https://hexpysya.github.io/tags/wpscan/Recent content in WPScan on bubka hacks stuffHugo -- gohugo.ioen-usWed, 08 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-perfect-survey/Wed, 08 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-perfect-survey/An attacker conducted reconnaissance with Nmap and WPScan against a WordPress site, exploited CVE-2021-24762 in the Perfect Survey plugin via SQLi to extract wp_users password hashes, then pivoted into Active Directory by Kerberoasting alonso.x, creating a rogue computer account, abusing RBCD, and escalating to domain administrator via AD CS certificate abuse.