Need help getting into Raven vm. Deadline is short and need a fast response on whether it can be done?
Pentesting Project: Attack Strategy BE ENSURE TO INCLUDE IMAGES OF STEPS AND RESULTS PERFORMED. Debriefing Scenario Your firm recently landed a contract to assess the security of their internal network. The most important machine on this network is their web server, which hosts their public-facing website. This machine also exposes an SSH server, which administrators can use to add, remove, or edit files on the website. Since this machine is so important to their core business, they do not want you to test the live production server. Instead, you’ve been provided a virtual machine image. The clients requested that you attach this VM to your local network and perform a preliminary assessment. This precaution ensures that nothing you do while testing will take the site offline or deface the public-facing website. Your Tools Therefore, you are allowed to attack it using any tools, technologies, and procedures (TTPs) that you see fit. Since you don’t have to worry about accidentally taking down the site, you are free to use brute-force and other high-bandwidth tactics. Your Objective You will be expected to find four hidden flags. These flags are placeholders for highly sensitive data that lives on the production server. If you find them, you have essentially compromised the firm’s security. You can find two on the website and two on the server’s file system. The firm provided no additional clues. In addition to the locations of the flags, you are expected to create a final report summarizing the vulnerabilities you found; how you exploited them; and which patches you’d recommend. Playbook You’re free to attack the site however you like. But you may also refer to the methodology below for a consistent approach. Host and Service Enumeration After launching the VM, use Nmap to scan your local subnet. Identify the target’s IP address, and then use Nmap to perform service, version,and OS discovery. Be sure to use stealth options and test for open UDP ports. netdiscover is another tool you can research for host discovery. Web Enumeration Your service scan should reveal an HTTP server. Use the following steps to explore and analyze the site: · Use Burp Suite to generate a site map by manually browsing the site. · Use Burp Spider to expand your site map. · Use wfuzz to perform URL enumeration. Use one of the default wordlists provided in the wfuzz directory. · Use wpscan to break through the WordPress blog’s login form. You will find two flags on the website. One is embedded in HTML somewhere on the site, the other is hidden in the WordPress administration panel. You will have to break in to it in order to find it. Network Exploitation and Post-Exploitation Pillaging Your Nmap scan should identify an SSH server. Use a tool like hydra or patator to brute-force the login. This should land you a user shell. Determine which accounts have sudo permissions, then find out which commands they’re allowed to run. When you discover which account is able to run Python as root, figure out how to use the snippet below to get a root shell on the victim machine: sudo python -c “import pty; pty.spawn(‘/bin/bash’)” From here, take a screenshot of your user ID to prove that you’re root. Then, use find or other tools to locate the flags on the server’s file system. Reporting After all is done and dusted, you’ll need to put together a report for your clients Executive Summary Provide a description of the business importance of your findings. I.e., summarize the most critical vulnerability/ies discovered; explain why they’re critical, and how they can harm the business; and how quickly the business should act to fix the issues you discovered. Attack Narrative This assessment involved the attempted compromise of multiple machines on the target subnet. Each phase of the test is documented below. Reconnaissance General Reconnaissance Summarize your Nmap scan results/findings. Enumeration and Vulnerability Analysis This section summarizes the most critical vulnerabilities affecting the target network. FIll out the table below for your target. Under Vulnerabilities, include things like: “Exposed Login Server”, “Exposed Web Server”, etc. IP Address Operating System Vulnerabilities Risk (Low/Med/High) Web Server Analysis Summarize the steps you took to analyze the web server, and document your findings. This should include a summary of the steps you took to investigate it; vulnerabilities you discovered; and any steps you took to exploit it. Network Analysis Summarize the steps you took to break into the SSH server. This should include a summary of the steps you took to investigate it; vulnerabilities you discovered; and any steps you took to exploit it. Post-Exploitation Exploration and Privilege Escalation Summarize the steps you took to escalate from a user shell to a root shell. This should include a summary of how you identified the correct privilege escalation method; the command you ran to execute it; and a screenshot proving that it succeeded. In addition, include paths to each of the flags you find on the target. Conclusion and Recommendations Based on the results documented above, we recommend the client take the following steps to remediate the vulnerabilities identified on the target machine. Web Server Suggest a patch for each vulnerability you identified and exploited in the web server. Network Services Suggest a patch for each vulnerability you identified and exploited in the SSH server. Hardening the Server Suggest a patch for each vulnerability you identified and exploited to achieve privilege escalation.