n00py
commented
4 years ago So what that function is doing: Looks for wp-config.php. It assumes that it is three directories up, so if yertle is at /wp-content/plugins/random/shell.php, it will look for it at ../../../wp-config.php.
So this is a possible issue. Can you check on your site to see if these files (shell.php and wp-config.php) are in their expected locations?
also it is looking for DB_USER in wp-config.php. It is also splitting strings on single quotes.
Can you tell me if wp-config as DB_USER in it, and if the value is enclosed in single quotes?
Hi,
I'm trying your program on a test site on my hosting (because I got hacked and I want to see what they were able to get) and when I try hashdump it is giving me this error. I tried to troubleshoot and I found out that sendcommand.text is empty but I cannot figure out why...
It does that also for dbcreds but not for keylogger, it is strange...
Here is the output of the error :
os-shell> hashdump Traceback (most recent call last): File "yertle.py", line 466, in
main()
File "yertle.py", line 447, in main
commandloop(args.target, uploaddir)
File "yertle.py", line 98, in commandloop
hashdump(host, uploaddir)
File "yertle.py", line 306, in hashdump
items = datacreds(host, uploaddir)
File "yertle.py", line 134, in datacreds
user = credextract(sendcommand.text, 'DB_USER')
File "yertle.py", line 147, in credextract
return se[2]
IndexError: list index out of range
Thanks a lot for your help