Watch me hack a Wordpress website..

Tech Raj
Tech Raj
120,213
0
2024-06-10ใซๅ…ฑๆœ‰
In this video, I hacked a Wordpress blog!

$1000 OFF your Cyber Security Springboard Boot camp with my code TECHRAJ. See if you qualify for the JOB GUARANTEE! ๐Ÿ‘‰ www.springboard.com/landing/influencer/techraj/?utโ€ฆ

I first enumerate the directories of the website that lead me to the Wordpress login page, and then I enumerate the users of the blog. Performing a dictionary attack revealed the password of one of the user which enabled me to get an initial foothold on the blog. From there, I exploit a Wordpress vulnerability to escalate my privileges and ultimately take over the whole website. How easy!

DISCLAIMER: This video is intended only for educational purposes. The experiments in this video are performed in a controlled lab setup and not on a live target. The content is purely from a penetration testing perspective. I do not condone or encourage any illegal activities.
Join my Discord: discord.gg/6TjBzgt
Follow me on Instagram: instagram.com/teja.techraj
Website: techraj156.com/โ€‹โ€‹โ€‹โ€‹โ€‹
Blog: blog.techraj156.com/

Thanks for watching!
SUBSCRIBE for more videos
ใ‚ณใƒกใƒณใƒˆ (21)
  • @gibrains
    Lesson learned: Just use static html ! =))
  • @yousefal-hadhrami7853
    Pro tip, Keep the old password hash so that you change it back when you are done
  • @abhinavkrishna3164
    "billy" joel and karen "wheeler" - hmm "strange things" happening
  • @RandomFishtankClips
    As someone who has limited knowledge on web hosting I've used Wordpress a lot in the past. The idea that it's this simple to get a list of all usernames and hack into the website is quite interesting. I really appreciate you uploading this. Subbed.
  • @monkaSisLife
    Once you got into the db you couldve literally just changed the account to an admin, or just change the admins password. no need for hashcat at that point
  • @shi-nee7966
    lol this was very fun to watch! Always loved your fresh content!
  • @1brokkolibaum
    I havent thought I will watch the full video.. But suddenly you finished your task ๐Ÿซฅ๐Ÿ˜‚๐Ÿ‘Œ Great explanation in general, enough to keep up following the process logically. Surely I personally would have asked more about certain tools and useage, but for this case 10/10.
  • @yassinesafraoui
    There is just no way you could find a suid binary that gives you a shell if you set an env variable to 1, it feels like those movies where someone hides the keys of his house in a really obvious spot. But still the video is greatt for educational purposes, it was fun watching it and knowing about the tools that let you do this kindof stuff
  • @TechnicalHeavenSM
    Simply amazing... got to know many things about the insights of how some things work!
  • @osherezra131
    Great lesson bro thank you. nice process keep it up with this kind of videos
  • @rdi7371
    This was very interesting, and your explanation was also very instructive. I understood the steps you took to overcome each difficulty you encountered. Thank you, because now I know what to study before becoming a cybersecurity analyst.
  • @annahri
    I don't think there's something like that in the wild. That `checker` thing is so unlikely. But great video nevertheless.
  • @louislouislouislouisssss
    BTW, the password value in Wordpress DB is just an MD5 hash. You can create the hash right in terminal.
  • @Heisenberg696
    This kind of videos we need keep making this kind of videos
  • @fun12222
    Amazed by your skills thank you
  • @wndr0
    Guys Iโ€™m 89% sure he can center a div