Breaking News



Hey aspiring Moral Hackers. On this article you’ll find out about a number of WordPress reverse shell strategies. As you all would possibly already know, WordPress is a well-liked open supply Content material Administration System (CMS) primarily based on PHP and MySQL or MariaDB as database. It was launched in yr 2003.

SInce then, it grew out to be probably the most fashionable CMS around the globe. It’s used as running a blog software program, membership website and on-line retailer and so on. WordPress is utilized by over 60 million web sites.

On this article we are going to present you the best way to acquire a reverse shell on a WordPress web site as soon as we now have the credentials of the web site. This can be a complete assortment strategies to achieve reverse shell on WordPress.
 
This Tutorial assumes that you’ve got already acquired WordPress credentials and may entry the WordPress dashboard.

1. Reverse Shell By Susceptible Plugins

One of many causes for the recognition of the WordPress CMS is its plugins. WordPress plugins are further extensions which might be used to increase the performance of the WordPress CMS. WordPress has over 58,559 plugins. Generally these weak plugins are the explanation attackers get a reverse shell on the WordPress goal.
There are numerous weak plugins which might be downloaded from web sites like Exploit Database. We are going to use one such WordPress plugin Responsive Thumbnail slider model 1.0. This model of the plugin has an arbitrary file add vulnerability which is used to add malicious payload into the web site. Since this goal doesn’t have this weak plugin put in, let’s add this plugin ourselves and activate it.

As soon as the plugin is uploaded and activated, Metasploit can be utilized to take advantage of this weak plugin. Begin Metasploit and cargo the wp_responsive_thumbnail_slider_upload module as proven under.

Use verify command to substantiate if the goal is certainly weak.

After setting the credentials and executing the module, a meterpreter session on the goal is gained.

Right here’s one other well-known wordpress plugin that may be exploited.

2. Reverse Shell By Modifying WordPress Theme

WordPress Themes improve the look of the WordPress web sites. The content material of those theme might be edited to add a reverse shell on the goal. For this tutorial, we are going to add the notorious C99 webshell. Right here’s extra about c99 net shell.

Right here’s the 404.php web page of the theme has been edited to repeat the code of the C99 net shell into that web page. As soon as the edited file is saved all that’s wanted to be carried out is visiting that web page.

With C99 shell on the goal web site, there are a bunch of choices to put with.

3. Reverse Shell By Importing A Malicious Plugin

Importing a malicious plugin is one other manner of gaining a reverse shell on a WordPress web site. Github has many choices of those WordPress malicious plugins. Let’s use certainly one of them named malicious wordpress plugin that may be downloaded from right here.

After navigating into the “malicious-wordpress-plugin” listing, execute the wordpwn.py script. It would present the utilization of the script.

Execute the script once more by setting the LHOST, LPORT and by enabling the handler choice. i.e the “Y” choice. This may begin a Metasploit handler.

By this time, a brand new file named “malicious.zip” is created within the “malicious-wordpress-plugin” listing.

Add this plugin into WordPress and activate it identical to every other plugin.

This newly uploaded net shell might be accessed from two URLs given under

http://(goal)/wp-content/plugins/malicious/wetw0rk_maybe.php
http://(goal)/wp-content/plugins/malicious/QwertyRocks.php

On this particular occasion, the online shell received executed by visiting the primary URL. This may give us a meterpreter session on the already listening handler.

4. Reverse Shell By Metasploit Framework

Right here is one other easy technique to achieve a reverse shell. Metasploit Framework has a module that uploads a reverse shell as payload as soon as the WordPress credentials are recognized.

Begin Metasploit and cargo the exploit/unix/webapp/wp_admin_shell_upload module.

Set all of the required choices that features credentials and execute the module.

This may give us a meterpreter session efficiently. These are the 4 widespread strategies by means of which a reverse shell might be achieved on the WordPress. Now, you determine Which is your favourite technique of gaining a reverse shell on WordPress?


Leave a Reply

Your email address will not be published.

Donate Us

X