Bro is legit hacking a wordpress website. i rarely see someone actually hacking and not giving a 3 minute example with a vulnerable made website in 10 mins :D Good stuff

Guys I’m 89% sure he can center a div

Once you got into the db you couldve literally just changed the account to an admin, or just change the admins password. no need for hashcat at that point

I havent thought I will watch the full video.. But suddenly you finished your task 🫥😂👌 Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.

Pro tip, Keep the old password hash so that you change it back when you are done

lol this was very fun to watch! Always loved your fresh content!

Lesson learned: Just use static html ! =))

"billy" joel and karen "wheeler" - hmm "strange things" happening

As someone who has limited knowledge on web hosting I've used Wordpress a lot in the past. The idea that it's this simple to get a list of all usernames and hack into the website is quite interesting. I really appreciate you uploading this. Subbed.

I may sound like a simpleton and compared to you I am but since you say you are trying to help people protect themselves, as a Wordpress user, what would be your most valuable tips to give, this video is too advanced for most people, but if you could give a list of say, the 10 or 20 most valuable techniques to protect yourself from most common attacks, or something like that...If you have time and feel like it... Subscribed, very informative, thanks!

This is one of the reasons i always make my own hash and salting algorithms; and also a reason that i prefer making the software i'm using myself, despite how much work is needed.

This will never happen with any real website.

Appreciated. Hacking WP is possible as long as it goes with the default installation. The typical setup is to restrict those sensitive URLs to dedicated IP like using your own VPN. Also need to update all plugins and themes on a regular basis and use security plugins like fail-to-ban, and you’re all set. For the password tips, it’s better to set 48+ characters with complexity and reCAPTCHA is supported for the login as an additional protection. Love to see next video with updated WP version as well🎉

dear at 20:06 you have database access you can just create new admin user in database

I don't think there's something like that in the wild. That `checker` thing is so unlikely. But great video nevertheless.

I lost faith in you completely at 18:00 You don't need to guess the password if you already have database access. You can just set the admin password to whatever you want, or even better, you can just create a php file like a.php that gets the first admin user and creates a logged in session for you, without even having to update the admin password at all. It's super easy just by using the WordPress methods on the docs.

How easy and satisfying it looks but when you deep dive in it's heeelllll a lot more than thatttt! It's like pain in the az!

BTW, the password value in Wordpress DB is just an MD5 hash. You can create the hash right in terminal.

There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff

This was very interesting, and your explanation was also very instructive. I understood the steps you took to overcome each difficulty you encountered. Thank you, because now I know what to study before becoming a cybersecurity analyst.

This is why you need a plugin like wordfence and perma ban ips that request more then 5 failed login attempts

I watched the full video just to know how to protect my wordpress site, Thanks

Great video! Thanks for the detailed explanation.

Even getting access to read DB is a big vulnerability. I hope my hosting provider has something to prevent this app. This is horrifying..

Simply amazing... got to know many things about the insights of how some things work!

Newbie question: How much of this is possible in general on the latest WP version and with WP security or any other similar security plugin? Security plugins can block user enumeration, IP number after wrong username/password. They also change default settings like the login URL. Of course no backup of important files are stored on the server. Also add the fact that a lot of hosting companies block sites in shared hosting if they don’t keep their sites updated. Combining a security plugin with everything updated and using a long and strong password (not with English words in it!) maybe is the best way to avoid being the low hanging fruit for all script kiddies? 🤔

Moral of the story is that: don't use software based websites, just use coded websites because we developer code very hard to apply bunch of security layers....

Not a real hacking in real time btw ! @Tech Raj. This was pre-setup for the video

Well if you got access the the second user, then when you got access to the wp_user table, you could have updated the first user encrypted password with the second user encrypted password and then access the admin user with the second user password...

what stopped you from just changing the hash once u had database access?

If you already have access to the server, you should install the WP CLI, then create a new admin user or change the password of any user (of course I don't want to leave any traces so I'll make a new user, then get what I need and delete all traces).

Once you got access to the db, why didn't you just change the password? All you need to do is clear the hash, type in the new password and hash it and boom you've got access to any user. I do this all the time whenever I loose a password for a site.

You just need a free security plugin like Solid Security and hacker will not even be able to see your usernames

Everything else was realistic except the Linux privilege escalation part. Like what's the probability of finding something like this checker binary file which sets the uid to 0.

It's so easy for you to raise power. I can't use any orders when I'm raising power😂😂

You know the funny thing with rainbow password checker is when i put the hash for the password, password, it didn't recognise it

Wouldn't most of these attack surfaces be shut down with simple too many requests protection?

Great lesson bro thank you. nice process keep it up with this kind of videos

It still shocks me that wordpress has features to protect you against brute force and telling you if you have the correct username but incorrect password, but you have to manually configure and turn them on, and most of the people who use wordpress use it because its simple to use to make a website and you dont need any coding knowledge so they dont know about these extremely important features... it should be default

Do you have to be a root user to change values in a db? Just curious because then the other steps are not necessary

Try in latest version of WordPress.

If you have admin access to database, you can just change the hashed password no?

Nice video. Thanks for sharing your knowledge.

why didnt you use sudo -l when you were trying to root?

What is the name of the software you write the code for? I haven't been able to find it

You earned a new sub, I'm a reverse engineer and have little knowledge to pentesting. You make it really interesting and clear!

whose text editor is use for this any one guide please

Nice video. But, since you already gained access to the database, it's as good as being an admin on the website since you can modify everything but it's gonna be more difficult!

can you make video for testing vulnerabilities for Reaact based website and websites hosted on Vercel etc.. as not much is there about the vulnerabilities of these tech stack?

I am wondering what would have you done if the the kwheel's password was not crackable ?

i have a question, i see full video, how can i save my word-press website , could you possible suggest any free plugin ?

"ignore those warnings, i'm going to fix them later" them metasploit warnings are never getting fixed are they? XD

This is great. How can I get a step by step tutorial and tools used. I'll like to try this on some of my WordPress accounts

Very good and detailed tutorial, thank you very much! However, I don't see the reason why you absolutely have to be root on the server. As soon as you have access to the database, you can change the password or even create a new user :)

wpscan gives various vulnerabilities available in different plugins of the websites but can't find poc of them. Please guide

Another option is to add a function into functions.php file to create a new user in the DB with admin privileges leaving the original admin untouched

Are u using a window manager or is it a kali theme

this was impressive but how did u know which algorithm you need to use? I mean its way easy to check this whith a small google search but what is if not. I miss the part where it was checked in the video :)

when I run the attack on my site it says that it receive unown response code 405

Getting This Error { "code": "rest_user_cannot_view", "message": "Sorry, you are not allowed to list users.", "data": { "status": 401 } } is there any othere way to list users ?

do you provide private classes

restrict/disabled the all API's endpoint

That's is why a CMS should not be the Frontend of it self.

Why would you put this on the internet?

Hi, please where can I get fuzz word lists?

Wow this is so easy let's hack all WordPress websites

does wp-login only accept 7 times password guessing tries? I tried it and I can get unlimited tries.

You do not quit youtube

This kind of videos we need keep making this kind of videos

I'm new at hacking, but couldn't you use sudo to get root?

But you never showed what the original password was for bjoel. So you didn't complete the hack.

Can you guide what's the procedure to manually enumerate to find the user id? coz this method did not work

I only know the url of my website. Now I want to get the password. Can you please assist?

Tips: Always use webflow

How you knew that you need exactly wp-json/wp/v2/users endpoint to enumerate all the possible users? Like where do i find that information? 4:43

Can it work if the wp site is tunneled to Cloudflare?

try doing this with a security plugin installed and active

Thank you for video. I will follow your videos

Good job, but any wordpress dev worth their salt would have blocked user and directory enumeration.

Please show us how to null a plugin. Example tablesome plugin

wow, I will never use wordpress again lol

What’s that JSON viewer?

Please tell me the checker binary has been put there by yourself ;-) lol

For Windows?

Imagine password is out of dictionary. What's next? Failed attempt?

what if there is no xmlrpc?

This video actually shows how easy it is to get hacked when using a Wordpress website. And Wordpress is getting hacked and exploited every day in many different forms. Which is good and also bad. So you're save from all that by just not using Wordpress or any other CMS of that kind. Static websites and Flat File CMS without admin interface or actual user are my choice anyways. Now i can show my clients actually why.

Tutorial how to set up terminal that you're using

the /checker/ file is somthing he put there before hand. with out it he would not be able to run this video.

How can i secure wordpress the best to avoid this?

Bro do u have any complete hacking course😒

no devs are gonna leave those sort of bins for your the sake of your privilege escalation, but sure, nice video before that.

I'm a WordPress developer, seeing all this makes me 😢

Great Video 👌🏻

What is this checker binary? Looks like magic that there is file where you change a variable to 1 and lift your rights to root. And you spotted the right file from the 1st attempt..))

Awesome job amazing content :)

Amazed by your skills thank you

How to protect from this?

hacking your own website like a pro :P

Can anyone drop vul for wordpress5. 8.1?