KORP Terminal

SOLUTION

We can see the login page at first, let try some SQL injection. But nothing happend, so we need to inspect it and save the request to a file.

Using sqlmap to find the web’s databse

sqlmap -r request.txt --ignore-code 401 --dump --batch

We got the username and the hash. Now let identify the hash using Hash Identifier

We have the hash type, now look it up through hashcat

Crack it and we get the admin’s password.

hashcat -m 3200 hash.txt wordlist