EH (Ethical Hacking) is a module in Semester 2.1 of the Cybersecurity and Digital Forensics (CSF) course in Ngee Ann Polytechnic (NP). This module focuses on advanced offensive security concepts, simulating real-world cyberattacks to assess and improve system and network defenses. It covers the complete attack lifecycle, including reconnaissance, exploitation, privilege escalation, and post-exploitation.
This repository documents a complete red team attack simulation against BiteInstall, a simulated enterprise network with:
- Ubuntu server running BuilderEngine CMS.
- Windows AD network with Windows 10 workstation & Windows Server 2022 Domain Controller.
- Palo Alto NGFW VM-Series 10.1 enforcing segmentation.
The attack chain:
- Recon & exploitation of CVE-2025-34100 (BuilderEngine CMS file upload RCE).
- Privilege escalation with CVE-2025-32462 (Sudo Host Option bypass).
- Firewall segmentation bypass via Ligolo tunneling & route manipulation.
- Active Directory exploitation (AS-REP Roasting, Kerberoasting, Silver Ticket, DC Sync, Golden Ticket).
- Post-exploitation persistence with Linux kernel rootkit, Windows WMI Event Subscription, spyware implant, and clearing of logs.
- Link: https://github.com/RyanJohnJames/CVE-2025-34100-demo
- CVSS v4.0: 9.3 Critical
- Allows uploading PHP reverse shell without authentication.
- Initial RCE vector.
- CVSS v3.x: 8.8 High
- Bypasses hostname-based sudo restrictions.
- Escalation from user shell to root.
- Linux Rootkit
- WMI Event Subscription
- Custom Spyware
- Zero user interaction
- Bypass NGFW segmentation
- AV evasion
- Full Domain Compromise
- Multiple persistence layers
- Data exfiltration
- Linux Kernel Rootkit