Penetration Testing Task โ€“ Full Scope ๐Ÿ›ฐ๏ธ Networks Involved Internal: 192.168.109.0/24 (via provided .ovpn) External: 212.87.244.0/24 (publicly reachable) โœ… Objectives Identify and exploit web application vulnerabilities (on internal & external hosts) Enumerate and test Couchbase services Verify access to systems over SSH, using given credentials on ports 22 or 11155 Check for privilege escalation paths Document working exploits (PoC), misconfigurations, and hardcoded/default creds ๐Ÿงช Detailed Test Scope ๐Ÿ” 1. Service Discovery Run full TCP/UDP scans (e.g., nmap -p-, -sV, -sC, etc.) Focus on: HTTP(S) ports (80, 443, 8080, 8091) SSH (22, 11155) Couchbase (default 8091โ€“8094, 11210) ๐ŸŒ 2. Web Service Testing Test for: Weak login/auth bypass SQLi, RCE, LFI, XSS Couchbase web UI access or open REST endpoints Use: Nikto, Gobuster, ffuf, Burp Suite, OWASP ZAP ๐Ÿ› ๏ธ 3. SSH Testing Use provided credentials to login (22 or 11155) Try privilege escalation (sudo -l, weak binaries, writable scripts, cron jobs) Check for: .bash_history, .ssh/, config leaks Lateral movement via /etc/hosts, shared SSH keys, mounted shares ๐Ÿ” Target Systems & Credentials SSH-accessible Targets External IP Internal IP Login(s) + Password(s) SSH Port(s) 212.87.244.194 192.168.109.1 absuser / #bB=v7Ml6KNX73s0KRTo2! 22, 11155 212.87.244.195 192.168.109.2 absuser / #bB=v7Ml1KRPok6KNX73s0 + root / #bB=v7Ml1KRPok6KNX73s011zP 22, 11155 212.87.244.196 192.168.109.3 Check SSH โ€“ no credentials provided 22, 11155 212.87.244.205 192.168.109.12 absuser / #bB=v7Ml6KNX73s0LO413 22, 11155 212.87.244.210 192.168.109.14 elzab / #aA=v7Ml6KNX73s0KRT2 22, 11155 212.87.244.198 192.168.109.5 Check SSH โ€“ no credentials provided 22, 11155 212.87.244.215 โ€” Absuser / #bB=v7MT6KNX73s3#@2 22, 11155