## https://sploitus.com/exploit?id=76F39A8F-8CFE-52EF-9C1D-07DD9B8FF2BE
# UNF Penetration Testing Report โ Red Team Engagement
This repository contains a **comprehensive penetration testing report** completed as part of the
**Fullstack Academy Cybersecurity Bootcamp at the University of North Florida (UNF), 2025.**
## ๐ฏ Objective
The goal of this engagement was to simulate a real-world cyberattack and assess the
security posture of an isolated target network. The test followed a **red team approach**,
focusing on discovering, exploiting, and documenting vulnerabilities while adhering to
ethical penetration testing principles.
## ๐งฐ Tools Used
- **Nmap** โ Network discovery and port scanning
- **Metasploit Framework** โ Exploitation and post-exploitation
- **SQLMap** โ SQL injection detection and exploitation
- **Netcat** โ Reverse shell connections
- **John the Ripper** โ Password hash cracking
- **Linux Command-Line Utilities** โ Enumeration and privilege escalation
## ๐งฉ Key Findings
| # | Severity | Finding | Description |
|---|-----------|----------|-------------|
| 1 | High | Open Ports with Unauthorized Access | Ports 1013 and SSH allowed unauthorized login attempts |
| 2 | High | SQL Injection Vulnerability | Web app input not sanitized, allowing data retrieval |
| 3 | High | Sensitive File Exposure | Exposed credentials and administrator data |
| 4 | High | Weak Password Hash | Cracked password: **pokemon** |
## ๐งจ Attack Walkthrough
- Identified open ports using Nmap and performed service enumeration
- Discovered a **command injection** vulnerability via web input (`; whoami`)
- Exploited **SQL injection** to obtain SSH private keys
- Used the stolen key to access a remote server on port 2222
- Retrieved and cracked an **MD5 hash** using John the Ripper
- Leveraged cracked credentials in **Metasploit PsExec** to gain Administrator access
- Dumped password hashes with `hashdump` and reused them for lateral movement
- Found and exfiltrated the final flag file: