Penetration Testing Task

Penetration Testing Task – Full Scope
🛰️ Networks Involved
Internal: 192.168.109.0/24 (via provided .ovpn)

External: 212.87.244.0/24 (publicly reachable)

✅ Objectives
Identify and exploit web application vulnerabilities (on internal & external hosts)

Enumerate and test Couchbase services

Verify access to systems over SSH, using given credentials on ports 22 or 11155

Check for privilege escalation paths

Document working exploits (PoC), misconfigurations, and hardcoded/default creds

🧪 Detailed Test Scope
🔍 1. Service Discovery
Run full TCP/UDP scans (e.g., nmap -p-, -sV, -sC, etc.)

Focus on:

HTTP(S) ports (80, 443, 8080, 8091)

SSH (22, 11155)

Couchbase (default 8091–8094, 11210)

🌐 2. Web Service Testing
Test for:

Weak login/auth bypass

SQLi, RCE, LFI, XSS

Couchbase web UI access or open REST endpoints

Use:

Nikto, Gobuster, ffuf, Burp Suite, OWASP ZAP

🛠️ 3. SSH Testing
Use provided credentials to login (22 or 11155)

Try privilege escalation (sudo -l, weak binaries, writable scripts, cron jobs)

Check for:

.bash_history, .ssh/, config leaks

Lateral movement via /etc/hosts, shared SSH keys, mounted shares

🔐 Target Systems & Credentials
SSH-accessible Targets
External IP	Internal IP	Login(s) + Password(s)	SSH Port(s)
212.87.244.194	192.168.109.1	absuser / #bB=v7Ml6KNX73s0KRTo2!	22, 11155
212.87.244.195	192.168.109.2	absuser / #bB=v7Ml1KRPok6KNX73s0 + root / #bB=v7Ml1KRPok6KNX73s011zP	22, 11155
212.87.244.196	192.168.109.3	Check SSH – no credentials provided	22, 11155
212.87.244.205	192.168.109.12	absuser / #bB=v7Ml6KNX73s0LO413	22, 11155
212.87.244.210	192.168.109.14	elzab / #aA=v7Ml6KNX73s0KRT2	22, 11155
212.87.244.198	192.168.109.5	Check SSH – no credentials provided	22, 11155
212.87.244.215	—	Absuser / #bB=v7MT6KNX73s3#@2	22, 11155