Difference between revisions of "Wordpress Fingerprinting"

Revision as of 04:55, 12 March 2012

We have more tools coming soon! Look forward to Chimera Live CD.

These are the offensive security tools developed by our wiki staff.

Vanguard - web application vulnerability testing engine written in Perl Jynx2 - A second version of the classic LD_Preload Jynx Rootkit written in C Bleeding Life - PHP and MySQL powered web browser buffer overflow exploit pack GScrape - Perl based google scraper for finding vulnerable websites Kolkata - Configurable web application fingerprinting engine using file checksums written in Perl Lfi_autopwn.pl - automatically spawn a shell using a File inclusion exploit, written in Perl. MySql 5 Enumeration - automatically map the contents of a remote database given a URL vulnerable to SQL injection, written in Perl Social Network Forgery Utility - Rickroll your friends with this PHP content forgery generation utility.

Wordpress comes bundled with the tinymce.js plug-in. Because this code changes every wordpress release, we are able to use its md5sum to determine a wordpress version against a target site. A perl script is below.

!/usr/bin/perl

use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Response; use Digest::MD5 qw(md5_hex);

my $domain = shift || die "No domain provided.\n";

my %ver_hash = (

 'a306a72ce0f250e5f67132dc6bcb2ccb' => '2.0',
 '4f04728cb4631a553c4266c14b9846aa' => '2.1',
 '25e1e78d5b0c221e98e14c6e8c62084f' => '2.2',
 '83c83d0f0a71bd57c320d93e59991c53' => '2.3',
 '7293453cf0ff5a9a4cfe8cebd5b5a71a' => '2.5',
 '61740709537bd19fb6e03b7e11eb8812' => '2.6',
 'e6bbc53a727f3af003af272fd229b0b2' => '2.7,2.7.1',
 '56c606da29ea9b8f8d823eeab8038ee8' => '2.8.5',
 '128e75ed19d49a94a771586bf83265ec' => '2.9.1,3.0.0',
 '0711a6aa3862ac0dd2f9ef1a3d26f809' => '3.0.1 - 3.0.6',
 '1786644689f0495f07d5ae1737395108' => '3.1.1 - 3.1.4',
 'b2c6b6d221c816948248b453046355eb' => '3.2 / 3.2.1',
 'c67211f73b63e773e626127aa95338c2' => '3.1',
 'a57c0d7464527bc07b34d675d4bf0159' => '3.2.1',
 '6c6895e2d8b7fc2ffcf17fedac81c7e8' => 'Wordpress.com 2011-9-2',
 '9754385dabfc67c8b6d49ad4acba25c3' => '3.3.1'
 );

my $js = "/wp-includes/js/tinymce/tiny_mce.js"; my $fullurl = sprintf("http://%s%s", $domain, $js);

my $digestobj = Digest::MD5->new; my $ua = new LWP::UserAgent;

my $content; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10"); my $req = new HTTP::Request GET => "$fullurl"; my $res = $ua->request($req); print "\nRequesting\t$fullurl\n"; if ($res->is_error) {

 print $res->status_line;

} if ($res->is_success) {

 $content = $res->content;
 my $md5 = $digestobj->add("$content");
 my $final = $md5->hexdigest;
 print "MD5:\t\t$final\n";
 print "Version:\t$ver_hash{$final}\n\n";

} </syntaxhighlight>

Wordpress Fingerprinting
is part of a series on

Web applications

Visit the Web applications Portal for complete coverage.

Revision as of 22:10, 2 March 2012 (view source) User (Talk \| contribs) (Added version 3.3.1) ← Older edit		Revision as of 04:55, 12 March 2012 (view source) LashawnSeccombe (Talk \| contribs) Newer edit →
Line 1:		Line 1:
−	{{info\|Wordpress comes bundled with the tinymce.js plug-in. Because this code changes '''every''' wordpress release, we are able to use its [[Cryptography\|md5sum]] to determine a wordpress version against a target site. A [[perl]] script is below.}}	+	{{InHouse}}{{info\|Wordpress comes bundled with the tinymce.js plug-in. Because this code changes '''every''' wordpress release, we are able to use its [[Cryptography\|md5sum]] to determine a wordpress version against a target site. A [[perl]] script is below.}}

	<syntaxhighlight lang="perl">		<syntaxhighlight lang="perl">

Difference between revisions of "Wordpress Fingerprinting"

Revision as of 04:55, 12 March 2012

Navigation menu

Views

Personal tools

Wiki

Community

Search

Tools