Exploit Scanner problem when creating latest (5.0.2) hash file.

  • Kenneth Poveda Mata

    (@kepoma)


    7 years, 3 months ago

    After following the instructions to create the hash file from the latest 5.0.2 version of WordPress and uploading it to the root directory of the plugin, the scan did not show signs of progress, removing the newly created hash file allowed me to scan the website.

    The scan worked I am assuming using the 4.9.8 hash I had previously downloaded and uploaded to my installation from https://github.com/philipjohn/exploit-scanner-hashes

    –The problem–

    I later thought of opening one of the older hash files to see the contents and check for any differences between those old hashes and the one I created, and I think I found the problem.

    The hash generator is outputting almost everything (more on that in a bit), however three things were missing from the browser output and one thing was added that the old files don’t have:

    – The opening php tag
    – The second line “$filehashes = array(”
    – And the name of the first item in the array (third line) *my guess is ‘xmlrpc.php’ =>, it is however outputting the hash number for that unknown item, again without its name.
    – The only one thing added that the old files don’t have was the very last line, the closing php tag ?>

    –Troubleshooting steps–

    I also tried running the hash generator from Firefox instead of Google Chrome just to see if that would make a difference but the result was the same.

    Ran the hash generator on a local Windows 10 XAMPP environment running PHP 7.3.0, and two other servers one running PHP 7.1 and other running 5.4 all of those with the same results. I am mentioning this just in case the php version was causing a problem.

    –The workaround–

    So after finding the generator was not adding those lines, I added line one and two and now the scanner worked.

    I didn’t add the name for ‘xmlrpc.php’ => only because at this point that is only my guess for the file name, but I am not sure

    The first lines so you can get an idea of how the file looks after my tweaks is below.

    <?php
    $filehashes = array(
    ‘6c53e2ff076280c5cfc410a3c632c785’,
    ‘wp-blog-header.php’ => ‘edad74614d6d3fa2252c3d74ff037ac7’,
    ‘readme.html’ => ’55d27f1f9f7f79fa2593a5b32907ee44′,
    ‘wp-signup.php’ => ‘1b902775bb00c7996bbe7a0fc8dfd8d9’,
    … etc

    –Conclusion–

    The question that I have is what am I doing wrong and how can this be fixed so we can continue using the scanner with future releases of WordPress.

    Thank you in advance for your help.

The topic ‘Exploit Scanner problem when creating latest (5.0.2) hash file.’ is closed to new replies.

Tags