OSCP 2022 Materials

Wordpress

Enumeration

Enumeration via wp-scan

# enuemrate users
wpscan --url http://url -e u
# perform aggressive scans 
wpscan --url http://url -e u,t,p --detection aggressive --plugins-detection aggressive 
# perform checks on https sites
wpscan --url https://url -e u --disable-tls-checks

Useful locations

/wp-contents/plugins/
/wp-includes/

Exploitation

ttps://book.hacktricks.xyz/pentesting/pentesting-web/wordpress

PreviousCMS Exploitation NextMagento

Last updated 1 year ago