Overview

The goal of this lab was to achieve root compromise on the Nancurunir machine and generate a pen test report detailing your process.

Useful Commands and Instructions

All of the steps I conducted are available in the report available here: Soares_PenTestReport_04_09.pdf

Resource for the python reverse shell: https://gist.github.com/gustavohenrique/0721a23900f51287e517aed3662d4f3a

Issues and Troubleshooting

Troubleshooting took up a substantial amount of time for this particular lab--apart from documenting everything as I went for the report, I ran into multiple stuck points--often because of reverse shell logistics and simple user permission issues. I tended to perform better when I took short breaks from the work to clear my head and approach the problems from a fresh perspective. I still have a ways to go when it comes to scripts and automation, so this lab in particular put me well outside of my comfort zone. I found it refreshing to document my work in an actual document, despite the additional time it took to complete the lab as a result.

Questions/Reflection

My takeaways from this lab were the importance of strong password policies, robust encryption algorithms, and keeping systems updated to newer versions. Most of the exploits that I was leveraging were patched in more recent versions, and introducing greater credential complexity would've slowed down more experienced hackers and may have even prevented me from attaining root privileges.