Share
## https://sploitus.com/exploit?id=A55BCA04-E09E-500D-BFB8-06D9C06122AF
# VAPT Task-3 โ Advanced Exploitation & PTES Report
## ๐ค Author
**Name:** Atharva Dave
**Role:** VAPT Intern / Security Researcher
**Methodology:** PTES (Penetration Testing Execution Standard)
---
## ๐ฏ Objective
This task focuses on advanced vulnerability exploitation, exploit chaining, privilege escalation, evidence collection, and professional reporting following PTES standards.
---
## ๐งช Lab Environment
| Component | Details |
|--------|--------|
| Attacker | Kali Linux |
| Target | Metasploitable2 |
| Web App | DVWA |
| Network | Host-Only |
| Target IP | 192.168.227.129 |
---
## ๐ Tools Used
- Nmap
- Metasploit Framework
- Burp Suite
- Wireshark
- sqlmap
- Exploit-DB
- Linux built-in utilities
---
## ๐ Exploit Chain Summary
Web Vulnerability (XSS / Command Injection)
โ
Initial Shell (www-data)
โ
Privilege Escalation (SUID nmap)
โ
Root Access
yaml
Copy code
---
## ๐จ Key Findings
| ID | Vulnerability | Severity |
|----|-------------|---------|
| F001 | Command Injection | Critical |
| F002 | Cross-Site Scripting (XSS) | Medium |
| F003 | VSFTPD 2.3.4 Backdoor | Critical |
| F004 | SUID Binary Misconfiguration | Critical |
---
## ๐ Privilege Escalation Details
- **Initial User:** www-data
- **Method:** SUID Binary Exploitation
- **Binary:** nmap
### Commands Used:
```bash
find / -perm -4000 -type f 2>/dev/null
nmap --interactive
!sh
whoami
Result: Root access obtained
๐งพ Evidence Collection
Network traffic captured using Wireshark
Evidence hashed using SHA-256
Screenshots included for validation
๐ Reports
Detailed reports and summaries are available in the reports/ directory:
PTES_Report.pdf
Executive_Summary.txt
๐ก Remediation Recommendations
Remove unnecessary SUID permissions
Patch outdated services
Enforce least privilege
Implement strict input validation
Conduct regular security assessments
โ
Conclusion
This task demonstrates how chaining multiple vulnerabilities can lead to complete system compromise. Proper hardening and security controls are required to prevent real-world attacks.