We will be using the WPScan utility, which is pre-installed in Kali Linux, for this.
To start:
For help output:
wpscan --hh
To scan for vulnerabilities:
wpscan --url <URL>
Where you need to specify the address of the tested site instead of <URL>
The utility will start scanning the site and displaying the results
For example, the utility displays information that the wp-cron file is only 60% protected and displays links to exploitation examples
If the program failed to obtain user info, it can be done using a more aggressive method
wpscan --url <URL> -enumerate u
Knowing the username, you can try to guess the password.
But before that, let's see if there are any protective plugins against this type of attack. To do this, go to the admin panel (URL/wp-admin) and enter random data 5 times. If there are no restrictions on input, we can start the attack
wpacan --url <URL> -P <dictionary file> -U <user>
(How to easily create a dictionary file can be found here.)
In case of a successful brute force, the password will be displayed in the terminal.
