This report details a network vulnerability assessment and penetration testing (VAPT) exercise performed on a provided virtual machine, focusing on three identified vulnerabilities. The first vulnerability explored is DNS zone transfer misconfiguration, where the author utilized tools like 'dig' and 'DNSrecon' to extract server information and ultimately obtain a flag. The second vulnerability involves remote code execution (RCE), where the author exploited a machine to gain access by uploading a PHP reverse TCP shell, escalating privileges using SUID binaries. The third vulnerability highlights a Windows firewall bypass, where a malicious file was created using 'msfvenom', bound with a legitimate program, and executed to gain remote access to a Windows server. The report includes detailed explanations of the exploitation techniques, tools used (Metasploit, msfvenom, etc.), and the severity levels of each vulnerability. The author also provides a conclusion, reflecting on the learning experience and the importance of VAPT in cybersecurity. The report includes a bibliography of the resources consulted.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
