close

Slick­Stack

July 2024 promo! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx

WPSEC article: Cracking WordPress Passwords with John the Ripper

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #25179 Reply
    Gregory
    Guest

    makes it look way too easy to crack WP passwords

    https://blog.wpsec.com/cracking-wordpress-passwords/

    #25180 Reply
    Edward
    Guest

    omg

    Now that we have the hashes, we can use a password-cracking tool called John the Ripper (john) to crack it. It comes pre-installed on Kali Linux and is available in most other Linux distros via their package managers (e.g. apt install john). Unfortunately, the john package shipped with apt in Ubuntu and Debian are incomplete (they are not the jumbo version which includes support for everything), so you might have better luck running it with Docker on non-Kali distros.

    #25181 Reply
    Ruth
    Guest

    oh great….. here come the Kali Linux stans

    #25182 Reply
    Helen
    Guest

    Doesn’t WordPress still use basic MD5 hashing for user passwords in Mysql? might be part of the problem?

    #25183 Reply
    Madison
    Guest

    you might have better luck running it with Docker on non-Kali distros.

    Imagine being a hackzor and running Docker to crack passwords lmaooo

    #25184 Reply
    Larry
    Guest
    #25373 Reply
    Philip
    Guest
    #25375 Reply
    Angela
    Guest

    I thought WP Core was moving to bcrypt for passwords

Viewing 8 posts - 1 through 8 (of 8 total)
Reply To: WPSEC article: Cracking WordPress Passwords with John the Ripper

Thanks to our generous sponsors for their support!