According to a 2023 report by W3Techs, 43.1% of all website on the internet are powered b WordPress. This makes WordPress the world’s most widely used CMS platform and the fastest growing.
WordPress, a widely-used content management system, hosts a lot of websites, especially those owned by smaller businesses. But, there’s a catch—many of these WordPress sites might not have the best security practices.
putting on our Ethical hacking hats
In this tutorial, we’re putting on our Ethical hacking hats. Instead of jumping straight into vulnerability assessments and exploitation, we’re going to first explore how to identify these WordPress sites that might have some security gaps. It’s akin to scouting out houses with outdated security systems and then helping the owners reinforce their digital locks.
We’ll focus on the reconnaissance phase, locating potentially vulnerable WordPress sites. It’s like navigating the digital landscape to pinpoint areas that could benefit from a cybersecurity boost. Ready to embark on this cybersecurity journey?
reconnaissance phase with exploit-db
Exploit-DB is a popular platform that focuses on publishing security exploits. While primarily known for its exploit database, it also provides valuable information about CVEs. By studying the associated exploits, one can gain insights into the potential impact and exploitation techniques related to specific vulnerabilities.
Taking a quick look at Exploit-DB website, I found more than 94 pages full of known issues with WordPress sites. The latest one was reported just a few days ago on October 09-10-2023.
identify whether the website is running WordPress
If we’re checking a website to see if it uses WordPress, we can use a site called “BuiltWith.” You just input the website’s address, like for Extra Security (extrasecurity.net), and BuiltWith shows us what technologies the site was made with. Additionally, we have browser plugins like Wappalyzer that help us identify if a site is running on WordPress.
Google Dorks to Find WordPress Sites
There are certain signs that help us recognize a WordPress website, like specific folders, login pages, tags, and text. If you’re familiar with Google searching tricks, you can often spot these signs in the website’s address.
Here are a few useful Google tricks to find WordPress websites:
- “index of” inurl:wp-content/
- This trick showed 10,400,000 sites.
- “inurl:”/wp-content/plugins/wp-shopping-cart/”
- This one found 4,230 sites.
- inurl:”/wp-content/wpclone-temp/wpclone_backup/”
- This trick discovered 804 sites, and some of them might have important information like passwords.
- “inurl:wp-content/plugins/wp-dbmanager/”
- This search returned 290 sites.
You can probably come up with more tricks to find WordPress sites, but these should give you plenty to practice with.
Tools for Identifying WordPress Directories
Discovering Directories
When it comes to uncovering hidden corners of a website, you can use special tools. Check these out:
i) FFUF
ii) GoBuster
iii) DirDar
These tools act like digital detectives, helping you find secret pathways and folders on the web. Think of it as a cool way to navigate the internet and unveil its hidden treasures!
Coming up in our next lesson, we’ll learn how to discover weaknesses in these websites that people already know about. We’ll also check out the tools and methods for taking advantage of these vulnerabilities. So, stay tuned and come back for more!