how to upload shell in wordpress
In this article we will share How to upload a shell on WordPress CMS And get a reverse shell target machine, I have setup WordPress Lab on my Localhost Server, if you don’t know how to install WordPress yet CMS an Apache localhost Server Please click the link. Multiple ways to get a reverse shell WordPress Server
- Upload to Shell via Add Theme
- Shell upload via Add plugin
- Topics included in topqa.info
- Use the pre-installed Plugins on topqa.info
First, we login with the WordPress Admin Panel, then we go to the theme options. Read: how to upload shell in wordpresshere we upload our php reverse shell, Click on Upload Theme Button and Browse your reverse shell and click Install Now.After clicking the Install Now button we get an error (Unable to install package. PCLZIP_ERR_BAT_FORMAT (-10), we ignore the error and move on to the next step.In my case my upload folder is hostname/wp-content/uploads/2020/12/shell_name.php, if you use method for different years and months please change it to year or your current month. destination server. let’s start our netcat listener and execute our shell using curl command. There are two ways to execute the shell payload first by navigating the upload directory url and then by using the curl command.Read more: How many worms to feed a hamster The second method is to upload the WordPress reverse shell via the Add New Plugin method, click on the Plugin option and next click on Add New. Now our Plugin option is ready to upload malicious shell on WordPress, click on Upload Plugin and Browser Reverse shell_ and click the Install Now button again.Again we get the same error (Unable to install package.PCLZIP_ERR_BAT_FORMAT (-10) we ignore the error again.Again, we need to start our netcat listener and then we navigate the uploads folder URL in the Browser. Wait a second, we get a reverse shell target machine.Third option is Insert Malicious Code in WordPress Preinstalled Themes, again we login using WordPress Dashboard, but we are not allowed to upload any files and plugins or themes. Theme options and click Theme Editor.Read more: how to fix cracked screen with super glue In my case Activate WordPress theme name was Twenty Twenty go to Themes Files option and click on topqa.info (404 Template) and replace all content with malicious php code and click update file.We’ve started our netcat listener’, navigate to the theme’s uploaded URL and execute a Reverse Shell. If your Activation theme is different, replace the themes folder with the theme name.The last option is to upload Reverse shell on WordPress is Edit currently installed plugins, many times our user privileges are very low, our current login user is not allowed to upload files to WordPress, then we choose this option, This option is an alternative to Themes Editor, Click on Plugins button and next click on Plugin Editor and find any file with .php extension, I choose topqa.info, then Then we replace the existing content with malicious PHP and click Update file.After the plugin file is updated again, we need to start the Netcat Payload Handler and then we execute the reverse shell with the curl command. and the second way is to navigate the edited plugs folder on the browser. Read more: how to chase pigeons in the attic
Related: WordPress Shell Upload
Last, Wallx.net sent you details about the topic “how to upload shell in wordpress❤️️”.Hope with useful information that the article “how to upload shell in wordpress” It will help readers to be more interested in “how to upload shell in wordpress [ ❤️️❤️️ ]”.
Posts “how to upload shell in wordpress” posted by on 2021-10-23 03:31:05. Thank you for reading the article at wallx.net