HackerFest 2019 Walkthrough

Recon

First I ran the following command :

Fig.1 Nmap Scan
Fig.2 Website Homepage
Fig.3 Wordpress Files through FTP

“ Vulnerable sites need a DB ”

Think about it :-P

Fig.4 wp-config.php source
Fig.5 PHPMyAdmin Portal

Cracking

So I used JTR(John the Ripper) to crack it through existing rockyou.txt password list and got the password to the user of the Wordpress.

Fig.6 John The Ripper
Fig.7 Metasploit Console

--

--

Security Enthusiast | A Web App Developer Sometimes

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store