Share
## https://sploitus.com/exploit?id=30830C09-DEA1-5389-9616-12490B2D9736
# Penetration Testing Labs โ€“ HTU

Hands-on penetration testing project covering exploit development, Active Directory attacks, web application security, privilege escalation, and post-exploitation techniques.

---

## Overview

This project demonstrates multiple offensive security techniques performed in controlled lab environments, following a structured penetration testing methodology.

The work includes exploit development, Active Directory attacks, privilege escalation, network pivoting, and web application security assessments.

---

## Project Highlights

### Buffer Overflow Exploitation

- Fuzzing vulnerable services
- EIP offset discovery
- JMP ESP exploitation
- Shellcode execution
- Bind shell creation
- Privilege escalation using Meterpreter

---

### Internal Network Pivoting

- Meterpreter port forwarding
- Internal network discovery
- EternalBlue (MS17-010)
- Lateral movement
- SYSTEM-level compromise

---

### Active Directory Attacks

- BloodHound enumeration
- GenericWrite abuse
- Kerberoasting
- Password cracking with John the Ripper
- SMB remote execution using Impacket

---

### Web Application Security

Completed multiple web exploitation challenges involving:

- SQL Injection
- Cross-Site Scripting (XSS)
- Cookie manipulation
- Authentication bypass
- Local File Inclusion (LFI)
- Source code disclosure
- Template Injection

---

### Burp Suite Labs

Completed PortSwigger Academy lab involving:

- HTTP/2 Single-Packet Attack
- Authentication bypass
- Rate limit bypass using Turbo Intruder

---

## Tools Used

- Kali Linux
- Metasploit Framework
- msfvenom
- Immunity Debugger
- mona.py
- Netcat
- Burp Suite
- Turbo Intruder
- BloodHound
- Impacket
- John the Ripper
- Hydra
- Hashcat
- Python

---

## Key Skills Demonstrated

- Exploit Development
- Buffer Overflow Exploitation
- Active Directory Security
- Web Application Penetration Testing
- Privilege Escalation
- Lateral Movement
- Network Pivoting
- Post Exploitation
- Offensive Security Methodology

---

Developed as part of the Penetration Testing course at Al Hussein Technical University.