CHURCHCRM
OFFSEC - Proving Grounds - GROOVE
·1418 words·7 mins
OFFSEC PG PRACTICE
CHURCHCRM
SQLMAP
HASHCAT
ChurchCRM 4.5.1 on port 80 has weak credentials. Using an SQL injection via sqlmap reveals the root hash. Cracking it grants root access.