How I Hacked My College - Part 1

Cybersecurity has always been more than just an interest for me. From the first year of college, I had one goal in mind: to understand how real-world systems could be tested, secured, and sometimes broken due to weak configurations.

Back then, I was still learning. I had very limited knowledge about server security, network penetration, and exploiting vulnerabilities. Most of my time was spent researching, practicing, and experimenting with different techniques. I would spend entire days in the college library studying security concepts, learning new tools, and understanding how attacks actually worked.

Everything changed during my final year.

What started as curiosity eventually turned into a complete security assessment that exposed multiple critical weaknesses within the college infrastructure. The entire journey can be divided into three major attack vectors that ultimately led to full compromise of sensitive systems:

• SSH Misconfiguration
• SQL Injection
• Remote Code Execution (RCE)

This is the story of the first one.

SSH Port 22 — A Case of Weak Server Configuration

I began with basic reconnaissance using network scanning tools to identify exposed services and open ports. During the scan, several unnecessary ports appeared publicly accessible, but one service immediately caught my attention, SSH on Port 22.

My initial attempts to access the server were unsuccessful since authentication was required. I spent hours testing different possibilities, including password attacks, but nothing worked.

At that point, I shifted my focus toward the college web applications. Since the infrastructure was running on WordPress, I started searching for common misconfigurations and exposed files.

Eventually, I discovered an exposed wp-config file.

For anyone familiar with WordPress, this file usually contains sensitive database credentials. What made the situation worse was the server configuration itself; the same password used for the database was also being used for SSH authentication.

Using those credentials, I was able to successfully establish an SSH connection to the server.

That single mistake opened the door to much deeper access.

Part 2 will cover how SQL Injection exposed even more critical data within the system.

Disclaimer: This activity was conducted with authorized permission as part of a security assessment. No sensitive information has been disclosed, and this content is shared strictly for educational and awareness purposes.

LinkedIn: https://www.linkedin.com/in/ashketchumwashere/

Instagram: https://www.instagram.com/ashketchumwashere/

X: https://x.com/ashketchum_16

Hope this helps you somewhere in your journey.

Thanks for Reading !!

./Keep_Hacking