WPForce Fundamentals Course
Welcome to WPForce Fundamentals's Online training with live Instructor using an interactive cloud desktop environment DaDesktop.
Experience remote live training using an interactive, remote desktop led by a human being!
This instructor-led live training is designed to provide participants to gain mastery on wpforce fundamentals. You will learn the fundamentals of wpforce fundamentals and with greater emphasis on the functionality and application to your work or study.
WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules. For more information, visit the blog post here: https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/ Blogs in other languages: Chinese - www.mottoin.com/100381.html Portuguese - http://www.100security.com.br/wpforce/ Spanish - http://www.1024megas.com/2017/05/wpforce-fuerzabruta-postexplotacion.html
https://esgeeks.com/como-hackear-sitio-wordpress-con-wpforce/ Russian - https://hackware.ru/?p=2547 French - https://securityhack3r.info/wpforce-brute-force-attack-tool-wordpress/ Turkish - http://turkhackteam.org/web-server-guvenligi/1655005-wordpress-site-sizma-testi-part-1-a.html
- Brute Force via API, not login form bypassing some forms of protection
- Can automatically upload an interactive shell
- Can be used to spawn a full featured reverse shell
- Dumps WordPress password hashes
- Can backdoor authentication function for plaintext password collection
- Inject BeEF hook into all pages
- Pivot to meterpreter if needed
Course Category: API Management