Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to hack / exploit any wordpress site using WPScan
#1
[Image: wpscan_logo_407x80.png]


Installing dependencies on Ubuntu
Code:
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev

[/url]Installing dependencies on Debian
Code:
sudo apt-get install gcc git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev

Installing dependencies on Fedora
Code:
sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build

Installing dependencies on Arch Linux
Code:
pacman -Syu ruby
pacman -Syu libyaml

Installing dependencies on Mac OSX
Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775...-gem-error
Installing with RVM (recommended)
If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information: [url=https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal]https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
Code:
# Install all prerequisites for your OS (look above)
cd ~
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
rvm install 2.3.3
rvm use 2.3.3 --default
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler
bundle install --without test




Do 'non-intrusive' checks...
Code:
ruby wpscan.rb --url www.example.com

Do wordlist password brute force on enumerated users using 50 threads...
Code:
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...
Code:
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Enumerate installed plugins...
Code:
ruby wpscan.rb --url www.example.com --enumerate p

Run all enumeration tools...
Code:
ruby wpscan.rb --url www.example.com --enumerate

Use custom content directory...
Code:
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content

Update WPScan's databases...
Code:
ruby wpscan.rb --update

Debug output...
Code:
ruby wpscan.rb --url www.example.com --debug-output 2>debug.log
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)