This repository has been archived by the owner on Oct 22, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
107 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# VagrantFile - WordPress Exploit Framework | ||
|
||
``` | ||
git clone http://github.com/rastating/wordpress-exploit-framework.git | ||
cd wordpress-exploit-frame/wpxf-vagrant | ||
vagrant up | ||
``` | ||
|
||
A virtual box should build, without a gui. You can start one by hand, or just ssh with: | ||
|
||
vagrant ssh | ||
|
||
To run the framework, use: | ||
|
||
``` | ||
sudo su - | ||
ruby /opt/wordpress-exploit-framework/wpxf.rb | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
# -*- mode: ruby -*- | ||
# vi: set ft=ruby : | ||
|
||
# All Vagrant configuration is done below. The "2" in Vagrant.configure | ||
# configures the configuration version (we support older styles for | ||
# backwards compatibility). Please don't change it unless you know what | ||
# you're doing. | ||
Vagrant.configure("2") do |config| | ||
# The most common configuration options are documented and commented below. | ||
# For a complete reference, please see the online documentation at | ||
# https://docs.vagrantup.com. | ||
|
||
# Every Vagrant development environment requires a box. You can search for | ||
# boxes at https://vagrantcloud.com/search. | ||
config.vm.box = "bento/ubuntu-16.04" | ||
config.vm.hostname = "wpxf" | ||
# Disable automatic box update checking. If you disable this, then | ||
# boxes will only be checked for updates when the user runs | ||
# `vagrant box outdated`. This is not recommended. | ||
# config.vm.box_check_update = false | ||
|
||
# Create a forwarded port mapping which allows access to a specific port | ||
# within the machine from a port on the host machine. In the example below, | ||
# accessing "localhost:8080" will access port 80 on the guest machine. | ||
# NOTE: This will enable public access to the opened port | ||
# config.vm.network "forwarded_port", guest: 80, host: 8080 | ||
|
||
# Create a forwarded port mapping which allows access to a specific port | ||
# within the machine from a port on the host machine and only allow access | ||
# via 127.0.0.1 to disable public access | ||
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" | ||
|
||
# Create a private network, which allows host-only access to the machine | ||
# using a specific IP. | ||
# config.vm.network "private_network", ip: "192.168.33.10" | ||
|
||
# Create a public network, which generally matched to bridged network. | ||
# Bridged networks make the machine appear as another physical device on | ||
# your network. | ||
config.vm.network "public_network" | ||
|
||
# Share an additional folder to the guest VM. The first argument is | ||
# the path on the host to the actual folder. The second argument is | ||
# the path on the guest to mount the folder. And the optional third | ||
# argument is a set of non-required options. | ||
config.vm.synced_folder "../", "/opt/tmp" | ||
|
||
# Provider-specific configuration so you can fine-tune various | ||
# backing providers for Vagrant. These expose provider-specific options. | ||
# Example for VirtualBox: | ||
# | ||
config.vm.provider "virtualbox" do |vb,override| | ||
# # Display the VirtualBox GUI when booting the machine | ||
vb.gui = false | ||
vb.customize ["modifyvm", :id, "--memory", 1024] | ||
vb.customize ["modifyvm", :id, "--cpus", 1] | ||
vb.customize ["modifyvm", :id, "--vram", "32"] | ||
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] | ||
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] | ||
|
||
# | ||
# # Customize the amount of memory on the VM: | ||
end | ||
# | ||
# View the documentation for the provider you are using for more | ||
# information on available options. | ||
|
||
# Enable provisioning with a shell script. Additional provisioners such as | ||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the | ||
# documentation for more information about their specific syntax and use. | ||
config.vm.provision "shell", inline: <<-SHELL | ||
apt-get update | ||
apt-get install -y apache2 build-essential patch | ||
apt-get install -y ruby-dev zlib1g-dev liblzma-dev | ||
apt-get install -y libsqlite3-dev libcurl3 | ||
apt-get install -y ruby-full | ||
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB | ||
curl -sSL https://get.rvm.io | bash -s stable --ruby=2.4.4 | ||
source /usr/local/rvm/scripts/rvm | ||
echo "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc | ||
mkdir -p /opt/wordpress-exploit-framework | ||
cp -R /opt/tmp/* /opt/wordpress-exploit-framework | ||
cd /opt/wordpress-exploit-framework | ||
rvm install ruby-2.4.4 | ||
rvm --default use ruby-2.4.4 | ||
gem install wpxf | ||
SHELL | ||
end |