Pentesting Exploitation Project - The Lovers

Pentesting Exploitation Project – The Lovers

In this third phase of the pentest on the vulnerable machine The Lovers, you will move from enumeration to practical exploitation. Your goal is to leverage the information gathered in previous phases to gain access to the system, explore its resources, and escalate privileges until you achieve full control.

Requirements

1. Completion of Phase 2 – Web Reconnaissance.
2. The Lovers virtual machine (already running).
3. Attacker machine: Kali Linux.

📝 Instructions

1. Analyze the login form

   • Use what you discovered in the previous phase.
   • Think: What injection technique could be applied here?
   • Can you automate the attack with any tool?

2. Obtain useful credentials

   • Once inside, look for sensitive information.
   • Identify possible system users and passwords.

3. Access the target machine

   • Try to connect using the collected data.
   • If successful, confirm your access and document the process.

4. Explore the system

   • Browse through user directories.
   • Look for hidden files or suspicious information.

5. Investigate your findings

   • You may encounter files that require deeper analysis.
   • Consider extraction or cracking techniques if necessary.

6. Escalate privileges

   • Check for additional users.
   • Identify opportunities to switch users or escalate privileges.
   • The goal is to achieve maximum control of the system.

Submission

Your PDF report must include:

• Evidence of the initial exploitation.
• Credentials or accesses obtained.
• Screenshots demonstrating your access to the system.
• Relevant findings from directory exploration.
• Description of the technique used for privilege escalation.
• Final confirmation of full control over the machine.
• Flags found during the process, with their location and supporting evidence.