Share
## https://sploitus.com/exploit?id=9B4BA341-1CBF-59D6-AA40-33596997F23B
# ๐ Network Service Exploitation Lab (VAPT Project)
## ๐ Overview
This project demonstrates a **full network penetration testing workflow**, focusing on the exploitation of common network services in a controlled lab environment.
The objective was to simulate real-world attack scenarios by identifying vulnerabilities, exploiting them, and chaining multiple services to achieve **full system compromise**.
---
## ๐ฏ Objectives
* Perform structured network reconnaissance and enumeration
* Identify vulnerabilities across exposed services
* Exploit misconfigurations and known CVEs
* Achieve privilege escalation and system compromise
* Demonstrate **multi-service attack chaining**
* Produce a professional **Vulnerability Assessment & Penetration Testing (VAPT) report**
---
## ๐ง Key Highlights
* ๐ Unauthenticated Remote Code Execution (FTP backdoor)
* ๐ฃ SMB exploitation using EternalBlue (MS17-010)
* ๐ SSH brute-force and privilege escalation
* ๐ Full filesystem access via misconfigured NFS (RPC)
* ๐ Attack chaining across multiple services
* ๐ Detailed VAPT report with CVE & CVSS mapping
---
## ๐๏ธ Lab Environment
| Role | System | IP Address |
| -------- | ---------------- | --------------- |
| Attacker | Kali Linux | 192.168.109.131 |
| Target 1 | Metasploitable 2 | 192.168.109.130 |
| Target 2 | Windows XP | 192.168.109.132 |
> โ ๏ธ This environment is intentionally vulnerable and designed for learning and demonstration purposes.
---
## โ๏ธ Methodology
The assessment followed a standard penetration testing lifecycle:
1. Reconnaissance
2. Service Enumeration
3. Vulnerability Identification
4. Exploitation
5. Privilege Escalation
6. Post-Exploitation
7. Reporting
---
## ๐ Services Exploited
### ๐ก FTP (Port 21)
* Vulnerable version: vsFTPd 2.3.4
* CVE: CVE-2011-2523
* Impact: Unauthenticated remote shell access
---
### ๐ฅ๏ธ SMB (Port 445)
* Vulnerability: MS17-010 (EternalBlue)
* CVE: CVE-2017-0144
* Impact: Remote code execution as SYSTEM
---
### ๐ SSH (Port 22)
* Weak credentials exploited via brute force
* Privilege escalation via sudo misconfiguration
* Impact: Full root access
---
### ๐ RPC / NFS (Port 111)
* Misconfiguration: Root directory (`/`) exported to all hosts
* Impact: Full filesystem access without authentication
---
## ๐ Attack Chain Summary
The project demonstrates realistic attack paths:
```
FTP โ Root Access โ Credential Extraction
SMB โ SYSTEM Access โ Persistence
SSH โ Brute Force โ Privilege Escalation
RPC/NFS โ Filesystem Mount โ Credential Dump
```
> These chains reflect how attackers pivot across services in real environments.
---
## ๐ Impact
* Full system compromise (Linux & Windows)
* Credential disclosure and reuse
* Persistent access creation
* Potential lateral movement
**Overall Risk: ๐ด CRITICAL**
---
## ๐ก๏ธ Mitigation Overview
Key defensive measures include:
* Patch management and software updates
* Disabling deprecated protocols (SMBv1)
* Strong authentication policies
* Network segmentation and firewalling
* Monitoring and intrusion detection
> Detailed remediation strategies are included in the full report.
## ๐ ๏ธ Tools Used
* Nmap
* Metasploit Framework
* Hydra / Ncrack
* Netcat
* John the Ripper
## ๐ Learning Outcomes
* Understanding of network service vulnerabilities
* Hands-on exploitation of real CVEs
* Development of attacker mindset
* Ability to write professional pentest reports
* Exposure to multi-service attack chaining
---
## โ ๏ธ Disclaimer
This project was conducted in a controlled lab environment for educational purposes only.
Do not attempt these techniques on systems without proper authorization.
---
## ๐ฌ Contact
If youโd like to discuss this project or collaborate, feel free to reach out.
---