Posted: . At: 9:50 AM. This was 4 years ago. Post ID: 13785
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Retarded website owners are still storing backups of their website online.

by

The Internet is full of website owners who are storing backups of their websites like WordPress online in publically accessible directories. This is very funny. If you want to get their password, then use the Google search below to find backup directories. Then download the *.sql files if you find them.

inurl:"/wp-content/wpclone-temp/wpclone_backup/"

The password hash should look like this.

$P$Bcx8sVyDLJwjHkkWRc4mzXmt8Y7Mn6/

Just crack it with hashcat, or upload to an online password cracking service like this one: https://www.onlinehashcrack.com/. Then you can crack the admin password and then warn the website owner of his misdemeanor. Or just have some fun. Since people are so dumb these days, they deserve it.

This is what you are looking for, the wp_users table. This contains all users on the WordPress website and all password hashes.

DROP TABLE wp_users;
 
CREATE TABLE `wp_users` (
  `ID` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
  `user_login` varchar(60) NOT NULL DEFAULT '',
  `user_pass` varchar(64) NOT NULL DEFAULT '',
  `user_nicename` varchar(50) NOT NULL DEFAULT '',
  `user_email` varchar(100) NOT NULL DEFAULT '',
  `user_url` varchar(100) NOT NULL DEFAULT '',
  `user_registered` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `user_activation_key` varchar(60) NOT NULL DEFAULT '',
  `user_status` int(11) NOT NULL DEFAULT '0',
  `display_name` varchar(250) NOT NULL DEFAULT '',
  PRIMARY KEY (`ID`),
  KEY `user_login_key` (`user_login`),
  KEY `user_nicename` (`user_nicename`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
 
INSERT INTO wp_users VALUES("1","myuser","$P$Bcx8sVyDLJwjHkkWRc4mzXmt8Y7Mn6/","myuser","[email protected]","","2015-05-14 22:21:27","","0","myuser");

This is very easy, sometimes you find entire backups of websites and the archive contains the entire .htaccess setup as well as databases and website configuration. The Internet is a mess right now.

Another cool way to find online website backups to download.

"Index of /backup"

This can yield some nice stuff. it is amazing what you can find with casual Google searches, this goes to show that people will never learn from any mistakes, security is an afterthought in this modern world.


1 thought on “Retarded website owners are still storing backups of their website online.”

  1. Pingback: Focus more on security and safety in 2020. – Securitron Linux blog.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.