Hackacademic.RTB1 is vulnerable machine for training our skills.This machine can be download from free from here. There is many tutorial how to hack these machine but i did always be my self.
First step is recognize open ports in machine.We can use our favourite nmap scanner and just simply type nmap <IP of machine>
I use T4 option in mnap for just simple do faster scan :)As we can see there are just 1 open port and there is port 80.
So we do some digging and start our browser and insert ip address of out machine.
So our victim page looks like this one after some clicking and looking for url you can see some possibilities of SQL injection. After insert ' at the end of url.We get error of SQL.Huray!! We immediately start our second most powerful program
In this section we just can start sqlmap program and check if our link is really vulnerable.So we simple run sqlmap.py -u "<url>" --dbs
after runnig couple more programs we are able to retrieve wordpress user.Sorry guys I don't want to show you all steps :) Just try to figure out how many other sqlmap you have to run to get all users and theirs passwords.When you check carefully tables of user we can see that open user has priority 10 which means that user is admin and have highest privileges in wordpress. We just simpe type
after these we can simple login.
Just insert into browser <ip +>HackademicRTB1/wp-admin/
We should see login page for wordpress and just simple insert credential
So I really want these make as one tutorial but for me it's too late and i heading to bed.Second part soon :) If you have any question ale any feedback please let me known :)