How I Hacked My College (PART 1)

Hello Everyone, this is all about my dream which I used to see from the first year of my college. I am a security enthusiast and always wanted to hack my college but yes my favorite #LearningPhase, I was in a learning phase, so I didn't know much about hacking a server or penetrating network and other critical assets. So I started learning all this stuff, I used to sit in Library for the whole day learning new techniques and tricks.

Finally a day in my life my final year… the story started, it's divided into three parts like three major attacks which lead to the compromise of complete college data !!

  1. SSH Port 22
  2. SQL Injection
  3. RCE (Remote Code Execution)

SSH PORT 22 — Story Of Very Poor Configuration

I opened my very noisy tool Nmap and started hunting for open ports after a few minutes of searching I was shocked to see all the ports were open and I was very interested in SSH PORT 22.

I started connecting ssh port but I failed because I didn't know the password, I started brute-forcing after spending hours, still no luck. I didn't get the password :( Then I thought of one vulnerability that I found in one of the websites and started hunting for that because my college was using WordPress.

And finally, I found that wp-config file :D

Image for post
Image for post

Why Story Of Very Poor Configuration ???

Because while configuring the server the same password was used of DB_PASSWORD and My connection was established to SSH PORT :D

Image for post
Image for post

Thanks for reading !!

The next part will be coming soon … :)

**** I was Granted Permission to Penetrate the College so don’t do anything illegal and I have not disclosed any Critical Information***

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store