Initial Access - Hidden Web Directory Leads to Web Shell then Full Reverse Shell Vulnerability Explanation: A hidden directory on the port 80 hosts a web shell. A reverse shell is obtainable by cr...

Initial Access - Vulnerable PHP version and Publicly Available Exploit leads to RCE Vulnerability Explanation: The PHP version running on the web server on port 80 is vulnerable with a backdoor. T...

Purpose Now that the penetration test is finished, we will be able to utilize the logs generated to analyze the attack. The 2 main attacks that generated telemetry were the RDP brute-forcing attac...

Initial Access - Anonymous FTP Access + Credential Brute-forcing Vulnerability Explanation: Anonymous access to the FTP server is allowed on the target machine. The FTP server contains sensitive i...

Initial Access - Anonymous FTP access + Brute Forcing RDP Vulnerability Explanation: Anonymous FTP access allows for extraction of a file containing sensitive usernames. The usernames were then us...

Initial Access - Exposed credentials in PCAP file leads to SSH Access Vulnerability Explanation: A webpage on port 80 allows for a download of a PCAP file. The PCAP file contains valid credentials...

Initial Access - Vulnerable SMB version + Metasploit Vulnerability Explanation: A vulnerable version of SMB (Samba 3.0.20) is running on the target machine. A publicly available exploit is availab...

Objective There are many different types of vulnerabilities we can explore when attacking Active Directory. This can range from anywhere from cleartext passwords to ‘pass the hash’ attacks. On th...

Week 2 What I Did This Week This week I found and tested an application off of docker called ‘Plone.’ https://hub.docker.com/_/plone https://github.com/plone/plone.docker The reasons I’d ...

Initial Access - EternalBlue + Metasploit Vulnerability Explanation: The machine is vulnerable to EternalBlue. EternalBlue is an infamous exploit of the SMB port against old Windows machines. A pu...