📄️ Welcome to the course
Rationale
📄️ Introduction
The lab is composed of several deliberately vulnerable applications and configurations. Assume each web application runs on a separate host and participants are expected to fully compromise each target, culminating in shell access. Attacks must be conducted from the standpoint of an unauthenticated external attacker.
📄️ Scenario and Kickoff
Our client, Keym4ker Inc., has contracted our company, Clo4k & D4gger Security, Ltd., to perform a full-scope External Penetration Test to assess their perimeter security. The customer has asked us to identify as many vulnerabilities as possible; therefore, evasive testing is not required. They would like to see what sort of access can be achieved by an anonymous user on the Internet. Per the Rules of Engagement (RoE), if we can breach the DMZ and gain a foothold into the internal network, they would like us to see how far we can take that access, up to and including Active Directory domain compromise. The client has not provided web application, VPN, or Active Directory user credentials. The following domain and network ranges are in scope for testing:
📄️ Information Gathering
Information gathering is the phase where we systematically collect as much relevant data as possible about the target environment using a mix of passive and active techniques. This includes researching the target organization, identifying the technologies, software, and hardware they rely on, and mapping out the external and internal attack surfaces. The goal is to uncover potential security gaps or misconfigurations that could serve as an entry point, laying the groundwork for the next phases of the penetration test.
📄️ Web Enumeration and Exploitation
This lab contains intentionally vulnerable web applications and is explicitly authorized for testing. Techniques used here—such as input manipulation, authentication bypass, file inclusion, command injection, and brute-force attack are powerful and potentially destructive in real-world environments.
📄️ Post Exploitation
Post-exploitation activities in this lab (e.g., privilege escalation, credential harvesting, lateral movement, persistence mechanisms, and data access) are explicitly authorized only within the defined lab environment.
📄️ Linux Privilege Escalation
This lab authorizes the use of Linux privilege escalation techniques including misconfigured sudo rules, SUID binaries, weak file permissions, kernel exploits, and credential reuse—only within the defined lab environment.
📄️ Windows Privilege Escalation
ToDo