wpscan

All posts tagged wpscan

Good Evening friends. Hope you’re fine. After focusing on Joomla for some time, with this howto I have decided to focus on another popular CMS, that is WordPress. This howto is a pre-prequel to one of my articles on how to hack wordpress right here. This howto will have two other sequels and watch out for some easter eggs in this howto. ( Mind my talk about sequels,prequels and easter eggs, but did I tell you I am a big Marvel fan). Ok, ok, ok. Now let’s begin. The tool we will use here is called WPscan. WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues and also for enumeration. It is by default installed in Kali Linux Sana. Now open a terminal and update our tool by typing command as shown below.

wpscan1

To scan a wordpress website, you have to give the url as shown below. For this howto, I am using a local installation of wordpress as target.  Assign the target as shown below. The scan will start as shown below.

wpscan2

Here are the screenshots of result of this scan. . As you can see we have  13 vulnerabilities in the present installation and the vulnerabilities are given below.

wpscan3

wpscan4

wpscan5

One of the easiest ways to hack a wordpress site is to exploit the plugins installed in the target as most of the wordpress vulnerabilities nowadays exist in the plugins installed on it. So it is very important to enumerate the plugins installed on our wordpress target. We can enumerate the plugins using the “enumerate” option as shown below.

wpscan6

The scan result will be as shown below.( And there you have the first easter egg). So totally we found four plugins. The first one is Ajax Load More Plugin. As the red exclamation mark shows, it is vulnerable and we have seen how to exploit this vulnerability in the sequel I told you about. If you haven’t gone through it, it’s here.

wpscan7

The second plugin is the vulnerable version of Akismet.

wpscan8

wpscan9

The third vulnerable plugin is the WordPress Slider revolution plugin. We will see more about this in our next howto.

wpscan10a

 

 

Another important aspect to find vulnerabilities in the wordpress is its theme.  Now let’s enumerate the theme as shown below. The vulnerabilities present in the theme are given below.

wpscan12

wpscan13

After that let’s enumerate the users in our remote target as shown below.

wpscan14

We can see that the only username in our target. That’s WPscan for you. Hope it was helpful to you and wait for the sequels.

wpscan15