|
|
|
Friends, allies,
partners-in-crime and haters, we know what you are looking for - the title
above is proof enough, isn't it? I scream, you scream, we all scream for tools
to hack Joomla and Wordpress. Don't fret as we offer salvation to your
Joomla/Wordpress hacking needs.
The hack that we are going
to talk about today isn't an exploit. Exploits of Joomla and Wordpress are
present in plugins and components that are downloaded by the user. Privilege
Escalation and Restoring Admin Password are just such examples of bug or
vulnerability exploitation via Token Codes. Whereas this method isn't an
exploit and doesn't require complicated programming as such.
Let's begin by using the
best search engine that does not filter search results. Believe it or not,
Google hides way more in it pockets than it shows. Google censors topics on
hacking therefore, we are not going to use Google for our required search. We
are going to use AramaM0t0ru V1.3.
1. On AramaM0t0ru, click
on "tümünü işaretle" which would enable you to select all
methods.
2. In the black case
titled "arama bölümü" write as many dorks as you like at the
same time. For example, if I want to hack an Israeli website using Joomla or
Wordpress, I would use the following dorks:
For Joomla
site:il
com_user.israel
site:il option=
site:il templates/beez/
site:il template/atomic
site:il com_user.shalom
site:il com_user.shalit
For Wordpress
site:il wp-content
site:il powered by
wordpress
site:il
wp-content/themes
site:il
wp-content/plugins
site:il ?p=
wordpress
3. Click on the tab next
to Ayarlar, named Tarama and click on "Taramaya Başla".
When the search ends, hit Kaydet and save it as a text file. It is important to do so because you are going to need it later on.
4. Now, we will use
our favourite and most trusted Cracking App to get 'cracking' on your
chosen website. The app that we shall use is EksenAtak v1.2.
5. Open EksenAtak and hit
on either WordPress or Joomla, depending on which site you are willing to victimise.
For this purpose you will need to use a wordlist.
6. Click on "şifre
kelimelistesi" to select your password list and hit "site ekle"
to select the websites that we found through the Search Engine.
7. Click on "Başla" to
start attacking the websites.
Please click here to download both
the programs used above. The folder includes a password list highly recommended
to tryout.
Cheers!
About The Author
This article was written Sindhia Javed Junejo, We would like to thank Mauritania Attacker for providing sceenshots and demonstration of the attack.
About The Author
This article was written Sindhia Javed Junejo, We would like to thank Mauritania Attacker for providing sceenshots and demonstration of the attack.
Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .
Kindly Bookmark it and Share it with Friends:
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$
3 comments :
Hey great tutorial but is there english version of these tools available ? or please tell which language is it, so that I can convert it in English to further exploit the tool's capabilities.
What is the password list? not getting this point
It's Turkish.