Questions about this topic? Sign up to ask in the talk tab.

Wordpress Fingerprinting

From NetSec
Revision as of 03:55, 12 March 2012 by LashawnSeccombe (Talk | contribs)

Jump to: navigation, search
We have more tools coming soon! Look forward to Chimera Live CD.
c3el4.png
These are the offensive security tools developed by our wiki staff.
c3el4.png Wordpress comes bundled with the tinymce.js plug-in. Because this code changes every wordpress release, we are able to use its md5sum to determine a wordpress version against a target site. A perl script is below.

<syntaxhighlight lang="perl">

  1. !/usr/bin/perl

use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Response; use Digest::MD5 qw(md5_hex);

my $domain = shift || die "No domain provided.\n";

my %ver_hash = (

 'a306a72ce0f250e5f67132dc6bcb2ccb' => '2.0',
 '4f04728cb4631a553c4266c14b9846aa' => '2.1',
 '25e1e78d5b0c221e98e14c6e8c62084f' => '2.2',
 '83c83d0f0a71bd57c320d93e59991c53' => '2.3',
 '7293453cf0ff5a9a4cfe8cebd5b5a71a' => '2.5',
 '61740709537bd19fb6e03b7e11eb8812' => '2.6',
 'e6bbc53a727f3af003af272fd229b0b2' => '2.7,2.7.1',
 '56c606da29ea9b8f8d823eeab8038ee8' => '2.8.5',
 '128e75ed19d49a94a771586bf83265ec' => '2.9.1,3.0.0',
 '0711a6aa3862ac0dd2f9ef1a3d26f809' => '3.0.1 - 3.0.6',
 '1786644689f0495f07d5ae1737395108' => '3.1.1 - 3.1.4',
 'b2c6b6d221c816948248b453046355eb' => '3.2 / 3.2.1',
 'c67211f73b63e773e626127aa95338c2' => '3.1',
 'a57c0d7464527bc07b34d675d4bf0159' => '3.2.1',
 '6c6895e2d8b7fc2ffcf17fedac81c7e8' => 'Wordpress.com 2011-9-2',
 '9754385dabfc67c8b6d49ad4acba25c3' => '3.3.1'
 );

my $js = "/wp-includes/js/tinymce/tiny_mce.js"; my $fullurl = sprintf("http://%s%s", $domain, $js);

my $digestobj = Digest::MD5->new; my $ua = new LWP::UserAgent;


my $content; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10"); my $req = new HTTP::Request GET => "$fullurl"; my $res = $ua->request($req); print "\nRequesting\t$fullurl\n"; if ($res->is_error) {

 print $res->status_line;

} if ($res->is_success) {

 $content = $res->content;
 my $md5 = $digestobj->add("$content");
 my $final = $md5->hexdigest;
 print "MD5:\t\t$final\n";
 print "Version:\t$ver_hash{$final}\n\n";

} </syntaxhighlight>



Wordpress Fingerprinting
is part of a series on

Web applications

Visit the Web applications Portal for complete coverage.