In this lab, we exploited Nancurinir (10.0.5.28)

Link to my Pen Test report

Notes

All technical documentation covered is inside my tech journal/the report itself. Instead, this page acts as a reflection.

Reflection:

The biggest thing to come out of this week for me is the importance of "simplest path forward" and shells we have previously used. By "simplest path forward" I mean that instead of thinking of the most complex way to solve something, like I do, asking "what is the simplest way this could be done." For example, on a login, guessing that the name used a lot and the name of the gif is the password. Pretty simple when you think about it, but that was how to solve this lab. It may not always work, but I have found it better to try that first THEN escalate. This week, a peer had to help me with this process and that's how I got my initial foothold on phpMyAdmin. Without that, I think I would still be trying to crack the webpage with Hydra, instead of the advice to just use the words on the webpage. After this, a professor then needed to inform me that I needed to search around a bit more and find database credentials. I think if I would have slowed down, centered, and thought of the simple way/explored I could have gotten access sooner. Later on, I employed this with the "gandalf" user and thats how I got user/root access. The last big thing was shells, as I made use of both a webshell and a reverse shell this week. I think that Weevely is my permanent webshell of choice, and the Python reverse shell I have works GREAT and I plan to continue using it on targets that have Python. Overall, good lessons learned this week heading into the final stretch of the year.