Dictionary attack on Wordpress: Security and forensic analysis

The effective forensic investigation of a security attack on a web application relies on the forensic readiness of the web application system, supportive forensic tools, and skills of the forensic investigator. Web application forensic readiness incorporates evidence collection by enabling logging and the evidence protection for those log files through techniques such as permission settings in order to retain the integrity. Furthermore, a forensic investigator should have a good comprehension of web application functionality, web server architecture, and web application security issues. This paper focuses on a dictionary attack experiment against Wordpress (a web application) administered by a persona named Peter Quill (a fictitious character). The dictionary attack was able to successfully guess the seven-character password used for the persona´s user account. A set of techniques and tools are critically analysed to determine whether they can be applicable to the experiment scenario. The techniques mostly focus on retrieving the log files from the web server, the application server, the database server, and the web application itself, while the tools deal with collecting, analysing, and presenting the log file data.