WPSEC article: Cracking WordPress Passwords with John the Ripper

This topic is empty.

Viewing 8 posts - 1 through 8 (of 8 total)

Author

Posts
June 6, 2024 at 8:59 am #25179 Reply

Gregory
Guest

makes it look way too easy to crack WP passwords

https://blog.wpsec.com/cracking-wordpress-passwords/

June 6, 2024 at 9:00 am #25180 Reply

Edward
Guest

omg

Now that we have the hashes, we can use a password-cracking tool called John the Ripper (john) to crack it. It comes pre-installed on Kali Linux and is available in most other Linux distros via their package managers (e.g. apt install john). Unfortunately, the john package shipped with apt in Ubuntu and Debian are incomplete (they are not the jumbo version which includes support for everything), so you might have better luck running it with Docker on non-Kali distros.

June 6, 2024 at 9:00 am #25181 Reply

Ruth
Guest

oh great….. here come the Kali Linux stans

June 6, 2024 at 9:04 am #25182 Reply

Helen
Guest

Doesn’t WordPress still use basic MD5 hashing for user passwords in Mysql? might be part of the problem?

June 6, 2024 at 9:53 am #25183 Reply

Madison
Guest

you might have better luck running it with Docker on non-Kali distros.

Imagine being a hackzor and running Docker to crack passwords lmaooo

June 6, 2024 at 9:55 am #25184 Reply

Larry
Guest

GoDaddy had malware on their servers for years and didn’t know it

June 23, 2024 at 8:06 pm #25373 Reply

Philip
Guest

What’s up with “Thai Visa Centre” and their hacker boss Chad

June 23, 2024 at 8:37 pm #25375 Reply

Angela
Guest

I thought WP Core was moving to bcrypt for passwords
Author

Posts