## https://sploitus.com/exploit?id=7AC8205E-A972-5404-AC3F-C02DB8D80B29
# Network Attack and Defence Technology Lab
## Project Overview
This project details a rigorous, hands-on penetration testing and vulnerability assessment engagement executed within a simulated virtual lab environment. The assessment follows a structured, four-phase security methodology—**Information Gathering, Focused Penetration, Post-Exploitation, and Documented Clean-up**—targeting two distinct host architectures to evaluate their overall security posture and data disclosure risks.
## Lab Environments & Target Targets
### Target 1 (192.168.68.147) - Configuration Flaws
* **Assessment:** Evaluated against critical system configuration flaws.
* **Vulnerability Scanning:** Leveraged automated vulnerability scanning via Tenable Nessus to identify severe information disclosure vectors.
* **Exploitation & Data Harvesting:** * Achieved unauthenticated read access across exposed Network File System (NFS) exports and Server Message Block (SMB) shares using `smbclient`.
* Successfully extracted user environment profiles (`.bashrc`, `.profile`).
* Leveraged the default community string (`"public"`) via `snmpwalk` to extract core OS metadata.
* Exploited a misconfigured `rsync` service on port 873 to perform a complete download of internal user directories.
### Target 2 (192.168.68.148) - Web Application & Server-Side Exploitation
* **Assessment:** Shifted focus entirely toward web application and server-side vulnerabilities.
* **Remote System Compromise:** Achieved full system compromise by exploiting the critical **Shellshock** vulnerability (CVE-2014-6271) on an Apache CGI script.
* **Post-Exploitation:** Used custom `curl` payloads and Metasploit's Meterpreter to enable valid user enumeration via `/etc/passwd`.
* **Web Attack Validation:** Validated advanced web attack vectors, including arbitrary file upload capabilities within Coppermine Photo Gallery ($\le$ 1.4.14) and HTTP request smuggling techniques.