10.10.11.125
wpscan do normal and aggressive for plugins —plugins-version-detection aggressive -e ap there is also vp for vulnerable plugins, ap is for all plugins the lfi we discover through the plugin has no code execution since we can download the php files
what is nmap —min-rate=10000
ippsec video for screen explanation
LFI - send email reverse shell (https://www.aptive.co.uk/blog/local-file-inclusion-lfi-testing/)
d211e13d013df9beec7a2f1909f8812e
0b045a1e487cf5174f7c1c075e1ff9bf
/tmp/tmux-1000