Scribd
Upload
15 views18 pages

Web Enum Pentest

The document outlines a web enumeration pentesting exercise conducted by the Polish-Japanese Academy of Information Technology. It includes tasks such as retrieving SSL certificate information, enumerating subdomains, and performing brute force attacks using tools like Hydra. The document provides detailed instructions for each task, including necessary commands and configurations.

Uploaded by

poyojak537
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views18 pages

Web Enum Pentest

The document outlines a web enumeration pentesting exercise conducted by the Polish-Japanese Academy of Information Technology. It includes tasks such as retrieving SSL certificate information, enumerating subdomains, and performing brute force attacks using tools like Hydra. The document provides detailed instructions for each task, including necessary commands and configurations.

Uploaded by

poyojak537
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

WEB ENUMERATION | PENTEST PJA.EDU.

PL

Web Enumeration
PJA.EDU.PL

Pentest
POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY

Class nr 4

Powered by HackingDept platform


s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Contents

ENVIRONMENT PREPARATION

Starting Machines ………………………….……… 5

TASKS

4.1p Certificate Common Name ……..……… 8


4.2p Subdomain ……………………….………….. 10
4.3p Admin Directory .………………….……….. 12
4.4p Login Panel ……………………………….….. 14
4.5p Password Bruteforce …..…………….….. 16

2
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Introduction
The purpose of the scenario is to use the learned enumeration types to acquire
data from the server 192.168.100.54.

3
s22899 2025-04-01 18:49:16
PJA.EDU.PL WEB ENUMERATION | PENTEST PJA.EDU.PL

Environment
Preparation
POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY

s22899 2025-04-01 18:49:16


WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Starting Machines
Before you start, make sure you have your machines
Web Enum and Web Enum PENTEST are enabled.
If something breaks, you can revert it to its original state at any time.

During these classes, we perform all commands directly on the Kali machine!
Note that it may be necessary to open the found resource to solve the task! 5
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

OpenVPN Connection

An OpenVPN connection is necessary to solve the tasks.


To connect to the VPN network, download the OpenVPN configuration file from the
"VPNs" drop-down menu on the main page.
Then execute the command:

sudo openvpn /path/to/file.ovpn

6
s22899 2025-04-01 18:49:16
PJA.EDU.PL WEB ENUMERATION | PENTEST PJA.EDU.PL

Tasks
POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY

s22899 2025-04-01 18:49:16


WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Tasks 4.1p: Certificate Common Name


The task aims to read the hostname (Common Name) from the SSL certificate of
the website https://192.168.100.54/, then connect to the virtual host with this
name.
To do this, when trying to connect, select "view certificate" and then find the
appropriate entry.

8
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Tasks 4.1p: Certificate Common Name


The name webpjatk is not DNS resolvable, so to connect to this virtual host we can add the
appropriate entry to the /etc/hosts file:
echo '192.168.100.54 webpjatk' | sudo tee -a /etc/hosts
The task will be solved automatically after entering the website: http://webpjatk/

Certificate
Common Name

9
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.2p: Subdomain


The purpose of the task is to enumerate subdomains of the webpjatk domain on
the server 192.168.100.54.
The task will be solved automatically once hidden subdomains are found.
gobuster vhost -u https://192.168.100.54/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt --domain webpjatk --append-domain –k
--append-domain causes the domain set in --domain to be appended as a suffix for each word in the dictionary

Note the addition of the -k switch. It will allow you to establish an SSL connection even if the certificate is untrusted.
The found domain should be added to the /etc/hosts file.

10
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.2p: Subdomain


The name admin.webpjatk cannot be resolved by DNS, so to connect to this virtual
host, we can add the appropriate entry to the /etc/hosts file:
echo '192.168.100.54 admin.webpjatk' | sudo tee -a /etc/hosts
The task will be automatically solved after accessing the page:
https://admin.webpjatk/

Subdomain

11
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.3p: Administrator Directory


The purpose of the task is to enumerate the directories of the admin.webpjatk
domain on the server 192.168.100.54
The task will be automatically solved once hidden directories are found.
You need to add admin.webpjatk to /etc/hosts (as on slide 7).
gobuster dir -u https://webpjatk/ -w /usr/share/seclists/Discovery/Web-Content/raft-small-directories.txt -k

12
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.3p: Administrator Directory


The task will be automatically solved after accessing the page:
https://admin.webpjatk/panel/

Administrator Directory

13
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.4p: Login Panel


The purpose of the task is to enumerate files in the https://admin.webpjatk/panel/
directory on the 192.168.100.54 server.
The task will be solved automatically once hidden files are found.
gobuster dir -u https://admin.webpjatk/panel/ -w /usr/share/seclists/Discovery/Web-Content/raft-small-files.txt -k

14
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.4p: Login Panel

The task will be automatically solved after accessing the page:


https://admin.webpjatk/panel/login.php

Login Panel

15
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.5p: Password Bruteforce Attack


To solve the task, we will need a program called Hydra.

Hydra is a tool used to perform brute force attacks on security systems such as
passwords and logins. Its main purpose is to automatically test different password
and username combinations on various protocols and network services. Hydra
supports multiple protocols including HTTP, FTP, SSH, and more, making it a
versatile penetration testing tool. This program is popular among security
professionals, but it can also be used illegally. Its effectiveness depends on
computing resources and the quality of the word lists used.

16
s22899 2025-04-01 18:49:16
WEB ENUMERATION | PENTEST POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY PJA.EDU.PL

Task 4.5p: Password Bruteforce Attack


The aim of the task is to crack the password using the dictionary method in the panel
https://admin.webpjatk/panel/login.php
The task will be solved automatically after logging in.
hydra -l anything -P /usr/share/seclists/Passwords/darkweb2017-top100.txt 'https-post-form://admin.webpjatk/panel/login.php:p=^PASS^:Wrong password’

-l username – in our case it doesn't matter


-P password dictionary
https-post-form – a hydra module used to attack POST forms over HTTPS
admin.webpjatk/panel/login.php – URL
p=^PASS^ - data to send POST, where ^PASS^ is a placeholder for passwords from the dictionary
Wrong password – a string of characters displayed after entering an incorrect password

Password Bruteforce
Attack

17
s22899 2025-04-01 18:49:16
PJA.EDU.PL WEB ENUMERATION | PENTEST PJA.EDU.PL

End of exercise
POLISH-JAPANESE ACADEMY OF INFORMATION TECHNOLOGY

s22899 2025-04-01 18:49:16

You might also like