FINDSTR:

[Carlos Norzagaray]

Hello guys, i have a problem with pentestbox, I had pentestbox in my laptop, i had to format, and after install again the pentestbos program, when i want run wpscan, i have this problem, i tried install with and without metasploit and nothing, someone know the solution?. I would appreciate it very much

[+] Starting the password brute forcer

find: '/C/PerfLogs': Permission denied

find: '/C/Program Files/WindowsApps': Permission denied

find: '/C/Program Files (x86)/Google/CrashReports': Permission denied

find: '/C/ProgramData/Microsoft/Crypto/RSA/S-1-5-18': Permission denied

find: '/C/ProgramData/Microsoft/Network/Downloader': Permission denied

find: '/C/ProgramData/Microsoft/Search/Data': Permission denied

find: '/C/ProgramData/Microsoft/Windows/AppRepository': Permission denied

find: '/C/ProgramData/Microsoft/Windows/LocationProvider': Permission denied

find: '/C/ProgramData/Microsoft/Windows/Power Efficiency Diagnostics': Permission denied

find: '/C/ProgramData/Microsoft/Windows/Sqm': Permission denied

find: '/C/ProgramData/Microsoft/Windows/SystemData': Permission denied

find: '/C/ProgramData/Microsoft/Windows/WER/ReportArchive': Permission denied

find: '/C/ProgramData/Microsoft/Windows/WER/ReportQueue': Permission denied

find: '/C/ProgramData/Microsoft/Windows Defender': Permission denied

find: '/C/ProgramData/Microsoft/Windows NT/MSFax': Permission denied

find: '/C/System Volume Information': Permission denied

find: '/C/Windows/AppCompat/Programs': Permission denied

find: '/C/Windows/AUInstallAgent': Permission denied

find: '/C/Windows/LiveKernelReports': Permission denied

find: '/C/Windows/Logs/HomeGroup': Permission denied

find: '/C/Windows/Minidump': Permission denied

find: '/C/Windows/ModemLogs': Permission denied

find: '/C/Windows/PCHEALTH/ERRORREP/QHEADLES': Permission denied

find: '/C/Windows/PCHEALTH/ERRORREP/QSIGNOFF': Permission denied

find: '/C/Windows/PLA/Reports': Permission denied

find: '/C/Windows/PLA/Rules': Permission denied

find: '/C/Windows/PLA/Templates': Permission denied

find: '/C/Windows/Prefetch': Permission denied

find: '/C/Windows/Resources/Themes/aero/VSCache': Permission denied

find: '/C/Windows/security/audit': Permission denied

find: '/C/Windows/security/cap': Permission denied

find: '/C/Windows/ServiceProfiles/LocalService': Permission denied

find: '/C/Windows/ServiceProfiles/NetworkService': Permission denied

find: '/C/Windows/System32/Com/dmp': Permission denied

find: '/C/Windows/System32/config': Permission denied

find: '/C/Windows/System32/FxsTmp': Permission denied

find: '/C/Windows/System32/LogFiles/Fax/Incoming': Permission denied

find: '/C/Windows/System32/LogFiles/Fax/Outgoing': Permission denied

find: '/C/Windows/System32/LogFiles/Firewall': Permission denied

find: '/C/Windows/System32/LogFiles/WMI': Permission denied

find: '/C/Windows/System32/MsDtc': Permission denied

find: '/C/Windows/System32/networklist': Permission denied

find: '/C/Windows/System32/sru': Permission denied

find: '/C/Windows/System32/Tasks': Permission denied

find: '/C/Windows/SysWOW64/Com/dmp': Permission denied

find: '/C/Windows/SysWOW64/config': Permission denied

find: '/C/Windows/SysWOW64/FxsTmp': Permission denied

find: '/C/Windows/SysWOW64/MsDtc': Permission denied

find: '/C/Windows/SysWOW64/networklist': Permission denied

find: '/C/Windows/SysWOW64/sru': Permission denied

find: '/C/Windows/SysWOW64/Tasks': Permission denied

find: '/C/Windows/Temp': Permission denied

find: ':': No such file or directory

FINDSTR: error de escritura

  Brute Forcing 'theactor19' Time: 00:00:02 <===> (1 / 1) 100.00% Time: 00:00:02

  [!] ERROR: Server error, try reducing the number of threads or use the --throttle option.

[Aditya Agrawal]

Hello,

This seems to be a wpscan issue but let me know that commands which you typed after opening wpscan. I will try to help you out with that.

Thanks

Aditya Agrawal

[Carlos Norzagaray]

thanx for the reply, the commands than i used are: wpscan.rb --url website --username xxxxxxxx --wordlist pass.lst

[Aditya Agrawal]

Hi,

I just reproduced the error and it seem's that there is some issue with progressbar gem which Wpscan uses. 

I have filed this issue to the wpscan team on your behalf. I will update you as soon as there is any update from wpscan team.

Here is the link for the issue i filed with wpscan. https://github.com/wpscanteam/wpscan/issues/922

Thanks for letting me know the bug. I didn't tested this feature(bruteforce) on windows, that is why it was left.

Aditya Agrawal

[Carlos Norzagaray]

thanks a lot for your reply and time, by the way... pentestbox is an amazing environment for pentesting.

Best regards.

[Aditya Agrawal]

Hi,

Thanks for your kind words. Finally the issue is fixed, please type "update webapplication" on the terminal to update wpscan and fix the issue :)

Thanks again for the bug report.

Aditya Agrawal

[Carlos Norzagaray]

thanks but ... I've done what you've told me and the problem persists =(

[Aditya Agrawal]

Please send me screenshot of the error.

[Carlos Norzagaray]

there is 

[Aditya Agrawal]

From the error  it seems that your wpscan is still not updated.

Please perform steps below:- 

(1) cd c:/PentestBox/bin/WebApplications/wpscan/

(2) git pull origin master

Now open another tab using "CTRL+ T" and then again try to operate.

let me know if problem persists.

Thanks

[Carlos Norzagaray]

ready, but when y replace for the origin, the console askme for an update to 2.1.9 of ruby

[Aditya Agrawal]

You mean to say that it is running fine now ?

[Carlos Norzagaray]

No, it does not work...

C:\Users\

> wpscan --url webpage.com --enumerate u

Ruby >= 2.1.9 required to run wpscan (You have 2.1.8)

:(

[Aditya Agrawal]

I guess you clone wpscan original version from their Github Repo. https://github.com/wpscanteam/wpscan

Because that 2.1.9 requirement was added in original repo not our repo. https://github.com/wpscanteam/wpscan/commit/6451510449d7ce16024a1a27971aa66d83d1d4eb

Please only use our cloned version https://github.com/pentestbox/wpscan

Thanks

Aditya Agrawal

[Carlos Norzagaray]

already clone wpscan from pentestbox github and more troubles...

> wpscan webpage.com

_______________________________________________________________

        __          _______   _____

        \ \        / /  __ \ / ____|

         \ \  /\  / /| |__) | (___   ___  __ _ _ __

          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \

           \  /\  /  | |     ____) | (__| (_| | | | |

            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team

                       Version 2.9

          Sponsored by Sucuri - https://sucuri.net

   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_

_______________________________________________________________

[i] It seems like you have not updated the database for some time.

[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]y

[i] Updating the Database ...

[!] Unable to get https://data.wpscan.org/local_vulnerable_files.xml.sha512 (Problem with the SSL CA cert (path? access rights?))

I'm sorry for causing so much trouble = (.... if you want, isn't necessary more responses, i can wait for another version of pentestbox, or maybe in some months there's a solution

[Aditya Agrawal]

No issues. I am more concerned here because i am not facing any issues in my installation. We can solve this issue. Required version of curl is already there, so SSL CA error should not be there.

I have searched about this above error, it seem's like it is common issue with other users as well.

Please try this on your terminal " wpscan --update --random-agent"

And let me know if that doesn't fix.

Thanks

Aditya Agrawal

[Carlos Norzagaray]

> wpscan --update --random-agent

[!] No such file or directory @ rb_sysopen - C:/Users/JoseCarlos/Desktop/Pentest/bin/WebApplications/wpscan/data/user- gents.txt

and y copy from github wpscan master

[Aditya Agrawal]

I guess there are some files removed from your installation, so please reinstall PentestBox and make sure it is installed on C:/PentestBox. Currently you are having it on desktop.

[Carlos Norzagaray]

not my friend, but I solved the problem, I copied the file user-agents from data.zip it was into another zip, and the console can update wpscan =)... thanks a lot, and really sorry for the inconvenients..

greetings and once again, thank you for pentest box

[Aditya Agrawal]

Glad to know that it is working fine. But i am still confused why i am not able to replicate above error on my installation. I have tried on different machines and in all of them it is working like charm.

Aditya Agrawal

[koollife Kolawole]

Hello guys i have the sames issues:

i am new in this, i tested my website myself by creating different users and passwords

i created fake password and mixed with original passport:

but i notice password brute force not working correctly: every time the brute pick wrong password. 

I want to ask did Pentest came with wordlist password? like Kali linux?

i also see this errors below, i have updated the database but same issues

[+] Starting the password brute forcer                  

find: '/C/$Recycle.Bin/S-1-5-18': Permission denied     

find: '/C/AdwCleaner/Quarantine/v1/20190316.154259/3/Ten

find: '/C/Config.Msi': Permission denied                

find: '/C/MSOCache': Permission denied