Hello Everyone, this is all about my dream which I used to see from the first year of my college. I am a security enthusiast and always wanted to hack my college but yes my favorite #LearningPhase, I was in a learning phase, so I didn't know much about hacking a server or penetrating network and other critical assets. So I started learning all this stuff, I used to sit in Library for the whole day learning new techniques and tricks.
Finally a day in my life my final year… the story started, it's divided into three parts like three major attacks which lead to the compromise of complete college data !!
- SSH Port 22
- SQL Injection
- RCE (Remote Code Execution)
SSH PORT 22 — Story Of Very Poor Configuration
I opened my very noisy tool Nmap and started hunting for open ports after a few minutes of searching I was shocked to see all the ports were open and I was very interested in SSH PORT 22.
I started connecting ssh port but I failed because I didn't know the password, I started brute-forcing after spending hours, still no luck. I didn't get the password :( Then I thought of one vulnerability that I found in one of the websites and started hunting for that because my college was using WordPress.
And finally, I found that wp-config file :D
Why Story Of Very Poor Configuration ???
Because while configuring the server the same password was used of DB_PASSWORD and My connection was established to SSH PORT :D
Thanks for reading !!
The next part will be coming soon … :)
**** I was Granted Permission to Penetrate the College so don’t do anything illegal and I have not disclosed any Critical Information***