Source |
AlienVault Blog |
Identifiant |
1219663 |
Date de publication |
2019-07-22 13:00:00 (vue: 2019-07-22 16:01:03) |
Titre |
Prevent Wordpress hacking using this Pen Testing guide |
Texte |
Welcome back to the next edition of “Hacking WordPress”. Find Part 1 if you missed it. Let me start with a PSA message. It is illegal to hack, log in to, penetrate, take over or even hack, a system or network of systems without the explicit permission of the owner. Criminal hacking is illegal and punishable under Federal Law. I am describing methods to learn more about WordPress so you can protect your sites better.
The Computer Fraud and Abuse Act of 1986, enacted into law today as United States Code Title 18 Section 1030, is the primary federal law governing cybercrime in the United States today. It has been used in such famous cases as the Morris Worm and in the prosecution of notorious TJX hacker Albert Gonzalez.
Stress testing your own Wordpress site with penetration testing
Now, in this edition we are going to use Kali Linux and WPScan to run a few commands against a WordPress site built in the lab for testing purposes. In the last episode I told you about Bitnami. They provide a fully virtualized version of WordPress in an .ovf format, which is ready to spin up with VMWare ESXi server. You can find the download here: https://bitnami.com/stacks
In this episode we are going to pen test a WordPress site for a couple of things. These will not give us access to the site but would be more around reconnaissance of the site. Recon will tell you a lot about a site and its security. Once you find out basic information, it’s easier to move on to deeper penetration efforts and possibly even breaching the site through a brute force attack.
How to find your Wordpress vulnerabilities
First you must prepare your instance of WPScan on Kali Linux to ensure you have the latest scan patterns, definition and updates to plug-ins and templates, as these updates will contain information about weaknesses and exploits within the assorted accessories that work with WordPress.
When you run the command below the output below that is what you should get in your Kali Linux terminal screen.
root@kali:~# wpscan --update
WordPress Security Scanner by the WPScan Team
Version 3.3.1
Sponsored by Sucuri - [url=https://sucuri.net
]https://sucuri.net
[/url]; @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________
[i] Updating the Database ...
[i] Update completed.
This command runs a basic scan of the website, in this case the IP address. You can run this command with the FQDN if you prefer. I am running this with IP because it’s in the lab.
root@kali:~# wpscan --url 10.25.100.22
WordPress Security Scanner by the WPScan Team
Version 3.3.1
Sponsored by Sucuri - [url=https://sucuri.net
]https://sucuri.net
[/url]; @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________
[+] URL: [url=http://10.25.100.22/
]http://10.25.100.22/
[/url];[+] Started: Tue Jun 25 23:59:58 2019
Interesting Finding(s):
The interesting finding here are that the we |
Envoyé |
Oui |
Condensat |
'/root/downloads/dictionary/user 'version: happy /url 0
00:00:00 00:00:00
00:00:03 00:00:04 00:01:32 00:11:00 00:23:19 00:24:51 1
1' 100 13
167 2019 2019
2019
interesting 22/
22/wp 3069
51
875 984 :
@erwan @ethicalhack3r above activity actually against aggressive all all
all
root@kali:~# almost also apache
api apis application application’s are areas article aspects assigned attack author back backups backups
based basic below best blog brute build but by: by:
can case check checking code command commands company compares complicated concludes confidence confidence: config confirmed content content/themes/twentynineteen/style cooler could created css data database deal deeper default deleted designers detected detection developers dictionary dictionary' dig directory done: duplicate e effectively elapsed entries:
enumerated enumerating episode episodes error every everything expect exploit exploits familiarized file find finding finished: firefart fodder forcing found from functionalities future generator generic get gold good great guide hacking has have headers here http://10 https://sucuri identified:
ids images including information injections interesting json json/wp/v2/users/ jun just lab like list login lot make managed many match: matter mb
meat memory messages minutes mod more move much nature need net
new next not nothing numbers obfuscate often only open opportunity page pages pagespeed: particular passive password pattern pen penetrate performed phishing php/7 plugin plugins plugins
plus point poor populated post posts powered practice practices pretty prevent previously print printed production provide published pwn ran really recon reconnaissance reduce redundancy replace requests reviewing root@kali:~# rss run same save scan scanner scanning security see server server: setup several should showing site snippets some soon source space sponsored spoofing standardized started: stored style success such sucuri system team
testing themes then through time: txt unless until updating uploaded url url: url=http://10 url=https://sucuri use used: user user
username usernames users users
using ver=1 version version: vulnerabilities way web website wed which will wordpress working would wpscan |
Tags |
|
Stories |
|
Notes |
|
Move |
|