Omega - From Wordpress admin to pty

Related tags

Security related resourceslinuxshellwordpresstoolhackingttyptycybersecuritypwnpwntoolshacktoberfestkali
Overview

GitHub GitHub

Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

Omega getting a pty to a Wordpress host

How does it work?

First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by wordpress. After that, it will use the template editor to inject a simple web shell.

Once everything is set up, Omega will spin up a listenner, execute a reverse shell using the web shell injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty.

If stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilize without problems using any method you want.

Requirements

You need Python 3 installed in your system and also some dependencies that can be installed executing (Keep in mind that this tool only works in Linux):

pip3 install -r requirements.txt

You can use a virtual env to install the dependencies or intall them system wide.

Usage

If you have all the requirements you can start playing with Omega! You can add the repository folder to your PATH and execute the tool everywhere.

Omega - From Wordpress admin to pty

usage: omega.py [-h] [-v] [--no-pty] -u WP_URL -l USERNAME -p PASSWORD -H LHOST [-P LPORT]

Provides a reverse shell (stabilized if possible) to a Wordpress host. You need admin credentials!

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  --no-pty              if this flag is set, no shell stabilization is perform
  -u WP_URL, --wp-url WP_URL
                        the target Wordpress url
  -l USERNAME, --username USERNAME
                        Wordpress admin user to use for login
  -p PASSWORD, --password PASSWORD
                        Wordpress admin password to use for login
  -H LHOST, --lhost LHOST
                        the ip where the reverse shell should connect to
  -P LPORT, --lport LPORT
                        the port used to listen for the reverse shell (Default: 8080)
You might also like...
The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.
The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango. It requires a django-leaflet package.

Vsevolod Novikov 33 Nov 11, 2022
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 7, 2022
aiohttp admin is generator for admin interface based on aiohttp
aiohttp admin is generator for admin interface based on aiohttp

aiohttp admin is generator for admin interface based on aiohttp

Mykhailo Havelia 17 Nov 16, 2022
WordPress models and views for Django.

django-wordpress Models and views for reading a WordPress database. Compatible with WordPress version 3.5+. django-wordpress is a project of ISL and t

Jeremy Carbaugh 332 Dec 24, 2022
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

KIEN HOANG 17 Nov 9, 2022
Sail is a free CLI tool to deploy, manage and scale WordPress applications in the DigitalOcean cloud.

Deploy WordPress to DigitalOcean with Sail Sail is a free CLI tool to deploy, manage and scale WordPress applications in the DigitalOcean cloud. Conte

Konstantin Kovshenin 159 Dec 12, 2022
WordPress look and feel for Django administration panel
WordPress look and feel for Django administration panel

Django WP Admin WordPress look and feel for Django administration panel. Features WordPress look and feel New styles for selector, calendar and timepi

Maciej Marczewski 266 Nov 21, 2022
Manage your WordPress installation directly from SublimeText SideBar and Command Palette.
Manage your WordPress installation directly from SublimeText SideBar and Command Palette.

WordpressPluginManager Manage your WordPress installation directly from SublimeText SideBar and Command Palette. Installation Dependencies You will ne

Art-i desenvolvimento 1 Dec 14, 2021
WordPress-style shortcodes for Python

Python Shortcodes WordPress-style shortcodes for Python Create and use WordPress-style shortcodes in your Python based app. Example # static output de

Bob 1 Dec 22, 2021
Modern responsive template for the Django admin interface with improved functionality. We are proud to announce completely new Jet. Please check out Live Demo
Modern responsive template for the Django admin interface with improved functionality. We are proud to announce completely new Jet. Please check out Live Demo

Django JET Modern template for Django admin interface with improved functionality Attention! NEW JET We are proud to announce completely new Jet. Plea

Geex Arts 3.4k Dec 29, 2022
Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap.
Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap.

Xadmin Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap. Liv

差沙 4.7k Dec 31, 2022
Real-time monitor and web admin for Celery distributed task queue

Flower Flower is a web based tool for monitoring and administrating Celery clusters. Features Real-time monitoring using Celery Events Task progress a

Mher Movsisyan 5.5k Dec 28, 2022
A jazzy skin for the Django Admin-Interface (official repository).

Django Grappelli A jazzy skin for the Django admin interface. Grappelli is a grid-based alternative/extension to the Django administration interface.

Patrick Kranzlmueller 3.4k Dec 31, 2022
A Django admin theme using Twitter Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed apps.
A Django admin theme using Twitter Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed apps.

django-admin-bootstrapped A Django admin theme using Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed ap

null 1.6k Dec 28, 2022
django's default admin interface made customizable. popup windows replaced by modals. :mage: :zap:
django's default admin interface made customizable. popup windows replaced by modals. :mage: :zap:

django-admin-interface django-admin-interface is a modern responsive flat admin interface customizable by the admin itself. Features Beautiful default

Fabio Caccamo 1.3k Dec 31, 2022
Extendable, adaptable rewrite of django.contrib.admin
Extendable, adaptable rewrite of django.contrib.admin

django-admin2 One of the most useful parts of django.contrib.admin is the ability to configure various views that touch and alter data. django-admin2

Jazzband 1.2k Dec 29, 2022
FastAPI Admin Dashboard based on FastAPI and Tortoise ORM.
FastAPI Admin Dashboard based on FastAPI and Tortoise ORM.

FastAPI ADMIN 中文文档 Introduction FastAPI-Admin is a admin dashboard based on fastapi and tortoise-orm. FastAPI-Admin provide crud feature out-of-the-bo

long2ice 1.6k Jan 2, 2023
Modern theme for Django admin interface
Modern theme for Django admin interface

Django Suit Modern theme for Django admin interface. Django Suit is alternative theme/skin/extension for Django administration interface. Project home

Kaspars Sprogis 2.2k Dec 29, 2022
Django application and library for importing and exporting data with admin integration.
Django application and library for importing and exporting data with admin integration.

django-import-export django-import-export is a Django application and library for importing and exporting data with included admin integration. Featur

null 2.6k Dec 26, 2022
Comments
  • Feature: Windows hosts compatibility

    Feature: Windows hosts compatibility

    Description

    • Add Windows hosts compatibility! (Thanks to ivan-sincek for his PHP reverse shell)
    • Improve the README a bit
    • Added the use of random user agents in every run
    enhancement 
    opened by anthares101 0
  • Feature: Auto shell stabilization

    Feature: Auto shell stabilization

    Description

    • Added auto shell stabilization! Omega will try some methods to get a pty and upgrade the obtained shell
    • Added new flag to let the user decide if shell stabilization should be perform
    • Dropped Windows support to be able to use termios for tty configuration
    • Added tests (better late than never you know)
    enhancement 
    opened by anthares101 0
Releases(v2.6)

  • v2.6(Jan 3, 2022)

    Features

    • Now the Linux and MacOS reverse shell stabilization should work as expected

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    • If the current Wordpress template doesn't have a 404 php file Omega is not able to inject the payload
    Source code(tar.gz)
    Source code(zip)

  • v2.5(Aug 1, 2021)

    Features

    • Updated the repository structure
    • Omega available throught Pypi!

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    Source code(tar.gz)
    Source code(zip)

  • v2.4(Jul 31, 2021)

    Fixes

    • Changed Windows shell code to avoid the shell closing issue (#6)

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    Source code(tar.gz)
    Source code(zip)

  • v2.3(Jul 31, 2021)

    Fixes

    • Shell output after upgrade wasn't always cleared (#5)
    • A README typo

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    • Windows shells are not closed smoothly.
    Source code(tar.gz)
    Source code(zip)

  • v2.2(Jul 31, 2021)

    Fixes

    • The code that checked if a reverse shell was updated to work properly (#4)

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    • Windows shells are not closed smoothly.
    Source code(tar.gz)
    Source code(zip)

  • v2.1(Jul 29, 2021)

    Features

    • Added Windows hosts compatibility! Omega is able to get a shell even with in Windows hosts now (#3). Thanks to ivan-sincek for his PHP reverse shell.
    • Added the use of random user agents in every run

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    • Windows shells are not closed smoothly.
    Source code(tar.gz)
    Source code(zip)

  • v2.0(Jul 16, 2021)

    Features

    • Added auto shell stabilization! Omega will try some methods to get a pty and upgrade the obtained shell (#2)
    • Added new flag to let the user decide if shell stabilization should be perform (#2)
    • Dropped Windows support to be able to use termios for tty configuration (#2)
    • Added tests (better late than never you know) (#2)

    Known issues

    • Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal
    Source code(tar.gz)
    Source code(zip)

  • v1.2(Jul 16, 2021)

    Features

    • Added a version flag to check the tool version in use (#1)

    Known issues

    • Upgrading the shell and then exits makes the terminal unresponsive
    Source code(tar.gz)
    Source code(zip)

  • v1.1(Jul 13, 2021)

    Fixes

    • If the site doesn't have xmlrpc open the attack fails

    Known issues

    • Upgrading the shell and then exits makes the terminal unresponsive
    Source code(tar.gz)
    Source code(zip)

  • v1.0(Jul 13, 2021)

    Features

    • Omega first version complete! (Only for Linux targets)
    • Detect if the user specified is admin throgh xmlrpc
    • Create a Wordpress session and interact with the admin site
    • Get the active theme name
    • Drop a simple web shell payload into the current theme 404 page template
    • Get and manage a reverse shell that can be upgraded

    Known issues

    • If the site doesn't have xmlrpc open the attack fails
    • Upgrading the shell and then exits makes the terminal unresponsive
    Source code(tar.gz)
    Source code(zip)
Owner
Ángel Heredia
Always learning new things
Ángel Heredia
GitHub Repository
A simple python code for hacking profile views

This code for hacking profile views. Not recommended to adding profile views in profile. This code is not illegal code. This code is for beginners.

Fayas Noushad 3 Nov 28, 2021
A gui application used for network reconnaissance while pentesting

netrecon A gui application used for network reconnaissance while pentesting

Krisna Pranav 4 Sep 03, 2022
nuclei scanner for proxyshell ( CVE-2021-34473 )

Proxyshell-Scanner nuclei scanner for Proxyshell RCE (CVE-2021-34423,CVE-2021-34473,CVE-2021-31207) discovered by orange tsai in Pwn2Own, which affect

PikaChu 29 Dec 16, 2022
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022
Herramienta para descargar eventos de Sucuri WAF hacia disco.

Descarga los eventos de Sucuri Script para descargar los eventos del Sucuri Web Application Firewall (WAF) en el disco como archivos CSV. Requerimient

CSIRT-RD 2 Nov 29, 2021
Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

Mr.X 22 Dec 29, 2022
Detection tool of malware(s) by checksum (useful for forensic)

🐍 malware_checker.py Detection tool of malware(s) by checksum (useful for forensic) 📦 Dependencies installation $ pip3 install -r requirements.txt

Fayred 1 Jan 30, 2022
Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

Glaukio 1 Jan 05, 2022
An ARP Spoofer attacker for windows to block away devices from your network.

arp0_attacker An ARP Spoofer-attacker for Windows -OS to block away devices from your network. INFO Built in Python 3.8.2. arp0_attackerx.py is Upgrad

Wh0_ 15 Mar 17, 2022
💣 Bomb Crypto Bot 💣

💣 Bomb Crypto Bot 💣 ⚠️ Warning I am not responsible for any penalties incurred by those who use the bot, use it at your own risk. 📄 Documentation -

Matheus Benites 4 Apr 27, 2022
Script Crack Facebook Premium 🚶‍♂

premium Script Crack Facebook Premium 🚶‍♂ In Script Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install python $ pkg inst

Yumasaa 2 Dec 19, 2021
Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

Dasith Vidanage 7 Mar 08, 2022
Internationalized Domain Names for Python (IDNA 2008 and UTS #46)

Internationalized Domain Names in Applications (IDNA) Support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in R

Kim Davies 204 Dec 13, 2022
Valeria stealer- - (4Feb 2022) program detects wifi saved passwords in your ROM

Valeria_stealer- Requirements : python 3.9.2 and higher (4Feb 2022) program dete

Mikhail Yolkin 3 May 05, 2022
Writing and posting code throughout my new journey into python!

bootleg-productions consider this account to be a journal for me to record my progress throughout my python journey feel free to copy codes from this

1 Dec 30, 2021
In this program, I generate the strong password from existing password without class using python. The special thing in this program is that is generate very strong password from our existing password. It replaces some elements from password and put another elements in it.

Strong-password-Generator-from-existing-password-using-python In this program, I generate the strong password from existing password without class usi

Sachin Vinayak Dabhade 4 Sep 24, 2021
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

之乎者也 2.8k Dec 29, 2022
Agile Threat Modeling Toolkit

Threagile is an open-source toolkit for agile threat modeling:

Threagile 425 Jan 07, 2023
JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

105 Dec 05, 2022
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

Enox 6 Oct 10, 2022