This article for training my skill

rei_hunt
2 min readMar 2, 2022

--

Cre : https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017

I often use google dork while pentesting any target

  • I hope everyone know how to use Google Dorks. You guys know that google dorking is playing main role in Hacking

Let start

  • Choose a target and start subdomain enumeration with httpx
  • After done with my subdomain enumeration I have found that one of the subdomain is managed with Wordpress
  • His mind says try to bypass Wordpress login . Let’s turn on Hacker mode
  • Đầu tiên , t sẽ sử dụng wayback urls để xem lại tất cả list URL, OK tìm thấy một url khả nghi
  • example.com/wp-content/uploads/2021/

Oh , nó chặn r .

Và bằng một cách thần kì nào đấy , wordpress lại m khóa endpoint example.com/wp-inc/ và xong , attacker có thể tải file endpoint wordpress về , có wordpress-db đấy , toang luôn

--

--