Simple Python Scripts: CMS Version Retrieval
- by Vince
-
in Blog
-
Hits: 1465
I've been reading books on Red Teaming and one of the differences that stands out from Pentesting is the need to be stealthy. Pentesting tools are very noisy and in a mature, or maybe even not so mature, environment, running stock Kali tools might set off an alert and trigger a ban of some sort.
So I was thinking -- if I wanted to get the WordPress version from a site in a stealthy manner, how would I go about doing that? Let's paint that picture a bit more -- I'm on a network with my Kali laptop, I don't have access to the Internet, and I found a web server running WordPress. I want to make as little noise as possible. As it turns out, I know that I can get the WordPress version from wp-links-opml.php and I'll do it with Python because using a browser is lame. :)
[ I've added a Scripts menu item at the top of the page where I'm going to store these for future use. ]
This all started with WordPress:
PYTHON SCRIPT: RETRIEVE WORDPRESS VERSION
Then some time passed, I got bored one day, and I thought I'd see where I could find the version for Joomla. Turns out Joomla has a README.txt file containing the information but it says Joomla! a bunch of times and the version scrolls past my eyes too quickly to catch it. With a slight mod to the original script, I stop it from reading too many lines and I get what I want:
PYTHON SCRIPT: RETRIEVE JOOMLA VERSIONThe other day while playing with Drupal, I figured I'd round out this list with the three big content management systems but for some reason, the IF statement doesn't work like it does with Joomla and WordPress. I don't know why it doesn't work, it should work as far as I can tell, but I just went about it a different way and I get what I want:
PYTHON SCRIPT: RETRIEVE DRUPAL VERSION
So let's state the obvious -- these files must exist. If not, we can't retrieve the information. I would assume anyone hardening their servers has removed them. As far as I can tell, wp-links-opml.php has limited use and is the only one of the three that actually has a function other than giving away information.