Recent
[Video] WPScan and Metasploit’s Meterpreter
Video demonstrating the PoC of WPScan using Metasploit’s meterpreter to exploit a vulnerable WordPress plugin.
WPScan and Metasploit’s Meterpreter from ryan dewhurst on Vimeo.
Setting up Tor on BackTrack
I was playing around with getting wpscan to run through the Tor network so I needed to setup Tor (from source) and Privoxy on BackTrack. These are the steps I took to setup Tor and Privoxy on Backtrack 5 R1. (wpscan does not yet support scanning through the Tor network)
I am no Tor expert and there are probably easier/better ways of doing this.
Installing Tor (Anonymous SOCKS proxy):
$apt-get install libssl-dev
$wget https://www.torproject.org/dist/tor-0.2.2.32.tar.gz
$tar -xzvf tor-0.2.2.32.tar.gz
$cd tor-0.2.2.32
$chmod +x configure
$./configure && make && src/or/tor
WordPress CD
I needed a research environment to help develop WPScan so I put together a VirtualBox virtual machine with every WordPress release installed (not including MU or BETA/Candidates). The download, untar and database creation was all automated. The manual bit was installing them all.
Installed are the following versions of WordPress:
wordpress-0.71-gold
wordpress-1.0-platinum
wordpress-1.0.1-miles
wordpress-1.0.2-blakey
wordpress-1.2-delta
wordpress-1.2-mingus
wordpress-1.2.1
wordpress-1.2.2
wordpress-1.5-strayhorn
wordpress-1.5.1.1
wordpress-1.5.1.2
wordpress-1.5.1.3
wordpress-1.5.1
wordpress-1.5.2
wordpress-2.0.1
wordpress-2.0.10
read more…
Did lulzsec expose your friends password?
I assume you have all heard about Lulzsec over the past few months so I will not go into their backstory and instead get straight to the point.
Yesterday, 26th June 2011, they released their last data dump on ThePirateBay (TPB) containing usernames and passwords from a few different sources. One of those sources was hackforums.net, I myself had registered here once upon a time. Luckily I had signed up with a disposable password. It turns out however that, yes, that password was leaked in the final lulzsec data dump.
The data dump has now been removed from TPB due to some of the files allegedly being infected with malware. So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/
Introducing WPScan – WordPress Security Scanner
After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan.
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.
Features include:
- Username enumeration (from ?author)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (todo)
- Plugin vulnerability enumeration (based on version) (todo)
- Other miscellaneous checks
