Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

WordPress and Joomla Shell Finder

published on 2013-04-14 20:23:00 UTC by lotaya
Content:

The WordPress and Joomla Shell Finder is a project byIndian Cyber Hunters to help WordPress and Joomla admins to find malicious PHP scripts used to hacker/defacers to gain unauthorized access their websites. This tool is written in PERL, so in order to run this script, firstly you have to install the Perl package when can be found Here
Script Name : ShellFinder.pl

Here is the source code :

#Author : Nihal Mistry
#Email : nihalmistry@gmail.com
#Blog : nihalmistry.blogspot.in
#.:Indian Cyber Hunters:.
#Tested on Windows_Xp
use HTTP::Request;
use LWP::UserAgent;
START:
system('cls');
system('color a');
system('title WP/Joomla Sh3ll Finder V2.0 (By X-c0d3r)');
print "\n";
print "\t++++++++++++++++++++Private++++++++++++++++++++\n";
print "\t+   WP/Joomla Shell Finder v2.0 (X-c0d3r)    +\n";
print "\t+       Greetz: Indian Cyber Space                         +\n";
print "\t+       P1v0t_4ntr4xt |   P4r1nd4                         +\n";
print "\t+       S3n_H4x0r      |   N3t_m0nst3r          +\n";
print "\t+       C0D3D32        |   C0d3_Sm4sh3r                   +\n";
print "\t+              All Ind14n H4ck3rs                                +\n";
print "\t+++++++++++++++++++++++++++++++++++++++++++++++\n";
print "\n";
print "\tSelect the type of cms the site uses:\n";
print "\t ___________________________________________\n";
print "\t|| 1 = Wordpress                           ||\n";
print "\t|| 2 = Joomla!                             ||\n";
print "\t|| 3 = View Usage (Must Read)              ||\n";
print "\t||__________________________________________||\n";
print "\tEnter your choice 1/2 -> ";
$cms=<STDIN>;
chomp $cms;
if ($cms eq '1')
{
ret1:
print "\n\tPlease Enter Site\n \tExample: www.defaced-wp-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
    {
    $site = 'http://'. $site;
    }
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) {
    goto temp1;
} else
{
    print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
    goto ret1;
}
temp1:
print "\n";
print "\n\tPlease Enter the Theme dir used by site: example: twentyeleven,twentyten....\n\t->";
    $theme=<STDIN>;
    $dir="wp-content/themes/";
    chomp $theme;
    $name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....\n";

open IN, "< wpfinal.txt" or die "\tFile wpfinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing.\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print " \n\t >.Found Sh3ll -> $name\n";
system('pause');
}
else {
    print "\n\tNot found -> ".$name;
    }
}
}

if ($cms eq '2')
{
ret:print "\n\tPlease Enter Site\n\t Example: www.defaced-joomla-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
    {
    $site = 'http://'.$site;
    }
if ( $site !~ /\/$/ )
{
$site = $site.'/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/)
{
    goto temp;
}
else {
    print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
    goto ret;
}
temp:print "\n";print "\tPlease Enter the Template dir used by site: example: beez,system...\n\t->";
    $theme=<STDIN>;
    $dir="templates/";
    chomp $theme;
    $name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....";

open IN, "< jofinal.txt" or die "\tFile jofinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing .\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print "\n\t >.Found Sh3ll -> $name\n";
system ('pause');
}
else {        print "\n\tNot found -> $name ";
       }
}
}

if ($cms eq 3){   &usage  }
sub usage()
{print ("\n\t-->To find theme/template dir used by the site use google dork cache:site.com then -> view source\n\n");
system("pause");
system("cls");print ("\n");
goto START;
}
if ($cms != 1 && 2 && 3){ goto START;  }
#EOF

Download two other necessary files "wpfinal.txt" and "jofinal.txt" from Here and put them in them in the same directory as above, and you're done.

Credit :http://www.hackingsec.in

Article: WordPress and Joomla Shell Finder - published about 11 years ago.

http://hacking-share.blogspot.com/2013/04/wordpress-and-joomla-shell-finder.html
Published: 2013 04 14 20:23:00
Received: 2023 04 02 10:42:12
Feed: Hacking Share
Source: Hacking Share
Category: Cyber Security
Topic: Cyber Security
Views: 1