FLaG (Fast LeArner’s Guide) to HAWordy from Vulnhub (OSCP Proving Grounds)
As always, nmap scan reveals only TCP/80 open with new apache install page displayed dirb (or gobuster) reveals subdirectory called wordpress. Easy! wpscan –url http://192.168.53.23/wordpress –enumerate p (Enumerate plugins to…