I am practicing pen testing in a protected box and I have a vulnerable Magento website and I managed to get its MySQL config file which is app/etc/local.xml
.
In this file there is information such as:
<crypt>
<key><![CDATA[414c9022922d31b62bbe4447356e4ed6]]></key>
</crypt>
<disable_local_modules>false</disable_local_modules>
<resources>
<db>
<table_prefix><![CDATA[]]></table_prefix>
</db>
<default_setup>
<connection>
<host><![CDATA[]]></host>
<username><![CDATA[MYSQL_USERNAME]]></username>
<password><![CDATA[MYSQL_PASSWORD]]></password>
<dbname><![CDATA[DATABASE_NAME]]></dbname>
<initStatements><![CDATA[SET NAMES utf8]]></initStatements>
<model><![CDATA[mysql4]]></model>
<type><![CDATA[pdo_mysql]]></type>
<pdoType><![CDATA[]]></pdoType>
<active>1</active>
</connection>
</default_setup>
</resources>
<session_save><![CDATA[files]]></session_save>
However, I found admin folder as well but do not have the login details. Only http and ssh ports are open. The SQL port is closed so remote access is not possible.
Apparently code injection is possible as on the default 404.php page I found a <script>alert('hacked')</script>
Apparently there are loads to do with <key><![CDATA[414c9022922d31b62bbe4447356e4ed6]]></key>
. But I dont know how to use it.