Pentesting Exploitation Project - The Lovers

Pentesting Exploitation Project – The Lovers

In this third phase of the pentest on the vulnerable machine The Lovers, you will move from enumeration to practical exploitation. Your goal is to leverage the information gathered in previous phases to gain access to the system, explore its resources, and escalate privileges until you achieve full control.

Requirements

1. Completion of Phase 2 – Web Reconnaissance.
2. The Lovers virtual machine (already running).
3. Attacker machine: Kali Linux.

📝 Instructions

1. Analyze the login form

   • Use what you discovered in the previous phase.
   • Think: What injection technique could be applied here?
   • Can you automate the attack with any tool?

2. Obtain useful credentials

   • Once inside, look for sensitive information.
   • Identify possible system users and passwords.

3. Access the target machine

   • Try to connect using the collected data.
   • If successful, confirm your access and document the process.

4. Explore the system

   • Browse through user directories.
   • Look for hidden files or suspicious information.

5. Investigate your findings

   • You may encounter files that require deeper analysis.
   • Consider extraction or cracking techniques if necessary.

6. Escalate privileges

   • Check for additional users.
   • Identify opportunities to switch users or escalate privileges.
   • The goal is to achieve maximum control of the system.

Submission

In this project, your only official submission on the platform will be the flags you find.

⚠️ Important! Although you only need to submit the flags, you must carefully document the entire exploitation process.

• Evidence of initial exploitation: Explain how you identified the vulnerability and demonstrate initial access with screenshots.
• Credentials and accesses obtained: Document any users, passwords, or tokens you discover.
• System exploration: Include screenshots and notes about directories, suspicious files, or relevant configurations you find.
• Privilege escalation technique: Describe in detail the procedure you followed to escalate privileges, with visual proof of each step.
• Full control of the machine: Provide evidence that you achieved complete access to the system (for example: running commands as administrator or root).

These notes are not submitted now, but will be required in the next module, where you must prepare your vulnerability report and mitigation based on what you documented during this exercise.