University Web Server Hacking and Penetration Testing Lab Report

This lab report details a penetration testing exercise conducted on a vulnerable web server obtained from VulnHub. The student utilized Oracle VirtualBox to set up a Kali Linux virtual machine for performing the penetration test. The report outlines the step-by-step procedure, beginning with the installation of VirtualBox and the download and configuration of both Kali Linux and the targeted Ubuntu server VM. The student performed network scanning using nmap to identify open ports, discovered a Tomcat server interface, and attempted exploitation using default credentials. Further vulnerabilities were identified, and payloads were created and deployed to gain access, ultimately leading to root access and the retrieval of a flag. The report concludes with a summary of the techniques learned, including the use of msfvenom, payload generation, and network scanning tools, emphasizing the practical application of ethical hacking principles and the understanding of bridged network connections. The report also includes a bibliography of relevant sources.