This is a walkthrough of the TryHackMe machine called “All in One”. The machine is a linux box running wordpress and this video features the use of wpscan, python exploits, malicious plugins, and GTFOBins! I learned a lot tackling this one. ***SPOILERS*** I show you how to pwn the box, so if you don’t want help with it do not watch this video. Hope this helps someone and I hope you enjoy.
***IMPORTANT*** I missed a step in the video, the flags are base64 encoded, you will need to decode them before TryHackMe‘s website will accept them.
