This repository has been archived by the owner on Oct 22, 2020. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 265
Supported Commands
Rob edited this page Aug 11, 2018
·
2 revisions
Changes the context of the session back to before loading the current module.
wpxf [exploit/shell/admin_shell_upload] > back
wpxf >
Check if the currently loaded module can be used against the specified target.
wpxf [exploit/shell/admin_shell_upload] > check
[!] Target appears to be vulnerable
wpxf [exploit/shell/admin_shell_upload] >
Clear the screen.
List the credentials stored in the current workspace.
wpxf > creds
ID Host Username Password Type
-- --------------- -------- -------- -----
13 wordpress.vm:80 root toor plain
14 wordpress.vm:80 test plain
wpxf >
Delete the credential with the matching [id] number.
wpxf > creds -d 8
[+] Deleted credential 8
wpxf >
Set an option value globally, so that the current module and all modules loaded afterwards will use the specified value for the specified option.
wpxf > gset host wordpress.vm
[+] Globally set the value of host to wordpress.vm
wpxf > use exploit/shell/admin_shell_upload
[+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3578af0>
wpxf [exploit/shell/admin_shell_upload] > show options
Module options:
Name Current Setting Required Description
------------------- --------------- -------- -------------------------------------------
host wordpress.vm true Address of the target host.
http_client_timeout 5 true Max wait time in seconds for HTTP responses
password true The WordPress password to authenticate with
port 80 true Port the remote host is listening on
proxy false Proxy address ([protocol://]host:port)
ssl false true Use SSL/HTTPS for all requests
target_uri / true Base path to the WordPress application
username true The WordPress username to authenticate with
verbose false true Enable verbose output
vhost false HTTP server virtual host
wpxf [exploit/shell/admin_shell_upload] >
Unset a global option set with the gset command.
wpxf > gunset host
[+] Removed the global setting for host
wpxf >
Display information about the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > info
Name: Admin Shell Upload
Module: exploit/shell/admin_shell_upload
Disclosed: 2015-02-21
Provided by:
rastating
Module options:
Name Current Setting Required Description
---------- --------------- -------- -------------------------------------------
host wordpress.vm true Address of the target host.
password toor true The WordPress password to authenticate with
port 80 true Port the remote host is listening on
proxy false Proxy address ([protocol://]host:port)
ssl false true Use SSL/HTTPS for all requests
target_uri / true Base path to the WordPress application
username root true The WordPress username to authenticate with
verbose false true Enable verbose output
vhost false HTTP server virtual host
Description:
This module will generate a plugin, pack the payload into it and upload it to
a server running WordPress; providing valid admin credentials are used.
wpxf [exploit/shell/admin_shell_upload] >
List the loot collected from targets in the current workspace.
wpxf > loot
ID Host Filename Notes Type
-- --------------- ----------------------- ------------------------------------- ---------
1 wordpress.vm:80 2018-07-14_15-00-56.csv Registered users and e-mail addresses user list
All filenames are relative to /home/rastating/.wpxf/loot
wpxf >
Delete the loot item with the matching [id] number.
wpxf > loot -d 1
[+] Deleted item 1
wpxf >
Print the content of the loot item with the matching [id] number.
wpxf > loot -p 2
Email,Name
"lPBrOHC@mBeTjaAGGh.com","atgvrf"
"gSLzaYG@uZVUAeSJvj.com","dowzvc"
"AMfWgAH@uDNuULjBQv.com","efhkjv"
"halFIgH@CYqrzDzwQU.com","omquqt"
"root@wordpress.vm","root"
wpxf >
Exit the WordPress Exploit Framework prompt.
Re-build the module cache.
wpxf > rebuild_cache
[!] Refreshing the module cache...
wpxf >
Run the currently loaded module.
wpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] > run
[-] Determining database prefix...
[-] Dumping user hashes...
Username Hash
-------- -----------------------------------
root $P$BqL7kZ\/A30CnAbIriSrXRmKvY9ynx80
ATgVrF $P$Bc5VwreNVctuXYwqKuN0IOWiDib79g.
DOWzVC $P$BwtOdeIGMW.jR7\/zfzMp.kc4FJcPwB.
OmQUqt $P$BOUcq9FWVxEyyrqyZNApW79kgPm7wq\/
eFhkJv $P$B1h9aF1cYdIBnAoh9F6NkchHXlTMpe.
[+] Execution finished successfully
wpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] >
Set an option value for the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > set host wordpress.vm
[+] Set host => wordpress.vm
wpxf [exploit/shell/admin_shell_upload] >
Alias for gset
Search for modules that contain one or more of the specified keywords.
wpxf > search rfi
[+] 3 Results for "rfi"
Module Title
-------------------------------------------------- ----------------------------------------
exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload Fast Image Adder <= 1.1 RFI Shell Upload
exploit/rfi/flickr_picture_backup_rfi_shell_upload Flickr Picture Backup RFI Shell Upload
exploit/rfi/wp_mobile_detector_rfi_shell_upload WP Mobile Detector RFI Shell Upload
wpxf >
Show the advanced options of the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > show advanced
Name: basic_auth_creds
Current setting:
Required: false
Description: HTTP basic auth credentials (username:password)
Name: follow_http_redirection
Current setting: true
Required: true
Description: Automatically follow HTTP redirections
Name: max_http_concurrency
Current setting: 20
Required: true
Description: Max number of HTTP requests that can be made in parallel (Min: 1, Max: 200)
Name: proxy_auth_creds
Current setting:
Required: false
Description: Proxy server credentials (username:password)
Name: user_agent
Current setting: Mozilla/5.0 (Macintosh; U; U; Intel Mac OS X 10_7_6 rv:6.0; en-US) AppleWebKit/533.49.6 (KHTML, like Gecko) Version/4.0.2 Safari/533.49.6
Required: false
Description: The user agent string to send with all requests
Name: verify_host
Current setting: true
Required: true
Description: Enable host verification when using HTTPS
Name: wp_content_dir
Current setting: wp-content
Required: true
Description: The name of the wp-content directory.
wpxf [exploit/shell/admin_shell_upload] >
Show the list of available auxiliary modules.
wpxf > show auxiliary
[+] 58 Auxiliaries
Module Title
-------------------------------------- -----------------------------------------------------------
auxiliary/dos/load_scripts_dos WordPress "load-scripts.php" DoS
auxiliary/dos/long_password_dos Long Password DoS
auxiliary/dos/post_grid_file_deletion Post Grid <= 2.0.12 Unauthenticated Arbitrary File Deletion
auxiliary/dos/wp_v4.7.2_csrf_dos WordPress 4.2-4.7.2 - CSRF DoS
...
wpxf >
Show the list of available exploits.
wpxf > show exploits
[+] 289 Exploits
Module Title
-------------------------------------------------------- --------------------------------------------
exploit/rfi/advanced_custom_fields_remote_file_inclusion Advanced Custom Fields Remote File Inclusion
exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload Fast Image Adder <= 1.1 RFI Shell Upload
exploit/rfi/flickr_picture_backup_rfi_shell_upload Flickr Picture Backup RFI Shell Upload
exploit/rfi/gwolle_guestbook_remote_file_inclusion Gwolle Guestbook Remote File Inclusion
exploit/rfi/wp_mobile_detector_rfi_shell_upload WP Mobile Detector RFI Shell Upload
...
wpxf >
Show the basic options of the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > show options
Module options:
Name Current Setting Required Description
------------------- --------------- -------- -------------------------------------------
host wordpress.vm true Address of the target host.
http_client_timeout 5 true Max wait time in seconds for HTTP responses
password true The WordPress password to authenticate with
port 80 true Port the remote host is listening on
proxy false Proxy address ([protocol://]host:port)
ssl false true Use SSL/HTTPS for all requests
target_uri / true Base path to the WordPress application
username true The WordPress username to authenticate with
verbose false true Enable verbose output
vhost false HTTP server virtual host
wpxf [exploit/shell/admin_shell_upload] >
Unset an option set with the set command.
wpxf [exploit/shell/admin_shell_upload] > unset host
[+] Unset host
wpxf [exploit/shell/admin_shell_upload] >
Alias for gunset
Load the specified module into the current context.
wpxf > use exploit/shell/admin_shell_upload
[+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3af1100>
wpxf [exploit/shell/admin_shell_upload] >
List the available workspaces.
wpxf > workspace
[-] default (active)
[-] test
wpxf >
Switch to the [name] workspace.
wpxf > workspace test
[+] Switched to workspace: test
wpxf >
Add a new workspace.
wpxf > workspace -a wiki
[+] Added workspace: wiki
wpxf >
Delete the [name] workspace.
wpxf > workspace -d wiki
[+] Deleted workspace: wiki
wpxf >