The objective of this project was to find the 6 flags which were hiddent in a Windows and a Linux server. The process of finding the flags included the below.
The initial step for Vulnerability Assessment is to understand the attack surface. It is essential to know which services are running in the system and which of these services could have possible vulnerabilities.
Nmap scans are used to find the running services and the open ports in both the Windows and Linux machines
NESSUS scan is run on the Windows machine to identify the running services and potentially vulnerable services running on the server
Some portion of the Windows memory was encrypted using VeraCrypt. The password to the encrypted volume was found using a Phishing attack.
| Vulnerability | Tool | Procedure |
|---|---|---|
| SMB Vulnerability | Metasploit | Metasploit exploit was run and shell access was gained in the server |
| Weak Security knowlegde of users | Phishing Attack | Spear phishing used to persuade the user to reveal his password |
| Weak Passwords | John the Ripper | Passwords were brute forced |
| Poor error handling | SQLMap | SQL Injection was performed |
| Burpsuite | Header details were grabbed | |
| File Upload Vulnerability | Weevely | Backdoor was created to gain access to the file system |