Saida mak WPScan

Wordpress nudar konteudu managemento systema (CMS) ida ne'ebe que open source, ema barak tebes mak usa Content Management System (CMS) tamba fasil, simples no ita bele aumenta buat barak hodi integra ba iha wordpress nia systema. maibe sei iha vuneravel ne'ebe mai ho wordpress ne'e rasik lui husi plugins, theme no sleuk tan (nst). nota katak vuneravel laos mai deit husi managemento software ne'ebe frakeja, maibe password/autentikasaun mos asuntu importante ida ne'ebe, ema hodi bele tama ba iha systema laran, por ezemplo,, ita tau password bain-bain,, hanesan data moris, fatin moris, doben nia naran, ferik oan nia naran, oan nia naran ou mantan nia naran. iniciu hirak ne'ebe ita usa besik2 ba itema hirak tenik iha leten, fasil hodi ema bele hack. usa tool ida hanaran wpscan.

Saida mak WPScan?
WPScan nudar utility ida ne'ebe use jodi scan website rum a jodi detekta system vuneravel iha ka lae?, tamba utility ne'e check seguransa ba website nian system tomak.

Features sira :

Username enumeration (husi author querystring ho fatin header)
Weak password cracking (multithreaded)
Version enumeration (husi generator meta tag no file husi clientes)
Vulnerability enumeration (basea ba versaun)
Plugin enumeration (normalmente ho total 2220)
Plugin vulnerability enumeration (basea ba versaun)
Plugin enumeration list generation
Other misc WordPress checks (naran theme nian, lista dir , …nst)

Installasaun
Maske WPScan mai ho Backtrack 5R1 husi iniciu kedan, maybe hanesan distro Unix/Linuxwe its tenke install rasik.

WPScan ita bele download husi pagina Google Code project's, maybe tuir hau nian hanoin its installa husi SVN ne'e 'uptodate' nian.

Software exigencia/dependencias :

ruby (mai husi inicio sedan iha distro unix, dal a ruma :p, tamba hau koko iha tiha ona
subversion (ba svn-ing nian)
libcurl4-gnutls-dev
libopenssl-ruby
some ruby packages : thypoeus ho xml-simple

Installa dependencias (ba debian ho debian based)

sudo apt-get install libcurl4-gnutls-dev
sudo apt-get install libopenssl-ruby
sudo gem install typhoeus
sudo gem install xml-simple

ba Ubuntu 12.04, installa ruby-nokogiri (credito ba iha realloc )

sudo apt-get install ruby-nokogiri

Atu installa husi read-only SVN :
svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only
depois hetan source husi SVN amd no mos deps, ita bele use deit pontu(titik) reduzir (garis miring)

cd wpscan-read-only
./wpscan.rb

Usa lais nian

Ba enumeration basiku nian:
./wpscan.rb --url http://www.example.com

ba plugin enumeration nian:
./wpscan.rb --url http://www.example.com --enumerate p

Brute-Forcing:
./wpscan.rb --url http://www.example.com --wordlist wordlist.lst --username admin

code sir a iha leten esplika katakhttp://www.exampe.com its halo dadauk brute-forcing admin nudar username no usa password husi wordlist.lst hanesan wordlist/dictionariu.

Tested by JF

Saida mak WPScan

Posted by JF

Post a Comment

0 Comments

Subscribe Us

Popular Posts

How to use File Server Resource Manager (FSRM)

Adobe Creative Suite 5 Master expire

Etika dan Profesional Information Technology

Facebook

Footer Menu Widget

Saida mak WPScan

Posted by JF

You may like these posts

Post a Comment

0 Comments

Social Plugin

Subscribe Us

Popular Posts

How to use File Server Resource Manager (FSRM)

Adobe Creative Suite 5 Master expire

Etika dan Profesional Information Technology

Facebook

Footer Menu Widget