7MS #264: Hacking Wordpress
7 Minute Security29 Kesä 2017

7MS #264: Hacking Wordpress

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:

  • --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site

  • --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts

Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

Jaksot(710)

7MS #614: How to Succeed in Business Without Really Crying - Part 16

7MS #614: How to Succeed in Business Without Really Crying - Part 16

How much fun I had attending and speaking at Netwrix Connect Being a sales guy in conference situations without being an annoying sales guy in conference situations A recap of the talk I co-presented ...

8 Maalis 202436min

7MS #613: Tales of Pentest Pwnage – Part 53

7MS #613: Tales of Pentest Pwnage – Part 53

Today's tale of pentest covers: Farming for credentials (don't forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus

1 Maalis 202433min

7MS #612: Pentestatonix - Part 2

7MS #612: Pentestatonix - Part 2

Hello friends, we're still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we've been learning along the way: Snaffler – pairs nicely with PowerHuntShares to ...

25 Helmi 202432min

7MS #611: Pentestatonix

7MS #611: Pentestatonix

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures.  I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share so...

19 Helmi 202434min

7MS #610: DIY Pentest Dropbox Tips – Part 9

7MS #610: DIY Pentest Dropbox Tips – Part 9

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL:   The preseed file got jacked because I had a bad Kali metapackage in it. While...

9 Helmi 202420min

7MS #609: First Impressions of Sysreptor

7MS #609: First Impressions of Sysreptor

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red tea...

2 Helmi 202430min

7MS #608: New Tool Release - EvilFortiAuthenticator

7MS #608: New Tool Release - EvilFortiAuthenticator

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil.  This tool allows you to ...

26 Tammi 202443min

7MS #607: How to Succeed in Business Without Really Crying - Part 15

7MS #607: How to Succeed in Business Without Really Crying - Part 15

Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs....

19 Tammi 202439min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
rss-ootsa-kuullut-tasta
tervo-halme
ootsa-kuullut-tasta-2
politiikan-puskaradio
viisupodi
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-asiastudio
rss-vaalirankkurit-podcast
rss-podme-livebox
linda-maria
the-ulkopolitist
rss-kaikki-uusiksi
rss-tekkipodi
rikosmyytit
rss-mina-ukkola
rss-kuka-mina-olen
rss-raha-talous-ja-politiikka
rss-kyselytunti