Watch me hack a Wordpress website..

Tech Raj
Tech Raj
114,527
0
Published 2024-06-10
In this video, I hacked a Wordpress blog!

$1000 OFF your Cyber Security Springboard Boot camp with my code TECHRAJ. See if you qualify for the JOB GUARANTEE! πŸ‘‰ www.springboard.com/landing/influencer/techraj/?ut…

I first enumerate the directories of the website that lead me to the Wordpress login page, and then I enumerate the users of the blog. Performing a dictionary attack revealed the password of one of the user which enabled me to get an initial foothold on the blog. From there, I exploit a Wordpress vulnerability to escalate my privileges and ultimately take over the whole website. How easy!

DISCLAIMER: This video is intended only for educational purposes. The experiments in this video are performed in a controlled lab setup and not on a live target. The content is purely from a penetration testing perspective. I do not condone or encourage any illegal activities.
Join my Discord: discord.gg/6TjBzgt
Follow me on Instagram: instagram.com/teja.techraj
Website: techraj156.com/​​​​​
Blog: blog.techraj156.com/

Thanks for watching!
SUBSCRIBE for more videos
All Comments (21)
  • @gibrains
    Lesson learned: Just use static html ! =))
  • @RandomFishtankClips
    As someone who has limited knowledge on web hosting I've used Wordpress a lot in the past. The idea that it's this simple to get a list of all usernames and hack into the website is quite interesting. I really appreciate you uploading this. Subbed.
  • @shi-nee7966
    lol this was very fun to watch! Always loved your fresh content!
  • @yassinesafraoui
    There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff
  • @1brokkolibaum
    I havent thought I will watch the full video.. But suddenly you finished your task πŸ«₯πŸ˜‚πŸ‘Œ Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.
  • @monkaSisLife
    Once you got into the db you couldve literally just changed the account to an admin, or just change the admins password. no need for hashcat at that point
  • @sevenrichiewhite
    This video actually shows how easy it is to get hacked when using a Wordpress website. And Wordpress is getting hacked and exploited every day in many different forms. Which is good and also bad. So you're save from all that by just not using Wordpress or any other CMS of that kind. Static websites and Flat File CMS without admin interface or actual user are my choice anyways. Now i can show my clients actually why.
  • @rdi7371
    This was very interesting, and your explanation was also very instructive. I understood the steps you took to overcome each difficulty you encountered. Thank you, because now I know what to study before becoming a cybersecurity analyst.
  • @TechnicalHeavenSM
    Simply amazing... got to know many things about the insights of how some things work!
  • @annahri
    I don't think there's something like that in the wild. That `checker` thing is so unlikely. But great video nevertheless.
  • @osherezra131
    Great lesson bro thank you. nice process keep it up with this kind of videos
  • @memorysmelody4589
    wpscan gives various vulnerabilities available in different plugins of the websites but can't find poc of them. Please guide
  • @user-eo1vz9lt8g
    I may sound like a simpleton and compared to you I am but since you say you are trying to help people protect themselves, as a Wordpress user, what would be your most valuable tips to give, this video is too advanced for most people, but if you could give a list of say, the 10 or 20 most valuable techniques to protect yourself from most common attacks, or something like that...If you have time and feel like it... Subscribed, very informative, thanks!
  • @louislouislouislouisssss
    BTW, the password value in Wordpress DB is just an MD5 hash. You can create the hash right in terminal.
  • @hatnis
    what stopped you from just changing the hash once u had database access?
  • @MizManFryingP
    Wouldn't most of these attack surfaces be shut down with simple too many requests protection?