Share
## https://sploitus.com/exploit?id=76F39A8F-8CFE-52EF-9C1D-07DD9B8FF2BE
# UNF Penetration Testing Report โ€“ Red Team Engagement

This repository contains a **comprehensive penetration testing report** completed as part of the  
**Fullstack Academy Cybersecurity Bootcamp at the University of North Florida (UNF), 2025.**

## ๐ŸŽฏ Objective
The goal of this engagement was to simulate a real-world cyberattack and assess the  
security posture of an isolated target network. The test followed a **red team approach**,  
focusing on discovering, exploiting, and documenting vulnerabilities while adhering to  
ethical penetration testing principles.

## ๐Ÿงฐ Tools Used
- **Nmap** โ€“ Network discovery and port scanning  
- **Metasploit Framework** โ€“ Exploitation and post-exploitation  
- **SQLMap** โ€“ SQL injection detection and exploitation  
- **Netcat** โ€“ Reverse shell connections  
- **John the Ripper** โ€“ Password hash cracking  
- **Linux Command-Line Utilities** โ€“ Enumeration and privilege escalation  

## ๐Ÿงฉ Key Findings
| # | Severity | Finding | Description |
|---|-----------|----------|-------------|
| 1 | High | Open Ports with Unauthorized Access | Ports 1013 and SSH allowed unauthorized login attempts |
| 2 | High | SQL Injection Vulnerability | Web app input not sanitized, allowing data retrieval |
| 3 | High | Sensitive File Exposure | Exposed credentials and administrator data |
| 4 | High | Weak Password Hash | Cracked password: **pokemon** |

## ๐Ÿงจ Attack Walkthrough
- Identified open ports using Nmap and performed service enumeration  
- Discovered a **command injection** vulnerability via web input (`; whoami`)  
- Exploited **SQL injection** to obtain SSH private keys  
- Used the stolen key to access a remote server on port 2222  
- Retrieved and cracked an **MD5 hash** using John the Ripper  
- Leveraged cracked credentials in **Metasploit PsExec** to gain Administrator access  
- Dumped password hashes with `hashdump` and reused them for lateral movement  
- Found and exfiltrated the final flag file: