Wordlist is, as the name suggests, is a list of words/phrases containing possible passwords of a user. It is one of the most important tools for use in Ethical Hacking, because passwords can act as the first line of defense against hackers, both ethical and nonethical. Having a strong and unpredictable password is very important to minimize the risk of your password being included in the wordlist, because once hackers find a match between your password and an entry in the wordlist, it means your password has been compromised. Wordlists can be downloaded from many sources, such as github, and can even be combined into a single list. However, that wasn’t the case when we conducted our first stage of Final Project. Instead, we input a command wpscan –url http://wp1.pentest.id –wordlist /root/Desktop/wordlist.txt –username adminwp

Now wpscan is, as we have mentioned, a tool to find a match between the password and an entry in the wordlist. So roughly, the command above can be interpreted as “Find a password match from this website (wp1.pentest.id) under username adminwp”. The above command produces the following output:

Now you’ve got a set of possible passwords, and the password turns out to be “akusayangkamu”.

Written by Adrian Alexander and Charottama Oshmar