[HELP] Find Owner of a Website / Hack WordPress Website

[smokenn]

Hello,

I need a help and a guidance on finding out the true owner of a website.

Website is using Wordpress 4.9.8 (latest version)
Whois doesn't give any interesting information: registrar is namescheap.com, it is protected by cloudflare, hosting provider is: NFORCE, NL.
There aren't any sub-domains (except: www).

I have tried tools such as:
Whois domain analyzer, Nslookup, Nmap, TheHarvester, Metagoofil, DNSRecon, Sublist3r, Wafw00f, WAFNinja, XSS Scanner, WhatWeb, Spaghetti, WPscan, WPscanner, WPSeku, Droopescan, SSLScan, SSLyze, A2SV, Dirsearch
...however I either don't know what to look for, or the information is protected behind namescheap and cloudflare.

None of the wordpress plugins have any known vulnerabilities, he's having all his plugins updated to the latest versions.
Plugins used: contact-form-7, woocomerce, really-simple-ssl, sucuri-scanner, yith-woocomerce-compare, cmb2, wp-slimstat.
Theme used: greenmart by Thembay, v1.6.0.
It does have xmlrpc.php, not renamed, and he does have: wp-config-sample.php not renamed.

he does have these folders exposed to the public:
../wp-includes/
../wp-content/uploads/
../wp-content/plugins/
but I can't find anything useful in there (of course I can't access PHP files to get their content).


My option #1 would be to find who this guy is, because taking down his website may just result in him finding another hosting company and host his website on another place.
Option #2 would be to take down his website (however, ddos-ing on a cloudflare protected website doesn't seem to work for very long). So I guess option #3 would be to find out real IP behind the cloudflare.

Any advice, guidance is more than welcome. I'm not asking you guys to do stuff for me, but to give me directions, I want to learn this stuff on my own.

[oasis]

Hello,

I need a help and a guidance on finding out the true owner of a website.

Website is using Wordpress 4.9.8 (latest version)
Whois doesn't give any interesting information: registrar is namescheap.com, it is protected by cloudflare, hosting provider is: NFORCE, NL.
There aren't any sub-domains (except: www).

I have tried tools such as:
Whois domain analyzer, Nslookup, Nmap, TheHarvester, Metagoofil, DNSRecon, Sublist3r, Wafw00f, WAFNinja, XSS Scanner, WhatWeb, Spaghetti, WPscan, WPscanner, WPSeku, Droopescan, SSLScan, SSLyze, A2SV, Dirsearch
...however I either don't know what to look for, or the information is protected behind namescheap and cloudflare.

None of the wordpress plugins have any known vulnerabilities, he's having all his plugins updated to the latest versions.
Plugins used: contact-form-7, woocomerce, really-simple-ssl, sucuri-scanner, yith-woocomerce-compare, cmb2, wp-slimstat.
Theme used: greenmart by Thembay, v1.6.0.
It does have xmlrpc.php, not renamed, and he does have: wp-config-sample.php not renamed.

he does have these folders exposed to the public:
../wp-includes/
../wp-content/uploads/
../wp-content/plugins/
but I can't find anything useful in there (of course I can't access PHP files to get their content).


My option #1 would be to find who this guy is, because taking down his website may just result in him finding another hosting company and host his website on another place.
Option #2 would be to take down his website (however, ddos-ing on a cloudflare protected website doesn't seem to work for very long). So I guess option #3 would be to find out real IP behind the cloudflare.

Any advice, guidance is more than welcome. I'm not asking you guys to do stuff for me, but to give me directions, I want to learn this stuff on my own.

Sounds fun. But it also sounds like you're out of your depth. A lot of the things you have tried are already illegal and can get you into trouble. My only input would be going to wp-login.php ad guessing the password

Good luck anyway.