Adds setup information to documentation

bootstrapbool · bootstrapbool · commit 2bd27b21d8f8 · 2026-04-15T18:56:53.000-04:00
diff --git a/documentation/modules/exploit/multi/http/wp_plugin_supsystic_contact_form_rce.md b/documentation/modules/exploit/multi/http/wp_plugin_supsystic_contact_form_rce.md
@@ -10,6 +10,130 @@ further clarification).
 
 Tested Contact Form version 1.7.36 on Ubuntu 24.04 and Windows 10.
 
+## Setup
+
+### Install XAMPP
+
+https://sourceforge.net/projects/xampp/
+
+~~~bash
+sudo ~/Downloads/xampp-linux-x64-8.2.12-0-installer.run
+~~~
+
+#### Add LAMPP Binaries to PATH
+
+~~~bash
+echo 'export PATH="/opt/lampp/bin:$PATH"' >> ~/.bash_profile
+~~~
+
+### Download Wordpress
+
+https://developer.wordpress.org/advanced-administration/before-install/howto-install/
+
+Download the wordpress zip from https://wordpress.org/download/
+
+~~~bash
+sudo mkdir /opt/lampp/htdocs/wordpress
+sudo cp ~/Downloads/wordpress-6.9.4.zip /opt/lampp/htdocs/wordpress/
+cd /opt/lampp/htdocs/wordpress/
+sudo 7z x wordpress-6.9.4.zip
+~~~
+
+### Create Wordpress Database
+
+#### Login as root
+
+*Just hit enter when prompted for the password.
+
+~~~
+mysql -u root -p
+Enter password:
+~~~
+
+#### Create Wordpress Database
+
+~~~sql
+CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+~~~
+
+### Configure Wordpress
+
+#### Configure Database
+
+~~~
+sudo mv wp-config-sample.php wp-config.php
+~~~
+
+Your config should look like this if you're going to use the root database user.
+
+~~~
+// ** Database settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', 'wordpress_db' );
+
+/** Database username */
+define( 'DB_USER', 'root' );
+
+/** Database password */
+define( 'DB_PASSWORD', '' );
+
+/** Database hostname */
+define( 'DB_HOST', 'localhost' );
+
+/** Database charset to use in creating database tables. */
+define( 'DB_CHARSET', 'utf8mb4' );
+
+/** The database collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', '' );
+~~~
+
+#### Configure Site
+
+When you first connect you'll be redirected to http://localhost/wordpress/wp-admin/install.php
+
+Site Title: ContactFormTest
+Username: admin1
+Password: password123
+Email: email@email.com
+
+## Contact Form Wordpress Plugin
+
+https://wordpress.org/plugins/contact-form-by-supsystic/advanced/
+
+Go to "Advanced View", Then scroll down to "Previous Versions" and select 1.7.36 and Download
+
+### Installation
+
+1. Download Contact Form plugin
+2. Unarchive contact-form-by-supsystic.zip
+3. Move contents to \wp-content\plugins\
+4. Go to admin panel => open item “Plugins” => activate Contact Form Builder by Supsystic
+
+#### 2. Unarchive contact-form-by-supsystic.zip
+
+~~~bash
+7z x contact-form-by-supsystic.1.7.36.zip
+sudo cp -r contact-form-by-supsystic /opt/lampp/htdocs/wordpress/wp-content/plugins
+sudo chown -R www-data:www-data /opt/lampp/htdocs/wordpress/wp-content/plugins/contact-form-by-supsystic
+sudo chmod -R 755 /opt/lampp/htdocs/wordpress/wp-content/plugins/contact-form-by-supsystic
+~~~
+
+### Use Plugin
+
+https://supsystic.com/documentation/contact-form-getting-started?utm_source=wordpress&utm_medium=gettingstarted&utm_campaign=contactform
+
+The "Shortcode" is located at the top of the page, just to the right of "Edit"
+
+Example shortcode:
+
+~~~
+[supsystic-form id=11]
+~~~
+
+Copy and paste that into the Sample Page
+
+It should automatically place it in a "Shortcode" block when you paste.
+
 ## Verification Steps
 
 1. Start `msfconsole`
