Tag Archives | brute force

WordPress User Enumeration

A common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner. In many WordPress installations it is possible to enumerate usernames through the author archives, (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools. Here […]

Continue Reading

Security Testing WordPress

A couple of wordpress security assessment tools have popped up over the past couple of months, this has to be a good thing with the number of WordPress installations sky-rocketing. First of course there is the HackerTarget.com scan, externally facing and coming in at a fairly high level. The system downloads some of your pages, […]

Continue Reading

Brute Forcing Passwords with ncrack, hydra and medusa

Lets test some password breaking tools. Password’s are often the weakest link in any system. Testing for weak passwords is an important part of security assessments. I am focusing on tools that allow remote service brute forcing. There are also powerful tools available for cracking encrypted password hashes on a local system. The three tools […]

Continue Reading

Metasploit Express Review

Metasploit Express with Ubuntu The purchase of Metasploit by Rapid7 last year and the recent release of Metasploit Express has been big news in the security community. I have finally gotten around to giving it a spin. So what is Metasploit Express? It is a web based front end for Metasploit that provides not only […]

Continue Reading