HackerFest 2019 Walkthrough


First I ran the following command :

Fig.1 Nmap Scan
Fig.2 Website Homepage
Fig.3 Wordpress Files through FTP

“ Vulnerable sites need a DB ”

Think about it :-P

Fig.4 wp-config.php source
Fig.5 PHPMyAdmin Portal


So I used JTR(John the Ripper) to crack it through existing rockyou.txt password list and got the password to the user of the Wordpress.

Fig.6 John The Ripper
Fig.7 Metasploit Console



Security Enthusiast | A Web App Developer Sometimes

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store