Wordpress single page analysis or passive information gathering

All code and information for educational purposes only

Today I will show you how you can gather information about WordPress by loading and analyzing a single page; and then, based on this knowledge we will create script to automate the entire process.
Why analyze only one page? Why not use existing automated solutions like nikto or WPScan?
Those are great tools with plenty of functionality, but they create a lot of noise because they require multiple requests for targeting the site. That may be a problem, because if you need to perform reconnaissance on a WordPress site and remain undetected, your behavior must be the same as a regular user trying to read a blog on the WordPress site.

Discover wordpress version

First, let’s try to find the WordPress version of a target. You can do this by going to the WordPress main site, clicking “View Page Source” in a Chrome browser, and finding the meta tag named “generator.”

1
<meta name="generator" content="WordPress 4.7.5" />

You can see wordpress version inside content attribute.

Read on →

Wordpress brute force password attack using XML-RPC API

All code and information for educational purposes only

Starting a series of posts about web security, which also a passion of mine besides development.
The first published post on this topic about getting admin password for wordpress using XML-RPC API and brute force attack. Second choice may be a direct brute force attack via post form on ‘wp-login.php’ which may be more complex during ‘Account Lockout Policy’ and other things, which I will cover in other post.

Read on →

Preventing lock of table during migration using LHM (Large Hadron Migrator)

Comments

Problem definition

Running migration which adds column to a table which has a couple million of records may be problematic, because of lock of this table during migration. Let’s say it not only may be problematic – it was problematic, because of this problem our server was down for a couple of minutes and SQL server was restarted, so to solve this problem we using ‘LHM’ gem – Large Hadron Migrator

Shortly describing how lhm works
  1. Creates new table called lhmn_posts (I am altering posts table in my example) with new column you adding in migration
  2. Copies all data from posts table to lhmn_posts.
  3. Rename of lhmn_posts to posts and old posts table becomes lhmn[date]posts table
Read on →

Cache expiration by custom fields

Comments

I recently worked on the performance issue, which was solved by caching and I will describe below example of the solution which I came to.

Goal

  1. Cache objects by custom object’s fields.
  2. Not use sweeper, same reason as I don’t like observers – not obvious enough for developers to understand through models which model uses sweeper or observer.
  3. No caching code in models – all caching code must be extracted out of the model, ActiveSupport::Concern helped with that, to be more specific model was extended to use specific caching callback.
Read on →


Handling RabbitMQ consumer failures with maxretry handler

Comments

In previous posts I talked about Handling RabbitMQ publisher failures and Splitting your app into smaller apps using RabbitMQ. Now it’s time to talk about consumer failures handler.

For consumer I use a great gem called ‘sneakers’, which uses different job handling strategies, with the default one called Oneshot handler, because it only tries once. For our app the maxretry handler was chosen; from its description: “Maxretry uses dead letter policies on Rabbitmq to requeue and retry messages after failure (rejections, errors and timeouts). When the maximum number of retries is reached it will put the message on an error queue.”

Read on →

Handling RabbitMQ publisher failures

Comments

In a previous post I wrote about Splitting your app into smaller apps using RabbitMQ, talked about the basics, gave an example of code to create basic publisher and consumer with bunny and sneakers and how to connect all pieces together.

Today I want to talk about handling publisher failures for dashboard app, an example, when we experience a connection problem because broker for any reason is down, you need to handle this case because the bunny is synchronous and your app may get stuck. To solve this issue, I added background job: Resque in my case we are using Redis/Resque for background jobs, with a great plugins which called Resque retry and provides retry, delay and exponential backoff support for resque jobs and Resque scheduler for support of queueing items in the future.

Read on →

Splitting your app into smaller apps using RabbitMQ

After many years of development, we realized our app had become too complex, causing development, testing and debugging to be much harder. We decided to do something about it and the first step needed to solve this problem was splitting our app into smaller apps—starting with extracting the messaging mailer, which is responsible for sending all our messages to clients as a separate app. For this purpose, RabbitMQ was chosen as a broker.

A couple words about RabbitMQ

RabbitMQ is a broker for the AMQP (Advanced Message Queuing Protocol) – Messaging Broker

Reasons for using messaging in your applications

  • Reduce complexity by decoupling and isolating applications
  • Build smaller apps that are easier to develop, debug, test, and scale
  • Build multiple apps that each use the most suitable language or framework versus one big monolithic app
  • Get robustness and reliability through message queue persistence
  • Reduce system sensitivity to downtime

Read on →


Connecting your app to google calendar v3 via oauth2

Register your app with the google API console

  1. Go to https://code.google.com/apis/console and register your app.
  2. Enable google calendar(ON) in services section.
  3. Get CLIENT ID and CLIENT SECRET from API Access.
  4. Fill callback urls – click API Access –> client ID for web applications section –> edit settings and fill it with your callback url – for example http://localhost/auth/google_oauth2/callback for local debugging and one for production server. Also fill Authorized JavaScript Origin – http://localhost for example. If you have path starting with https add this in separate string also.

Be carefull – this step most important, cause you may spend a lot of time figuring out what problem is if you not created your account correctly and not filled callback urls, that what happend in my case:–).

Read on →


Dynamically marking fields with error in rails form

Recently i had to deal with a problem of dynamically marking form fields with error and displaying specific error for this field below, in case of validation error. After trying to find alredy existing solution and 2 hours spend on stackoverflow.com looking for answer with no success i started to build my own solution.

In my example, I will create a blog post dynamically by using ajax to fill a form with the needed data; submitting it must return status code :ok(200) and create a post. In case you have any validation errors, the corresponding inputs must be marked with an error and the text of the error must be put below the input field. Take a look at this picture to better understand what I mean:

Read on →