Penetration Test Engagement for Rekall Corporation

Overview

As part of a penetration test for Rekall Corporation, I conducted security assessments across three key environments:

  • Web Application
  • Linux Servers
  • Windows Servers

The goal was to identify security weaknesses that could compromise confidentiality, integrity, and availability. Below is a breakdown of the findings, methods used, and potential impacts of these vulnerabilities.

Web Application Penetration Test

Findings & Exploitation Methods

The web application contained multiple critical security vulnerabilities that could be exploited to gain unauthorized access and compromise sensitive data:

  • Cross-Site Scripting (XSS):
    • Found multiple XSS vulnerabilities allowing malicious script execution.
    • Could be used for session hijacking, credential theft, and phishing attacks.
  • Sensitive Data Exposure:
    • Discovered exposed credentials and sensitive files.
    • Attackers could leverage this information to escalate privileges or gain deeper system access.
  • Local File Inclusion (LFI) & Advanced LFI:
    • Allowed access to unauthorized directories and files.
    • Could lead to code execution or exposure of sensitive system files.
  • SQL Injection (SQLi) & Command Injection:
    • Enabled execution of arbitrary database queries and system commands.
    • Resulted in exposure of user credentials, financial data, and system files.
  • Session Management Flaws & PHP Injection:
    • Weak session handling increased risk of session hijacking and account takeover.
    • PHP Injection flaws allowed execution of arbitrary PHP code, leading to potential server compromise.
  • Directory Traversal:
    • Allowed unauthorized access to restricted directories.
    • Could expose sensitive system files and configurations.

Linux Server Penetration Test

Findings & Exploitation Methods

Assessing Rekall Corporation’s Linux infrastructure, I discovered several high-risk vulnerabilities:

  • Open-Source Intelligence (OSINT) Exposure:
    • WHOIS, DNS, and public repositories revealed sensitive corporate information.
    • Could be leveraged for social engineering and targeted attacks.
  • Service Enumeration & Vulnerability Scanning:
    • Nmap/Zenmap & Nessus scans identified multiple open services.
    • Unpatched vulnerabilities in running services increased exposure to attacks.
  • Exploitable Services:
    • Apache Tomcat (CVE-2017-12617): Enabled remote code execution.
    • Shellshock Vulnerability: Allowed remote shell access.
    • Struts (CVE-2017-5638): Led to command execution via improperly handled inputs.
  • SSH Exploitation (CVE-2019-14287):
    • Discovered weak configurations allowing privilege escalation via sudo.
    • Attackers could gain root access to the system.
  • Drupal Exploitation (CVE-2019-6340):
    • Allowed remote code execution on a vulnerable Drupal installation.

Windows Server Penetration Test

Findings & Exploitation Methods

The Windows servers also presented several critical vulnerabilities that exposed sensitive data and enabled privilege escalation:

  • Credential Exposure:
    • Extracted credentials from SAM, LSASS, and DCSync attacks.
    • Could be used to impersonate users and escalate privileges.
  • Open & Misconfigured Services:
    • HTTP, FTP, and SLMail misconfigurations enabled unauthorized access.
    • Attackers could exploit these services to exfiltrate or modify sensitive data.
  • Sensitive Data Exposure & File Permissions:
    • Found improper file access controls exposing critical business data.
    • Attackers could read, modify, or delete important files.
  • Scheduled Tasks & Improper Access Control:
    • Discovered misconfigured scheduled tasks allowing command execution.
    • Attackers could use this to maintain persistence and escalate privileges.

Conclusion

This penetration test demonstrated my ability to conduct real-world vulnerability assessments and exploit system weaknesses across multiple environments. Through this project, I applied the following skills:

  • Web application security testing (SQL Injection, XSS, LFI, PHP Injection)
  • Network and OS security assessment (Linux & Windows enumeration, SSH, Apache Tomcat exploits)
  • Vulnerability scanning and exploitation (Nmap, Nessus, Metasploit, manual exploits)
  • Privilege escalation and credential extraction (SAM, LSASS, scheduled tasks, weak configurations)

Each of these findings requires prompt remediation to secure Rekall Corporation’s systems and prevent future exploitation.

Next Steps:

  • Implement patch management for all identified CVEs.
  • Strengthen session management to prevent hijacking.
  • Enforce least privilege access controls for Windows and Linux systems.
  • Enhance web application security by implementing input validation and sanitization.

Full Report

For a detailed breakdown of the engagement, findings, and mitigation strategies, view the full Rekall Corporation Penetration Test Report here:

Download Report (PDF)