Cara mendapatkan Username Website berBasis CMS WordPress dengan WPScan

by Nue Bhandell - 04-30-2016 at 02:38 PM
Staff
Moderators
Posts:
45
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#1
OP
Posted: 04-30-2016, 02:38 PM (This post was last modified: 05-02-2016, 01:04 PM by Nue Bhandell.)
[Image: linus.jpg]
xixixhi, happy sadnight mblo :v akwkwa
udh ramein porum aje awkkwa, moga thread garing ini bermanfaat bebz  :heart:
WPScan ini di gunakan untuk mengetahui username pada CMS Wordpress dan juga bisa mengetahui Password, namun jika ingin mengetahui passwordnya harus mempunyai wordlist nya.

langsung aja deh

Pertama" buka Terminal dan ketik kan

wpscan -u (target) --enumerate u

[Image: 13120487_784689834998705_1965889797_o.pn...e=5729B542]

NB: pada --enumerate u , Huruf "U" itu berarti Username, Jika untuk mencari Password ganti aja dengan Huruf "P".

Selanjutnya tunggu hingga scanning nya selesai.

[Image: 13052536_784689831665372_1432977301_o.pn...e=572981AC]

Jika Sudah selesai akan muncul seperti ini.

[Image: 13091751_784689844998704_388074066_o.png...e=57299EE9]

Disini saya menemukan 5 Username, yaitu
- adminin
- em2ka
- riki
- kartika
- sihono

Selanjutnya bijimana ama password nya o.O ?? seperti yang tadi ane bilang di awal..
dh yee gengs , semoga brmanfaat  :cool:
oke saatnya Nue dan tim katakan mampus cabut dlu
#jemputdoidlu  :cool:


SUMUR
Reply
Find Posts
Junior Member
Posts:
13
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#2
Posted: 05-01-2016, 10:19 AM
langsung di coba
Reply
Find Posts
Junior Member
Posts:
37
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#3
Posted: 05-02-2016, 06:12 AM
Unable to get https://data.wpscan.org/local_vulnerable...xml.sha512 (Timeout was reached)

gan ane dapet warn kaya gitu kenapa ya pas mau update database :/
Reply
Find Posts
Staff
Moderators
Posts:
45
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#4
OP
Posted: 05-02-2016, 01:05 PM (This post was last modified: 05-02-2016, 01:07 PM by Nue Bhandell.)
(05-01-2016, 10:19 AM)ikkeeeh Wrote: langsung di coba

jozz

(05-02-2016, 06:12 AM)./EL-Mueeza_23 Wrote: Unable to get https://data.wpscan.org/local_vulnerable...xml.sha512 (Timeout was reached)

gan ane dapet warn kaya gitu kenapa ya pas mau update database :/

langsung tanya ke grup backbox Linux indonesia aja gan..
maap gan , ane masih awam banget sama warn2. tpi di warn ente itu gagal update, mungkin dari reponya gan.

CMIIW
Reply
Find Posts
Junior Member
Posts:
37
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#5
Posted: 05-03-2016, 05:10 AM
(05-02-2016, 01:05 PM)Nue Bhandell Wrote:
(05-01-2016, 10:19 AM)ikkeeeh Wrote: langsung di coba

jozz

(05-02-2016, 06:12 AM)./EL-Mueeza_23 Wrote: Unable to get https://data.wpscan.org/local_vulnerable...xml.sha512 (Timeout was reached)

gan ane dapet warn kaya gitu kenapa ya pas mau update database :/

langsung tanya ke grup backbox Linux indonesia aja gan..
maap gan , ane masih awam banget sama warn2. tpi di warn ente itu gagal update, mungkin dari reponya gan.

CMIIW

thanks bro
Reply
Find Posts
Junior Member
Posts:
2
Joined:
Aug 2016
Likes:
0
Reputation:
0
2 Year Of Member
#6
Posted: 09-04-2016, 07:26 PM (This post was last modified: 09-04-2016, 07:28 PM by bl4ck5h4d0w. Edit Reason: bad typing )
setau ane sih p bukan password
-Enumerate installed plugins ...
ruby wpscan.rb --url http://www.example.com --enumerate p
p bukan password tapi untuk melihat plugin yang terinstall
untuk password bsa pake wpscan

sudo wpscan --url http://www.blal.bla ---wordlist dir --username admin
cmiiw
Reply
Find Posts
Junior Member
Posts:
2
Joined:
Nov 2016
Likes:
0
Reputation:
0
2 Year Of Member
#7
Posted: 12-10-2016, 03:49 PM
untuk wordlist dapat dari mana bang
Reply
Find Posts
Junior Member
Posts:
2
Joined:
Nov 2016
Likes:
0
Reputation:
0
2 Year Of Member
#8
Posted: 12-14-2016, 04:32 AM
(09-04-2016, 07:26 PM)bl4ck5h4d0w Wrote: setau ane sih p bukan password
-Enumerate installed plugins ...
ruby wpscan.rb --url http://www.example.com --enumerate p
p bukan password tapi untuk melihat plugin yang terinstall
untuk password bsa pake wpscan

sudo wpscan --url http://www.blal.bla ---wordlist dir --username admin
cmiiw

ane pake perintah itu kok gagal mulu ya
Reply
Find Posts
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
2 Guest(s)