How to Get wordpress sites

Source: Internet
Author: User
Tags lost password

I haven't written anything for a long time. I have no subject matter, and I am lazy .. now we have a theme. Let's write down the theme. first, let's take a look at it. Today's wp sites are everywhere. Although they are all personal blogs, there are a lot of places to use, and the most important thing is that after entering the wp background, it is equivalent to getting webshell !! 1) Many webmaster of the big station will have a personal blog. After checking the password through the database, the password of the target station has been changed, and various combinations fail. Then, I will try my personal blog, there is a high probability that the password is not changed. 2) Most of the blogs of big cows at home and abroad are built on wordpress, and it is also a good method to install the wp station of big ox. xD 3) the wp site is the start point of the side note !! 4) 1337 and exploit-db are prone to plug-in vulnerabilities that are constantly rising every day, and the plug-ins are open-source. If the plug-ins on the target site do not have vulnerabilities, you can also dig holes for the plug-ins of the other party. D 5) Because wp encryption is too high-end, all hash decryption attempts I encounter fail .. it hurts a lot .. two days ago, I couldn't remember where I saw someone saying that the 0day of wp directly burst into plain text. Well, I was shocked. It was too much, but I still looked at wp, wp_users has a user_activation_key. Well, let's talk about this usage method. 6) because I no longer use wp xD, please support domestic sa blog, typecho, emlog, z-blog, pjblog, etc. ^ ------ I will start to detail the wp method .. ------ 1. The social worker obtains the webmaster password and logs on to the dashboard to get the shell. -The key to this method is in the place of a social worker. If the password is left, it will be okay. [not described here There are too many details of social engineering...] however, themes and plug-ins in wordpress on sinapp cannot be modified online, so other methods are required. [However, the wp station on sinapp is useless. simply installing X is unnecessary. maybe a Daniel wrote an article that requires verification, and you need to read this article. directly view in the background.] -It's too simple to use shell in the background. 2, side note .. this is a commonplace .. I won't go into detail .. www.2cto.com 3. Er, I want to add the first one, which is not only applicable to wp. Sometimes I have confirmed a common password for the target station webmaster. If I fail to use it, I can try ftp, for ssh and other places, check the second-level domain name and bing the domain name. The surprise is always coming. 4. There is a plug-in vulnerability. Although this is not a lot, it has been growing, and one thing is that you can study the plug-ins used by the target site. of course, many plug-ins have been detected by many people, but many plug-ins are still used by others. Many. -Here is a tip. Check the source file on the home page. Press ctrl + f to check the plugins following wp-content, the name [folder or file] after him is a plug-in. google will certainly get it. some plug-ins are not called on the home page, maybe on the comments page, or in the article, and need to be explored by yourself. -If the plug-in has a vulnerability. [tip: there is a program Wordpress P & E written by a Russian. You can search for the plug-in of the target wp site and check whether there are any vulnerabilities. However, there are only 153 plug-ins, then there is a program in 1337 that can search for dangerous plug-ins from sites such as joomla and wp. It is a php program. You can download one from sourceforge. then, search for vulnerabilities in the plug-in on 1337, exploit-db, and goole.] I remember that in September, wp had a password reset vulnerability, which is similar in usage. I just found that it was not found on the Internet. Premise: It is used when the shell is obtained at an injection point, the password cannot be ununbound, and the output cannot be obtained. this is actually not a vulnerability. It can be used in combination. because the wp password retrieval system also takes effect for the Administrator account, and the key sent to the mailbox is saved in the database, you can directly change the administrator password xD as follows: 1) in the wp-users table of inject output, the ID is 1 [user_login or user_email which may be changed and randomly changed]; [when the admin background account is unknown] 2) click 'forgot password' [lost password] At the wp-login.php, if hidden or not, you can directly access the wp-login.php? Action = lostpassword page, enter the Administrator account or administrator mailbox, click 'get new password'. 3) once again inject out the wp-users table ID is 1 or the target user_activation_key.4) Access wp-login.php? Action = rp & key = KEY & login = NAME5) Replace the KEY with the user_activation_key value, replace the NAME with the Administrator account, and access the page.-Example: http://blog.adm1n.org/wp-login.php?action=rp&key=ixUrwKCCycGqlGwWQ6vx&login=Adm1n_oRg6 ) Enter the new password, which requires more than 7 characters. Next, let's take over. xD -- well, that's about it. The article is a little long. Thank you for watching it.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.