I wanted to try working with some more of the Hack the Box lessons this week. The site is more focused on penetration testing. This is still good, as to get a good picture of how threat actors work you want to see how both sides work so that you can start to see indicators of compromise when they are used against a network.
Hack the Box has labs that are specifically set up to hack into and learn various tools so the tool I was learning about today is usual in hacking unprepared WordPress pages.
It uses a tool called gobuster which is designed to read the directories for WordPress pages and display them.
It can use a preprepared wordlist to attempt to find common threads to access.
So the walkthrough takes you through loading the software and running the word list which finds that active admin.php file.
With that, you attempt some basic login information for the user/pass and it grants access.
A fun little experiment and shows the power of tools when it comes to hacking and penetration testing.