Network Penetration Test Project Summary

Introduction

For this project I conducted a network penetration test for Example Corpo to evaluate their internal security posture. The assessment was carried out over a period of twelve days and focused on identifying and exploiting vulnerabilities within their network. Click here to view: Pen Test Report Project

Assessment Overview

The penetration test aimed to simulate the actions of an attacker within the internal network. This involved scanning for vulnerabilities, exploiting identified weaknesses, and assessing the impact of potential attacks. The key phases of the test included planning, discovery, attack, and reporting.

Key Findings

During the assessment, several critical and high-severity vulnerabilities were identified:

1. vsftpd 2.3.4 Backdoor (Critical)

   • An FTP server running vsftpd version 2.3.4 was found with a backdoor vulnerability. This allowed unauthorized access to the system.

2. FTP Weak Passwords (Critical)

   • Weak passwords were identified on the FTP server, making it susceptible to brute-force attacks. Using a tool called Hydra, the username "msfadmin" and its weak password were discovered.

3. SMB Vulnerabilities (Critical)

   • The EternalBlue exploit was used to gain a reverse shell, providing unauthorized access to the system.

4. WebDAV Misconfiguration (Critical)

   • The WebDAV service allowed unauthorized file uploads, enabling the upload of a PHP web shell that could execute commands remotely.

5. SMTP User Enumeration (High)

   • The SMTP server was vulnerable to user enumeration via the VRFY command, allowing attackers to verify valid usernames for further attacks.

Recommendations

To mitigate these vulnerabilities, the following actions were recommended:

1. Upgrade vsftpd

   • Upgrade to the latest version and restrict access to trusted users. Regularly monitor server logs for suspicious activity.

2. Enforce Strong Password Policies

   • Implement complex password requirements and account lockout mechanisms. Regularly review access logs for suspicious login attempts.

3. Patch and Update Systems

   • Update and patch all systems, disable SMBv1, and use SMBv2 or SMBv3. Implement network segmentation and monitor SMB traffic.

4. Secure WebDAV

   • Disable WebDAV if not needed, or restrict access to trusted IPs and require authentication. Conduct regular security audits.

5. Harden SMTP

   • Disable the VRFY command, use secure authentication methods, and implement rate limiting. Regularly monitor and audit SMTP logs.

Conclusion

The penetration test provided valuable insights into Example Corpo's internal security posture, identifying critical areas for improvement. By addressing the identified vulnerabilities and implementing the recommended security measures, Example Corpo can significantly enhance their security posture and reduce the risk of successful attacks. Regular security assessments and updates are crucial to maintaining a robust defense against evolving threats.

 

Why I Think the SOC Level 1 Learning Path on TryHackMe is Perfect for Beginners

Introduction

Some time last year (mid-2023), I was looking for the right training that would suit someone who was a little novice. I had some experience already. I heard a lot about TryHackMe and decided to check it out. The first path I did was SOC Level 1.

Accessible Learning Material

The SOC Level 1 learning path on TryHackMe is designed for beginners with virtually no experience. I had some certs and hands-on experience already, but I still found this challenging enough to where I had to think and problem-solve. The material is digestible and presented clearly to someone who isn't technical at all. Cybersecurity can get pretty complex, but this path took those complex topics and really broke them down Barney style.

Hands-On Experience

As someone who's very hands-on and visual, I really liked the labs. As a beginner, practical experience is invaluable. The SOC Level 1 path includes several interactive labs that allow you to apply what you’ve learned in real-world scenarios. These exercises cover:

• Investigating Security Incidents: Using tools like Splunk and Carbon Black to analyze and respond to simulated security incidents.
• Detecting Threats: Setting up and configuring SIEM tools to detect and investigate potential threats.
• Remediating Vulnerabilities: Performing vulnerability scans and applying patches to secure systems.

Structured Learning Path

For beginners, having a structured learning path is essential. The SOC Level 1 path is well-organized, guiding you step-by-step through the fundamentals of working in a SOC. The learning path covers key areas such as:

• Incident Response: Understanding the process of identifying, containing, eradicating, and recovering from security incidents.
• Threat Detection: Learning to detect potential threats using log analysis, network monitoring, and endpoint security.
• Vulnerability Management: Gaining skills in regular scanning, patch management, and maintaining secure configurations.

Real-World Relevance

The hands-on labs include real-world scenarios you would encounter as a SOC Analyst. The hands-on experience offers a lot of value. As a beginner, you can showcase this to employers during an interview. Even though you have no formal experience, it doesn't mean you can't demonstrate informal experience and enthusiasm to learn.

Community and Support

If you are struggling with these paths, Google will become your best friend if it already wasn't. Even better, some YouTubers have posted step-by-step tutorials, so you can easily have a split screen monitor and follow along.

Conclusion

The SOC Level 1 learning path on TryHackMe is an excellent starting point for beginners in cybersecurity. It offers accessible learning material, hands-on experience, a structured learning path, and real-world relevance. By completing this path, you’ll gain foundational skills and practical knowledge essential for a career in cybersecurity.

If you’re a beginner looking to break into the field, I highly recommend the SOC Level 1 learning path on TryHackMe. It’s a great way to build your skills, gain confidence, and prepare for the exciting challenges of a cybersecurity career.

Linux Privilege Escalation Project Summary

What is privilege escalation? 

Privilege escalation on a Linux machine involves exploiting vulnerabilities to gain higher access levels, such as root privileges. This is dangerous because it allows hackers to gain complete control over the system. Users should have proper security measures in place to prevent such exploits.

In this project, I demonstrated Linux privilege escalation by using LinEnum to gain root access and exploit hidden files. Here’s a step-by-step summary:

Step 1: Setting Up the Environment

I set up a target Linux machine and ensured I had SSH access. This allowed me to interact with the machine remotely.

Step 2: Running LinEnum

I downloaded and ran LinEnum, a script that helps in enumerating information and potential vulnerabilities in Linux systems. The command used was:

wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
chmod +x LinEnum.sh
./LinEnum.sh

Step 3: Analyzing the Output

LinEnum provided a detailed report on system configurations, potential vulnerabilities, and misconfigurations. I focused on areas with high privilege escalation potential.

Step 4: Identifying Hidden Files

During the analysis, I found hidden files and directories that were not secured properly. These files contained sensitive information that could be leveraged for escalation.

Step 5: Exploiting Vulnerabilities

I used the information from LinEnum to exploit identified vulnerabilities. For instance, I found a misconfigured sudoers file that allowed me to execute commands as the root user without a password:

sudo -i

Step 6: Gaining Root Access

By exploiting the sudoers file, I successfully escalated my privileges to root, gaining full control over the system.

Step 7: Documenting Findings

I documented all findings and steps taken during the project. This included the initial setup, execution of LinEnum, analysis of its output, exploitation of vulnerabilities, and the final privilege escalation.

Conclusion

This project highlighted the importance of regular system audits and proper configuration management to prevent privilege escalation. Using tools like LinEnum can significantly aid in identifying potential security weaknesses.