This project simulates a real-world penetration testing scenario in a controlled lab environment. The objective was to identify potential attack paths from initial reconnaissance to privilege escalation on a Linux server.
The lab demonstrates how exposed services, authentication weaknesses, and privilege misconfigurations can lead to full system compromise.
This project highlights both offensive security techniques and defensive awareness.
- Perform reconnaissance and host discovery
- Enumerate exposed services
- Simulate brute-force authentication attempts
- Analyze system logs for attack traces
- Identify privilege escalation vectors
- Document findings in a professional penetration testing report
- Ubuntu Server
- OpenSSH service enabled
- Standard user account with sudo privileges
- Kali Linux
- Tools used: Nmap, SSH, Linux enumeration commands
- Internal virtual LAN environment
The assessment followed a structured penetration testing methodology:
- Reconnaissance
- Enumeration
- Exploitation Simulation
- Log Analysis
- Privilege Escalation Assessment
- Risk Evaluation
- Reporting
- SSH service exposed to the network
- Multiple failed authentication attempts observed
- User account configured with full sudo privileges
- Presence of SUID binaries that may enable privilege escalation
- Network reconnaissance
- Service enumeration
- Linux system analysis
- Log analysis
- Privilege escalation assessment
- Risk evaluation
- Technical reporting
- Documentation and evidence collection
- Nmap
- SSH
- Linux command-line tools
- System logs
- Ubuntu Server
- Kali Linux
This project demonstrates:
- How attackers identify entry points
- The importance of monitoring authentication attempts
- Risks of excessive sudo privileges
- The role of proper system hardening
- How to document findings professionally
This project was conducted in a controlled lab environment for educational purposes only. No real systems were targeted.
Wassim Abelghouch
Cybersecurity Student & Aspiring Penetration Tester