przez

Test strony

Test strony
przez

Nie byłbym sobą, gdybym nie sprawdził, czy moja praca faktycznie działa, dlatego musiałem sprawdzić mój blog przy pomocy programu wpscan. Wystartowałem maszynę wirtualną z zainstalowanym systemem Kali Linux i uruchomiłem konsolę:

{php}root@kali:~# wpscan –url „https://www.skarzyski-bezpiecznik.gpe.pl”{/php} 
     __          _______   _____
     \ \        / /  __ \ / ____|
      \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
       \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
        \  /\  /  | |     ____) | (__| (_| | | | |
         \/  \/   |_|    |_____/ \___|\__,_|_| |_|

     WordPress Security Scanner by the WPScan Team
                     Version 3.7.5
   Sponsored by Automattic - https://automattic.com/
   @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_


[32m[+][0m URL: https://www.skarzyski-bezpiecznik.gpe.pl/
[32m[+][0m Started: Wed Jan  8 14:47:35 2020
Interesting Finding(s):
 | Interesting Entry: server: nginx
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

Powyżej informacja o serwerze www, bez wersji czyli tak jak miało być.

[32m[+][0m https://www.skarzyski-bezpiecznik.gpe.pl/xmlrpc.php
   | Found By: Direct Access (Aggressive Detection)
   | Confidence: 100%
   | References:
   |  - http://codex.wordpress.org/XML-RPC_Pingback_API
   |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
   |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
   |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
   |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  [32m[+][0m This site has 'Must Use Plugins': https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/mu-plugins/
   | Found By: Direct Access (Aggressive Detection)
   | Confidence: 80%
   | Reference: http://codex.wordpress.org/Must_Use_Plugins
  [32m[+][0m https://www.skarzyski-bezpiecznik.gpe.pl/wp-cron.php
   | Found By: Direct Access (Aggressive Detection)
   | Confidence: 60%
   | References:
   |  - https://www.iplocation.net/defend-wordpress-from-ddos
   |  - https://github.com/wpscanteam/wpscan/issues/1299
  [32m[+][0m WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
   | Found By: Query Parameter In Install Page (Aggressive Detection)
   |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-includes/css/dashicons.min.css?ver=5.3.2
   |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-includes/css/buttons.min.css?ver=5.3.2
   |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-admin/css/install.min.css?ver=5.3.2
   | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection)
   |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-includes/css/buttons.min.css?ver=5.3.2
   |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-admin/css/install.min.css?ver=5.3.2

Powyżej udany test na sprawdzenie wersji WordPressa, posiadam 5.3.2

[32m[+][0m WordPress theme in use: rife-free
 | Location: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/
 | Latest Version: 2.4.5 (up to date)
 | Last Updated: 2019-11-18T00:00:00.000Z
 | Readme: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/readme.txt
 | Style URL: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/style.css?ver=2.4.5
 | Style Name: Rife Free
 | Style URI: https://apollo13themes.com/rife/free/
 | Description: Rife Free is a great portfolio and photography WP theme with 7 ready-to-use demo layouts. It is also…
 | Author: Apollo13Themes
 | Author URI: https://apollo13themes.com/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 |
 | Version: 2.4.5 (80% confidence)
 | Found By: Style (Passive Detection)
 | – https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/style.css?ver=2.4.5, Match: ‚Version: 2.4.5’
 [32m[+][0m Enumerating All Plugins (via Passive Methods)
 [34m[i][0m No plugins Found.
 [32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups -: |==================================================|
 [34m[i][0m No Config Backups Found.
 [33m[!][0m No WPVulnDB API Token given, as a result vulnerability data has not been output.
 [33m[!][0m You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
 [32m[+][0m Finished: Wed Jan 8 14:47:45 2020
 [32m[+][0m Requests Done: 23
 [32m[+][0m Cached Requests: 45
 [32m[+][0m Data Sent: 6.029 KB
 [32m[+][0m Data Received: 4.94 KB
 [32m[+][0m Memory used: 163.133 MB
 [32m[+][0m Elapsed time: 00:00:09

Na początku nieźle, a teraz pora na sprawdzenie podatności.

{php}root@kali:~# wpscan –url „https://www.skarzyski-bezpiecznik.gpe.pl” -e{/php} 
………….
[32m[+][0m Enumerating Vulnerable Plugins (via Passive Methods)

[34m[i][0m No plugins Found.

[32m[+][0m Enumerating Vulnerable Themes (via Passive and Aggressive Methods)

Checking Known Locations -: |====================================================================|
[32m[+][0m Checking Theme Versions (via Passive and Aggressive Methods)

[34m[i][0m No themes Found.

[32m[+][0m Enumerating Timthumbs (via Passive and Aggressive Methods)

Checking Known Locations -: |====================================================================|

[34m[i][0m No Timthumbs Found.

[32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups -: |=====================================================================|

[34m[i][0m No Config Backups Found.

[32m[+][0m Enumerating DB Exports (via Passive and Aggressive Methods)

Checking DB Exports -: |=========================================================================|

[34m[i][0m No DB Exports Found.

[32m[+][0m Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to „Plain” for those to be detected)

Brute Forcing Attachment IDs -: |================================================================|

[34m[i][0m No Medias Found.

[32m[+][0m Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs -: |====================================================================|

[34m[i][0m User(s) Identified:

[32m[+][0m Skarzyski Bezpiecznik
| Found By: Author Posts – Display Name (Passive Detection)
………………..

Zatem WordPress nie posiada poddatności w zainstalowanych wtyczkach, nie ma również możliwości enumeracji użytkowników. Pozostaje jedynie poprawić ukrycie wersji WordPressa. Znalazłem taki kod na stronie, który trzeba dodać do pliku functions.php

// remove version from head
 remove_action('wp_head', 'wp_generator');

// remove version from rss
 add_filter('the_generator', '__return_empty_string');
 
// remove version from scripts and styles
 function remove_version_scripts_styles($src) {
     if (strpos($src, 'ver=')) {
         $src = remove_query_arg('ver', $src);
     }
     return $src;
 }
 add_filter('style_loader_src', 'remove_version_scripts_styles', 9999);
 add_filter('script_loader_src', 'remove_version_scripts_styles', 9999);

To pora na ostateczny test.

{php}root@kali:~# wpscan –url „https://www.skarzyski-bezpiecznik.gpe.pl” -e {/php}

   __          _______   _____
     \ \        / /  __ \ / ____|
      \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
       \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
        \  /\  /  | |     ____) | (__| (_| | | | |
         \/  \/   |_|    |_____/ \___|\__,_|_| |_|

     WordPress Security Scanner by the WPScan Team
                     Version 3.7.5
   Sponsored by Automattic - https://automattic.com/
   @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart

[32m[+][0m URL: https://www.skarzyski-bezpiecznik.gpe.pl/
 [32m[+][0m Started: Wed Jan  8 15:27:53 2020
 Interesting Finding(s):
 [32m[+][0m https://www.skarzyski-bezpiecznik.gpe.pl/
  | Interesting Entry: server: nginx
  | Found By: Headers (Passive Detection)
  | Confidence: 100%
 [32m[+][0m https://www.skarzyski-bezpiecznik.gpe.pl/xmlrpc.php
  | Found By: Direct Access (Aggressive Detection)
  | Confidence: 100%
  | References:
  |  - http://codex.wordpress.org/XML-RPC_Pingback_API
  |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
 [32m[+][0m This site has 'Must Use Plugins': https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/mu-plugins/
  | Found By: Direct Access (Aggressive Detection)
  | Confidence: 80%
  | Reference: http://codex.wordpress.org/Must_Use_Plugins
 [32m[+][0m https://www.skarzyski-bezpiecznik.gpe.pl/wp-cron.php
  | Found By: Direct Access (Aggressive Detection)
  | Confidence: 60%
  | References:
  |  - https://www.iplocation.net/defend-wordpress-from-ddos
  |  - https://github.com/wpscanteam/wpscan/issues/1299
 Fingerprinting the version -: |=========================================================================================|
 [32m[+][0m WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
  | Found By: Unique Fingerprinting (Aggressive Detection)
  |  - https://www.skarzyski-bezpiecznik.gpe.pl/wp-admin/css/colors/sunrise/colors-rtl.min.css md5sum is b994fe4dc1ef5cd815f63ca00be88b2e

Niestety nadal nie mogę ukryć wersji WordPressa, skaner rozpoznaje wersję na podstawie pliku css, który posiada unikalny odcisk palca.

[32m[+][0m WordPress theme in use: rife-free
 | Location: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/
 | Latest Version: 2.4.5 (up to date)
 | Last Updated: 2019-11-18T00:00:00.000Z
 | Readme: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/readme.txt
 | Style URL: https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/style.css
 | Style Name: Rife Free
 | Style URI: https://apollo13themes.com/rife/free/
 | Description: Rife Free is a great portfolio and photography WP theme with 7 ready-to-use demo layouts. It is also…
 | Author: Apollo13Themes
 | Author URI: https://apollo13themes.com/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 | Confirmed By: Urls In Homepage (Passive Detection)
 |
 | Version: 2.4.5 (80% confidence)
 | Found By: Style (Passive Detection)
 | – https://www.skarzyski-bezpiecznik.gpe.pl/wp-content/themes/rife-free/style.css, Match: ‚Version: 2.4.5’
 [32m[+][0m Enumerating Vulnerable Plugins (via Passive Methods)
 [34m[i][0m No plugins Found.
 [32m[+][0m Enumerating Vulnerable Themes (via Passive and Aggressive Methods)
 Checking Known Locations -: |==========================================================================================|
 [32m[+][0m Checking Theme Versions (via Passive and Aggressive Methods)
 [34m[i][0m No themes Found.
 [32m[+][0m Enumerating Timthumbs (via Passive and Aggressive Methods)
 Checking Known Locations -: |==========================================================================================|
 [34m[i][0m No Timthumbs Found.
 [32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups -: |===========================================================================================|
 [34m[i][0m No Config Backups Found.
 [32m[+][0m Enumerating DB Exports (via Passive and Aggressive Methods)
 Checking DB Exports -: |===============================================================================================|
 [34m[i][0m No DB Exports Found.
 [32m[+][0m Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to „Plain” for those to be detected)
 Brute Forcing Attachment IDs -: |======================================================================================|
 [34m[i][0m No Medias Found.
 [32m[+][0m Enumerating Users (via Passive and Aggressive Methods)
 Brute Forcing Author IDs -: |==========================================================================================|
 [34m[i][0m User(s) Identified:
 [32m[+][0m Skarzyski Bezpiecznik
 | Found By: Author Posts – Display Name (Passive Detection)
 [33m[!][0m No WPVulnDB API Token given, as a result vulnerability data has not been output.
 [33m[!][0m You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
 [32m[+][0m Finished: Wed Jan 8 15:29:52 2020
 [32m[+][0m Requests Done: 3117
 [32m[+][0m Cached Requests: 98
 [32m[+][0m Data Sent: 896.236 KB
 [32m[+][0m Data Received: 497.385 KB
 [32m[+][0m Memory used: 202.668 MB
 [32m[+][0m Elapsed time: 00:01:58

Podsumowanie:
Strona nie posiada żadnych znanych podatności, posiada ukryty panel logowania, nie można enumerować użytkowników, pozostaje wyłącznie problem z wersją systemu CMS. Można to odkryć stosując najnowszą wersję skanera wpscan. Ogónie oceniam wynik na ocenę bardzo dobry z minusem (wersja CMS). Pocieszam się, że wraz z nowszą wersją WordPressa uda mi się rozwiązać ten problem. To wszystko w sprawie tej strony.

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *