How to embed shell on the wordpress cms.

In this brief article I will give a little tutorial for how we can embed a web shell at cms wordpress without using any plugins.
This I did on the localhost with the URL address and wordpress.localhost on WordPress version 3.2. For other versions, please try ...
Once we managed to get the wordpress admin account target, it's up to you how to get it, probably from SQL Injection, Social enginering, whatever is not the problem, which is important to go to the Dashboard from admin

Well, we start ..
Login to the admin dashboard panel of its via http://wordpress.localhost/wp-login.php

Enter your username and password from his wordpress, after a successful login, then we will be taken to the dashboard page admin panel, like the bland below

Once successful, then select Appreance --> Editor and select a file we will edit, for example, we select the file header.php, like the one in the picture below.

Then please us include uploader php script that allows you to upload a shell our website at the beginning of the script file header.php.this is example file:


Then click the Update file, and note the words "File edited successfully", and note the URL is created that is

That means the file was located in the path / wp-content/themes/twentyeleven/header.php

As in the show in the picture below

then the URL to access the last uploader was: http://wordpress.localhost/wp-content/themes/twentyeleven/header.php

It remains to be uploading a web shell, for example C100.
and to access his sojourn we navigate to the folder twentyeleven
thus becomes:
and ... Here is the result:

Binggo, we get its web shell ..

Happy Hacking ...

You can leave a response, or trackback from your own site.

0 Response to "How to embed shell on the wordpress cms."

Post a Comment

Powered by NGELIH