How to HACK 455 MILLION Websites | WordPress Hacking
HTML-код
- Опубликовано: 19 июн 2024
- Join the Discord Server!
/ discord
---------------------
MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisc...
FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisc...
✔ Use practice exams - www.certbros.com/ccna/Exsim
SOCIAL
🐦 Twitter - / certbros
📸 Instagram - / certbros
👔 LinkedIn - / certbros
💬 Discord - www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------
HackTheBox Academy
Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy
Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox
00:00 Intro to WordPress
02:20 Setup
03:28 Enumeration
08:22 Exploit
10:31 Login Brute Force
15:23 Next Steps - Hack The Box
15:52 Outro
455 million websites are using WordPress!
Now, you would think that with WordPress being so popular, it would be really secure and safe against hackers, right?
Well, not quite. In this video, I’m going to show you how to hack them!
Before we start hacking WordPress, we need to know a bit more about it. If you’ve not heard of WordPress before, It's the most popular way to create websites with little to no coding needed.
It’s a Content Management System also known as a CMS. A CMS is a tool that helps build a website without the need to code everything from scratch.
In fact, most web hosting providers provide an easy one-click installation of WordPress meaning literally anyone can start to create blogs, portfolios and business sites in a matter of minutes.
Some of the world's biggest brands are using WordPress to run their websites. Sites such as TechCrunch, SonyMusic, and Disney
So that is the core WordPress application. From here, users will customise their websites.
The first thing people will usually do is install a custom theme. A theme changes the way your website is designed and looks.
After installing a new theme, users can choose from a huge library of plugins. These plugins provide all kinds of features from contact forms to full-fledged e-commerce stores.
So these are the main components that make up a WordPress website, the core WordPress application, Themes and Plugins.
The problem with WordPress is it can be a nightmare to keep everything up to date and secure. But if you don’t, very quickly vulnerabilities can be discovered in your plugins, themes and even WordPress itself! Then, attackers can use these vulnerabilities to hack the site.
HTB Sponsor
Hack the Box Academy has tons of free and premium training available, including this one on WordPress hacking.
They have a built-in, browser-based hacking machine and target WordPress server ready for us to hack so we don't need to worry about installing it all ourselves.
BIG thank you to Hack The Box for making this video happen. Check them out below and start HACKING! 👇
Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy
Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox
haha,dhcp. dns
Do you have a case if the site does not support wordpress
Can you do a tutorial on how to hack Gmail password
I want to start learning how to hack from today can you help me with any app that can help me get hacker's sense like you
Please Note : A situation where a 0-day is discovered wpscan won't upload the documentation for it, because they like to give the vendor some time to mitigate the issue. Timeframe is usually 30 days. By that time it gets patched, making the vulnerability useless to exploit and hackers won't be able detect it via wpscan because it won't get reported in your scans until that patch window expires. Only the sites which did not patch it because the users are unaware of it can then be exploited.
tomar Instagram id pete pari?
@@Dear_LotterySambad i don't do insta, nor facebook
@@SumanRoy.official tele?
Exactly what I was looking for. Cheers!
2:03 Ah, yes… My favourite CMS, *WordPess* xd Great video btw!
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Do you know that you can ask Google or most Ai tools these questions and start learning for yourself? :) Learn nMap, Burp Suite , Wazuh.
Most underrated content
Great share for those interested in Hacking - ethically, of course 😊. Thank you.
Thank you Jas!
Do you have a case if the site does not support wordpress
Excellent video!! Thanks so much for this.
I was wondering if you would consider a follow-up that goes into the details of RCE via the theme editor. It's also in the Hack the Box lesson, but the instructions on how to utilize a web shell aren't very clear. For example, how does one utilize a web shell to access specific files on the server?
I've just figured it out, actually. If anyone finds this comment in the future and is wondering how to solve that exercise:
You need to set the command parameter equal cat with the location of whatever file you want to read. Because you can't have spaces in a URL, however, you have to append %20 to cat, just before the location. It'll look like this: cat%20/home/wp-user/flag.txt
Instead of replacing spaces with %20, just url-encode the payload/command. There would be other characters aside space you would have to handle. So encoding the payload is the best way to do it not manual replacements.
Show me 1 Website, what you hacked with a Wordlist? Before you speak about 455 Million Websites. This Video is not realistic. It will not works.
455 million websites meaning they run on WordPress and it has a lot of vulnerabilities, of course you can't hack all of them and probably a lot of them don't contain that interesting of info, but a lot of them probably have sub par security because they're based on Wordpress
maybe you can't by using a word list , but the governments or people with lots of power and money can easily brute force it by big GPUs ...
I'm just kidding! you can hack it yourself by using a cloud GPU with a hundred times more power than a desktop GPU like 4090 and just 3/Hour is the bill you have to pay...
WordPress is be exploited daily. Trust me. Easy money for hackers
@@siavash_idwhat if the password are not in the word list?
@@thiyamsuresh4918bruteforce then
Very good video!
Thank you!
Location for your rockyoutext says does not exists or is not a file ???
mean which place I put these prompt ?please tell me about it
Learned so much about wpscan tool.Tha nk you ❤️
Great to hear it! Thank you
Do you have a case if the site does not support wordpress
@@Certbros Do you have a case if the site does not support wordpress
Now there's 810 Million Wordpress sites.
Ganhou um novo inscrito de Angola!
Can this be used unethically? I have never used word press, but doesn't this encourage people to attempt to find credit card info or personal addresses? (I am new to this whole world of information technology)
The purpose of this video is to show people how WordPress can be targeted and the methods that can be used in legal pentests or bug bounties.
Of course, I would never condone any malicious use.
hi your ccna course was very good would you consider creating a security plus course
Thank you Mahdi! Great to hear you enjoyed the course.
Yes absolutely! I would love to do a Security+ course. It's next on my list of courses
Do you have a case if the site does not support wordpress
@@Certbros Do you have a case if the site does not support wordpress
Instead of parrot, will these functions in other kali os
Most wordpress sites use random passwords, where can I get sheets with these passwords? I think nowhere)
it would stand to reason that these passwords would be inculded inwhole or in part buy some of the bigger lists published of such breaches , which ones they are though i wouldnt begin to know
hi sir where i put it in cmd?
You look like that guy who played Edward Snowden in Snowden movie
You are right, there is a great similarities.
I have seen the movie and it is inspiring and wonderful.
i'm too early damn!!!!!!!
You're right on time!
@@Certbros Do you have a case if the site does not support wordpress
Do you have a case if the site does not support wordpress
This will be covered in greater detail on my page!
Do you have a case if the site does not support wordpress
@@KEEN2999 There is always a way where there is an administrator. I'll be posting soon!
@@PenAce What happened with you
@@KEEN2999 What exactly do you mean?
wpscan detected 0 vulnerabilities (sorry if i misspelled it) 0 vulnerable plugins etc., what should i do?
Celebrate the day who teach us to SWEAT MORE
Happy Teacher's Day
❤️ man
Thank you very much! I really appreciate that 🙏 😀
I love the hacking teaching, I wish you can teach me
took me a while due to mistake, but it works thanks
Thank you❤️
Weak informations but useful
Please i want a video on Android device or IOS hacking
Sir.... could you please help me to hack a website
Hehehe 2:06 Word Pess
could I use dirb instead of wpscan?
sure
Now 810 Million
what is going on? i am using VPN ,
Om
Pls help hack site..& help us recover our initial booked usdt
FROM algeria pro the. s is 👾👾
hacker wont show his face...😂😂😂
Ahahaha Ahahaha like it
any one can help me?
next time you should say that you have to pay for it
Plesse Facebook hack video
🤣🤣🤣