Welcome to the forums! A chance for site members to chat and get help.
You are not logged in.
Pages: 1
So the more I get into this stuff by reading forums, tutorials, videos, challenges etc. the more I'm drawn to keep going and learning as much as possible. I'd like to try some of this stuff in a real world application. A friend of mine has a blog site which is hosted by another friend on his server. I figured it would be the perfect opportunity and he already knows what I'm up to. Only problem is I don't know where to start, obviously due to inexperience but I'd like to have a go at it anyway hopefully with some help from you guys.
I've tried to apply some of the basic stuff from the general challenges but I don't see it going anywhere. I guess what I'm looking for are some ideas to try or to get pointed in the right the direction.
Offline
So your trying to hack a blog hosted on your friends server?
Well, it would be good to see other users recommend here, but a start is always seeing what blog software is running, and if theres any know vulns for it. Or if its his own if it can be injected. And also running Nmap to see what ports are open and what software is running on them.
Site admin
Offline
Looks like its done with Wordpress. Nmap found 11 open ports, not sure how to tell what software is running on them though.
Offline
How about link the site so we can se what its vulnerable to and then give u some hints?
Who Is General Failure And Why Is He Reading My Hard Disk?
Offline
It says in the RULES thread to at no point post the web address which is why I left it out. Thank you for offering to help and PM sent
Offline
Thanks for reading the rules, but if the other site owner is aware of what you are doing then posting a link is fine
Site admin
Offline
Alright cool, the link is http://lovelifelove.com/
Offline
Hmm, since there seems to be nothing else on the site other than wordpress your target is to get into
http://lovelifelove.com/content/wp-login.php
the username is admin, try to think like him for the password, or a brute forcer could be coded.
Site admin
Offline
Think I could try a phishing email or would I have better luck with brute force?
Out of curiosity, did you some how navigate or find the log in page or did you just know the location from experience?
Offline
just knew the location. And yes, trying to phish them would be fun to try. I would send a fake email from wordpress admins
Site admin
Offline
Pages: 1