Message from @Gespa

EndangeredProdigy

2019-07-12 23:35:06 UTC

That's not how it works lol

Gespa

2019-07-12 23:35:13 UTC

You’re being quite obstinate Tim

Spooky Melon

2019-07-12 23:35:20 UTC

ye

svarozhyc

2019-07-12 23:35:47 UTC

so you're trying to get gud? stackoverflow is probably where you should be lol

EndangeredProdigy

2019-07-12 23:36:02 UTC

I'm just trying to do this assignment for now

Gespa

2019-07-12 23:36:12 UTC

@EndangeredProdigy what specifically are you tasked with doing? You weren’t given any sort of idea?

EndangeredProdigy

2019-07-12 23:36:59 UTC

One sec I'll paste the instructions

Spooky Melon

2019-07-12 23:37:16 UTC

all you've told us is "get in some server and get some credentials"

EndangeredProdigy

2019-07-12 23:37:29 UTC

Objective
The objective of this scenario is to deface the corporate web server. In order to accomplish this objective, you need to complete a series of tasks designed to test your ability to enumerate and identify potential system and network vulnerabilities, exploit systems and/or networks based on vulnerability discoveries, recover system user credentials, use recovered credentials to pivot onto other information systems in the network(s) and establish a connection to deface the corporate web server.
Each task in this scenario builds upon the task before it. There may be a situation where a solution exists outside the proposed task methodology. You are NOT penalized for using a different solution – please use whatever means necessary to achieve the final objective – Deface the Web Server.

EndangeredProdigy

2019-07-12 23:37:52 UTC

Scenario
You were recently hired for a Pentration Tester position. You are responsible for pentration testing information systems located in the Local Area Network (LAN) and the Demilitarized Zone (DMZ).
A new web server was recently installed in the DMZ and you are tasked with attempting to compromise this server as a simulated external (WAN/Internet) threat. For the purposes of this exercise you have access to a Kali Linux virtual machine.
Notes:
The IP address of the external router is 198.51.100.1/32.
The IP address of the corporate web server resides somewhere on the 120.38.48.0/24 network.

EndangeredProdigy

2019-07-12 23:38:25 UTC

Scenario
In this exercise, you will use a Kali Linux virtual machine to intrude into a demonstration network to deface a corporate web server.
1. Use the Kali Linux virtual machine to enumerate the network and discover any potential misconfigurations and/or vulnerable information systems.
Log into the Kali Linux VM:
Username: root
Password: performanscore
2. Based on your vulnerability discovery(ies), exploit the system(s) using the Kali Linux virtual machine.
3. Use a method available to you on the Kali Linux virtual machine to recover any credentials from the compromised system.
4. Use your newly acquired network access to create a pass-through capability (PIVOT) onto other networks of opportunity.
5. Use the built-in functions of Metasploit on the Kali Linux virtual machine to conduct a portscan on the LAN network. Discover any potential misconfigurations and/or vulnerable information systems.
6. Use the previously stolen credentials to access the domain controller.
7. Leverage xfreerdp on the Kali Linux virtual machine to RDP onto the Windows 8 VM.
8. Deface the webpage hosted on the web server by modifying the webpage index.html file.