Results 1 to 3 of 3

Thread: WPScan Password for 'root' problem?

  1. #1
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    1

    Default WPScan Password for 'root' problem?



    Backtrack rc2-3 etc
    VMWare last version

    Password : toor or passwd not working

    Please help...

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: WPScan Password for 'root' problem?

    hi
    i think your backtrack is not fully upgrade:
    now i'm testing on FRESH live mode bt5-r3(VM)gnome64 & have your problem !!!!..................**
    in anothers BT5-R3 installed fully update/upgrade worked-fine

    **if you don't want upgrade try this :
    root@bt:/pentest/web# rm -rf wpscan
    root@bt:/pentest/web# git clone https://github.com/wpscanteam/wpscan.git
    Initialized empty Git repository in /pentest/web/wpscan/.git/
    remote: Counting objects: 4198, done.
    remote: Compressing objects: 100% (989/989), done.
    remote: Total 4198 (delta 3169), reused 4122 (delta 3097)
    Receiving objects: 100% (4198/4198), 2.31 MiB | 117 KiB/s, done.
    Resolving deltas: 100% (3169/3169), done.
    root@bt:/pentest/web# cd wpscan
    root@bt:/pentest/web/wpscan# ls
    cache CREDITS doc generate_rdoc.sh README spec wpstools.rb
    conf data Gemfile lib README.md wpscan.rb
    root@bt:/pentest/web/wpscan# gem install bundler && bundle install --without test development
    Successfully installed bundler-1.2.3
    1 gem installed
    Installing ri documentation for bundler-1.2.3...
    Installing RDoc documentation for bundler-1.2.3...
    Fetching gem metadata from https://rubygems.org/.........
    Fetching gem metadata from https://rubygems.org/..
    Installing ffi (1.3.1) with native extensions
    Installing json (1.7.6) with native extensions
    Using mime-types (1.19)
    Installing nokogiri (1.5.6) with native extensions
    Installing typhoeus (0.4.2)
    Using bundler (1.2.3)
    Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.
    root@bt:/pentest/web/wpscan# sudo apt-get install libxml2 libxml2-dev libxslt1-dev
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    libxslt1.1
    The following packages will be upgraded:
    libxml2 libxml2-dev libxslt1-dev libxslt1.1
    4 upgraded, 0 newly installed, 0 to remove and 172 not upgraded.
    Need to get 2,614kB of archives.
    After this operation, 49.2kB disk space will be freed.
    Do you want to continue [Y/n]? Y
    Get:1 http://updates.repository.backtrack-linux.org/ revolution/main libxml2-dev 2.7.6.dfsg-1ubuntu1.6 [832kB]
    Get:2 http://updates.repository.backtrack-linux.org/ revolution/main libxml2 2.7.6.dfsg-1ubuntu1.6 [874kB]
    Get:3 http://updates.repository.backtrack-linux.org/ revolution/main libxslt1-dev 1.1.26-1ubuntu1.1 [663kB]
    Get:4 http://updates.repository.backtrack-linux.org/ revolution/main libxslt1.1 1.1.26-1ubuntu1.1 [244kB]
    Fetched 2,614kB in 9s (290kB/s)
    (Reading database ... 263977 files and directories currently installed.)
    Preparing to replace libxml2-dev 2.7.6.dfsg-1ubuntu1.5 (using .../libxml2-dev_2.7.6.dfsg-1ubuntu1.6_amd64.deb) ...
    Unpacking replacement libxml2-dev ...
    Preparing to replace libxml2 2.7.6.dfsg-1ubuntu1.5 (using .../libxml2_2.7.6.dfsg-1ubuntu1.6_amd64.deb) ...
    Unpacking replacement libxml2 ...
    Preparing to replace libxslt1-dev 1.1.26-1ubuntu1 (using .../libxslt1-dev_1.1.26-1ubuntu1.1_amd64.deb) ...
    Unpacking replacement libxslt1-dev ...
    Preparing to replace libxslt1.1 1.1.26-1ubuntu1 (using .../libxslt1.1_1.1.26-1ubuntu1.1_amd64.deb) ...
    Unpacking replacement libxslt1.1 ...
    Processing triggers for man-db ...
    Setting up libxml2 (2.7.6.dfsg-1ubuntu1.6) ...

    Setting up libxml2-dev (2.7.6.dfsg-1ubuntu1.6) ...
    Setting up libxslt1.1 (1.1.26-1ubuntu1.1) ...

    Setting up libxslt1-dev (1.1.26-1ubuntu1.1) ...
    Processing triggers for libc-bin ...
    ldconfig deferred processing now taking place
    root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
    WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
    gem executables will not run.
    Building native extensions. This could take a while...
    Successfully installed nokogiri-1.5.6
    1 gem installed
    Installing ri documentation for nokogiri-1.5.6...
    Installing RDoc documentation for nokogiri-1.5.6...
    root@bt:/pentest/web/wpscan# ./wpscan.rb
    __________________________________________________ __
    __ _______ _____
    \ \ / / __ \ / ____|
    \ \ /\ / /| |__) | (___ ___ __ _ _ __
    \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
    \ /\ / | | ____) | (__| (_| | | | |
    \/ \/ |_| |_____/ \___|\__,_|_| |_| v2.0r086b9e1

    WordPress Security Scanner by the WPScan Team
    Sponsored by the RandomStorm Open Source Initiative
    __________________________________________________ ___


    Examples :

    -Further help ...
    ruby ./wpscan.rb --help

    -Do 'non-intrusive' checks ...
    ruby ./wpscan.rb --url www.example.com

    -Do wordlist password brute force on enumerated users using 50 threads ...
    ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

    -Do wordlist password brute force on the 'admin' username only ...
    ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

    -Enumerate installed plugins ...
    ruby ./wpscan.rb --url www.example.com --enumerate p

    -Enumerate installed themes ...
    ruby ./wpscan.rb --url www.example.com --enumerate t

    -Enumerate users ...
    ruby ./wpscan.rb --url www.example.com --enumerate u

    -Enumerate installed timthumbs ...
    ruby ./wpscan.rb --url www.example.com --enumerate tt

    -Use a HTTP proxy ...
    ruby ./wpscan.rb --url www.example.com --proxy 127.0.0.1:8118

    -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
    ruby ./wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000

    -Use custom content directory ...
    ruby ./wpscan.rb -u www.example.com --wp-content-dir custom-content

    -Use custom plugins directory ...
    ruby ./wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins

    -Update ...
    ruby ./wpscan.rb --update
    ........................................bye

  3. #3
    Just burned their ISO
    Join Date
    Jun 2012
    Location
    Bulgaria
    Posts
    5

    Default Re: WPScan Password for 'root' problem?

    Quote Originally Posted by zimmaro View Post
    hi
    i think your backtrack is not fully upgrade:
    now i'm testing on FRESH live mode bt5-r3(VM)gnome64 & have your problem !!!!..................**
    in anothers BT5-R3 installed fully update/upgrade worked-fine

    **if you don't want upgrade try this :
    root@bt:/pentest/web# rm -rf wpscan
    root@bt:/pentest/web# git clone https://github.com/wpscanteam/wpscan.git
    Initialized empty Git repository in /pentest/web/wpscan/.git/
    remote: Counting objects: 4198, done.
    remote: Compressing objects: 100% (989/989), done.
    remote: Total 4198 (delta 3169), reused 4122 (delta 3097)
    Receiving objects: 100% (4198/4198), 2.31 MiB | 117 KiB/s, done.
    Resolving deltas: 100% (3169/3169), done.
    root@bt:/pentest/web# cd wpscan
    root@bt:/pentest/web/wpscan# ls
    cache CREDITS doc generate_rdoc.sh README spec wpstools.rb
    conf data Gemfile lib README.md wpscan.rb
    root@bt:/pentest/web/wpscan# gem install bundler && bundle install --without test development
    Successfully installed bundler-1.2.3
    1 gem installed
    Installing ri documentation for bundler-1.2.3...
    Installing RDoc documentation for bundler-1.2.3...
    Fetching gem metadata from https://rubygems.org/.........
    Fetching gem metadata from https://rubygems.org/..
    Installing ffi (1.3.1) with native extensions
    Installing json (1.7.6) with native extensions
    Using mime-types (1.19)
    Installing nokogiri (1.5.6) with native extensions
    Installing typhoeus (0.4.2)
    Using bundler (1.2.3)
    Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.
    root@bt:/pentest/web/wpscan# sudo apt-get install libxml2 libxml2-dev libxslt1-dev
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    libxslt1.1
    The following packages will be upgraded:
    libxml2 libxml2-dev libxslt1-dev libxslt1.1
    4 upgraded, 0 newly installed, 0 to remove and 172 not upgraded.
    Need to get 2,614kB of archives.
    After this operation, 49.2kB disk space will be freed.
    Do you want to continue [Y/n]? Y
    Get:1 http://updates.repository.backtrack-linux.org/ revolution/main libxml2-dev 2.7.6.dfsg-1ubuntu1.6 [832kB]
    Get:2 http://updates.repository.backtrack-linux.org/ revolution/main libxml2 2.7.6.dfsg-1ubuntu1.6 [874kB]
    Get:3 http://updates.repository.backtrack-linux.org/ revolution/main libxslt1-dev 1.1.26-1ubuntu1.1 [663kB]
    Get:4 http://updates.repository.backtrack-linux.org/ revolution/main libxslt1.1 1.1.26-1ubuntu1.1 [244kB]
    Fetched 2,614kB in 9s (290kB/s)
    (Reading database ... 263977 files and directories currently installed.)
    Preparing to replace libxml2-dev 2.7.6.dfsg-1ubuntu1.5 (using .../libxml2-dev_2.7.6.dfsg-1ubuntu1.6_amd64.deb) ...
    Unpacking replacement libxml2-dev ...
    Preparing to replace libxml2 2.7.6.dfsg-1ubuntu1.5 (using .../libxml2_2.7.6.dfsg-1ubuntu1.6_amd64.deb) ...
    Unpacking replacement libxml2 ...
    Preparing to replace libxslt1-dev 1.1.26-1ubuntu1 (using .../libxslt1-dev_1.1.26-1ubuntu1.1_amd64.deb) ...
    Unpacking replacement libxslt1-dev ...
    Preparing to replace libxslt1.1 1.1.26-1ubuntu1 (using .../libxslt1.1_1.1.26-1ubuntu1.1_amd64.deb) ...
    Unpacking replacement libxslt1.1 ...
    Processing triggers for man-db ...
    Setting up libxml2 (2.7.6.dfsg-1ubuntu1.6) ...

    Setting up libxml2-dev (2.7.6.dfsg-1ubuntu1.6) ...
    Setting up libxslt1.1 (1.1.26-1ubuntu1.1) ...

    Setting up libxslt1-dev (1.1.26-1ubuntu1.1) ...
    Processing triggers for libc-bin ...
    ldconfig deferred processing now taking place
    root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
    WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
    gem executables will not run.
    Building native extensions. This could take a while...
    Successfully installed nokogiri-1.5.6
    1 gem installed
    Installing ri documentation for nokogiri-1.5.6...
    Installing RDoc documentation for nokogiri-1.5.6...
    root@bt:/pentest/web/wpscan# ./wpscan.rb
    __________________________________________________ __
    __ _______ _____
    \ \ / / __ \ / ____|
    \ \ /\ / /| |__) | (___ ___ __ _ _ __
    \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
    \ /\ / | | ____) | (__| (_| | | | |
    \/ \/ |_| |_____/ \___|\__,_|_| |_| v2.0r086b9e1

    WordPress Security Scanner by the WPScan Team
    Sponsored by the RandomStorm Open Source Initiative
    __________________________________________________ ___


    Examples :

    -Further help ...
    ruby ./wpscan.rb --help

    -Do 'non-intrusive' checks ...
    ruby ./wpscan.rb --url www.example.com

    -Do wordlist password brute force on enumerated users using 50 threads ...
    ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

    -Do wordlist password brute force on the 'admin' username only ...
    ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

    -Enumerate installed plugins ...
    ruby ./wpscan.rb --url www.example.com --enumerate p

    -Enumerate installed themes ...
    ruby ./wpscan.rb --url www.example.com --enumerate t

    -Enumerate users ...
    ruby ./wpscan.rb --url www.example.com --enumerate u

    -Enumerate installed timthumbs ...
    ruby ./wpscan.rb --url www.example.com --enumerate tt

    -Use a HTTP proxy ...
    ruby ./wpscan.rb --url www.example.com --proxy 127.0.0.1:8118

    -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
    ruby ./wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000

    -Use custom content directory ...
    ruby ./wpscan.rb -u www.example.com --wp-content-dir custom-content

    -Use custom plugins directory ...
    ruby ./wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins

    -Update ...
    ruby ./wpscan.rb --update
    ........................................bye

    Great How to - thanks

Similar Threads

  1. Default username and password (root password)
    By domi007 in forum BackTrack 5 Beginners Section
    Replies: 15
    Last Post: 03-28-2013, 04:36 PM
  2. ./wpscan.py ./wpspy.py problem
    By Jaylong in forum Beginners Forum
    Replies: 1
    Last Post: 12-20-2010, 09:30 AM
  3. root password
    By ETM@bt in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-04-2009, 08:47 AM
  4. Root password
    By icedark in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 5
    Last Post: 06-25-2009, 05:18 PM
  5. root password not working
    By dpreacher in forum OLD BackTrack v2.0 Final
    Replies: 8
    Last Post: 03-14-2007, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •