⚠️ LEGAL DISCLAIMER / AVISO LEGALThis tool is intended exclusively for authorized penetration testing, red team engagements with explicit written scope authorization, CTF (Capture The Flag) competitions, and controlled security research environments. Use against any system without explicit written permission from the system owner is illegal and constitutes unauthorized computer access under laws including the CFAA (USA), the Computer Misuse Act (UK), and equivalent legislation in your jurisdiction. The author assumes no liability for misuse. Always obtain written authorization before testing.
- Overview
- Features
- Project Structure
- System Requirements
- Installation
- Input Format
- Usage Guide
- Upload Methods
- Adaptive Threading System
- Output & Results
- Interface Reference
- Configuration
- How It Works
- Troubleshooting
WpShellUploader is a Windows desktop application built with WPF and C# (.NET 6) for WordPress penetration testing. It automates the process of validating WordPress credentials and subsequently testing shell upload capabilities through 9 distinct vectors — from plugin/theme upload endpoints to REST API and XML-RPC methods — as part of authorized security assessments.
The tool is designed for security professionals who need to verify whether a compromised WordPress administrator account can lead to remote code execution, a critical step in assessing the real-world impact of credential exposure.
- Authorized red team engagements (written scope required)
- Post-exploitation impact assessment: "What can an attacker do with this admin account?"
- Security labs and CTF challenges
- Penetration testing of WordPress installations you own or manage
- Security research in isolated/lab environments
| Feature | Description |
|---|---|
| 9 Upload Methods | Plugin upload, theme upload, theme editor, plugin editor, REST API, File Manager, AJAX, XML-RPC, direct PUT |
| Multi-Format Input | Parses credentials in hash, pipe, em-dash, and colon-separated formats |
| Adaptive Threading | AIMD-based concurrency controller (Additive Increase / Multiplicative Decrease) |
| Role Detection | Identifies account role: Administrator, Editor, Author, or Other |
| Nonce Extraction | Dynamically extracts WordPress security tokens per request |
| Streaming File Processing | Line-by-line async reading — handles unlimited-size target lists |
| Shell Verification | Confirms payload execution after upload via marker string check |
| Organized Results | 15+ categorized output files (by role, method, status) |
| Real-Time Dashboard | Live stats: success rate, speed, thread count, elapsed time |
| Dark Theme GUI | Professional WPF dark theme with violet/cyan accents |
| Auto Thread Detection | Reads CPU cores and available RAM for optimal starting thread count |
| Graceful Stop | Halts processing without losing already-captured results |
WpShellUploader/
├── WpShellUploader.sln # Solution file
├── WpShellUploader.csproj # Project configuration (.NET 6)
├── App.xaml / App.xaml.cs # Application entry point
├── logo.ico # Application icon
├── Models/
│ └── WpTarget.cs # Target parsing — multi-format credential extractor
├── Views/
│ └── MainWindow.xaml / .xaml.cs # Main window layout and code-behind
├── ViewModels/
│ └── MainViewModel.cs # MVVM logic — orchestration, threading, state
├── Services/
│ ├── ShellUploadService.cs # Core upload engine — all 9 attack vectors
│ ├── AdaptiveThreadManager.cs # AIMD concurrency controller
│ └── FileService.cs # Results organization and file output
├── Converters/ # XAML value converters (colors, progress, visibility)
├── Themes/
│ └── DarkTheme.xaml # Application dark theme stylesheet
└── Files/
├── index.php # PHP payload (loaded at runtime)
├── plugin.zip # WordPress plugin package for upload
└── theme.zip # WordPress theme package for upload
| Component | Requirement |
|---|---|
| OS | Windows 10 or Windows 11 (64-bit) |
| Runtime | .NET 6 Desktop Runtime |
| RAM | Minimum 2 GB (4 GB+ recommended for large lists) |
| CPU | Multi-core recommended (thread count auto-scales with cores) |
| Network | Active internet connection |
Important: The application requires the .NET 6 Desktop Runtime. Download and install it before running the
.exe.
- Go to the Releases page
- Download the latest
WpShellUploader-vX.X.X-windows-x64.zip - Extract to any folder (e.g.,
C:\Tools\WpShellUploader\) - Install .NET 6 Desktop Runtime if not already installed
- Double-click
WpShellUploader.exe
Required folder structure after extraction:
WpShellUploader/
├── WpShellUploader.exe
├── WpShellUploader.dll
├── WpShellUploader.deps.json
├── WpShellUploader.runtimeconfig.json
├── System.Text.Json.dll
├── System.Text.Encodings.Web.dll
├── logo.ico
├── runtimes/
│ └── browser/lib/net6.0/
│ └── System.Text.Encodings.Web.dll
└── Files/
├── index.php
├── plugin.zip
└── theme.zip
Critical: The
Files/directory must be in the same folder as the executable. The application loads payloads from this directory at startup.
git clone https://github.com/ByteCodeSecure/WpShellUploader.git
cd WpShellUploader
dotnet build -c ReleaseOutput: bin/Release/net6.0-windows/
Prepare a plain text file (.txt) with one credential set per line. Four formats are supported:
https://example.com#admin@password123
https://target.com#webmaster@MyPass!
https://example.com|admin|password123
http://target.net|editor|mypassword
https://example.com–admin–password123
example.com/wp-login.php:admin:password123
target.com/wp-admin/:webmaster:pass456
Notes:
- Protocols (
http://,https://) are added automatically if missing - Path suffixes like
/wp-login.php,/xmlrpc.php,/wp-admin/are stripped automatically - Lines that do not match any supported format are skipped
- Blank lines are ignored
Click "Import File" and select your .txt credential file. The target counter updates immediately showing the total number of parsed entries.
| Thread Mode | Description |
|---|---|
| Auto (0) | Automatically calculates optimal threads from CPU cores and available RAM. Adapts in real-time. |
| Manual (1–500) | Fixed thread count. Use when you need predictable concurrency. |
For most cases, leave thread count at 0 (Auto).
Use the timeout slider to set the per-request timeout (5–120 seconds):
| Timeout | When to Use |
|---|---|
| 5–15s | Fast, reliable targets |
| 15–30s | Standard targets |
| 30–60s | Slow or geographically distant targets |
| 60–120s | Very slow targets or high-latency connections |
Click "Start". The application will:
- Parse and normalize each target URL
- Authenticate via
wp-login.php - Detect user role (Admin / Editor / Author)
- Attempt shell upload through all 9 methods sequentially
- Verify shell accessibility after each successful upload
- Record results to categorized files in
Results/
The real-time dashboard shows:
- Progress % — Circular gauge updated continuously
- Processed / Total — Raw counts
- Login OK — Successful authentications
- Shell OK — Successful shell uploads with verification
- Failed / Timeout — Error counts
- Speed — Sites processed per second
- Active Threads — Current concurrency level
- Success Rate % — Shell OK / Total processed
- Click "Open Results" to open the timestamped results folder in Windows Explorer
- Click "Copy Shells" to copy all shell URLs to clipboard
- Use Role Filter dropdown to filter the results table by account role
The tool attempts 9 upload vectors sequentially, stopping at the first success:
| # | Method | Endpoint | Technique |
|---|---|---|---|
| M1 | Plugin Upload | /wp-admin/update.php?action=upload-plugin |
Uploads plugin.zip containing the PHP payload as a WordPress plugin |
| M2 | Theme Upload | /wp-admin/update.php?action=upload-theme |
Uploads theme.zip containing the PHP payload as a WordPress theme |
| M3 | Theme Editor | /wp-admin/theme-editor.php |
Injects payload directly into an active theme file via the built-in editor |
| M4 | Plugin Editor | /wp-admin/plugin-editor.php |
Injects payload directly into an active plugin file via the built-in editor |
| M5 | Media REST API | /wp-json/wp/v2/media |
Attempts to upload PHP files via the REST API using multiple extensions (.php, .phtml, .php5, .phar) |
| M6 | File Manager Plugin | /wp-admin/admin.php?page=wp_file_manager |
Exploits the WP File Manager plugin's upload functionality if installed |
| M7 | AJAX Upload | /wp-admin/async-upload.php |
Uploads directly via WordPress media AJAX handler |
| M8 | XML-RPC | /xmlrpc.php |
Uses wp.uploadFile method over XML-RPC protocol |
| M9 | Direct Write | HTTP PUT |
Attempts direct HTTP PUT to various server paths |
Upload Locations Attempted:
/wp-content/plugins/{random_name}/
/wp-content/themes/{random_name}/
/wp-content/uploads/{year}/{month}/{filename}
/404.php
/ (root)
Shell Verification: After each upload attempt, the tool sends a GET request to the upload URL and checks for the presence of the marker string matrix-title in the response. Only confirmed executable shells are recorded.
AdaptiveThreadManager implements an AIMD (Additive Increase / Multiplicative Decrease) strategy — the same algorithm used by TCP congestion control — to dynamically adjust concurrency based on real-time performance metrics.
Base threads = CPU_cores × 10
Memory factor:
- Available RAM < 512 MB → 0.5×
- 512 MB – 1 GB → 0.75×
- 1 – 2 GB → 1.0×
- > 2 GB → 1.25×
- > 4 GB → 1.5×
Range: [CPU_cores / 2 ... min(500, CPU_cores × 40)]
| Condition | Action | Reason |
|---|---|---|
| Timeout rate > 30% | −40% threads | System severely overloaded |
| Timeout rate 15–30% | −20% threads | Moderate congestion |
| Error rate > 80% | −10% threads | High failure rate |
| Throughput improving + response < 15s | +10–20% | Safe to scale up |
| Throughput degrading significantly | −12–25% | Performance declining |
| Response time > 1.5× previous cycle | −15% | Preemptive backoff |
| Stable performance + fast responses | +5% | Gentle exploration |
A custom SemaphoreSlim wrapper allows runtime-resizable concurrency:
- Increase: Additional permits released immediately (new workers start)
- Decrease: Existing permits consumed naturally as workers complete (no forced termination)
- Thread-safe: Lock-based resize operations
All results are saved in a timestamped folder: Results/Results_YYYY-MM-DD_HH-mm-ss/
| File | Contents |
|---|---|
shells.txt |
Shell URLs only (one per line) — for quick access |
shells_full.txt |
Shell URL + credentials + upload method used |
login_ok.txt |
All credentials that successfully authenticated |
login_failed.txt |
Failed credentials with error message |
upload_failed.txt |
Credentials that logged in but all 9 upload methods failed |
administrators.txt |
Credentials for Administrator-role accounts |
editors.txt |
Credentials for Editor-role accounts |
authors.txt |
Credentials for Author-role accounts |
other_roles.txt |
Credentials for non-standard roles |
method_plugin_upload.txt |
Shells uploaded via M1 (plugin upload) |
method_theme_upload.txt |
Shells uploaded via M2 (theme upload) |
method_theme_editor.txt |
Shells uploaded via M3 (theme editor) |
method_plugin_editor.txt |
Shells uploaded via M4 (plugin editor) |
method_media_rest_api.txt |
Shells uploaded via M5 (REST API) |
method_xml-rpc.txt |
Shells uploaded via M8 (XML-RPC) |
Successfully_logged_WordPress.txt |
All successful logins |
https://example.com/wp-content/plugins/abc123/index.php | admin | password123 | Method: Plugin Upload
┌──────────────────────────────────────────────────────────────────┐
│ WpShellUploader v2.0 │
├───────────────┬──────────────────────────┬───────────────────────┤
│ ◉ Progress │ Results Table │ Configuration │
│ Circle │ ┌──────────────────┐ │ [Import File] │
│ │ │ URL | Role | │ │ Threads: [0 ▲▼] │
│ Total: 1000 │ │ Shell URL | ... │ │ Timeout: [──●──] │
│ Processed:500│ │ │ │ Filter: [All ▼] │
│ Login OK: 80 │ └──────────────────┘ │ │
│ Shell OK: 45 │ │ [Start] [Stop] │
│ Failed: 410 │ │ [Copy Shells] │
│ Timeout: 10 │ │ [Open Results] │
│ │ │ │
│ Speed: 4.2/s │ │ ┌─ Activity Log ──┐ │
│ Threads: 42 │ │ │ 14:30 Login OK │ │
│ Success: 9% │ │ │ 14:30 Shell: M1 │ │
│ Elapsed: │ │ │ 14:30 Failed │ │
│ 00:02:03 │ │ └─────────────────┘ │
└───────────────┴──────────────────────────┴───────────────────────┘
| Stat | Description |
|---|---|
| Total | Total credential entries loaded |
| Processed | Entries processed so far |
| Login OK | Successful WordPress authentications |
| Shell OK | Successfully uploaded AND verified shells |
| Failed | Authentication failures |
| Timeout | Requests that exceeded the timeout |
| Upload Failed | Authenticated but all 9 upload methods failed |
| Admin / Editor / Author | Breakdown by detected account role |
| Speed | Processed entries per second |
| Active Threads | Current concurrent worker count |
| Optimal Threads | Target thread count from adaptive manager |
| Success Rate | Shell OK / Total processed × 100 |
| Login Rate | Login OK / Total processed × 100 |
| Thread Mode | Auto (adaptive) or Manual (fixed) |
Toggle between Auto and Manual using the thread mode control:
- Auto: Thread count starts from CPU-based calculation and adapts continuously. Recommended for all cases.
- Manual: Fixed count from 1 to 500. Use when the target environment requires strict concurrency limits.
Range: 5 to 120 seconds. Applies per HTTP request. The application uses the configured timeout for all requests including login, upload, and verification.
The activity log displays the last 500 events in reverse-chronological order (newest at top). Events include:
- Login successes/failures
- Shell upload attempts and results
- Thread count adjustments from adaptive manager
- Errors and timeouts
Credential File
│
▼
┌───────────────────┐
│ File Streaming │ Async line-by-line reading (no full memory load)
│ + Parsing │ Multi-format parser: hash / pipe / em-dash / colon
└────────┬──────────┘
▼
┌───────────────────┐
│ URL Normalization│ Strip /wp-login.php, /xmlrpc.php, /wp-admin/
│ │ Add https:// if missing
└────────┬──────────┘
▼
┌───────────────────┐
│ Authentication │ POST to /wp-login.php with extracted credentials
│ │ Handle MyUserPro custom login forms
│ │ Verify session via /wp-admin/ access
│ │ Detect role from admin page HTML
└────────┬──────────┘
│ Auth Failed → log to login_failed.txt
│ Auth OK ↓
┌───────────────────┐
│ Shell Upload │ Try M1 → M2 → M3 → M4 → M5 → M6 → M7 → M8 → M9
│ (9 Methods) │ Extract nonce from each page before upload
│ │ Use random names for plugin/theme packages
└────────┬──────────┘
│ All failed → log to upload_failed.txt
│ Upload OK ↓
┌───────────────────┐
│ Shell Verification│ GET request to upload URL
│ │ Check response for "matrix-title" marker
│ │ Confirm shell is executing, not just uploaded
└────────┬──────────┘
▼
┌───────────────────┐
│ Results Storage │ Write to categorized files
│ │ Update UI statistics
│ │ Log to activity log
└───────────────────┘
| Parameter | Value |
|---|---|
| SSL Validation | Permissive (accepts self-signed/expired certs) |
| Redirects | Followed automatically (up to 5) |
| Compression | GZip + Deflate auto-decompression |
| Cookies | Persistent across requests per target |
| User-Agent | Rotates between 8 modern browser strings |
| Problem | Cause | Solution |
|---|---|---|
| App doesn't launch | .NET 6 Runtime missing | Install .NET 6 Desktop Runtime |
| "Files not found" error | Files/ folder missing or wrong location |
Ensure Files/ is in the same directory as the .exe |
| All results are timeouts | Slow targets or too many threads | Reduce thread count; increase timeout to 30–60s |
| Login OK but all uploads fail | WordPress security hardened | Normal for hardened installations; all 9 methods exhausted |
| Very low speed | Auto thread count too conservative | Switch to Manual mode and set a higher thread count |
| Results folder not created | Permissions issue | Run as Administrator or move to a writable directory |
| App freezes on start | Hardware detection issue | Restart the application; check Windows Event Log |
| High memory usage | Very large credential file | Normal; the app uses streaming — memory usage stays bounded |
- Descripción General
- Características
- Estructura del Proyecto
- Requisitos del Sistema
- Instalación
- Formato de Entrada
- Guía de Uso
- Métodos de Carga
- Sistema de Hilos Adaptativo
- Salida y Resultados
- Referencia de la Interfaz
- Configuración
- Cómo Funciona
- Solución de Problemas
WpShellUploader es una aplicación de escritorio Windows construida con WPF y C# (.NET 6) para pruebas de penetración de WordPress. Automatiza el proceso de validación de credenciales de WordPress y la posterior prueba de capacidades de carga de shell a través de 9 vectores distintos — desde endpoints de carga de plugins/temas hasta métodos REST API y XML-RPC — como parte de evaluaciones de seguridad autorizadas.
La herramienta está diseñada para profesionales de seguridad que necesitan verificar si una cuenta de administrador de WordPress comprometida puede derivar en ejecución remota de código, un paso crítico para evaluar el impacto real de la exposición de credenciales.
- Compromisos de red team autorizados (requiere alcance escrito)
- Evaluación de impacto post-explotación: "¿Qué puede hacer un atacante con esta cuenta admin?"
- Laboratorios de seguridad y desafíos CTF
- Pruebas de penetración de instalaciones WordPress que posees o administras
- Investigación de seguridad en entornos aislados/de laboratorio
| Característica | Descripción |
|---|---|
| 9 Métodos de Carga | Upload de plugin, tema, editor de temas, editor de plugins, REST API, File Manager, AJAX, XML-RPC, PUT directo |
| Entrada Multi-formato | Analiza credenciales en formatos hash, pipe, guión largo y dos puntos |
| Hilos Adaptativos | Controlador de concurrencia basado en AIMD (Aumento Aditivo / Disminución Multiplicativa) |
| Detección de Rol | Identifica el rol de la cuenta: Administrador, Editor, Autor u Otro |
| Extracción de Nonce | Extrae dinámicamente tokens de seguridad de WordPress por solicitud |
| Procesamiento de Archivos en Stream | Lectura asíncrona línea por línea — maneja listas de objetivos de tamaño ilimitado |
| Verificación de Shell | Confirma la ejecución del payload tras la carga mediante verificación de cadena marcadora |
| Resultados Organizados | 15+ archivos de salida categorizados (por rol, método, estado) |
| Panel en Tiempo Real | Estadísticas en vivo: tasa de éxito, velocidad, número de hilos, tiempo transcurrido |
| GUI Tema Oscuro | Tema oscuro WPF profesional con acentos violeta/cyan |
| Auto-detección de Hilos | Lee los cores de CPU y RAM disponible para el conteo óptimo inicial |
| Detención Graciosa | Detiene el procesamiento sin perder los resultados ya capturados |
WpShellUploader/
├── WpShellUploader.sln # Archivo de solución
├── WpShellUploader.csproj # Configuración del proyecto (.NET 6)
├── App.xaml / App.xaml.cs # Punto de entrada de la aplicación
├── logo.ico # Icono de la aplicación
├── Models/
│ └── WpTarget.cs # Parser de objetivos — extractor multi-formato
├── Views/
│ └── MainWindow.xaml / .xaml.cs # Layout de la ventana principal
├── ViewModels/
│ └── MainViewModel.cs # Lógica MVVM — orquestación, hilos, estado
├── Services/
│ ├── ShellUploadService.cs # Motor de carga — los 9 vectores de ataque
│ ├── AdaptiveThreadManager.cs # Controlador de concurrencia AIMD
│ └── FileService.cs # Organización de resultados y salida de archivos
├── Converters/ # Conversores de valores XAML
├── Themes/
│ └── DarkTheme.xaml # Hoja de estilos del tema oscuro
└── Files/
├── index.php # Payload PHP (cargado en tiempo de ejecución)
├── plugin.zip # Paquete de plugin WordPress para carga
└── theme.zip # Paquete de tema WordPress para carga
| Componente | Requisito |
|---|---|
| SO | Windows 10 o Windows 11 (64-bit) |
| Runtime | .NET 6 Desktop Runtime |
| RAM | Mínimo 2 GB (4 GB+ recomendado para listas grandes) |
| CPU | Multi-core recomendado (el conteo de hilos escala automáticamente con los cores) |
| Red | Conexión a internet activa |
- Ve a la página de Releases
- Descarga el último
WpShellUploader-vX.X.X-windows-x64.zip - Extrae a cualquier carpeta (ej.,
C:\Tools\WpShellUploader\) - Instala .NET 6 Desktop Runtime si no está instalado
- Haz doble clic en
WpShellUploader.exe
Crítico: El directorio
Files/debe estar en la misma carpeta que el ejecutable. La aplicación carga los payloads desde este directorio al inicio.
git clone https://github.com/ByteCodeSecure/WpShellUploader.git
cd WpShellUploader
dotnet build -c ReleaseSalida en: bin/Release/net6.0-windows/
Prepara un archivo de texto plano (.txt) con un conjunto de credenciales por línea. Se admiten cuatro formatos:
https://ejemplo.com#admin@contraseña123
https://objetivo.com#webmaster@MiPass!
https://ejemplo.com|admin|contraseña123
http://objetivo.net|editor|micontraseña
https://ejemplo.com–admin–contraseña123
ejemplo.com/wp-login.php:admin:contraseña123
objetivo.com/wp-admin/:webmaster:pass456
Notas:
- Los protocolos (
http://,https://) se agregan automáticamente si faltan - Los sufijos de ruta como
/wp-login.php,/xmlrpc.php,/wp-admin/se eliminan automáticamente - Las líneas que no coinciden con ningún formato admitido se omiten
- Las líneas en blanco se ignoran
Haz clic en "Import File" y selecciona tu archivo .txt de credenciales. El contador de objetivos se actualiza inmediatamente.
| Modo de Hilos | Descripción |
|---|---|
| Auto (0) | Calcula automáticamente los hilos óptimos desde los cores de CPU y RAM disponible. Se adapta en tiempo real. |
| Manual (1–500) | Número de hilos fijo. Úsalo cuando necesites concurrencia predecible. |
| Timeout | Cuándo Usar |
|---|---|
| 5–15s | Objetivos rápidos y confiables |
| 15–30s | Objetivos estándar |
| 30–60s | Objetivos lentos o geográficamente distantes |
| 60–120s | Objetivos muy lentos o conexiones de alta latencia |
Haz clic en "Start". La aplicación:
- Analiza y normaliza cada URL de objetivo
- Autentica via
wp-login.php - Detecta el rol del usuario (Admin / Editor / Autor)
- Intenta la carga de shell a través de los 9 métodos secuencialmente
- Verifica la accesibilidad del shell tras cada carga exitosa
- Registra los resultados en archivos categorizados en
Results/
- Haz clic en "Open Results" para abrir la carpeta de resultados en el Explorador de Windows
- Haz clic en "Copy Shells" para copiar todas las URLs de shell al portapapeles
- Usa el desplegable Filtro por Rol para filtrar la tabla de resultados
La herramienta intenta 9 vectores de carga secuencialmente, deteniéndose en el primer éxito:
| # | Método | Endpoint | Técnica |
|---|---|---|---|
| M1 | Plugin Upload | /wp-admin/update.php?action=upload-plugin |
Sube plugin.zip con el payload PHP como plugin de WordPress |
| M2 | Theme Upload | /wp-admin/update.php?action=upload-theme |
Sube theme.zip con el payload PHP como tema de WordPress |
| M3 | Theme Editor | /wp-admin/theme-editor.php |
Inyecta el payload directamente en un archivo de tema activo via el editor integrado |
| M4 | Plugin Editor | /wp-admin/plugin-editor.php |
Inyecta el payload directamente en un archivo de plugin activo via el editor integrado |
| M5 | Media REST API | /wp-json/wp/v2/media |
Intenta subir archivos PHP via REST API usando múltiples extensiones |
| M6 | File Manager Plugin | /wp-admin/admin.php?page=wp_file_manager |
Explota la funcionalidad de carga del plugin WP File Manager si está instalado |
| M7 | AJAX Upload | /wp-admin/async-upload.php |
Sube directamente via el manejador AJAX de medios de WordPress |
| M8 | XML-RPC | /xmlrpc.php |
Usa el método wp.uploadFile sobre el protocolo XML-RPC |
| M9 | Direct Write | HTTP PUT |
Intenta escritura HTTP PUT directa a varias rutas del servidor |
AdaptiveThreadManager implementa una estrategia AIMD (Aumento Aditivo / Disminución Multiplicativa) — el mismo algoritmo usado por el control de congestión TCP — para ajustar dinámicamente la concurrencia basándose en métricas de rendimiento en tiempo real.
| Condición | Acción | Motivo |
|---|---|---|
| Tasa de timeout > 30% | −40% hilos | Sistema gravemente sobrecargado |
| Tasa de timeout 15–30% | −20% hilos | Congestión moderada |
| Tasa de error > 80% | −10% hilos | Alta tasa de fallos |
| Rendimiento mejora + respuesta < 15s | +10–20% | Seguro escalar |
| Rendimiento se degrada significativamente | −12–25% | Rendimiento en declive |
| Tiempo de respuesta > 1.5× ciclo anterior | −15% | Retroceso preventivo |
| Rendimiento estable + respuestas rápidas | +5% | Exploración gradual |
Todos los resultados se guardan en una carpeta con timestamp: Results/Results_YYYY-MM-DD_HH-mm-ss/
| Archivo | Contenido |
|---|---|
shells.txt |
Solo URLs de shells (una por línea) |
shells_full.txt |
URL del shell + credenciales + método utilizado |
login_ok.txt |
Todas las credenciales que autenticaron exitosamente |
login_failed.txt |
Credenciales fallidas con mensaje de error |
upload_failed.txt |
Login exitoso pero los 9 métodos de carga fallaron |
administrators.txt |
Credenciales de cuentas con rol Administrador |
editors.txt |
Credenciales de cuentas con rol Editor |
authors.txt |
Credenciales de cuentas con rol Autor |
other_roles.txt |
Credenciales de roles no estándar |
method_plugin_upload.txt |
Shells cargados via M1 |
method_theme_upload.txt |
Shells cargados via M2 |
method_media_rest_api.txt |
Shells cargados via M5 |
method_xml-rpc.txt |
Shells cargados via M8 |
Successfully_logged_WordPress.txt |
Lista de logins exitosos |
Archivo de Credenciales
│
▼
┌───────────────────┐
│ Stream del Archivo│ Lectura asíncrona línea por línea
│ + Parsing │ Parser multi-formato: hash / pipe / guión / colon
└────────┬──────────┘
▼
┌───────────────────┐
│ Normalización URL│ Eliminar /wp-login.php, /xmlrpc.php, /wp-admin/
│ │ Agregar https:// si falta
└────────┬──────────┘
▼
┌───────────────────┐
│ Autenticación │ POST a /wp-login.php con credenciales extraídas
│ │ Manejar formularios de login personalizados (MyUserPro)
│ │ Verificar sesión via acceso a /wp-admin/
│ │ Detectar rol desde HTML de página admin
└────────┬──────────┘
│ Auth Fallida → registrar en login_failed.txt
│ Auth OK ↓
┌───────────────────┐
│ Carga de Shell │ Intentar M1 → M2 → M3 → M4 → M5 → M6 → M7 → M8 → M9
│ (9 Métodos) │ Extraer nonce de cada página antes de cargar
│ │ Usar nombres aleatorios para paquetes plugin/tema
└────────┬──────────┘
│ Todos fallaron → registrar en upload_failed.txt
│ Carga OK ↓
┌───────────────────┐
│ Verificación │ GET a la URL de carga
│ de Shell │ Verificar respuesta por cadena marcadora "matrix-title"
│ │ Confirmar que el shell ejecuta, no solo que fue subido
└────────┬──────────┘
▼
┌───────────────────┐
│ Almacenamiento │ Escribir en archivos categorizados
│ de Resultados │ Actualizar estadísticas de UI
│ │ Registrar en log de actividad
└───────────────────┘
| Problema | Causa | Solución |
|---|---|---|
| La app no inicia | Falta .NET 6 Runtime | Instala .NET 6 Desktop Runtime |
| Error "Files not found" | Carpeta Files/ faltante o en ubicación incorrecta |
Asegúrate de que Files/ esté en el mismo directorio que el .exe |
| Todos los resultados son timeouts | Objetivos lentos o demasiados hilos | Reduce el conteo de hilos; aumenta el timeout a 30–60s |
| Login OK pero todos los uploads fallan | WordPress endurecido | Normal para instalaciones protegidas; los 9 métodos se agotaron |
| Velocidad muy baja | Conteo de hilos automático demasiado conservador | Cambia a modo Manual y establece un conteo mayor |
| Carpeta Results no creada | Problema de permisos | Ejecuta como Administrador o mueve a directorio con permisos de escritura |
| La app se congela al iniciar | Problema con detección de hardware | Reinicia la aplicación; revisa el Event Log de Windows |
| Alto uso de memoria | Archivo de credenciales muy grande | Normal; la app usa streaming — el uso de memoria permanece acotado |
This project is licensed under the MIT License. See LICENSE for details.
Este proyecto está bajo la Licencia MIT. Ver LICENSE para más detalles.