Use WPScan to analyze a WordPress site.
- [Instructor] In the Advanced Web Testing Course…we identified that 10.10.10.46 was running…a named website called apocalyst.htb.…This is a WordPress site.…Kali provides a scanner called WPScan…which we can use enumerate this website.…WPScan notes some interesting headers.…It identifies that the XML-RPC.php file is available…for accessing the XML-RPC interface.…
This may be useful, given there are known XML-RPC exploits.…We can see that the Uploads folder has been identified…and that the Includes folder allows directory listing.…The WordPress version is 4.8 and a user account…has been identified falaraki.…18 vulnerabilities relevant to…this WordPress version have been identified.…These may have been patched, but they're a good place…to start for some further testing.…
After the vulnerabilities we can see…that the theme 2017 is used and that it's out of date.…No plugins were found.…WPScan is easy to use, efficient,…and provides a significant amount of early information…to help with the next stage of testing.…
- Using Masscan for rapid full-service scanning
- Passive scanning with Shodan
- Using Nmap scripts
- Scanning with Reconnoitre and Vanquish
- Diagnosing uncommon ports
- Enumerating Drupal, WordPress, and Joomla sites
- Enumerating in the Linux shell
- Using the JAWS PowerShell script
Skill Level Advanced
Penetration Testing: Advanced Kali Linuxwith Malcolm Shore2h 22m Intermediate
Ethical Hacking: Penetration Testingwith Lisa Bock1h 20m Intermediate
Penetration Testing Essential Trainingwith Malcolm Shore2h 29m Intermediate
1. Identifying Services
2. Enumerating Services
3. Enumerating Web Servers
4. Further Enumeration
Enumerating inside Windows4m 41s
What's next1m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.