Hack wordpress blogs with plecost fingerprinting tool

Plecost

Plecost is a wordpress fingerprinting tool that can scan wordpress sites and discover what plugins they are using. It also provides the cve links for the known vulnerabilities about the plugins if any. Its written in python

Project url
http://code.google.com/p/plecost/

Usage

Download the files and extract to a directory and open a terminal and get ready to run.

Quick example

$ python plecost-0.2.2-9-beta.py -i wp_plugin_list.txt -c -t 10 http://www.yourblog.com/blog/

Replace the url with the url of the blog to be scanned. The t parameter controls the number of threads to use. Default is 1. multithreading will speed up the scan process. Using a very high value like 50 or above for the thread count will take down the site and result into a DOS attack!! So use an optimum number like 5-10.

The output can be similar to the following

[i] WordPress version found:  3.4.1
[i] WordPress last public version: 3.4.1


[*] Search for installed plugins


[i] Plugin found: all-in-one-seo-pack
    |_Latest version:  1.6.12.2
    |_ Installed version: trunk
 
[i] Plugin found: akismet
    |_Latest version:  2.4.0
    |_ Installed version: 2.5.6
    |_CVE list:                                                                                                              
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)                                         
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)                                         
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)                                         
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)                                         
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)                                         
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)                                         
 
[i] Plugin found: google-sitemap-generator
    |_Latest version:  3.2.4
    |_ Installed version: 3.2.6
    
[i] Plugin found: wp-super-cache
    |_Latest version:  0.9.9.6
    |_ Installed version: 1.1
R
                       
[i] Plugin found: wp-db-backup
    |_Latest version:  2.2.2
    |_ Installed version: 2.2.3
    |_CVE list: 
    |___CVE-2008-0194: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0194)
    |___CVE-2008-0193: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0193)
    |___CVE-2006-5705: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5705)
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
    |___CVE-2006-4208: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4208)
    |___CVE-2008-0194: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0194)
    |___CVE-2008-0193: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0193)
    |___CVE-2006-5705: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5705)
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
    |___CVE-2006-4208: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4208)
                                        
[i] Plugin found: seo-automatic-links
    |_Latest version:  2.6
    |_ Installed version: trunk






The results show the wordpress version and the plugins installed along with the version numbers. It also lists the cve numbers and urls for easy browsing of the vulnerability database at cve.

The tool scans for over 7000 plugins so the scan process can be very time consuming.

Now a smart hacker can find an exploitable vulnerability using the tool and launch an attack to takeover the blog.

Last Updated On : 8th August 2012

Subscribe to get updates delivered to your inbox

Leave a comment