Original Post: https://icecereal.github.io/blog/how-i-hacked-my-unis-internship-portal/
I won’t write too much here because most of the juicy information can be found in the Original Post.
The TL;DR:
The University where I did my undergrad made an in-house internship portal (website) that students could use to find out about internships. After noticing a few technical issues with the portal, I started digging into the website and I stumbled across the GitHub repository of the entire portal which happened to contain the db.sqlite3 file that the backend server used to store usernames, (encrypted) passwords, salts, access controls and some metadata. I brute forced decrypted the encrypted administrator password with the salt using cuda hashcat on a Nvidia DGX-1, a $100,000 (USD) machine that my University bought for High Performance Computing and Deep Learning. Cuda hashcat cracked the password in roughly one hour and I was able to login to the administrator account to upload an internship that led people to the popular internet meme video, Never Gonna Give You Up by Rick Astley.