Skip to main content

WPScan Tutorial (Debian, Ubuntu etc..)



WPScan is a tool to automatically scan Wordpress-Blogs for vulnerabilities. Furthermore it can enumerate user names and carry out bruteforce attacks on accounts associated with the blog.

Link: http://wpscan.org/

Install

sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git
git clone https://github.com/wpscanteam/wpscan.git 
cd wpscan 
sudo gem install bundler && bundle install --without test development

Enumerate vulnerable plugins and themes

  • Plugins  
ruby wpscan.rb --url http://www.wpblog.com --enumerate vp
  • Themes
ruby wpscan.rb --url http://www.wpblog.com --enumerate vt

Get usernames

ruby wpscan.rb --url http://www.wpblog.com --enumerate u

Brute-forcing accounts

Most of the time, user don't chance the default 'admin' username, so you should start here.

ruby wpscan.rb --url www.wpblog.com --wordlist YOURWORDLIST --username admin

You can get an extremely good wordlist here: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

If you have any questions, drop me a line.

Labels:

Comments

  1. Heretic_51521 December 2015 at 03:10

    sudo gem install bundler && bundle install --without test development ------- An error occurred while installing addressable (2.4.0), and Bundler cannot
    continue.
    What's wrong?
    Make sure that `gem install addressable -v '2.4.0'` succeeds before bundling.

    ReplyDelete

Post a Comment

Popular posts from this blog

OsmocomBB - Hardware and Software Setup - Tutorial (Motorola C118)

OsmocomBB is an Open Source GSM Baseband software implementation. By using the sofware on a compatible phone (e.g. Motorola C118), you are able to make and receive phone calls, send and receive SMS, etc. based on Free Software only.       Hardware PL2303HX USB Serial To RS232 TTL Chip 2.5 mm audio jack Motorola C118 (E88) This is a typical pin-out of a 2.5 mm audio jack: L (Left Signal) Tip 1 Green R (Right Signal) Ring 2 Red GND (Ground) Sleeve 3 Bare Copper You need to soldier the 2.5mm audio jack to the USB Serial To RS232 TTL Chip, whereas TxD is at the tip of the plug RxD is at the middle contact GND is the outer contact  Software Connect the phone to your PC and check if it is being recognized. dmesg | grep tty user@user:~$ dmesg | grep tty [    0.000000] console [tty0] enabled [ 6522.143379] usb 3-2: pl2303 converter now attached to ttyUSB0 To make sure everything is working, install cu and c
9 comments
Read more

Scid vs PC installation guide - Ubuntu (Mint, Debian etc.)

Scid vs PC Scid vs PC is definitely the best and most comprehensive chess software for Linux.  Unfortunately I struggled quite a bit to get it up and running. Before I start: You might prefer to watch the video. Otherwise keep on reading. Open a terminal and execute the following commands sudo apt-get install auto-apt build-essential sudo auto-apt update-local sudo auto-apt update sudo auto-apt updatedb Now make sure you got both tcl8.5-dev and tk8.5-dev installed sudo apt-get install tcl8.5-dev tcl8.5 sudo apt-get install tk8.5-dev tk8.5 Some users are reporting problems on Ubuntu 14.04. sudo apt-get install tcl8.6-dev tcl8.6 sudo apt-get install tk8.6-dev tk8.6 libgcj15-dev The 'x' refers to the current release: e.g. 4.9.tgz download scid vs pc: http://sourceforge.net/projects/scidvspc/files/source/scid_vs_pc-4.9.tgz/download tar -xzf scid_vs_pc-4.xx.tgz cd scid_vs_pc-4.x sudo auto-apt run ./configure sudo auto-apt run make sudo auto-apt run make install
36 comments
Read more

Automatically Reconnect WIFI (Debian, Ubuntu etc.)

The Problem For several reason I do not have access to LAN and thus have to rely on WIFI for my mining rigs. It is fine for most of the time, but the shit hits the fan, when the connection drops for one reason or another. The Solution #!/bin/bash wlan=`/sbin/ifconfig wlan1 | grep inet\ addr | wc -l` if [ $wlan -eq 0 ]; then service network-manager restart else echo WIFI IS UP fi Note: It's either wlan0 or wlan1. Check with sudo ifconfig . Save the script and make it executable. sudo chmod +x filename.sh Now there are several ways of making sure that our script is being executed every x minutes. The easiest way of accomplishing that I think is by using the command watch . sudo su watch -n 600 sh filename.sh What it does is execute our filename.sh script every 600 seconds. Or you implement a so called cron job   sudo crontab -e Add the following PATH=/usr/sbin:/usr/bin:/sbin:/bin */5 * * * * sh /home/username/filename.sh */5 * * * * means that
2 comments
Read more