Omega - From Wordpress admin to pty

Last update: Nov 09, 2022

Overview

Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

How does it work?

First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by wordpress. After that, it will use the template editor to inject a simple web shell.

Once everything is set up, Omega will spin up a listenner, execute a reverse shell using the web shell injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty.

If stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilize without problems using any method you want.

Requirements

You need Python 3 installed in your system and also some dependencies that can be installed executing (Keep in mind that this tool only works in Linux):

pip3 install -r requirements.txt

You can use a virtual env to install the dependencies or intall them system wide.

Usage

If you have all the requirements you can start playing with Omega! You can add the repository folder to your PATH and execute the tool everywhere.

Omega - From Wordpress admin to pty

usage: omega.py [-h] [-v] [--no-pty] -u WP_URL -l USERNAME -p PASSWORD -H LHOST [-P LPORT]

Provides a reverse shell (stabilized if possible) to a Wordpress host. You need admin credentials!

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  --no-pty              if this flag is set, no shell stabilization is perform
  -u WP_URL, --wp-url WP_URL
                        the target Wordpress url
  -l USERNAME, --username USERNAME
                        Wordpress admin user to use for login
  -p PASSWORD, --password PASSWORD
                        Wordpress admin password to use for login
  -H LHOST, --lhost LHOST
                        the ip where the reverse shell should connect to
  -P LPORT, --lport LPORT
                        the port used to listen for the reverse shell (Default: 8080)

You might also like...

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango. It requires a django-leaflet package.

33 Nov 11, 2022

Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

9 Dec 7, 2022

aiohttp admin is generator for admin interface based on aiohttp

17 Nov 16, 2022

WordPress models and views for Django.

django-wordpress Models and views for reading a WordPress database. Compatible with WordPress version 3.5+. django-wordpress is a project of ISL and t

332 Dec 24, 2022

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

17 Nov 9, 2022

Sail is a free CLI tool to deploy, manage and scale WordPress applications in the DigitalOcean cloud.

Deploy WordPress to DigitalOcean with Sail Sail is a free CLI tool to deploy, manage and scale WordPress applications in the DigitalOcean cloud. Conte

159 Dec 12, 2022

WordPress look and feel for Django administration panel

Django WP Admin WordPress look and feel for Django administration panel. Features WordPress look and feel New styles for selector, calendar and timepi

266 Nov 21, 2022

Manage your WordPress installation directly from SublimeText SideBar and Command Palette.

WordpressPluginManager Manage your WordPress installation directly from SublimeText SideBar and Command Palette. Installation Dependencies You will ne

1 Dec 14, 2021

WordPress-style shortcodes for Python

Python Shortcodes WordPress-style shortcodes for Python Create and use WordPress-style shortcodes in your Python based app. Example # static output de

1 Dec 22, 2021

Modern responsive template for the Django admin interface with improved functionality. We are proud to announce completely new Jet. Please check out Live Demo

Django JET Modern template for Django admin interface with improved functionality Attention! NEW JET We are proud to announce completely new Jet. Plea

3.4k Dec 29, 2022

Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap.

Xadmin Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap. Liv

4.7k Dec 31, 2022

Real-time monitor and web admin for Celery distributed task queue

Flower Flower is a web based tool for monitoring and administrating Celery clusters. Features Real-time monitoring using Celery Events Task progress a

5.5k Dec 28, 2022

A jazzy skin for the Django Admin-Interface (official repository).

Django Grappelli A jazzy skin for the Django admin interface. Grappelli is a grid-based alternative/extension to the Django administration interface.

3.4k Dec 31, 2022

A Django admin theme using Twitter Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed apps.

django-admin-bootstrapped A Django admin theme using Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed ap

1.6k Dec 28, 2022

django's default admin interface made customizable. popup windows replaced by modals. :mage: :zap:

django-admin-interface django-admin-interface is a modern responsive flat admin interface customizable by the admin itself. Features Beautiful default

1.3k Dec 31, 2022

Extendable, adaptable rewrite of django.contrib.admin

django-admin2 One of the most useful parts of django.contrib.admin is the ability to configure various views that touch and alter data. django-admin2

1.2k Dec 29, 2022

FastAPI Admin Dashboard based on FastAPI and Tortoise ORM.

FastAPI ADMIN 中文文档 Introduction FastAPI-Admin is a admin dashboard based on fastapi and tortoise-orm. FastAPI-Admin provide crud feature out-of-the-bo

1.6k Jan 2, 2023

Modern theme for Django admin interface

Django Suit Modern theme for Django admin interface. Django Suit is alternative theme/skin/extension for Django administration interface. Project home

2.2k Dec 29, 2022

Django application and library for importing and exporting data with admin integration.

django-import-export django-import-export is a Django application and library for importing and exporting data with included admin integration. Featur

2.6k Dec 26, 2022

Comments

Feature: Windows hosts compatibility
Description

Add Windows hosts compatibility! (Thanks to ivan-sincek for his PHP reverse shell)

Improve the README a bit

Added the use of random user agents in every run

enhancement
opened by anthares101 0
Feature: Auto shell stabilization
Description

Added auto shell stabilization! Omega will try some methods to get a pty and upgrade the obtained shell

Added new flag to let the user decide if shell stabilization should be perform

Dropped Windows support to be able to use termios for tty configuration

Added tests (better late than never you know)

enhancement
opened by anthares101 0

Releases(v2.6)

v2.6(Jan 3, 2022)
Features

Now the Linux and MacOS reverse shell stabilization should work as expected

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

If the current Wordpress template doesn't have a 404 php file Omega is not able to inject the payload

Source code(tar.gz)
Source code(zip)
v2.5(Aug 1, 2021)
Features

Updated the repository structure

Omega available throught Pypi!

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Source code(tar.gz)
Source code(zip)
v2.4(Jul 31, 2021)
Fixes

Changed Windows shell code to avoid the shell closing issue (#6)

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Source code(tar.gz)
Source code(zip)
v2.3(Jul 31, 2021)
Fixes

Shell output after upgrade wasn't always cleared (#5)

A README typo

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Windows shells are not closed smoothly.

Source code(tar.gz)
Source code(zip)
v2.2(Jul 31, 2021)
Fixes

The code that checked if a reverse shell was updated to work properly (#4)

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Windows shells are not closed smoothly.

Source code(tar.gz)
Source code(zip)
v2.1(Jul 29, 2021)
Features

Added Windows hosts compatibility! Omega is able to get a shell even with in Windows hosts now (#3). Thanks to ivan-sincek for his PHP reverse shell.

Added the use of random user agents in every run

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Windows shells are not closed smoothly.

Source code(tar.gz)
Source code(zip)
v2.0(Jul 16, 2021)
Features

Added auto shell stabilization! Omega will try some methods to get a pty and upgrade the obtained shell (#2)

Added new flag to let the user decide if shell stabilization should be perform (#2)

Dropped Windows support to be able to use termios for tty configuration (#2)

Added tests (better late than never you know) (#2)

Known issues

Upgrading the shell manually and then exit makes the terminal unresponsive. A workaround to this is to add ; exit to the code used to get a pty. This way, the Omega handler will take care of restoring your terminal

Source code(tar.gz)
Source code(zip)
v1.2(Jul 16, 2021)
Features

Added a version flag to check the tool version in use (#1)

Known issues

Upgrading the shell and then exits makes the terminal unresponsive

Source code(tar.gz)
Source code(zip)
v1.1(Jul 13, 2021)
Fixes

If the site doesn't have xmlrpc open the attack fails

Known issues

Upgrading the shell and then exits makes the terminal unresponsive

Source code(tar.gz)
Source code(zip)
v1.0(Jul 13, 2021)
Features

Omega first version complete! (Only for Linux targets)

Detect if the user specified is admin throgh xmlrpc

Create a Wordpress session and interact with the admin site

Get the active theme name

Drop a simple web shell payload into the current theme 404 page template

Get and manage a reverse shell that can be upgraded

Known issues

If the site doesn't have xmlrpc open the attack fails

Upgrading the shell and then exits makes the terminal unresponsive

Source code(tar.gz)
Source code(zip)

Owner

Ángel Heredia

Always learning new things

GitHub Repository

Credit Card And SK Checker Written In Python

💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳

53 Dec 31, 2022

Installation of hacking tools

Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

1 Nov 10, 2021

Windows Stack Based Auto Buffer Overflow Exploiter

Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter Autoflow is a tool that exploits windows stack based buffer overflow automatically.

19 Dec 22, 2022

Learning to compose soft prompts for compositional zero-shot learning.

Compositional Soft Prompting (CSP) Compositional soft prompting (CSP), a parameter-efficient learning technique to improve the zero-shot compositional

32 Jan 02, 2023

simple python keylogger

HELLogger simple python keylogger DISCLAIMERS: DON'T DO BAD THINGS. THIS PROGRAM IS MEANT FOR PERSONAL USES ONLY. USE IT ONLY IN COMPUTERS WHERE YOU H

10 Nov 10, 2022

client attack remotely , this script was written for educational purposes only

client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it

9 Jun 05, 2022

A brute force tool for password-protected zip file

Bzip A brute force tool for password-protected zip file/folder(s). Note that this tool can only crack .zip files. Please DO not misuse. Installation g

3 Nov 13, 2021

IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

46 Oct 30, 2022

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

500 Jan 06, 2023

Reusable Lightweight Pythonic Dependency Injection Library

Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

16 Sep 15, 2021

the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

17 Apr 05, 2022

Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

1 Jan 13, 2022

Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

11 Dec 22, 2022

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

2 Jul 20, 2022

Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

125 Dec 09, 2022

Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

2 Dec 12, 2021

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

12 Nov 23, 2022

ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all

4.9k Jan 08, 2023

Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

80 Dec 29, 2022

Omega - From Wordpress admin to pty

Related tags

Overview

Omega - From Wordpress admin to pty

How does it work?

Requirements

Usage

You might also like...

The Django Leaflet Admin List package provides an admin list view featured by the map and bounding box filter for the geo-based data of the GeoDjango.

Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

aiohttp admin is generator for admin interface based on aiohttp

WordPress models and views for Django.

Sail is a free CLI tool to deploy, manage and scale WordPress applications in the DigitalOcean cloud.

WordPress look and feel for Django administration panel

Manage your WordPress installation directly from SublimeText SideBar and Command Palette.

WordPress-style shortcodes for Python

Modern responsive template for the Django admin interface with improved functionality. We are proud to announce completely new Jet. Please check out Live Demo

Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap.

Real-time monitor and web admin for Celery distributed task queue

A jazzy skin for the Django Admin-Interface (official repository).

A Django admin theme using Twitter Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed apps.

django's default admin interface made customizable. popup windows replaced by modals. :mage: :zap:

Extendable, adaptable rewrite of django.contrib.admin

FastAPI Admin Dashboard based on FastAPI and Tortoise ORM.

Modern theme for Django admin interface

Django application and library for importing and exporting data with admin integration.

Comments

Feature: Windows hosts compatibility

Description

Feature: Auto shell stabilization

Description

Releases(v2.6)

v2.6(Jan 3, 2022)

Features

Known issues

v2.5(Aug 1, 2021)

Features

Known issues

v2.4(Jul 31, 2021)

Fixes

Known issues

v2.3(Jul 31, 2021)

Fixes

Known issues

v2.2(Jul 31, 2021)

Fixes

Known issues

v2.1(Jul 29, 2021)

Features

Known issues

v2.0(Jul 16, 2021)

Features

Known issues

v1.2(Jul 16, 2021)

Features

Known issues

v1.1(Jul 13, 2021)

Fixes

Known issues

v1.0(Jul 13, 2021)

Features

Known issues

Owner

Ángel Heredia

Credit Card And SK Checker Written In Python

Installation of hacking tools

Windows Stack Based Auto Buffer Overflow Exploiter

Learning to compose soft prompts for compositional zero-shot learning.

simple python keylogger

client attack remotely , this script was written for educational purposes only

A brute force tool for password-protected zip file

IDA plugin for quickly copying disassembly as encoded hex bytes

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Reusable Lightweight Pythonic Dependency Injection Library

the swiss army knife in the hash field. fast, reliable and easy to use

Make files with as many random bytes as you want

Moodle community-based vulnerability scanner

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

Northwave Log4j CVE-2021-44228 checker

Script checks provided domains for log4j vulnerability