{"id":29682368,"url":"https://github.com/machphy/penetration-testing-report-hackmaster","last_synced_at":"2026-02-07T14:31:17.003Z","repository":{"id":291403049,"uuid":"977520700","full_name":"machphy/penetration-testing-report-hackmaster","owner":"machphy","description":null,"archived":false,"fork":false,"pushed_at":"2025-05-04T12:27:53.000Z","size":9091,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-23T02:48:19.769Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/machphy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-04T11:56:07.000Z","updated_at":"2025-05-04T18:44:37.000Z","dependencies_parsed_at":"2025-05-04T12:35:16.473Z","dependency_job_id":"458749e9-5b08-4e12-9893-7c7bcb3a9063","html_url":"https://github.com/machphy/penetration-testing-report-hackmaster","commit_stats":null,"previous_names":["machphy/penetration-testing-report-hackmaster"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/machphy/penetration-testing-report-hackmaster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fpenetration-testing-report-hackmaster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fpenetration-testing-report-hackmaster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fpenetration-testing-report-hackmaster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fpenetration-testing-report-hackmaster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/machphy","download_url":"https://codeload.github.com/machphy/penetration-testing-report-hackmaster/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/machphy%2Fpenetration-testing-report-hackmaster/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29197022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T12:38:28.597Z","status":"ssl_error","status_checked_at":"2026-02-07T12:38:23.888Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-23T02:36:13.984Z","updated_at":"2026-02-07T14:31:16.772Z","avatar_url":"https://github.com/machphy.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# 🛡️ HackMaster Web Application Penetration Testing Report\n\n**Author:** Rajeev Sharma  \n**Role Applied:** Penetration Tester \u0026 Red Team Specialist  \n**Date:** May 4, 2025  \n**Target:** [https://hack-master.hackersprey.com](https://hack-master.hackersprey.com)\n\n---\n\n## 📄 Overview\n\nThis repository contains the results of a comprehensive penetration test conducted on the HackMaster web application. The assessment aimed to identify security vulnerabilities, exploit real-world scenarios, and provide actionable recommendations to enhance the application's security posture.\n\n---\n\n## 🎯 Objective\n\n- Identify 10 distinct security flags within the target web application.\n- Exploit real-world web vulnerabilities to uncover these flags.\n- Document findings, methodologies, and provide remediation strategies.\n\n---\n\n## 🧪 Methodology\n\nThe penetration testing approach adhered to industry best practices, incorporating both automated tools and manual techniques:\n\n- **Tools Used:**\n  - Burp Suite – Intercept \u0026 analyze requests\n  - SQLMap – SQL injection testing\n  - Gobuster – Directory enumeration\n  - cURL – Manual HTTP requests\n  - Browser Developer Tools – Frontend inspection\n  - Custom Payloads – SSRF, Authentication Bypass, etc.\n\n- **Testing Covered:**\n  - Input validation \u0026 injection flaws\n  - Directory \u0026 file discovery\n  - Server-side request forgery (SSRF)\n  - Authentication and access control\n  - Sensitive data exposure\n\n---\n\n## 🧾 Findings \u0026 Flags\n\n1. **Flag #1 – Sensitive File in `/donotopen`**\n   - **Vulnerability:** Exposed sensitive flag via `robots.txt`\n   - **Payload:** `curl https://hack-master.hackersprey.com/donotopen`\n   - **Flag:** `hackersprey{d0_n0t_0p3n}`\n   - **Severity:** Low\n\n2. **Flag #2 – Exposed Credentials in `/adminCreds`**\n   - **Payload:** `curl https://hack-master.hackersprey.com/adminCreds`\n   - **Output:**\n     ```\n     Username: krichardson@hackersprey.com\n     Password: backstreetboys\n     ```\n   - **Use Case:** Login for further exploitation (admin panel, SSRF, etc.)\n   - **Severity:** High\n\n3. **Flag #3 – Hidden Content in `/secret`**\n   - **Response:** “look farther down” (possible lead to nested or encoded content)\n   - **Next Step:** Analyze page source, JavaScript, or attempt path traversal\n   - **Status:** Partial – needs further enumeration\n\n4. **Flag #4 – Restricted Access in `/internal2` \u0026 `/internal3`**\n   - **Status:** HTTP 403 Forbidden\n   - **Bypass Attempts:** Use `X-Forwarded-For`, encoded URLs (`%2e`), etc.\n   - **Flag Status:** Pending – might be flag-bearing endpoints\n\n5. **Flag #5 – SQL Injection Vulnerability**\n   - **Tool:** SQLMap\n   - **Targeted Parameter:** `/admin?request=fetch\u0026url=...`\n   - **Injection Type:** Time-based blind\n   - **DBMS:** MySQL\n   - **Flag Status:** Likely hidden in backend data (DB dump pending)\n\n*(Continue detailing the remaining flags as discovered.)*\n\n---\n\n## 📂 Repository Structure\n\n````\n\nhackmaster-pentest-report/\n├── report/\n│   ├── HackMaster\\_Pentest\\_Report.pdf\n│   └── HackMaster\\_Pentest\\_Report.md\n├── screenshots/\n│   ├── flag1\\_robots\\_txt.png\n│   ├── flag2\\_admin\\_creds.png\n│   └── ...\n├── payloads/\n│   ├── sqlmap\\_payload.txt\n│   ├── ssrf\\_payload.txt\n│   └── ...\n├── tools/\n│   ├── burp\\_config.json\n│   └── ...\n├── notes/\n│   ├── methodology.md\n│   ├── observations.md\n│   └── ...\n├── references/\n│   ├── OWASP\\_Top10.pdf\n│   └── PTES\\_Guide.pdf\n├── LICENSE\n└── README.md\n\n```\n\n---\n\n## 🛠️ Tools \u0026 Resources\n\n- **Burp Suite:** Intercepting proxy for analyzing web traffic.\n- **SQLMap:** Automated tool for SQL injection detection and exploitation.\n- **Gobuster:** Directory and file brute-forcing tool.\n- **cURL:** Command-line tool for transferring data with URLs.\n- **Browser Developer Tools:** Inspecting and debugging web applications.\n- **Custom Payloads:** Crafted inputs for testing SSRF, authentication bypasses, etc.\n\n---\n\n## ✅ Recommendations\n\n| Issue                          | Recommendation                                                                 |\n|--------------------------------|--------------------------------------------------------------------------------|\n| Exposed `robots.txt` entries   | Remove sensitive paths or restrict them via authentication headers.            |\n| Hardcoded admin credentials    | Rotate credentials and store them securely in environment/configuration files. |\n| Unprotected `/adminCreds`      | Apply access controls; restrict sensitive endpoints.                           |\n| SQL Injection vulnerability    | Use parameterized queries; validate all user inputs.                           |\n| Access control on `/internal`  | Enforce strict authorization and monitor for 403 bypass attempts.              |\n\n---\n\n## 📸 Appendix: Screenshots\n\nScreenshots demonstrating the exploitation of identified vulnerabilities are available in the `screenshots/` directory:\n\n- `flag1_robots_txt.png`: Exposure of sensitive file via `robots.txt`.\n- `flag2_admin_creds.png`: Retrieved admin credentials from `/adminCreds`.\n- *(Include additional screenshots as necessary.)*\n\n---\n\n## 📚 References\n\n- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)\n- [Penetration Testing Execution Standard (PTES)](http://www.pentest-standard.org/index.php/Main_Page)\n- [Hack The Box: Penetration Testing Reports Guide](https://www.hackthebox.com/blog/penetration-testing-reports-template-and-guide)\n\n---\n\n## ⚠️ Disclaimer\n\nThis penetration testing report is intended solely for educational purposes. All testing activities were conducted on systems for which explicit authorization was obtained. No unauthorized testing was performed. All sensitive information has been removed to protect privacy and confidentiality.\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachphy%2Fpenetration-testing-report-hackmaster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmachphy%2Fpenetration-testing-report-hackmaster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmachphy%2Fpenetration-testing-report-hackmaster/lists"}