Share
## https://sploitus.com/exploit?id=9B4BA341-1CBF-59D6-AA40-33596997F23B
# ๐Ÿ” Network Service Exploitation Lab (VAPT Project)

## ๐Ÿ“Œ Overview

This project demonstrates a **full network penetration testing workflow**, focusing on the exploitation of common network services in a controlled lab environment.

The objective was to simulate real-world attack scenarios by identifying vulnerabilities, exploiting them, and chaining multiple services to achieve **full system compromise**.

---

## ๐ŸŽฏ Objectives

* Perform structured network reconnaissance and enumeration
* Identify vulnerabilities across exposed services
* Exploit misconfigurations and known CVEs
* Achieve privilege escalation and system compromise
* Demonstrate **multi-service attack chaining**
* Produce a professional **Vulnerability Assessment & Penetration Testing (VAPT) report**

---

## ๐Ÿง  Key Highlights

* ๐Ÿ”“ Unauthenticated Remote Code Execution (FTP backdoor)
* ๐Ÿ’ฃ SMB exploitation using EternalBlue (MS17-010)
* ๐Ÿ”‘ SSH brute-force and privilege escalation
* ๐Ÿ“‚ Full filesystem access via misconfigured NFS (RPC)
* ๐Ÿ”— Attack chaining across multiple services
* ๐Ÿ“„ Detailed VAPT report with CVE & CVSS mapping

---

## ๐Ÿ—๏ธ Lab Environment

| Role     | System           | IP Address      |
| -------- | ---------------- | --------------- |
| Attacker | Kali Linux       | 192.168.109.131 |
| Target 1 | Metasploitable 2 | 192.168.109.130 |
| Target 2 | Windows XP       | 192.168.109.132 |

> โš ๏ธ This environment is intentionally vulnerable and designed for learning and demonstration purposes.

---

## โš™๏ธ Methodology

The assessment followed a standard penetration testing lifecycle:

1. Reconnaissance
2. Service Enumeration
3. Vulnerability Identification
4. Exploitation
5. Privilege Escalation
6. Post-Exploitation
7. Reporting

---

## ๐Ÿ” Services Exploited

### ๐Ÿ“ก FTP (Port 21)

* Vulnerable version: vsFTPd 2.3.4
* CVE: CVE-2011-2523
* Impact: Unauthenticated remote shell access

---

### ๐Ÿ–ฅ๏ธ SMB (Port 445)

* Vulnerability: MS17-010 (EternalBlue)
* CVE: CVE-2017-0144
* Impact: Remote code execution as SYSTEM

---

### ๐Ÿ” SSH (Port 22)

* Weak credentials exploited via brute force
* Privilege escalation via sudo misconfiguration
* Impact: Full root access

---

### ๐ŸŒ RPC / NFS (Port 111)

* Misconfiguration: Root directory (`/`) exported to all hosts
* Impact: Full filesystem access without authentication

---

## ๐Ÿ”— Attack Chain Summary

The project demonstrates realistic attack paths:

```
FTP โ†’ Root Access โ†’ Credential Extraction  
SMB โ†’ SYSTEM Access โ†’ Persistence  
SSH โ†’ Brute Force โ†’ Privilege Escalation  
RPC/NFS โ†’ Filesystem Mount โ†’ Credential Dump  
```

> These chains reflect how attackers pivot across services in real environments.

---

## ๐Ÿ“‰ Impact

* Full system compromise (Linux & Windows)
* Credential disclosure and reuse
* Persistent access creation
* Potential lateral movement

**Overall Risk: ๐Ÿ”ด CRITICAL**

---

## ๐Ÿ›ก๏ธ Mitigation Overview

Key defensive measures include:

* Patch management and software updates
* Disabling deprecated protocols (SMBv1)
* Strong authentication policies
* Network segmentation and firewalling
* Monitoring and intrusion detection

> Detailed remediation strategies are included in the full report.


## ๐Ÿ› ๏ธ Tools Used

* Nmap
* Metasploit Framework
* Hydra / Ncrack
* Netcat
* John the Ripper


## ๐Ÿš€ Learning Outcomes

* Understanding of network service vulnerabilities
* Hands-on exploitation of real CVEs
* Development of attacker mindset
* Ability to write professional pentest reports
* Exposure to multi-service attack chaining

---

## โš ๏ธ Disclaimer

This project was conducted in a controlled lab environment for educational purposes only.
Do not attempt these techniques on systems without proper authorization.

---

## ๐Ÿ“ฌ Contact

If youโ€™d like to discuss this project or collaborate, feel free to reach out.

---