Pwning WordPress Passwords by Mitch Moser


In my last writeup, I recovered mysql credentials from a server and wrote a webshell to disk from there. This time, we’ll look at further leveraging the database contents by dumping hashes, cracking them with John The Ripperand also bruteforcing a WordPress login with Hydra. Getting the Hashes To access the mysql service with a one-liner I used the following: mysql --user=root --password=plbkac --host= For real engagements and situations where there are security concerns with putting a password in plaintext, you can omit the -password flag and instead be prompted to enter the password upon connection. Once we are connected to the service, we can begin enumerating what’s inside! First things first, let’s list the databases: > show databases; We can see there are several. The interest for today is wordpress however loot and proof were interesting and I encourage everyone to check them out themselves. Let’s enumerate the wordpress database.....

April 2, 2019
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.