partners-in-crime and haters, we know what you are looking for - the title
above is proof enough, isn't it? I scream, you scream, we all scream for tools
to hack Joomla and Wordpress. Don't fret as we offer salvation to your
Joomla/Wordpress hacking needs.
The hack that we are going
to talk about today isn't an exploit. Exploits of Joomla and Wordpress are
present in plugins and components that are downloaded by the user. Privilege
Escalation and Restoring Admin Password are just such examples of bug or
vulnerability exploitation via Token Codes. Whereas this method isn't an
exploit and doesn't require complicated programming as such.
Let's begin by using the
best search engine that does not filter search results. Believe it or not,
Google hides way more in it pockets than it shows. Google censors topics on
hacking therefore, we are not going to use Google for our required search. We
are going to use AramaM0t0ru V1.3.
1. On AramaM0t0ru, click
on "tümünü işaretle" which would enable you to select all
2. In the black case
titled "arama bölümü" write as many dorks as you like at the
same time. For example, if I want to hack an Israeli website using Joomla or
Wordpress, I would use the following dorks:
site:il powered by
3. Click on the tab next
to Ayarlar, named Tarama and click on "TaramayaBaşla".
When the search ends, hit Kaydet and save it as a text file. It is important to do so because you are going to need it later on.
4. Now, we will use
our favourite and most trusted Cracking App to get 'cracking' on your
chosen website. The app that we shall use is EksenAtak v1.2.
5. Open EksenAtak and hit
on either WordPress or Joomla, depending on which site you are willing to victimise.
For this purpose you will need to use a wordlist.
6. Click on "şifre
kelimelistesi" to select your password list and hit "site ekle"
to select the websites that we found through the Search Engine.
7. Click on "Başla" to
start attacking the websites.
Please click here to download both
the programs used above. The folder includes a password list highly recommended
Cheers! About The Author This article was written Sindhia Javed Junejo, We would like to thank Mauritania Attacker for providing sceenshots and demonstration of the attack.
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More.. ![endif]-->