Week 3 HTB Report funnel

Report by Rowen
 Table of Contents
Pen Test: funnel
Intro and Objective
Introduction
Objective
Report – high level summary
High level summary
Recommendations
Report – Methodologies
 Introduction and Objective
Introduction
This document provides comprehensive and detailed documentation
outlining the steps taken to penetrate the security and resilience of the target known
as "funnel." Throughout this guide, we will cover various measures and best
practices aimed at fortifying the machine against potential vulnerabilities and
security threats.
Objective
The objective of the penetration test is to discover and exploit vulnerabilities
in the machine with the main target being to gain access to machine and gain
administrator privileges. However, this is not for malicious purpose as the scope of
this test is to demonstrate the process used in a concise manner while also
explaining any steps or best practices to be taken to patch or monitor the associated
vulnerabilities to secure the target machine.
 Report: High level summery

Summery
I was tasked with performing the Pen test against the target on the HTB
network. The test serves as a simulated attack against this specific machine.
Initially I scanned the machine to see what ports were open and what was running.
The target has a ftp protocol open with anonymous login, where one can find the
users and one of the new ones has the default password which we can login to.
Using a tunnel we can connect to the service running on port 5432.
Recommendations
The main thing that could be done to prevent this situation is to not have
anonymous ftp login and to not store password conventions within the service. The
machine could also be better configured so that the PostgreSQL isn’t able to be
exploited.
 Report – Methodologies
First we scan the target

https://www.rffuste.com/2023/03/06/htb-funnel/