Omega
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Wpbullet | 196 | 9 months ago | 9 | gpl-2.0 | Python | |||||
| A static code analysis for WordPress (and PHP) | ||||||||||
| The Big List Of Hacked Malware Web Sites | 183 | a year ago | 3 | other | Shell | |||||
| This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans. | ||||||||||
| Ians | 41 | 4 months ago | gpl-3.0 | Python | ||||||
| ✔ A python written hacking tool 👽👾👩💻🔒🚀 | ||||||||||
| Omega | 13 | a month ago | 6 | January 03, 2022 | gpl-2.0 | Python | ||||
| From Wordpress admin to pty automatically! | ||||||||||
| Wpsec Cli | 7 | 2 months ago | mit | Python | ||||||
| WPSec command line tool | ||||||||||
| Enclaive Docker Wordpress Sgx | 4 | 9 months ago | Go | |||||||
| SGX-ready Enclaive Docker Image for Wordpress | ||||||||||
| Encryptwp | 3 | 5 years ago | gpl-3.0 | PHP | ||||||
| EncryptWP - Adds military-grade encryption and tamper protection to WordPress user data. | ||||||||||
Omega - From Wordpress admin to pty
The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Works in Linux, Windows and MacOS hosts!
The shell code used for Windows hosts is a modified version of the PHP reverse shell by ivan-sincek, credits to the author.
How does it work?
First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by Wordpress. After that, it will use the template editor to inject a payload with a simple web shell and a base64 PHP code evaluation function.
Once everything is set up, Omega will spin up a listener, execute a reverse shell using the payload injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty (Only for Linux and MacOS hosts).
If stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilized without problems using any method you want.
Installation
Just execute pip3 install omega-wp and enjoy! You can use a virtual env or intall it system wide.
Usage
If you have all the requirements you can start playing with Omega!
Omega - From Wordpress admin to pty
usage: omega [-h] [-v] [--no-pty] -u WP_URL -l USERNAME -p PASSWORD -H LHOST [-P LPORT]
Provides a reverse shell (stabilized if possible) to a Wordpress host. You need admin credentials!
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--no-pty if this flag is set, no shell stabilization is perform
-u WP_URL, --wp-url WP_URL
the target Wordpress url
-l USERNAME, --username USERNAME
Wordpress admin user to use for login
-p PASSWORD, --password PASSWORD
Wordpress admin password to use for login
-H LHOST, --lhost LHOST
the ip where the reverse shell should connect to
-P LPORT, --lport LPORT
the port used to listen for the reverse shell (Default: 8080)
