From 6ec9365e55c70f8c282017d710a109b2fc89fd4e Mon Sep 17 00:00:00 2001 From: maride Date: Wed, 28 Jan 2026 13:56:46 +0100 Subject: [PATCH] De-personalize the initial example setup --- findings.typ | 2 +- main.typ | 14 +++++++------- pages/boxes.typ | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/findings.typ b/findings.typ index 42d0486..033bb90 100644 --- a/findings.typ +++ b/findings.typ @@ -14,7 +14,7 @@ Administrative web applications and interfaces enable the management of organiza === Finding -When searching for administration interfaces, the applications `Uptime Kuma` at `https://status.maride.inv` and `Nginx Proxy Manager` at `https://nginx.maride.inv` were found. The URLs of the administration interfaces were found via TLS Transparency Logs#footnote[https://letsencrypt.org/docs/ct-logs/]. +When searching for administration interfaces, the applications `Uptime Kuma` at `https://status.ellingson-mineral.co` and `Nginx Proxy Manager` at `https://nginx.ellingson-mineral.co` were found. The URLs of the administration interfaces were found via TLS Transparency Logs#footnote[https://letsencrypt.org/docs/ct-logs/]. Both applications have a login screen and cannot be used by unauthorized visitors. Since administration accounts are set up during the initial configuration of the applications, it was not possible to log in using default credentials. A brute force attack was not performed to check for common passwords. diff --git a/main.typ b/main.typ index f79a2dc..3deac15 100644 --- a/main.typ +++ b/main.typ @@ -5,10 +5,10 @@ // Project-specific variables #panicOnPlaceholder.update(false) -#let place = placeholder("Düsseldorf") -#let author = placeholder("Martin \"maride\" Dessauer") -#let targetFull = placeholder("FooBar Dummy Lab") -#let targetInSentence = placeholder("the Dummy Lab") +#let place = placeholder("New York") +#let author = placeholder("Dade Murphy") +#let targetFull = placeholder("Ellingson Mineral Corporation") +#let targetInSentence = placeholder("Ellingston Mineral") #let reportType = placeholder("Penetration Test Report") // Styling setup @@ -88,9 +88,9 @@ scope: ( ( type: "Address", content: placeholder("10.23.42.1"), inScope: true ), ( type: "Address", content: placeholder("2001:db8::2342"), inScope: true ), - ( type: "Domain", content: placeholder("*.maride.inv"), inScope: true ), - ( type: "URL", content: placeholder("secret.maride.inv/flag.txt"), inScope: false), - ( type: "URL", content: placeholder("important.maride.inv/rickroll"), inScope: false) + ( type: "Domain", content: placeholder("*.ellingson-mineral.co"), inScope: true ), + ( type: "URL", content: placeholder("secret.ellingson-mineral.co/flag.txt"), inScope: false), + ( type: "URL", content: placeholder("important.ellingson-mineral.co/rickroll"), inScope: false) ) ) #pagebreak() diff --git a/pages/boxes.typ b/pages/boxes.typ index 30a392d..3a9a540 100644 --- a/pages/boxes.typ +++ b/pages/boxes.typ @@ -9,7 +9,7 @@ The testing team has no prior knowledge of the target system (e.g., internal architecture, source code, credentials, or network topology). Testing simulates an external attacker with only publicly available information. The purpose is to evaluate realistic attack surfaces, unpatched vulnerabilities exposed to the internet, and the effectiveness of perimeter defenses. - For example: a penetration test against a company’s public-facing e-commerce website (`www.maride.inv`). Testers are provided only the domain name and must identify vulnerabilities using only publicly available and gathered information. No access to internal systems or credentials is granted. + For example: a penetration test against a company’s public-facing e-commerce website. Testers are provided only the domain name and must identify vulnerabilities using only publicly available and gathered information. No access to internal systems or credentials is granted. === Grey Box Testing