During a security assessment of a web application at http://aa.test.com:8088/Admin/Login, a SQL injection vulnerability was identified. The login request revealed that the username and password parameters were encrypted on the client side before transmission. Analysis of the page's JavaScript source...
Network Discovery and Target Identification Network reconnaissance involves identifying active devices and services on a target network. This process typically includes host discovery, port scanning, and service enumeration to map the attack surface. Host Discovery with ICMP ICMP echo requests (ping...
Installing Metasploit on Windows The installation process on Windows is straightforward. Obtain the latest Metasploit Framework installer from the official website. The installer includes the console and all necessary dependencies. Disable any antivirus software during installation, as it may flag c...
Configure the lab's domain controller to bind its IPv4 address to the Host-Only network adapter and ensure its listed first in the adapter order. Target systems include Win7, Win2003, and Win2008. During login to Win2003 and Win2008, password expiration prompts appear; update them to hongrisec@2020....
Deploy the target OVA in VirtualBox and configure the attacker environment using Kali Linux on the same internal network segment. After booting, identify the target's assigned IP through network scanning: arp-scan -l Once the target is identified (e.g., 10.0.2.15), perform aggressive service enumera...
Target Environment Overview Initial access was obtained through Sunflower remote management credentials on an unattended operations machine. The objective involves internal network penetration with three flags: flag1 on a DMZ web server user desktop, flag2 in the administrator folder on the same web...
Importent Notice: Wifiphisher is a highly aggressive Wi-Fi phishing framework that may be illegal depending on usage context. Unauthorized use to attack network infrastructure violates laws in most regions. Always comply with local legal requirements! Wifiphisher is an aggressive wireless Access Poi...
Environment Customization and Setup Kali Linux provides a robust foundation for penetration testing. Customizing the desktop environment and installing supplementary tools enhances operational efficiency. Configuring Alternate Desktop Environments Different desktop environments cater to varying hard...
Scope Definition and Engagement Rules Establish explicit boundaries before initiating any assessment. Define IP ranges, domain names, and excluded systems in the formal rules of engagement. Determine testing windows, emergency contacts, and authorization documentation. Black-box assessments operate...
Target Information Target VM: medium_socnet Source: VulnHub (https://www.vulnhub.com/entry/boredhackerblog-social-network,454/) Initial Reconnaissance With both the target and the attack host (Kali) on the same network segment, arpscan was used to identify the target's IP address. arpscan -l From th...