How To: Hack Hackademic.RTB1 Machine Part 1

Hack Hackademic.RTB1 Machine Part 1

How to Hack Hackademic.RTB1 Machine Part 1

Welcome hackers.

Hackacademic.RTB1 is vulnerable machine for training our skills.This machine can be download from free from here. There is many tutorial how to hack these machine but i did always be my self.

Step 1: Recognize Open Ports

First step is recognize open ports in machine.We can use our favourite nmap scanner and just simply type nmap <IP of machine>

I use T4 option in mnap for just simple do faster scan :)As we can see there are just 1 open port and there is port 80.

So we do some digging and start our browser and insert ip address of out machine.

So our victim page looks like this one after some clicking and looking for url you can see some possibilities of SQL injection. After insert ' at the end of url.We get error of SQL.Huray!! We immediately start our second most powerful program

Step 2: SQL Injection

In this section we just can start sqlmap program and check if our link is really vulnerable.So we simple run sqlmap.py -u "<url>" --dbs

after runnig couple more programs we are able to retrieve wordpress user.Sorry guys I don't want to show you all steps :) Just try to figure out how many other sqlmap you have to run to get all users and theirs passwords.When you check carefully tables of user we can see that open user has priority 10 which means that user is admin and have highest privileges in wordpress. We just simpe type

after these we can simple login.
Just insert into browser <ip +>HackademicRTB1/wp-admin/
We should see login page for wordpress and just simple insert credential

So I really want these make as one tutorial but for me it's too late and i heading to bed.Second part soon :) If you have any question ale any feedback please let me known :)

Cheers Spyx

2 Comments

If your un-experienced and would like to see first hand hacking in action here is a place to visit. With little to no experience you can see what the processes are to sucesfully capture the flag.

Food for thaught - Treat all of these machines as a real machine, don't just go in half cocked thinking it's just a vm. Practice, practice, practice. "If you start with the bad habbit's now your skills will be no good."

And rember

Amat Victoria Curam

how to install Hackedemic?

Share Your Thoughts

  • Hot
  • Latest