Ryan,
On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst <ryandewhu...@gmail.com> wrote:
> Hello,
> Sorry its been so long with the wrodpress version checker plugin, had
> some life problems.
No problem man, I hope things are going better now.
> Anyway...
>
> I have come to a logic problem which I cannot seem to solve and was
> wondering if any one could give me some pointers...
>
> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a
> file/image being present i.e status 200
>
> I cannot figure out how to check for this while using the
> self._wp_fingerprint array.
The for loop that works with the array looks like this:
for data in self._wp_fingerprint:
# Complete URL to test, url+file
test_URL = urlParser.urlJoin( base_url,
self._wp_fingerprint[0] )
if self._wp_fingerprint[1] in response:
version = self._wp_fingerprint[2]
break
else:
version = 'Version lower than 2.2'
But there are some parts missing, like actually requesting to the
server the test_URL. On the other part, the "200" logic could be
easily done like this:
if self._wp_fingerprint[1] == 200 and not is_404(response):
# it was found!
elif self._wp_fingerprint[1] in response:
version = self._wp_fingerprint[2]
break
else:
version = 'Version lower than 2.2'
To make this work, you should change the '' in the fingerprint array
by a 200, and it should all work.
> Here is the code so far, I have not yet tested it out, but should give
> you a basic idea of how it will run.
Yes, and it makes much more sense to me this way. The older version
was "ugly" :)
> I was also thinking of
> implementing a plugin version checker as there are many plugins with
> vulns.
Sure, but lets go step by step, lets finish this plugin, test it a
little bit, and then we can go for the next one.
> Thank you,
> Ryan
>
> P.S. To test it through w3af, do I just pop the py file into the
> plugin folder or is there any other code to be changed?
Yes, you have to move this file to the discovery directory and that's it.
> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>:
>> Just to let everyone know where I am with the plugin.
>>
>> I'm a complete n00b at re and couldnt get backbone's code to work, so
>> I read a couple of manuals and finally got it working with:
>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" />
>>
>> An explanation of what the plugin will do:
>> -----------------------------------------------------------
>>
>> It will first check to see if the server has the following file
>> "/wp-admin/index.php".
>>
>> If it does
>>
>> It will check to see whether or not the version is in the index header.
>>
>> If it finds the version it will store it in a variable.
>>
>> It will then run through the checks from my original code to try and
>> guess the version.
>>
>>
>> The output will be as follows:
>> ------------------------------------------
>>
>> If the version is not in the index and not found with the data =
>> "version under 2.2"
>> If the version is in the index and in the data are the same =
>> "whatever version was found"
>> If the version is in the index and in the data are different =
>> ""Version shows as $version in index header however the data shows
>> $version"
>>
>> I still need to implement the data checks however my girlfriend has
>> fallen ill and has been admitted to hospital for an emergency
>> operation. I don't think I will be able to finish the plugin this
>> weekend as promised earlier however will still be working on it next
>> week.
>>
>> I was also thinking on listing the vulnerabilitys for each version (if
>> any) on the output.
>>
>> Ryan
>>
>>
>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>:
>>> Ryan,
>>>
>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst <ryandewhu...@gmail.com>
>>> wrote:
>>>> Im loooking into searching the response html of the index page for the
>>>> following string:
>>>> <meta name="generator" content="WordPress $version" />
>>>>
>>>> Ive tried with regular expressions and am unable to get it to work,
>>>
>>> backbone sent you a solution,
>>>
>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup
>>>> should be used.
>>>>
>>>> Does w3af already have BeautifulSoup in its dependency list?
>>>
>>> Yes, it's in the dependency list, but we aren't using it "for that".
>>> Long story short, please use the re =)
>>>
>>>> Ryan
>>>>
>>>> P.S. Thanks for the advice backbone46, I'll have a look into that once
>>>> Ive sorted this out.
>>>>
>>>>
>>>> 2009/5/28 <backbon...@gmail.com>:
>>>>> Sorry to bump in just like that in the discussion, about the meta tag that
>>>>> displays
>>>>> the WordPress version.
>>>>>
>>>>> Only since version 2.7 the generator function is in the core of WordPress,
>>>>> on
>>>>> earlier versions it was only in the theme.
>>>>>
>>>>> Just wanted to mention that. :)
>>>>>
>>>>> ---
>>>>> http://insanesecurity.info
>>>>>
>>>>>
>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst <ryandewhu...@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> Yes, I dont see why not. Should be easy enough tro implement.
>>>>>>
>>>>>> You mentioned during our email conversation that wordpress echos its
>>>>>> version number in the page head. I managed to find an example of it.
>>>>>> Your right I do have a security plugin installed which must have
>>>>>> removed it from my blog.
>>>>>>
>>>>>> Here is an example:
>>>>>> <meta name="generator" content="WordPress 2.7.1" />
>>>>>>
>>>>>>
>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>> > Ryan,
>>>>>> >
>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho
>>>>>> > <andres.rian...@gmail.com> wrote:
>>>>>> >> Ryan,
>>>>>> >>
>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst
>>>>>> >> <ryandewhu...@gmail.com>
>>>>>> >> wrote:
>>>>>> >>> Hello,
>>>>>> >>> Im new to mailing lists so im not sure if this will be sent there.
>>>>>> >>
>>>>>> >> It depends on the mailing list. This one is configured to accept
>>>>>> >> attachments,
>>>>>> >>
>>>>>> >>> I'll have a look into intergrating the script into w3af over the next
>>>>>> >>> couple of days and hopefully have a working version by the weekend.
>>>>>> >>
>>>>>> >> Excellent, if you need ANY help, just let us know.
>>>>>> >>
>>>>>> >>> The script is quite simple once you have the gathered the nesesary
>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found client
>>>>>> >>> side differences in most of them, I also used the official changelogs
>>>>>> >>> to help identify them.
>>>>>> >>
>>>>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of
>>>>>> >> different wordpress release packages?
>>>>>> >>
>>>>>> >>> The client side differences are in files such as CSS, javascript and
>>>>>> >>> HTML. Some versions did not have any differences apart from having
>>>>>> >>> extra files, which can easliy be identified with HTTP response codes.
>>>>>> >>>
>>>>>> >>> It works as such...
>>>>>> >>>
>>>>>> >>> Starting from version 2.7.1 (latest), the script tries to find
>>>>>> >>> something that 2.7 doesnt have, if it finds that something then the
>>>>>> >>> script stops and echos the version number.
>>>>>> >>>
>>>>>> >>> If the script doesnt find the difference it moves onto identifying
>>>>>> >>> the
>>>>>> >>> next version, i.e. does 2.7 have something the earlier version doesnt
>>>>>> >>> have. and so on and so forth.
>>>>>> >>
>>>>>> >> Ok, makes sense.
>>>>>> >>
>>>>>> >> Some comments regarding your code:
>>>>>> >>
>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces for
>>>>>> >> indentations. Your code has 1-space (?) indentations. Please correct
>>>>>> >> that.
>>>>>> >>
>>>>>> >> - The code is pretty simple, but i think it could be done in a better
>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't seem to be a
>>>>>> >> good option. Do you think that the code could be changed a little bit,
>>>>>> >> and create a database (which can be easily updated) and then use that
>>>>>> >> database to store the information? Example of the databse
>>>>>> >>
>>>>>> >> self._wp_fingerprint =
>>>>>> >>
>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css',
>>>>>> >> 'farbtastic')]
>>>>>> >>
>>>>>> >> - Also, by default wordpress publishes the version number in every
>>>>>> >> page head. Maybe it would be a good idea to parse that, and compare it
>>>>>> >> with the result of the fingerprinting. What do you think?
>>>>>> >
>>>>>> > A good idea would be to have a first step, before all the version
>>>>>> > specific checks, that verifies something that's true for all wordpress
>>>>>> > installations (some X file has to be present) before even starting the
>>>>>> > fingerprinting. Could this be done?
>>>>>> >
>>>>>> >> Cheers,
>>>>>> >>
>>>>>> >>> Ryan
>>>>>> >>>
>>>>>> >>>
>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>> >>>> Ryan,
>>>>>> >>>>
>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst
>>>>>> >>>> <ryandewhu...@gmail.com> wrote:
>>>>>> >>>>> Hello,
>>>>>> >>>>> I have developed a python script that can detect the version of a
>>>>>> >>>>> wordpress installation. I think it would fit well within w3af,
>>>>>> >>>>
>>>>>> >>>> Yes, it seems that it's something good to have in the framework.
>>>>>> >>>>
>>>>>> >>>> I have like a ton of questions about how it works, could you please
>>>>>> >>>> send the script (as it is) to this mailing list for us to read it?
>>>>>> >>>>
>>>>>> >>>>> the
>>>>>> >>>>> only problem being is that I have been unable to find a plugin
>>>>>> >>>>> development manual to be able to implement my script.
>>>>>> >>>>
>>>>>> >>>> There is no development manual :(
>>>>>> >>>>
>>>>>> >>>> For the type of feature that you want to add, the correct thing is
>>>>>> >>>> to
>>>>>> >>>> use a discovery plugin. discovery plugins are simple, they follow
>>>>>> >>>> these rules:
>>>>>> >>>>
>>>>>> >>>> - the entry point is the discover method
>>>>>> >>>>
>>>>>> >>>> - the discover method takes a fuzzable request object as a
>>>>>> >>>> parameter,
>>>>>> >>>> and returns a list of fuzzable requests
>>>>>> >>>> (fuzzable requests are representations of GET/POST requests, which
>>>>>> >>>> represent links, and forms)
>>>>>> >>>>
>>>>>> >>>> - the discover method is called several times in the same scan, with
>>>>>> >>>> the different links that (for example) the webSpider finds.
>>>>>> >>>>
>>>>>> >>>> I think that the best thing you can do is to read one or two
>>>>>> >>>> discovery
>>>>>> >>>> plugins (my recommendations are discovery.crossDomain and
>>>>>> >>>> discovery.userDir), and start building your own plugin based on one
>>>>>> >>>> of
>>>>>> >>>> those.
>>>>>> >>>>
>>>>>> >>>>> Is there a dev manual out there?
>>>>>> >>>>
>>>>>> >>>> No
>>>>>> >>>>
>>>>>> >>>>> Does any one have some tips/advice on writting a plugin?
>>>>>> >>>>
>>>>>> >>>> Yes, see above,
>>>>>> >>>>
>>>>>> >>>>> Does any one want me to send them the script for them to develop
>>>>>> >>>>> the
>>>>>> >>>>> plugin?
>>>>>> >>>>
>>>>>> >>>> You should develop the plugin yourself, is fun and good for the
>>>>>> >>>> project =)
>>>>>> >>>>
>>>>>> >>>> Cheers,
>>>>>> >>>>
>>>>>> >>>>> Thank you,
>>>>>> >>>>> Ryan
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>> ------------------------------------------------------------------------------
>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC.
>>>>>> >>>>> CaT
>>>>>> >>>>> is a gathering of tech-side developers & brand creativity
>>>>>> >>>>> professionals. Meet
>>>>>> >>>>> the minds behind Google Creative Lab, Visual Complexity,
>>>>>> >>>>> Processing,
>>>>>> >>>>> &
>>>>>> >>>>> iPhoneDevCamp as they present alongside digital heavyweights like
>>>>>> >>>>> Barbarian
>>>>>> >>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>>>>>> >>>>> _______________________________________________
>>>>>> >>>>> W3af-develop mailing list
>>>>>> >>>>> W3af-develop@lists.sourceforge.net
>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>> >>>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> --
>>>>>> >>>> Andrés Riancho
>>>>>> >>>> Founder, Bonsai - Information Security
>>>>>> >>>> http://www.bonsai-sec.com/
>>>>>> >>>> http://w3af.sf.net/
>>>>>> >>>>
>>>>>> >>>
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >> Andrés Riancho
>>>>>> >> Founder, Bonsai - Information Security
>>>>>> >> http://www.bonsai-sec.com/
>>>>>> >> http://w3af.sf.net/
>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Andrés Riancho
>>>>>> > Founder, Bonsai - Information Security
>>>>>> > http://www.bonsai-sec.com/
>>>>>> > http://w3af.sf.net/
>>>>>> >
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
>>>>>> is a gathering of tech-side developers & brand creativity professionals.
>>>>>> Meet
>>>>>> the minds behind Google Creative Lab, Visual Complexity, Processing, &
>>>>>> iPhoneDevCamp as they present alongside digital heavyweights like
>>>>>> Barbarian
>>>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>>>>>> _______________________________________________
>>>>>> W3af-develop mailing list
>>>>>> W3af-develop@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Andrés Riancho
>>> Founder, Bonsai - Information Security
>>> http://www.bonsai-sec.com/
>>> http://w3af.sf.net/
>>>
>>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
