I recently came across a pentest that taught me how to perform user enumeration on a WordPress site that is not properly configured. WordPress is a content management system based on PHP and MySQL that is usually used with the MySQL or MariaDB database servers but can also use the SQLite database engine.
I found out that there were two methods on which I could enumerate for users on the clients WordPress website and these methods include user enumeration via REST API in WordPress and also user enumeration via id (author archive).
User Enumeration via REST API
The REST API has a users endpoint that is useful for getting more information about the post authors. Only the authors, therefore the users with a published, publicly-available post are listed. It is generally advised to use only an account with lowered capabilities for posting and commenting on a website. The admin accounts should be used for administrative tasks.
The user’s endpoint for our website is the following:
www.example.com/wp-json/wp/v2/users
this type of enumeration can be avoided by adding the following piece of codes on your snippets to your theme’s function.php file or include them in a custom plugin.
User Enumeration via Author Archive
In many WordPress installations, it is possible to enumerate WordPress usernames through the author archives, including the admin username. To access the author archives, we just need to add author=n (where n equals any integer) as a parameter to the WordPress home page like the following :
httpssss://example.com/?author = 1
The request automatically will be redirected by WordPress to its counterparts:
httpssss:///example.com/author/admin
Using this method we will able to identify all the username by fuzzing the author parameter.
The hacker could perform a password guess or brute-force in order to gain access to your website
This type of enumeration can be avoided by adding the following piece of codes on your snippets to your theme’s function.php file or include them in a custom plugin.
BASH SCRIPTS
after the pentest was over the author decided to create two bash scripts which would be used for user enumeration using both methods and the scripts are as follows
User Enumeration via REST API
User Enumeration via Author Archive
Note: just an emphasis, any malicious use of the codes on this article will not hold the author responsible, contents of this article are for educational purpose only.
Hola always i used to check website posts here early in the morning, because i enjoy to learn more and more. danke
Hello, am happy to hear that your learning from my materials, please do subscribe to be informed every time I post new content on the website
hello there, your site is very good.Following your site.
Hello thank you very much for the kind comment
Hi everyone Thanks for your perѕonal marveⅼous рosting! I really enjoyed reading it, you could be a great author. I will always bookmark your blog ɑnd will eventually come back in the foгeseeable future. I want tօ encourage you to ultimately continue your greɑt writing, have a nice weekend! thank u
woow I don’t know what to say but I really appreciate it a lot for your kind words am speechless