WPSEC article: Cracking WordPress Passwords with John the Ripper
- This topic is empty.
-
AuthorPosts
-
June 6, 2024 at 8:59 am #25179
Gregory
Guestmakes it look way too easy to crack WP passwords
June 6, 2024 at 9:00 am #25180Edward
Guestomg
Now that we have the hashes, we can use a password-cracking tool called John the Ripper (john) to crack it. It comes pre-installed on Kali Linux and is available in most other Linux distros via their package managers (e.g. apt install john). Unfortunately, the john package shipped with apt in Ubuntu and Debian are incomplete (they are not the jumbo version which includes support for everything), so you might have better luck running it with Docker on non-Kali distros.
June 6, 2024 at 9:00 am #25181Ruth
Guestoh great….. here come the Kali Linux stans
June 6, 2024 at 9:04 am #25182Helen
GuestDoesn’t WordPress still use basic MD5 hashing for user passwords in Mysql? might be part of the problem?
June 6, 2024 at 9:53 am #25183Madison
Guestyou might have better luck running it with Docker on non-Kali distros.
Imagine being a hackzor and running Docker to crack passwords lmaooo
June 6, 2024 at 9:55 am #25184June 23, 2024 at 8:06 pm #25373June 23, 2024 at 8:37 pm #25375Angela
GuestI thought WP Core was moving to bcrypt for passwords
August 4, 2024 at 8:12 am #25810Joshua
GuestWhy Does WordPress Continue to Use MD5?
Rewind the tape a bit, and you’ll see that implementing a strong hashing algorithm into a PHP project wasn’t exactly a walk in the park. However, PHP 5.5 introduced official support for bcrypt, with native functions for both hashing passwords and verifying them during login attempts.WordPress’s hashing mechanism does offer sufficient security at this time. Still, many people argue that keeping it as it is makes no sense given the availability of stronger algorithms that can be implemented without too much hassle.
Yet, WordPress’s development team seems strangely reluctant to make any changes to this particular part of the core. The reason for this is backward compatibility.
WordPress maintains its popularity and continues to grow its market share not only because it’s incredibly versatile and easy to use but also because it will run on just about any hosting platform. Far too many people use legacy systems to build new projects, and many existing websites run in woefully outdated hosting environments.
2023 article
September 24, 2024 at 1:52 am #26629Joe
Guestmy blog is hacking, so i suggest you use strong password. wuwu
if you use google password , it is very safeSeptember 24, 2024 at 1:53 am #26630George
Guestmy blog is hacking, so i suggest you use strong password. wuwu
if you use google password , it is very safe -
AuthorPosts