database, you can change the password or even create a new user :)
@MRJMXHD 28 күн бұрын
Good job, but any wordpress dev worth their salt would have blocked user and directory enumeration.
@DELvEK 22 күн бұрын
Not a real hacking in real time btw ! @Tech Raj. This was pre-setup for the video
@Epirium 29 күн бұрын
awesome way to promote sponsor courses 😂
@christopherjonesramos3655 Ай бұрын
Can it work if the wp site is tunneled to Cloudflare?
@firedeveloper 29 күн бұрын
Short answer yes. Long answer depends on your configuration, there are many ways that can be blocked by cloudflare rules. For example you may block a url to be accessible from your static IP only. And keep in mind that cloudflare is not a firewall.
@SECYBERSAFE 16 күн бұрын
@@firedeveloper cloudflare is a waf.. So it is a firewall... Web application firewall
@arisawali5073 29 күн бұрын
what if there is no xmlrpc?
@firedeveloper 29 күн бұрын
Bad luck. You need to find an other vector.
@zeddybear1379 19 күн бұрын
It still shocks me that wordpress has features to protect you against brute force and telling you if you have the correct username but incorrect password, but you have to manually configure and turn them on, and most of the people who use wordpress use it because its simple to use to make a website and you dont need any coding knowledge so they dont know about these extremely important features... it should be default
@Sobbayi 14 күн бұрын
Another option is to add a function into functions.php file to create a new user in the DB with admin privileges leaving the original admin untouched
@Kaotix_music 8 күн бұрын
this seems much easier to do. How do you access my websites functions.php thou thought logging into my server?
@SECYBERSAFE 16 күн бұрын
But if another creator does this. There's a possibility youtube takes the video down. Good video though
@Hexa-IT 29 күн бұрын
Great video, but what was your next step gonna be if xmlrpc was disabled?
@gamingmetxadrian3710 29 күн бұрын
You earned a new sub, I'm a reverse engineer and have little knowledge to pentesting. You make it really interesting and clear!
@obertscloud 5 күн бұрын
you got lucky with that script ; but what about finding the actual password ?
@Nosignal11 Ай бұрын
Tech raj on top
@TheHagamanstube 29 күн бұрын
This will never work in reality :)))
@kptechnologyservices4696 7 күн бұрын
This has now been fixed
@dhairyalimbani 25 күн бұрын
it does not work on latest version
@WackyWobbleWave 18 күн бұрын
sad
@luisGoncalves-pv8bn 11 күн бұрын
Всё зависит от рынка и конкретно каждый день это новые возможности) я сам делал по 30% к депо в день)
@haiffy 20 күн бұрын
Do joomla next time
@aaaaaa-aaaaaaaaaaaaaaa 11 күн бұрын
Thanks, when i hack youtube this will be the only channel i will not delete.
@melisaparker5060 7 сағат бұрын
Not Possible
@tinny77 12 күн бұрын
Wordfence ftw
@aktyj320yhj 29 күн бұрын
you destroyed ur own discord server
@chowdhuryriaz7423 18 күн бұрын
what is the name of this softwere ?
@n1m390 23 күн бұрын
I'm a WordPress developer, seeing all this makes me 😢
@samuelhalder8472 23 күн бұрын
Lol
@Yarkanlaki 19 күн бұрын
its common password attack they would never crack random passwords
@smithy6560 16 күн бұрын
ffs wordpress creators are like noobs why is there no captcha or 2FA?
@SinanWP 12 күн бұрын
5.0 lol
@keremardicli4013 5 күн бұрын
How come you read all user data from an endpoint!!! This is pure stupidity
@sickquence 7 күн бұрын
i love it
@apkaless 27 күн бұрын
amazinggggggggg
@fluffy280 Ай бұрын
sema bro
@1roOt 10 күн бұрын
you use a fuzzer to get the login page which is almost always /wp-admin and then you don't use it for the users endpoint and then just use bruteforce? ok
@adnn4210 4 күн бұрын
bro thinks we don't know he's indian
@IRepSalone 25 күн бұрын
This is long process unless u know what u r doing and if this hack is needed otherwise the main way to login to WordPress is wp-admin and enter username and password then u enter into the dashboard. If you don't know ur login details u ask ur hosting company to help.
@SECYBERSAFE 16 күн бұрын
I am not sure this video if for an end user who forgot their password. It's for ethical hackers to find a way to prevent any vulnerability that could lead to such exploitation.
@SoCloseKinG786 Ай бұрын
Hello tech raaj bro im big fan of you.. please help me My pubg global account is hacked just days ago and my all emails phone nmbrs including facebook all are wiped from my game acount and now someone else is using it please help me how do i recover it ❤ love you from pakistan
@ankush6129 Ай бұрын
Hey pubg player , it's not a pubg support channel.
@SoCloseKinG786 Ай бұрын
@@ankush6129 iam not asked you,do your own work not to interect someone els's issues if you have no any work than count your family members all day.only jobless usless persons ask these type of questions.
@SoCloseKinG786 Ай бұрын
@@ankush6129 who asked you about this. Mans like you are the bone of contentions in country
@SoCloseKinG786 Ай бұрын
@@ankush6129 or han apna kaam kro dosry issue mn mudakhilat na kro jo tmhary bus ki baat nhi hai is lye khud kuch kr nhi paty bus dosry k issue mn ghusty rehty ho 😁🤣
@sevenrichiewhite 7 күн бұрын
This video actually shows how easy it is to get hacked when using a Wordpress website. And Wordpress is getting hacked and exploited every day in many different forms. Which is good and also bad. So you're save from all that by just not using Wordpress or any other CMS of that kind. Static websites and Flat File CMS without admin interface or actual user are my choice anyways. Now i can show my clients actually why.
BalcevMMA_BOXING
Рет қаралды 21 МЛН
HackShiv
Рет қаралды 10 М.
FISPECKT
Рет қаралды 216 М.
Pochinka_blog
Рет қаралды 2,4 МЛН
Electronics_latvia
Рет қаралды 1,3 МЛН