Scribd Logo
Upload

Welcome to Scribd!

  • CEH Three Lab

    Uploaded by

    rowen prather
    3 views7 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views7 pages

    CEH Three Lab

    Uploaded by

    rowen prather

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Week 3 HTB Report three

    Report by Rowen
    Table of Contents
    Pen Test: three
    Intro and Objective
    Introduction
    Objective
    Report – high level summary
    High level summary
    Recommendations
    Report – Methodologies
    Introduction and Objective
    Introduction
    This document provides comprehensive and detailed documentation
    outlining the steps taken to penetrate the security and resilience of the target known
    as "three." Throughout this guide, we will cover various measures and best
    practices aimed at fortifying the machine against potential vulnerabilities and
    security threats.
    Objective
    The objective of the penetration test is to discover and exploit vulnerabilities
    in the machine with the main target being to gain access to machine and gain
    administrator privileges. However, this is not for malicious purpose as the scope of
    this test is to demonstrate the process used in a concise manner while also
    explaining any steps or best practices to be taken to patch or monitor the associated
    vulnerabilities to secure the target machine.
    Report: High level summery

    Summery
    I was tasked with performing the Pen test against the target “three” on the
    HTB network. The test serves as a simulated attack against this specific machine.
    Initially I scanned the machine to see what ports were open and what was running.
    The Target has an Apache server up running a linux ubuntu site. The site is
    thetopper.htb that had subdomains running in the background that could be
    interacted with. The service was an amazon aws that one could connect to with
    spoofed credentials to gain access to the target. After to gain root access a php web
    shell could be uploaded via the aws and called up through the site to give root
    access.
    Recommendations
    The main thing that could be done to prevent this situation is to update the
    amazon configuration so that it can’t be connected to without some form of
    verification. Possible updating the os or operating system so that they aren’t as
    vulnerable. The other thing you could implement is have logging and make sure to
    audit those logs.
    Report – Methodologies
    First we scan the target
    Spent the rest of the time looking throught he website. The walkthrough I found used gobuster to find
    the sub directories but my gobuster isn’t working.

    https://daniel-schwarzentraub.medium.com/htb-tier-1-starting-point-three-8b487e409816

    You might also like