This is a simple Python proof-of-concept (PoC) for CVE-2022-0169, an SQL injection vulnerability in the WordPress Photo Gallery plugin.
- Checks the WordPress version (if available)
- Exploits the vulnerable
admin-ajax.phpendpoint - Dumps
wp_usersusernames and password hashes - Saves results in timestamped folders
- Prompts you to crack them with hashcat if you want
This tool is for educational purposes only. Use responsibly! Like you would listen to this.. 😆
python3 exploit.py -u http://target.compython3 exploit.py -f targets.txt| Option | Description |
|---|---|
-u |
Single target URL |
-f |
File with list of targets |
-p |
Proxy (e.g., http://127.0.0.1:8080) |
-t |
Number of threads (default: 5) |
-w |
Choose wordlist for hashcat (default: rockyou.txt) Make sure that rockyou.txt is gunzipped! |
Example:
python3 exploit.py -u http://victim.com -w /usr/share/wordlists/rockyou.txtRequirements
requests
argparse
colorama- Dumps are saved in
results/YYYYMMDD_HHMMSS/ - One HTML dump per target
- Extracted hashes in separate files for easy cracking
When hashes are found, you’ll be asked:
Crack the hashes with hashcat now? [Y/N]:
If you hit Y, hashcat will run automatically using your selected wordlist.
- Run the script on your target(s).
- Check the
results/folder for dumps and hashes. - Crack them with hashcat:
hashcat -m 400 -a 0 results/YYYYMMDD_HHMMSS/hashes.txt /usr/share/wordlists/rockyou.txt
This tool is for educational and authorized testing only. You are solely responsible for how you use it. Always get permission before scanning or exploiting any system.
Stay cyberpunk.
— X3RX3S