Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Wordpress Fingerprinting"

From NetSec
Jump to: navigation, search
(Created page with "Wordpress comes bundled with the tinymce.js plug-in. Because this code changes '''every''' wordpress release, we are able to use its md5sum to determine a wordpress version agai...")
(No difference)

Revision as of 20:56, 10 November 2011

Wordpress comes bundled with the tinymce.js plug-in. Because this code changes every wordpress release, we are able to use its md5sum to determine a wordpress version against a target site. A perl script is below. Enjoy.

<syntaxhighlight lang="perl">

  1. !/usr/bin/perl

use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Response; use Digest::MD5 qw(md5_hex);

my $domain = shift || die "No domain provided.\n";

my %ver_hash = (

 'a306a72ce0f250e5f67132dc6bcb2ccb' => '2.0',
 '4f04728cb4631a553c4266c14b9846aa' => '2.1',
 '25e1e78d5b0c221e98e14c6e8c62084f' => '2.2',
 '83c83d0f0a71bd57c320d93e59991c53' => '2.3',
 '7293453cf0ff5a9a4cfe8cebd5b5a71a' => '2.5',
 '61740709537bd19fb6e03b7e11eb8812' => '2.6',
 'e6bbc53a727f3af003af272fd229b0b2' => '2.7,2.7.1',
 '56c606da29ea9b8f8d823eeab8038ee8' => '2.8.5',
 '128e75ed19d49a94a771586bf83265ec' => '2.9.1,3.0.0',
 '0711a6aa3862ac0dd2f9ef1a3d26f809' => '3.0.1 - 3.0.6',
 '1786644689f0495f07d5ae1737395108' => '3.1.1 - 3.1.4',
 'b2c6b6d221c816948248b453046355eb' => '3.2 / 3.2.1',
 'c67211f73b63e773e626127aa95338c2' => '3.1',
 'a57c0d7464527bc07b34d675d4bf0159' => '3.2.1',
 '6c6895e2d8b7fc2ffcf17fedac81c7e8' => 'Wordpress.com 2011-9-2'
 );

my $js = "/wp-includes/js/tinymce/tiny_mce.js"; my $fullurl = sprintf("http://%s%s", $domain, $js);

my $digestobj = Digest::MD5->new; my $ua = new LWP::UserAgent;


my $content; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10"); my $req = new HTTP::Request GET => "$fullurl"; my $res = $ua->request($req); print "\nRequesting\t$fullurl\n"; if ($res->is_error) {

 print $res->status_line;

} if ($res->is_success) {

 $content = $res->content;
 my $md5 = $digestobj->add("$content");
 my $final = $md5->hexdigest;
 print "MD5:\t\t$final\n";
 print "Version:\t$ver_hash{$final}\n\n";

} </syntaxhighlight>