- From XSS to RCE 2.0 - Black Hat Europe Arsenal 2015
- Python (2.7.*, version 2.7.3 was used for development and demo)
- Gnome
- Bash
- Msfconsole (accessible via environment variables)
- Netcat (nc)
- Firefox (Confirmed in a previous version)
- Chrome (Confirmed for the latest version - 14 Nov 2015)
- WordPress http://wordpress.org/
- Better WP Security http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip
- Optional: WPSEO https://yoast.com/wordpress/plugins/seo/
- Payloads/javascript: Contains the JavaScript payloads
- Shells: Contains the PHP shells to inject
- Hans-Michael Varbaek
- Sense of Security
- MaXe / InterN0T
- It works!
- Spaghetti code
- Just-In-Time for Black Hat Europe 2015