Checksums do not match on timthumbs.txt

[dumbox]

While attempting to update wpscan starting yesterday, I have received the following error:

timthumbs.txt: checksums do not match.

It appears several files were updated yesterday due to the release of Wordpress 4.2.1. Timthumbs.txt and timthumbs.txt.sha512 were both updated seven days ago. Until now, the update command has never failed.

[erwanlr]

Could you retry with the -v option and post the output please ?, Also, are you using the latest version / git version or a specific version ?

[firefart]

@dumbox there were some access right problems on the server. Can you please try again? (and post the -v output if it does not work)

[dumbox]

The following is the error message. The GIT version is 1.7.10.4.

[i] Updating the Database ...
[+] Checking local_vulnerable_files.xml
[i] Already Up-To-Date
[+] Checking local_vulnerable_files.xsd
[i] Already Up-To-Date
[+] Checking plugins_full.txt
[i] Already Up-To-Date
[+] Checking plugins.txt
[i] Already Up-To-Date
[+] Checking themes_full.txt
[i] Already Up-To-Date
[+] Checking themes.txt
[i] Already Up-To-Date
[+] Checking timthumbs.txt
[i] Needs to be updated
[i] Backup Created
[i] Downloading new file
[i] Downloaded File Checksum: 1922e6a16702922b38dfc8cd0753830775280fcd421d9ed53ec2de722835037ea2dc5b3f3e6ec27d967a20544d51c1d08c8b0eae98cf4e7ab629b4b60ac4c27c
[i] Restoring Backup due to error
[i] Deleting Backup

timthumbs.txt: checksums do not match
Trace:
/usr/share/wpscan/lib/common/db_updater.rb:101:in block in update' /usr/share/wpscan/lib/common/db_updater.rb:82:ineach'
/usr/share/wpscan/lib/common/db_updater.rb:82:in update' ./wpscan.rb:50:inmain'
./wpscan.rb:414:in `

'

[firefart]

Just checked the files on the server and the hashes are correct. Do you have the latest git version? We made some timeout tweaks in the current release which is not yet in kali.
You can try adding the following parameters:
./wpscan.rb --update --connect-timeout 20 --request-timeout 20

[dumbox]

I reinstalled wpscan (apt-get install --reinstall wpscan). That fixed the problem.

[vl23]

[i] Updating the Database ...

[!] local_vulnerable_files.xml: checksums do not match

What can i do to fix this ?

[lazycipher]

When I tried to Reinstall Wpscan on Kali

root@kali:# apt-get install --reinstall wpscan
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reinstallation of wpscan is not possible, it cannot be downloaded.
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
root@kali:#

[firefart]

@himsingh17 maybe you are not on the latest release of kali. Check if you are using kali rolling and try again

[Oneiroi]

Ran into this issue today output from -v follows database file checksum looks odd:

[i] It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y
[i] Updating the Database ...
[+] Checking local_vulnerable_files.xml
  [i] Already Up-To-Date
[+] Checking local_vulnerable_files.xsd
  [i] Already Up-To-Date
[+] Checking plugins_full.txt
  [i] Needs to be updated
  [i] Backup Created
  [i] Downloading new file
  [i] Downloaded File Checksum: a914baf26edfc4f10f721ee6d0cac9392588302cf60fe55c064573479e8c4d515f09fd38dbda566624b1a1503440c9dfde78c65e9e94e50e8a5c1b731be8a455
  [i] Database File Checksum  : ����������ܘ� �
                                                [���+V�}�&�FT����{����x'$�6�{ڔb������ç��l�j���Q�~������H�����݃��[�q�
  [i] Restoring Backup due to error
  [i] Deleting Backup

[!] plugins_full.txt: checksums do not match
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:102:in `block in update'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `each'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `update'
./wpscan.rb:73:in `main'
./wpscan.rb:443:in `<main>'

I ran apt-get install --reinstall wpscan this did not resolve the issue. Running the latest Kali 2.0 full apt-get update && apt-get update && apt-get dist-upgrade completed with no pending updates.

[firefart]

@Oneiroi it looks like your client is not decompressing a compressed response. Can you please run it again with

./wpscan.rb --update --verbose --debug-output

and post the results?

[Oneiroi]

@firefart as requested :

[i] Updating the Database ...
[+] Checking local_vulnerable_files.xml
Hostname was NOT found in DNS cache
  Trying 85.159.212.89...
Connected to wpvulndb.com (85.159.212.89) port 443 (#0)
successfully set certificate verify locations:
  CAfile: none
  CApath: /etc/ssl/certs
SSLv3, TLS handshake, Client hello (1):
�����5�MW��9���f�
��j�ҫz�ӳ�   n�����v�0�,�(�$���
��kj98���2�.�*�&���=5��/�+�'�#��� ��g@32��ED�1�-�)�%����</�A�����
���]�
     wpvulndb.com
                 ����
�2

 �  
 ��������������������������������SSLv3, TLS handshake, Server hello (2):
�^������Y�wjߗo��A������iX����U�h^� ��Wn��<�f�Y��E.<D��K,p�&"M�/����
                                                                   ������SSLv3, TLS handshake, CERT (11):

��  *�H�� ��0�0�������������Z�m9����6Wڤ��0
  0J1
     0  ��U����US1�0���U�
161006175200Z0�1�0���U���et's Encrypt Authority X30��
������0���H��            wpvulndb.com0��"0
�����Q� �.�����]��ذ���Z��7��yt�9�І"�H_���g����x�3�� ���e�ߨu
                                                           n�!
�L㒡�i�B��k'�-��Uh�M�
����E���>p��2���}�Y$8���F��u�Ft;�Cbw�� ���oi��E��3t@�w����t�0<�p��N
                                                                    Ǥjw������8�bF�s��72���+��^�I;_=w�Z3���d�����]�GV��G����Rb��@�Z[
        +�k���C��f�s�����.>��6Vuϧ+�~�c��������0���0��U���������0���U�%��0�+����+����0
                                                                                     ��U�������00���U�������Y�w���m��}rr��0���U�#��0����Jjc�}ݺ��9��Ee�����0p+�����d0b0/+��0��#http://ocsp.int-x3.letsencrypt.org/0/+��0��#http://cert.int-x3.letsencrypt.org/0)��U���"0 �
                   wpvulndb.com��www.wpvulndb.com0����U� ���0����g�
                                                                   ���0���
                                                                          +����������0��0&+������http://cps.letsencrypt.org0��+����0��
           ��This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy��ound a*�H��ps://letsencrypt.org/repository/0
  ���������]^�^�'���_�yn_��{.�P���&~c��
K[\_`�����=7<��n�&�?��sRH�Q'�5�&�WsC    Aqp&H|"by+���;��JWz���>Lj�������}rV�#�������y��jm1Sn�O1��G���Ʉ
                                                                                                     CG3 �6ټE�-J>?���_9��r����*C�����AdYy�U�cNx+Ƈ���?���.6��0���0��z�������
�AB�S�sj
��      *�H��
  0?1$0"��U�
�
210317164046Z0J1e Trust Co.1�0���U���DST Root CA X30��
                0   ��U����US1�0���U�
������0���H��1#0!��U����Let's Encrypt Authority X30��"0
������
      �Z�.G�r]7��hc0��5&�%὾5�p�/��KA���X��*�h�
                                              ��u����bq�y�`�ב����xgq�i�������`<H�~�Mw�$�G����7���{���J��A�6����m<�h�#*B�
                                                                                                                        �tg�d�3���)��6u�k�J���Ix/��O* %)��t��1͏18����3�C�����y1�=-6����3j�91ůč
          ��}Ó�������}0��y0���U�����0������0��U����������+�����s0q02+��0��&http://isrg.trustid.ocsp.identrust.com0;+��0��/http://apps.identrust.com/roots/dstrootcax3.p7c0���U�#��0���ħ��{,q���K�u���`���0T��U� �M0K��g�
                                                                                             ���0?�
                                                                                                   +����������000.+�����"http://cps.root-x1.letsencrypt.org0<��U���50301�/�-�+http://crl.identrust.com/DSTROOTCAX3CRL.crl0���U������Jjc�}ݺ��9��Ee������� *�H��
  �����3���cX8����  U�vV�pH�iG'{���Z�J�)7$tQ�bh�͕pg����N(Q͛讇��غZ������j�j�>W#����b���ʷ�?�
H����eb��T��*� ���������2���w��ye+�(�:�R��R
                                           ._����3�wl�@�2���\A�tl[]
_3�M��8�/{,b�٣�o%�/���F=�~��z���zm��%�������/X��/,h&�K��ڟ
                                                         ��CJ�DNosz(ꤪn{L}�����D����4[�BSSLv3, TLS handshake, Server key exchange (12):

�I��A�@�d:;���eۙ�6�>��Ʒ,�o�<FZ��A�W9��9�������2!�$a2ֹO1Y!fBr��x����L��B�g
                                                                       ڜ4' J+��r�xpy���t]�ؠ��6���-)t��aG�yg������Q��0�=+0�*�k)�%���
�T㍹�V����5M9����qt�cae��];V��P�a�����N�Kb�n�����  '���V)�+K�j ^���y��q��eN���� �2��
                                                                                         ,d������)����������x��D�^����U�~�T��Sk��z�!���.��
               ��~�����%�;��bF�$��ڊ��V�h�H

&��L������D�SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
�BA��n��J�w�ў��u}�*�8��P������}s��K�����[������$؍�
                                                  ۔!��6���YS�SSLv3, TLS change cipher, Client hello (1):
�SSLv3, TLS handshake, Finished (20):
�
 -�����H�$Y��SSLv3, TLS change cipher, Client hello (1):
�SSLv3, TLS handshake, Finished (20):
�
 �2����T,�SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
Server certificate:
     subject: CN=wpvulndb.com
     start date: 2016-07-08 17:52:00 GMT
     expire date: 2016-10-06 17:52:00 GMT
     issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
     SSL certificate verify ok.
GET /data/local_vulnerable_files.xml.sha512 HTTP/1.1
Host: wpvulndb.com
Accept: */*
User-Agent: WPScan v2.8 (http://wpscan.org)

^[[?62;9;cHTTP/1.1 200 OK
Server nginx is not blacklisted
Server: nginx
Date: Wed, 17 Aug 2016 08:50:11 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Aug 2016 20:37:36 GMT
Vary: Accept-Encoding
Expires: Wed, 17 Aug 2016 10:20:59 GMT
Cache-Control: public, max-age=14400
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-Content-Security-Policy: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-WebKit-CSP: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-Proxy-Cache: HIT

Connection #0 to host wpvulndb.com left intact
  [i] Needs to be updated
  [i] Backup Created
  [i] Downloading new file
Found bundle for host wpvulndb.com: 0x18c6aa0
Re-using existing connection! (#0) with host wpvulndb.com
Connected to wpvulndb.com (85.159.212.89) port 443 (#0)
GET /data/local_vulnerable_files.xml HTTP/1.1
Host: wpvulndb.com
Accept: */*
User-Agent: WPScan v2.8 (http://wpscan.org)

HTTP/1.1 200 OK
Server nginx is not blacklisted
Server: nginx
Date: Wed, 17 Aug 2016 08:50:11 GMT
Content-Type: text/plain
Content-Length: 1821
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 11 Aug 2016 20:37:36 GMT
Expires: Wed, 17 Aug 2016 10:21:03 GMT
Cache-Control: public, max-age=14400
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-Content-Security-Policy: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-WebKit-CSP: default-src 'self'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://ssl.gstatic.com/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://firefart.report-uri.io/r/default/csp/enforce;
X-Proxy-Cache: HIT

Connection #0 to host wpvulndb.com left intact
  [i] Downloaded File Checksum: d9075b1f50ded87611d6eef70b2f08e2bdd21ef0eceaeaaff26aa23cbe00731009ccfdf1166eac4537eeb10d83050501222e6cdc3e5fc28daf430ef84156b27b
  [i] Database File Checksum  : ���   ���@K�
������v7����c8��������G���.�Lf�jd�u��&�׽�"��>n�,�<��!���i�o���c��#���~��σ�
  [i] Restoring Backup due to error
  [i] Deleting Backup

[!] local_vulnerable_files.xml: checksums do not match
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:102:in `block in update'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `each'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `update'
./wpscan.rb:73:in `main'
./wpscan.rb:443:in `<main>'

[firefart]

@Oneiroi you are using an old version of wpscan (2.8). Please update to the latest and try again

[Oneiroi]

@firefart wpscan is installed from Kali repositories; I've modified the sources.lst to include deb http://http.kali.org/kali kali-rolling main contrib non-free this installs wpscan 2.9.1-0kali2 however it has dependency issues due to missing gems

root@kali:~# wpscan --update --verbose --debug-output
[ERROR] cannot load such file -- ffi_c
[TIP] Try to run 'gem install ffi_c' or 'gem install --user-install ffi_c'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan
root@kali:~# gem install ffi_c
ERROR:  Could not find a valid gem 'ffi_c' (>= 0) in any repository
ERROR:  Possible alternatives: fdic, ffi, ffi2, ffiec, flic

[Oneiroi]

apt-get install ruby-dev && gem install ffi --platform=ruby
[ERROR] cannot load such file -- yajl/yajl
root@kali:~# wpscan --upgrade
[ERROR] cannot load such file -- yajl/yajl
root@kali:~# gem install yajl
Fetching: yajl-0.3.4.gem (100%)
Successfully installed yajl-0.3.4
Parsing documentation for yajl-0.3.4
Installing ri documentation for yajl-0.3.4
Done installing documentation for yajl after 0 seconds
1 gem installed
root@kali:~# wpscan --upgrade
/usr/lib/ruby/vendor_ruby/yajl/json_gem/encoding.rb:5:in `<top (required)>': uninitialized constant Yajl::Encoder (NameError)
Did you mean?  EncodingError
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/vendor_ruby/yajl/json_gem.rb:3:in `<top (required)>'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/share/wpscan/lib/environment.rb:36:in `<top (required)>'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/share/wpscan/lib/common/common_helper.rb:52:in `<top (required)>'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/share/wpscan/lib/wpscan/wpscan_helper.rb:3:in `<top (required)>'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from ./wpscan.rb:8:in `<main>'

Dependency hell ...

[Oneiroi]

root@kali:/usr/share/wpscan# gem install bundler
Fetching: bundler-1.12.5.gem (100%)
Successfully installed bundler-1.12.5
Parsing documentation for bundler-1.12.5
Installing ri documentation for bundler-1.12.5
Done installing documentation for bundler after 4 seconds
1 gem installed
root@kali:/usr/share/wpscan# bin install --without test
bash: bin: command not found
root@kali:/usr/share/wpscan# bundle install --without test

wpscan now works.

So to recap

1. add kali-rolling to your apt sources.list (http://docs.kali.org/general-use/kali-linux-sources-list-repositories)
2. apt-get update && apt-get install wpscan ruby-dev
3. gem install ffi --platform=ruby
4. cd /usr/share/wpscan
5. gem install bundler && bundle install --without test

And WPscan is now functional again, however I think the dependencies in the packages need some work so these manual steps are not needed.

[firefart]

on kali gems are installed via apt-get and not via bundler because they are insalled system wide. But glad it works now :)

[Oneiroi]

@firefart my thoughts exactly. Not the case with this update however requiring additional manual steps to resolve.