Posted in Penetration Testing

Job Offer in Response Header

When I set this blog up, I had a little idea to test it knowing the success rate of hackers being able to attack WordPress blogs.

I had never used the most excellent WPScan tool before, however, I went on to compile this script to get me going.

`wpscan -u http://www.infosecps.com -f`

The `-f` switch was to do a force scan as I was getting a “No wordpress blog exists” message, but that tends not to stop me, especially when I know there is one.

On running the above script I was met with another problem.

 “The WordPress URL specified appears to be down”

Oh Really? Interesting… Ok something else to try

`wpscan -u http://www.infosecps.com -f –random-agent`

Boom! Things start happening. I’m getting feedback from the server at last. However there’s a strange response header?

“X-HACKER: If you are seeing this, please visit automattic.com/jobs and apply to join the fun.”

My natural curiosity got the better of me and I visited the site where there was details of how to work on the WordPress team. Interesting way to deal with intruders.

Needless to say I left my blog alone after that message.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s