13. Capstone: Full Red Team Audit
Operation: ACME Corp
Welcome to your final assessment. You have transitioned from learning individual tools to executing a comprehensive Red Team engagement. You are operating in a Black Box environment. You have been granted written authorization to compromise the ACME Corp lab environment to demonstrate security failures to their executive board.
You will receive no hints and no guided commands. You must rely on the knowledge you acquired in the previous 12 modules. The clock is running.
šÆ The Kill-Chain Objectives
Swipe or scroll horizontally through the six phases required to achieve an S-Tier rating:
01 Recon
Scan the 10.0.5.0/24 subnet. Enumerate all live hosts, services, and operating systems to find a vulnerable entry point.
02 Access
Identify the Windows host vulnerable to EternalBlue (MS17-010). Use Metasploit to gain a SYSTEM-level Meterpreter shell.
03 Privesc
Pivot to the Linux web server. Enumerate misconfigurations. Find the SUID binary and exploit it to elevate your privileges to root.
04 Lateral
Return to your Windows SYSTEM shell. Dump credentials from memory (LSASS) and use Pass-the-Hash to compromise the internal workstation.
05 Exfiltration
Locate the sensitive database configuration and shadow files. Archive the loot and securely transfer it back to your attack machine.
06 Clean Up
Delete your bash history, zero out auth logs, and wipe the Windows Event logs to ensure zero indicators of compromise (IOCs) are left behind.
ā ļø Rules of Engagement
- Scope: Do not attack any IP addresses outside the
10.0.5.0/24range. - Phases: The terminal logic is heavily restricted. Phase 2 will not unlock until you have successfully gathered the required intelligence in Phase 1.
- Commands: Use the
briefcommand at any time to review your current phase objective. Use thestatuscommand to view the kill-chain progress board.
Good luck. Initialize your Nmap scans in the terminal to begin.
Knowledge Check
Ready to test your understanding of 13. Capstone: Full Red Team Audit?