This Python script automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server. It utilizes the wp-automatic plugin's CSV injection vulnerability to execute SQL queries on the WordPress database and gain administrative access.
- Python 3.x
requestslibrary (install viapip install requests)- Netcat (for setting up a listener to connect to the reverse shell)
- Replace the
domainvariable in the script with the URL of the target WordPress site. - Run the Python script.
- Once the script is executed, it will create a new admin user named
eviladmin, set the password, and assign administrative privileges. - It will then upload and execute a reverse shell payload on the target server.
- Set up a netcat listener to connect to the reverse shell using the specified port.
Note: Ensure that you have proper authorization and permissions before running this script, as it can lead to security vulnerabilities and legal consequences if misused.
This script is provided for educational and testing purposes only. The author assumes no liability for any unauthorized or illegal use of this script. Use it at your own risk.
You can customize this README further with additional details, such as installation instructions, troubleshooting tips, or security considerations. Make sure to include any relevant information that users might need to successfully run and understand your code.