Hacker, Researcher and Author.

How To Hack Wordpress And Joomla - Password Cracker

Friends, allies, partners-in-crime and haters, we know what you are looking for - the title above is proof enough, isn't it? I scream, you scream, we all scream for tools to hack Joomla and Wordpress. Don't fret as we offer salvation to your Joomla/Wordpress hacking needs.
The hack that we are going to talk about today isn't an exploit. Exploits of Joomla and Wordpress are present in plugins and components that are downloaded by the user. Privilege Escalation and Restoring Admin Password are just such examples of bug or vulnerability exploitation via Token Codes. Whereas this method isn't an exploit and doesn't require complicated programming as such.

Let's begin by using the best search engine that does not filter search results. Believe it or not, Google hides way more in it pockets than it shows. Google censors topics on hacking therefore, we are not going to use Google for our required search. We are going to use AramaM0t0ru V1.3.

1. On AramaM0t0ru, click on "tümünü işaretle" which would enable you to select all methods.

2. In the black case titled "arama bölümü" write as many dorks as you like at the same time. For example, if I want to hack an Israeli website using Joomla or Wordpress, I would use the following dorks:

For Joomla

site:il com_user.israel
site:il option=
site:il templates/beez/
site:il template/atomic
site:il com_user.shalom
site:il com_user.shalit

For Wordpress

site:il wp-content
site:il powered by wordpress
site:il wp-content/themes
site:il wp-content/plugins
site:il ?p= wordpress

3. Click on the tab next to Ayarlar, named Tarama and click on "Taramaya Başla". 

When the search ends, hit Kaydet and save it as a text file. It is important to do so because you are going to need it later on.

4. Now, we will use our favourite and most trusted Cracking App to get 'cracking' on your chosen website. The app that we shall use is EksenAtak v1.2.

5. Open EksenAtak and hit on either WordPress or Joomla, depending on which site you are willing to victimise. For this purpose you will need to use a wordlist.

6. Click on "şifre kelimelistesi" to select your password list and hit "site ekle" to select the websites that we found through the Search Engine.

7. Click on "Başla" to start attacking the websites.

Please click here to download both the programs used above. The folder includes a password list highly recommended to tryout.


About The Author

This article was written Sindhia Javed Junejo, We would like to thank Mauritania Attacker for providing sceenshots and demonstration of the attack.  


  1. Hey great tutorial but is there english version of these tools available ? or please tell which language is it, so that I can convert it in English to further exploit the tool's capabilities.

  2. What is the password list? not getting this point


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.