Wordpress

WPScan

don't forget to setup URL variable

export URL="<wordpress url"

Initial Scan

wpscan --url $URL --disable-tls-checks --enumerate p --enumerate t --enumerate u

Plugin Enumeration (Aggressive)

wpscan --url $URL --enumerate p --plugins-detection aggressive

note:

• akismet --> just ignore it

Get a shell from Admin

• theme = twentyseventeen

• go to header.php

• input shell in the php script.