Showing posts with label cracking. Show all posts
Showing posts with label cracking. Show all posts

Tuesday, 25 April 2017

Kali Linux 2017.1 released

Download Kali Linux

Kali Linux 2017.1 rolling release is finally available to download. It brings with a bunch of exciting updates and features. Like all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools. But this release has a few more surprises.

  • Support for RTL8812AU Wireless Card Injection
  • Streamlined Support for CUDA GPU Cracking
  • Amazon AWS and Microsoft Azure Availability (GPU Support)
  • OpenVAS 9 Packaged in Kali Repositories
Please click here to download Kali Linux.
Posted by at 5 comments:
Labels: , ,

Wednesday, 1 May 2013

WPScan in Kali Linux

WPScan is a WordPress vulnerability scanner written in ruby, which is capable of detecting common security vulnerabilities as well as listing all plugins used by a website hosting WordPress. WPScan is pre-installed in Kali Linux. 

WPscan is a nice tool if you want to find out how to exploit a WordPress site as it does all of this:
  • Username enumeration (Checks the ‘author’ query-string and the location header).
  • Weak password cracking (This can be multi-threaded and supplied a password list of your choosing).
  • Version enumeration (Finds what version of WordPress they are running by checking meta tags and client side files).
  • Vulneralbility enumeration (Based on what version they are running).
  • Timbthumb file enumeration (Checks for Timthumb exploit).
  • Plugin enumeration (See what plugins they are running).
  • Plugin vulneralbility enumeration (Tells you which, if any, plugins are vulnerable to exploits).
  • Theme enumeration (What theme are they running. Sometimes you can find exploits in the theme).
  • Readme.html enumeration (Sometimes can be useful because you will see what is needed for that theme. Helps you find out what they are running. E.G. “This theme require PHP 5″).
  • Directory listing (Helps footprint the WordPress installation).
To start WPScan, click on Applications--> Kali Linux--> Web Applications--> Web Vulnerability Scanners--> wpscan

Now, to scan for wordpress plugin to exploit, let pickup any wordpress plugin, ex.: http://www.cretan-snails.com. Type
root@kali:~# ruby /usr/bin/wpscan --url http://www.cretan-snails.com in the root terminal window;

(A)


 (B)

From the above screenshots, we found that there is 1 vulnerability and 13 plug-ins from passive detection. To find Wordpress usernames, type root@kali:~# wpscan --url http://www.cretan-snails.com --enumerate user

 (C)


 (D)

The above screenshot reveals that there 10 Wordpress usernames from http://www.cretan-snails.com
Posted by at 2 comments:
Labels: , , , , , , ,
Location: Kolkata, West Bengal, India