Day 12 — “Sleighing Threats, One Layer at a Time”
The learning objectives for day 12 were:
•Defence in Depth
•Basic Endpoint Hardening
•Simple Boot2Root Methodology
In this task we were provided with a vulnerable web server which contained misconfigurations and poorly implemented security practices, we had to figure out the vulnerable areas and harden the web server.
We found an a place in the website where we could execute commands, making use of this we executed a scripting to get a reverse shell connection to our attack machine, once we got in we noticed that there was an user who had complete access so with this account we got root access , then we removed the user from the sudoers group , then we went to the ssh config file and disabled it . Then we found the original backup configuration file the administrator left before implementing this one ,then we replaced the original backup file with the vulnerable one . By doing this we got a login page and we had to answer a few questions about it .
Click here to see the walkthrough.
No comments:
Post a Comment