Default paths:
index.php
license.txt
contains useful information such as the version WordPress installed.wp-activate.php
is used for the email activation process when setting up a new WordPress site.- Login folders (may be renamed to hide it):
/wp-admin/login.php
/wp-admin/wp-login.php
/login.php
/wp-login.php
xmlrpc.php
is a file that represents a feature of WordPress that enables data to be transmitted with HTTP acting as the transport mechanism and XML as the encoding mechanism. This type of communication has been replaced by the WordPress REST API.The
wp-content
folder is the main directory where plugins and themes are stored.wp-content/plugins/
directory with the installed pluginswp-content/uploads/
Is the directory where any files uploaded to the platform are stored.wp-includes/
This is the directory where core files are stored, such as certificates, fonts, JavaScript files, and widgets.
Examples: [[Backdoor#^34b6a9]] [[Backdoor#^11157a]]
WPScan
For a thorough scan, we will need to provide the URL of the target (–url) and configure the enumerate option (–enumerate) to include “All Plugins” (ap), “All Themes” (at), “Config backups” (cb), and “Db exports” (dbe).
1
wpscan --url sandbox.local --enumerate ap,at,cb,dbe
Aggresive Mode
1
wpscan --url http://example.com/ --plugins-detection aggressive
Brute Force
1
wpscan --url http://locker.ptd/ -U MB6zE2vkSCV -P /usr/share/wordlists/rockyou.txt
You can also add your API Token from wpscan directly by creating a user account to do so, you need to pass the
--api-token
parameter.