Salma1604ltsu/reconnaissance-and-exploitation

# reconnaissance-and-exploitation Security assessment project covering reconnaissance, vulnerability assessment, exploitation, privilege escalation, and mitigation recommendations using Kali Linux, Nmap, Gobuster, Metasploit, and LinPEAS. # Reconnaissance and Exploitation ## Overview This project demonstrates the process of information gathering, vulnerability assessment, exploitation, privilege escalation, and remediation in a controlled lab environment. ## Lab Environment - Platform: HackTheBox / TryHackMe / Custom VM - Attacker Machine: Kali Linux - Target Machine: Vulnerable Virtual Machine ## Tools Used - Nmap - Gobuster - Metasploit Framework - LinPEAS ## Information Gathering ### Nmap Scanning - Service enumeration - Operating system detection - Port discovery ### Directory Enumeration - Gobuster directory brute forcing - Discovery of hidden web resources ## Findings - Outdated Apache Server - SMB Service Exposure - Accessible Administrative Directories - Unrestricted File Upload Functionality ## Vulnerability Assessment ### Web Server Vulnerabilities - Remote Code Execution risks - Outdated software components ### Network Service Vulnerabilities - SMB service exposure - Potential privilege escalation paths ## Exploitation - Vulnerability validation - Controlled exploitation in lab environment - Initial access acquisition ## Privilege Escalation - System enumeration using LinPEAS - Identification of misconfigurations - Privilege escalation demonstration ## Mitigation Recommendations - Update vulnerable software - Restrict administrative access - Secure file upload functionality - Apply least privilege principles - Harden exposed network services ## Screenshots Store screenshots in the screenshots directory. ## Disclaimer This project was performed in a controlled laboratory environment for educational and ethical cybersecurity training purposes only.