Blog Archive

Total Pageviews

Followers

Powered by Blogger.

Hakarak halo osan liu husi internet?

Hakarak halo osan liu husi internet?
Clique iha ne'e no visita pagina refere hodi hetan osan $2
Thursday, April 11, 2013

Saida mak WPScan

6:30 PM | Posted by JF | | Edit Post
Wordpress nudar konteudu managemento systema (CMS) ida ne'ebe que open source, ema barak tebes mak usa Content Management System (CMS) tamba fasil, simples no ita bele aumenta buat barak hodi integra ba iha wordpress nia systema. maibe sei iha vuneravel ne'ebe mai ho wordpress ne'e rasik lui husi plugins, theme no sleuk tan (nst). nota katak vuneravel laos mai deit husi managemento software ne'ebe frakeja, maibe password/autentikasaun mos asuntu importante ida ne'ebe, ema hodi bele tama ba iha systema laran, por ezemplo,, ita tau password bain-bain,, hanesan data moris, fatin moris, doben nia naran, ferik oan nia naran, oan nia naran ou mantan nia naran. iniciu hirak ne'ebe ita usa besik2 ba itema hirak tenik iha leten, fasil hodi ema bele hack. usa tool ida hanaran wpscan.


Saida mak WPScan?
WPScan nudar utility ida ne'ebe use jodi scan website rum a jodi detekta system vuneravel iha ka lae?, tamba utility ne'e check seguransa ba website nian system tomak.

 

Features sira :

  • Username enumeration (husi author querystring ho fatin header)
  • Weak password cracking (multithreaded)
  • Version enumeration (husi generator meta tag no file husi clientes)
  • Vulnerability enumeration (basea ba versaun)
  • Plugin enumeration (normalmente ho total 2220)
  • Plugin vulnerability enumeration (basea ba versaun)
  • Plugin enumeration list generation
  • Other misc WordPress checks (naran theme nian, lista dir , …nst)
 

Installasaun
Maske WPScan mai ho Backtrack 5R1 husi iniciu kedan, maybe hanesan distro Unix/Linuxwe its tenke install rasik.

WPScan ita bele download husi pagina Google Code project's, maybe tuir hau nian hanoin its installa husi SVN ne'e 'uptodate' nian.

Software exigencia/dependencias :

  • ruby (mai husi inicio sedan iha distro unix, dal a ruma :p, tamba hau koko iha tiha ona
  • subversion (ba svn-ing nian)
  • libcurl4-gnutls-dev
  • libopenssl-ruby
  • some ruby packages : thypoeus ho xml-simple
 

Installa dependencias (ba debian ho debian based)

  • sudo apt-get install libcurl4-gnutls-dev
  • sudo apt-get install libopenssl-ruby
  • sudo gem install typhoeus
  • sudo gem install xml-simple

ba Ubuntu 12.04, installa ruby-nokogiri (credito ba iha realloc )

  • sudo apt-get install ruby-nokogiri
 

Atu installa husi read-only SVN :
svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only
depois hetan source husi SVN amd no mos deps, ita bele use deit pontu(titik) reduzir (garis miring)
 

cd wpscan-read-only
./wpscan.rb
 
Usa lais nian

Ba enumeration basiku nian:
./wpscan.rb --url http://www.example.com
 

ba plugin enumeration nian:
./wpscan.rb --url http://www.example.com --enumerate p
 

Brute-Forcing:
./wpscan.rb --url http://www.example.com --wordlist wordlist.lst --username admin
 

code sir a iha leten esplika katakhttp://www.exampe.com its halo dadauk brute-forcing admin nudar username no usa password husi wordlist.lst hanesan wordlist/dictionariu.

Tested by JF

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Home | About Us! | Contact Us!

Copyright © 2012. All Rights Reserved.

Designed by CyberTimor.