Skip to main content

WPScan - WordPress Security Scanner

https://wpscan.com/wordpress-security-scanner

Source code on GitHub: https://github.com/wpscanteam/wpscan

# wpscan --url http://127.0.0.1:8080
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.14
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: http://127.0.0.1:8080/ [127.0.0.1]
[+] Started: Sat Mar 13 09:41:21 2021

Interesting Finding(s):

[+] Headers
 | Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: http://127.0.0.1:8080/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] WordPress readme found: http://127.0.0.1:8080/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://127.0.0.1:8080/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.9.5 identified (Insecure, released on 2018-04-03).
 | Found By: Emoji Settings (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.9.5'
 | Confirmed By: Meta Generator (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'WordPress 4.9.5'

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:01 <===========================================> (22 / 22) 100.00% Time: 00:00:01

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 50 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Mar 13 09:41:32 2021
[+] Requests Done: 47
[+] Cached Requests: 4
[+] Data Sent: 11.353 KB
[+] Data Received: 122.766 KB
[+] Memory used: 193.074 MB
[+] Elapsed time: 00:00:11
#

Brute force password

wpscan --url http://10.10.87.140/wordpress -U elyana -P pass2.txt
...
[!] Valid Combinations Found:
 | Username: elyana, Password: H@ckme@123
...

Practice

>>> THM | Cyber Scotland 2021

>>> THM | Badbyte

>>> THM | Wekor

>>> THM | Internal

>>> THM | Different CTF

Labels:

Popular posts from this blog

Check and install php7.0-mbstring extention on Ubuntu 16.04 and Microsoft Windows

While learning Facebook SDK for PHP I overlooked one of system requirements preventing my code from running on my host. That is The mbstring extension. Facebook SDK for PHP's system requirements Check if mbstring is enabled root@ubuntu001:~# php -a Interactive mode enabled php > echo extension_loaded('mbstring'); php >exit root@ubuntu001:~# apt-cache search php7 | grep mbstring php7.0-mbstring - MBSTRING module for PHP root@ubuntu001:~# Install php7.0-mbstring root@ubuntu001:~# apt-get install php7.0-mbstring Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required:   fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0   libjpeg-turbo8 libjpeg8 libmcrypt4 libtiff5 libvpx3 libxpm4 Use 'apt autoremove' to remove them. The following additional packages will be installed:   libapache2-mod-php7.0 php7.0-cli ph...
Read more

Demistify Buffer Overflow Vulnerability

Collection of articles, blog posts, lectures, tutorials... about Buffer Overflow Vulnerability.
Read more

Linux command: lspci

Linux command: lspci - list pci devices tuyendq@ubuntu001:~$ man lspci NAME        lspci - list all PCI devices SYNOPSIS        lspci [options] DESCRIPTION        lspci is a utility for displaying information about PCI buses in the system and devices connected to them.        By  default,  it  shows a brief list of devices. Use the options described below to request either a more verbose output or output intended for parsing by        other programs.        If you are going to report bugs in PCI device drivers or in lspci itself, please include output of "lspci -vvx" or even better  "lspci  -vvxxx"  (however,        see below for possible caveats).        Some  parts of the output, especially in the highly verbose modes, are probably intelligible only to experienced PCI hac...
Read more