To install the latest stable build, run gem install wpxf .
After installation, you can launch the WordPress Exploit Framework console by running wpxf .
If you have issues installing WPXF’s dependencies (in particular, Nokogiri), first make sure you have all the tooling necessary to compile C extensions:
It’s possible that you don’t have important development header files installed on your system. Here’s what you should do if you should find yourself in this situation:
If you are experiencing errors that indicate that libcurl.dll could not be loaded, you will need to ensure the latest libcurl binary is included in your Ruby bin folder, or any other folder that is in your environment’s PATH variable.
The latest version can be downloaded from curl.haxx.se/download.html. As of 16/05/2016, the latest release is marked as Win32 2000/XP zip 7.40.0 libcurl SSL . After downloading the archive, extract the contents of the bin directory into your Ruby bin directory (if prompted, don’t overwrite any existing DLLs).
How To Use WordPress Exploit Framework
Start the WordPress Exploit Framework console by running wpxf .
Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.
Loading a module into your environment will allow you to set options with the set command and view information about the module using info .
Below is an example of how one would load the symposium_shell_upload exploit module, set the module and payload options and run the exploit against the target.