Setting up Tor on BackTrack
I was playing around with getting wpscan to run through the Tor network so I needed to setup Tor (from source) and Privoxy on BackTrack. These are the steps I took to setup Tor and Privoxy on Backtrack 5 R1. (wpscan does not yet support scanning through the Tor network)
I am no Tor expert and there are probably easier/better ways of doing this.
Installing Tor (Anonymous SOCKS proxy):
$apt-get install libssl-dev
$wget https://www.torproject.org/dist/tor-0.2.2.32.tar.gz
$tar -xzvf tor-0.2.2.32.tar.gz
$cd tor-0.2.2.32
$chmod +x configure
$./configure && make && src/or/tor
WordPress CD
I needed a research environment to help develop WPScan so I put together a VirtualBox virtual machine with every WordPress release installed (not including MU or BETA/Candidates). The download, untar and database creation was all automated. The manual bit was installing them all.
Installed are the following versions of WordPress:
wordpress-0.71-gold
wordpress-1.0-platinum
wordpress-1.0.1-miles
wordpress-1.0.2-blakey
wordpress-1.2-delta
wordpress-1.2-mingus
wordpress-1.2.1
wordpress-1.2.2
wordpress-1.5-strayhorn
wordpress-1.5.1.1
wordpress-1.5.1.2
wordpress-1.5.1.3
wordpress-1.5.1
wordpress-1.5.2
wordpress-2.0.1
wordpress-2.0.10
read more…
BSidesLondon HNN Videos
20th of April 2011 was the first BSides held in London, BSidesLondon.
Before the event I had been speaking to Space Rouge of HNN about getting HNN content on Boxee. I said I would be attending BSidesLondon and volunteered my time to do some recording for them. This would involve some ‘promos’, interviews and general conference footage.
I was working at InfoSecurity Europe 2011 on the same day. My boss had kindly allowed me to attend the first half of BSidesLondon as long as I worked the second half of the day at InfoSecurity Europe.
After BSidesLondon I sent my footage to HNN for them to edit into an episode of ‘Behind the Firewall’. I asked on a couple of occasions if they had chance to put an episode together out of my footage. The last time I asked, last week, I was told that HNN would be shutting down and that my footage would not be used.
Instead of letting the footage go to waste I thought I would stick the unedited interviews on YouTube and share them with you all.
Did lulzsec expose your friends password?
I assume you have all heard about Lulzsec over the past few months so I will not go into their backstory and instead get straight to the point.
Yesterday, 26th June 2011, they released their last data dump on ThePirateBay (TPB) containing usernames and passwords from a few different sources. One of those sources was hackforums.net, I myself had registered here once upon a time. Luckily I had signed up with a disposable password. It turns out however that, yes, that password was leaked in the final lulzsec data dump.
The data dump has now been removed from TPB due to some of the files allegedly being infected with malware. So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/
Introducing WPScan – WordPress Security Scanner
After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan.
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.
Features include:
- Username enumeration (from ?author)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (todo)
- Plugin vulnerability enumeration (based on version) (todo)
- Other miscellaneous checks
