Skip to content

Exam Report Template

[!important] REPORT IS 10 POINTS Si hackeas todo pero tu reporte es basura, SUSPENDES. Copia este archivo para CADA máquina y rellénalo MIENTRAS hackeas.

1. Executive Summary

(Escríbelo al final, pero va primero) Severity: Critical Impact: Full System Compromise Remediation: Update services and disable legacy protocols.

2. Methodology

2.1 Information Gathering (Recon)

IP: 192.168.x.x OS: Windows / Linux Ports Open: 

21  FTP
80  HTTP
445 SMB

2.2 Service Enumeration

Port 80 (HTTP) - Tool: gobuster dir ... - Output: /admin, /uploads - Finding: Found a login page at /admin.

2.3 Initial Access (Exploitation)

Vulnerability: SQL Injection in Login Page / Default Credentials Steps to Reproduce: 1. Navigate to http://<IP>/admin. 2. Enter user: admin' # and pass: 123. 3. Login successful. 4. Upload PHP Reverse Shell via "Profile Image" upload.

Proof of Concept (Screenshot): ![Initial Shell](screenshots/exploit_proof.png)

2.4 Privilege Escalation

Current User: www-data Enumeration: Ran linpeas.sh. Found Sudo vulnerability on /usr/bin/vim. Exploit: 1. Run sudo -u root vim -c ':!/bin/sh'. 2. Gained Root shell.

Proof of Title (flag.txt): 

USER.TXT: a1b2c3d4...
ROOT.TXT: f9e8d7c6...
Screenshot: ![Root Proof](screenshots/root_proof.png)