{"id":702,"date":"2025-08-25T21:34:47","date_gmt":"2025-08-25T20:34:47","guid":{"rendered":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu.png"},"modified":"2025-08-25T21:55:07","modified_gmt":"2025-08-25T20:55:07","slug":"4-reverse-shell-menu","status":"inherit","type":"attachment","link":"https:\/\/jagumiel.xyz\/blog\/4-reverse-shell-menu\/","title":{"rendered":"Reverse shell a trav\u00e9s de plugin modificado en WordPress."},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false},"class_list":["post-702","attachment","type-attachment","status-inherit","hentry"],"aioseo_notices":[],"description":{"rendered":"<p class=\"attachment\"><a href='https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu.png'><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"173\" src=\"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-300x173.png\" class=\"attachment-medium size-medium\" alt=\"Plugin WP Mail SMTP manipulado para establecer conexi\u00f3n inversa desde WordPress\" srcset=\"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-300x173.png 300w, https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-768x442.png 768w, https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-150x86.png 150w, https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu.png 980w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>El atacante instala un plugin camuflado como WP Mail SMTP, el cual incluye c\u00f3digo para establecer una reverse shell hacia la IP atacante. Esta t\u00e9cnica demuestra c\u00f3mo un acceso al panel de administraci\u00f3n puede derivar en ejecuci\u00f3n remota de comandos y escalada de privilegios.<\/p>\n"},"caption":{"rendered":"<p>Plugin personalizado permite conexi\u00f3n remota usando IP y puerto definidos.<\/p>\n<p class=\"continue-reading-button\"> <a class=\"continue-reading-link\" href=\"https:\/\/jagumiel.xyz\/blog\/4-reverse-shell-menu\/\">Continue reading<i class=\"crycon-right-dir\"><\/i><\/a><\/p>\n"},"alt_text":"Plugin WP Mail SMTP manipulado para establecer conexi\u00f3n inversa desde WordPress","media_type":"image","mime_type":"image\/png","media_details":{"width":980,"height":564,"file":"2025\/08\/4-reverse-shell-menu.png","filesize":60683,"sizes":{"medium":{"file":"4-reverse-shell-menu-300x173.png","width":300,"height":173,"filesize":9059,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-300x173.png"},"thumbnail":{"file":"4-reverse-shell-menu-150x150.png","width":150,"height":150,"filesize":4777,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-150x150.png"},"medium_large":{"file":"4-reverse-shell-menu-768x442.png","width":768,"height":442,"filesize":38465,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-768x442.png"},"custom":{"file":"4-reverse-shell-menu-250x150.png","width":250,"height":150,"filesize":7786,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-250x150.png"},"post-thumbnail":{"file":"4-reverse-shell-menu-150x86.png","width":150,"height":86,"filesize":3528,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-150x86.png"},"header":{"file":"4-reverse-shell-menu-980x450.png","width":980,"height":450,"filesize":28768,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-980x450.png"},"slider":{"file":"4-reverse-shell-menu-980x400.png","width":980,"height":400,"filesize":25140,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-980x400.png"},"columns":{"file":"4-reverse-shell-menu-318x201.png","width":318,"height":201,"filesize":11853,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu-318x201.png"},"full":{"file":"4-reverse-shell-menu.png","width":980,"height":564,"mime_type":"image\/png","source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu.png"}},"image_meta":{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0","keywords":[]}},"post":null,"source_url":"https:\/\/jagumiel.xyz\/blog\/wp-content\/uploads\/2025\/08\/4-reverse-shell-menu.png","_links":{"self":[{"href":"https:\/\/jagumiel.xyz\/blog\/wp-json\/wp\/v2\/media\/702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jagumiel.xyz\/blog\/wp-json\/wp\/v2\/media"}],"about":[{"href":"https:\/\/jagumiel.xyz\/blog\/wp-json\/wp\/v2\/types\/attachment"}],"author":[{"embeddable":true,"href":"https:\/\/jagumiel.xyz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jagumiel.xyz\/blog\/wp-json\/wp\/v2\/comments?post=702"}]}}