Share
## https://sploitus.com/exploit?id=30830C09-DEA1-5389-9616-12490B2D9736
# Penetration Testing Labs โ HTU
Hands-on penetration testing project covering exploit development, Active Directory attacks, web application security, privilege escalation, and post-exploitation techniques.
---
## Overview
This project demonstrates multiple offensive security techniques performed in controlled lab environments, following a structured penetration testing methodology.
The work includes exploit development, Active Directory attacks, privilege escalation, network pivoting, and web application security assessments.
---
## Project Highlights
### Buffer Overflow Exploitation
- Fuzzing vulnerable services
- EIP offset discovery
- JMP ESP exploitation
- Shellcode execution
- Bind shell creation
- Privilege escalation using Meterpreter
---
### Internal Network Pivoting
- Meterpreter port forwarding
- Internal network discovery
- EternalBlue (MS17-010)
- Lateral movement
- SYSTEM-level compromise
---
### Active Directory Attacks
- BloodHound enumeration
- GenericWrite abuse
- Kerberoasting
- Password cracking with John the Ripper
- SMB remote execution using Impacket
---
### Web Application Security
Completed multiple web exploitation challenges involving:
- SQL Injection
- Cross-Site Scripting (XSS)
- Cookie manipulation
- Authentication bypass
- Local File Inclusion (LFI)
- Source code disclosure
- Template Injection
---
### Burp Suite Labs
Completed PortSwigger Academy lab involving:
- HTTP/2 Single-Packet Attack
- Authentication bypass
- Rate limit bypass using Turbo Intruder
---
## Tools Used
- Kali Linux
- Metasploit Framework
- msfvenom
- Immunity Debugger
- mona.py
- Netcat
- Burp Suite
- Turbo Intruder
- BloodHound
- Impacket
- John the Ripper
- Hydra
- Hashcat
- Python
---
## Key Skills Demonstrated
- Exploit Development
- Buffer Overflow Exploitation
- Active Directory Security
- Web Application Penetration Testing
- Privilege Escalation
- Lateral Movement
- Network Pivoting
- Post Exploitation
- Offensive Security Methodology
---
Developed as part of the Penetration Testing course at Al Hussein Technical University.