Home Security Tools WordPress Exploit Framework – A Ruby Tool For WordPress Penetration Testing

WordPress Exploit Framework – A Ruby Tool For WordPress Penetration Testing

by

To install the latest stable build, run  gem install wpxf .

After installation, you can launch the WordPress Exploit Framework console by running  wpxf .

If you have issues installing WPXF’s dependencies (in particular, Nokogiri), first make sure you have all the tooling necessary to compile C extensions:


It’s possible that you don’t have important development header files installed on your system. Here’s what you should do if you should find yourself in this situation:

If you are experiencing errors that indicate that  libcurl.dll  could not be loaded, you will need to ensure the latest libcurl binary is included in your Ruby bin folder, or any other folder that is in your environment’s PATH variable.

The latest version can be downloaded from curl.haxx.se/download.html. As of 16/05/2016, the latest release is marked as  Win32 2000/XP zip 7.40.0 libcurl SSL . After downloading the archive, extract the contents of the bin directory into your Ruby bin directory (if prompted, don’t overwrite any existing DLLs).

How To Use WordPress Exploit Framework

Start the WordPress Exploit Framework console by running  wpxf .

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the  search  command or load a module using the  use  command.

Loading a module into your environment will allow you to set options with the set command and view information about the module using  info .

Below is an example of how one would load the symposium_shell_upload exploit module, set the module and payload options and run the exploit against the target.



Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More