Jordan Lee

Enumerating a WordPress 4.6 Server: A Beginner’s Guide

Published 2 days ago10 min read4 comments
image
Image Credit: unsplash.com

WordPress is one of the most popular content management systems on the web, but its popularity also makes it a prime target for attackers. Today, we’ll be diving into the basics of enumerating a WordPress 4.6 server – a crucial step in understanding potential vulnerabilities.

Disclaimer

This post is for educational purposes only. Always obtain proper authorization before performing any kind of security testing or enumeration on a system that you do not own. Unauthorized access or scanning can be illegal and unethical.

Why Enumerate WordPress?

Enumeration is the process of gathering information about a target system to identify potential attack vectors. In the context of a WordPress 4.6 server, enumeration helps us:

  • Identify user accounts (for potential brute force attacks)
  • Discover installed plugins and themes (which may have vulnerabilities)
  • Gather version information to check for known exploits

We will be enumerating a Wordpress 4.6 machine on Hexcade Arena for this blog.

Tools You’ll Need

Before we get started, here are some tools that will make the process easier:
  • WPScan – A powerful WordPress vulnerability scanner.
  • Nmap – A network scanner for port and service discovery.
  • Browser DevTools – For manual inspection of source code.

Step 1: Initial Reconnaissance with Nmap

Before diving into WordPress-specific enumeration, let's first scan the server to discover open ports and services.

							
nmap -sV -Pn -p 80,443 10.0.3.6

This scan checks for HTTP and HTTPS services, which are typical for WordPress sites. Look for versions of web servers like Apache or Nginx that could provide more insight into potential vulnerabilities.

You should get the following result:

							
...
PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.7 ((Ubuntu))
...

Upon visiting the site, we can see a default wordpress installation.

Step 2: Wordpress Enumeration with wpscan

Knowing the WordPress version is crucial as older versions, like 4.6, often have known vulnerabilities. There are a few ways to find this:

WPScan is the go-to tool for WordPress enumeration. If you haven’t installed it, do so using:

							
sudo apt install wpscan

Then, run a base scan with:


wpscan --url http://10.0.3.6

You should get the following results:

As you can see, based on the scan we have found that this Wordpress is using a version 4.6.