<img alt="Test suite status" src="https://img.shields.io/github/actions/workflow/status/anthares101/omega/ci.yml?style=for-the-badge"> <img alt="Version v2.7" src="https://img.shields.io/badge/version-v2.7-blue?style=for-the-badge"> <img alt="GPL-2.0 license" src="https://img.shields.io/github/license/anthares101/omega?style=for-the-badge">
# Omega - From Wordpress admin to pty
The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Works in Linux, Windows and MacOS hosts!
The shell code used for Windows hosts is a modified version of the [PHP reverse shell](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/php_reverse_shell.php) by [ivan-sincek](https://github.com/ivan-sincek), credits to the author.
## How does it work?
First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by Wordpress. After that, it will use the template editor to inject a payload with a simple web shell and a base64 PHP code evaluation function.
Once everything is set up, Omega will spin up a listener, execute a reverse shell using the payload injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty (Only for Linux and MacOS hosts).
If stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilized without problems using any method you want.
## Installation
Just execute `pip3 install omega-wp` and enjoy! You can use a virtual env or intall it system wide.
## Usage
If you have all the requirements you can start playing with Omega!
```
Omega - From Wordpress admin to pty
usage: omega [-h] [-v] [--no-pty] -u WP_URL -l USERNAME -p PASSWORD -H LHOST [-P LPORT]
Provides a reverse shell (stabilized if possible) to a Wordpress host. You need admin credentials!
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--no-pty if this flag is set, no shell stabilization is perform
-u WP_URL, --wp-url WP_URL
the target Wordpress url
-l USERNAME, --username USERNAME
Wordpress admin user to use for login
-p PASSWORD, --password PASSWORD
Wordpress admin password to use for login
-H LHOST, --lhost LHOST
the ip where the reverse shell should connect to
-P LPORT, --lport LPORT
the port used to listen for the reverse shell (Default: 8080)
```
Raw data
{
"_id": null,
"home_page": "https://github.com/anthares101/omega",
"name": "omega-wp",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": "",
"keywords": "windows macos linux shell wordpress reverse-shell tool hacking tty pty cybersecurity reverse pwntools hacktoberfest kali",
"author": "\u00c1ngel Heredia",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/22/dd/f82c731fe3bb2e7e84d4bf2ae8d02261e07de312cf9737c00823c43e88b1/omega_wp-2.7.tar.gz",
"platform": null,
"description": "<img alt=\"Test suite status\" src=\"https://img.shields.io/github/actions/workflow/status/anthares101/omega/ci.yml?style=for-the-badge\"> <img alt=\"Version v2.7\" src=\"https://img.shields.io/badge/version-v2.7-blue?style=for-the-badge\"> <img alt=\"GPL-2.0 license\" src=\"https://img.shields.io/github/license/anthares101/omega?style=for-the-badge\">\n\n# Omega - From Wordpress admin to pty\n\nThe Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Works in Linux, Windows and MacOS hosts! \n\nThe shell code used for Windows hosts is a modified version of the [PHP reverse shell](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/php_reverse_shell.php) by [ivan-sincek](https://github.com/ivan-sincek), credits to the author.\n\n\n\n## How does it work?\n\nFirst, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by Wordpress. After that, it will use the template editor to inject a payload with a simple web shell and a base64 PHP code evaluation function.\n\nOnce everything is set up, Omega will spin up a listener, execute a reverse shell using the payload injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty (Only for Linux and MacOS hosts).\n\nIf stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilized without problems using any method you want.\n\n## Installation\n\nJust execute `pip3 install omega-wp` and enjoy! You can use a virtual env or intall it system wide.\n\n## Usage\n\nIf you have all the requirements you can start playing with Omega!\n\n```\nOmega - From Wordpress admin to pty\n\nusage: omega [-h] [-v] [--no-pty] -u WP_URL -l USERNAME -p PASSWORD -H LHOST [-P LPORT]\n\nProvides a reverse shell (stabilized if possible) to a Wordpress host. You need admin credentials!\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --version show program's version number and exit\n --no-pty if this flag is set, no shell stabilization is perform\n -u WP_URL, --wp-url WP_URL\n the target Wordpress url\n -l USERNAME, --username USERNAME\n Wordpress admin user to use for login\n -p PASSWORD, --password PASSWORD\n Wordpress admin password to use for login\n -H LHOST, --lhost LHOST\n the ip where the reverse shell should connect to\n -P LPORT, --lport LPORT\n the port used to listen for the reverse shell (Default: 8080)\n```\n\n\n",
"bugtrack_url": null,
"license": "GPL-2.0",
"summary": "From Wordpress admin to pty automatically!",
"version": "2.7",
"project_urls": {
"Homepage": "https://github.com/anthares101/omega",
"Release notes": "https://github.com/anthares101/omega/releases"
},
"split_keywords": [
"windows",
"macos",
"linux",
"shell",
"wordpress",
"reverse-shell",
"tool",
"hacking",
"tty",
"pty",
"cybersecurity",
"reverse",
"pwntools",
"hacktoberfest",
"kali"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "fdf9df801f37b15f12476e134345a66de36eb532f3394c41acacbc35204b634d",
"md5": "d360733971f35e006c0c0004a20fcb14",
"sha256": "e7e5b31d602f81cf48884af3a6f93c4454080434393eb4e2a07e5e7945081654"
},
"downloads": -1,
"filename": "omega_wp-2.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d360733971f35e006c0c0004a20fcb14",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3",
"size": 26508,
"upload_time": "2024-03-10T16:46:18",
"upload_time_iso_8601": "2024-03-10T16:46:18.482212Z",
"url": "https://files.pythonhosted.org/packages/fd/f9/df801f37b15f12476e134345a66de36eb532f3394c41acacbc35204b634d/omega_wp-2.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "22ddf82c731fe3bb2e7e84d4bf2ae8d02261e07de312cf9737c00823c43e88b1",
"md5": "59342d58f303ab4266bd2340d3475bcb",
"sha256": "e56fcd03ee73686b99b4b2ec176bdd990b42f7abf71a224e5b58ef94be0dc8e3"
},
"downloads": -1,
"filename": "omega_wp-2.7.tar.gz",
"has_sig": false,
"md5_digest": "59342d58f303ab4266bd2340d3475bcb",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 23669,
"upload_time": "2024-03-10T16:46:20",
"upload_time_iso_8601": "2024-03-10T16:46:20.186114Z",
"url": "https://files.pythonhosted.org/packages/22/dd/f82c731fe3bb2e7e84d4bf2ae8d02261e07de312cf9737c00823c43e88b1/omega_wp-2.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-10 16:46:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "anthares101",
"github_project": "omega",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "omega-wp"
}
JSON
