166 lines
5.4 KiB
Typst
166 lines
5.4 KiB
Typst
#import "@preview/diagraph:0.3.6": render
|
|
|
|
#import "pages.typ"
|
|
#import "helper.typ"
|
|
|
|
// Project-specific values
|
|
#helper.panicOnPlaceholder.update(false)
|
|
#let author = helper.placeholder("Martin \"maride\" Dessauer")
|
|
#let targetFull = helper.placeholder("FooBar Dummy Lab")
|
|
#let targetHandy = helper.placeholder("Dummy Lab")
|
|
#let targetInSentence = helper.placeholder("the Dummy Lab")
|
|
// ---
|
|
|
|
#set text(font: "Helvetica Neue")
|
|
#show heading: it => {
|
|
v(1em)
|
|
par(text(it.body, fill: color.linear-rgb(4.5%, 14.5%, 14.5%, 255)))
|
|
}
|
|
|
|
#pages.cover(targetFull, author)
|
|
#pages.legal(author)
|
|
|
|
#set page(
|
|
paper: "a4",
|
|
background: none,
|
|
margin: auto,
|
|
numbering: "1",
|
|
footer: text(size: 12pt, weight: "extralight")[
|
|
#text(fill: silver, [Penetration Test Report #targetFull])
|
|
#h(1fr)
|
|
#context(
|
|
text(fill: silver,
|
|
counter(page).display("1 of 1", both: true)
|
|
)
|
|
)
|
|
]
|
|
)
|
|
|
|
#pages.toc()
|
|
|
|
#set heading(numbering: "1.1")
|
|
#set par(justify: true)
|
|
|
|
= Management Summary
|
|
|
|
== Motivation
|
|
|
|
This penetration test was conducted to proactively identify, assess, and validate the severity of security vulnerabilities within the defined scope of #targetInSentence, specifically those exploitable by #helper.placeholder("external attackers in real-world scenarios"). Adversarial techniques to bypass controls, gain unauthorized access, and compromise critical assets were performed for this test scenario to determine the actual impact on confidentiality, integrity, and availability.
|
|
|
|
== Test Object
|
|
|
|
#helper.placeholder(lorem(30))
|
|
|
|
== Test Methodology
|
|
|
|
The aim of the test was to uncover vulnerabilities and weaknesses of all kinds. These were carried out in accordance with the OWASP Web Security Testing Guide, version 4#footnote("https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing"), and, where applicable, the MITRE ATT&CK Framework#footnote("https://attack.mitre.org"). Recommendations for system hardening were made based on the current version of the CIS Benchmarks#footnote("https://www.cisecurity.org/") and the appropriate variant in each case.
|
|
|
|
The penetration test was performed as a #helper.placeholder("black box test, without any access to source code or other information other than the scope").
|
|
|
|
== Findings
|
|
|
|
The penetration test revealed #context(helper.riskCategoryStats.values().map(v => v.final()).sum()) findings, which can be divided into the following risk categories:
|
|
|
|
#table(
|
|
columns: (16.66%, 16.66%, 16.66%, 16.66%, 16.66%, 16.66%),
|
|
align: center,
|
|
[Critical], [High], [Medium], [Low], [None], [Other],
|
|
table.cell(context(helper.riskCategoryStats.Critical.final()), fill: red, align: center),
|
|
table.cell(context(helper.riskCategoryStats.High.final()), fill: orange, align: center),
|
|
table.cell(context(helper.riskCategoryStats.Medium.final()), fill: yellow, align: center),
|
|
table.cell(context(helper.riskCategoryStats.Low.final()), fill: lime, align: center),
|
|
table.cell(context(helper.riskCategoryStats.None.final()), fill: white, align: center),
|
|
table.cell(context(helper.riskCategoryStats.Other.final()), fill: gray, align: center),
|
|
)
|
|
|
|
== Recommendations & Next Steps
|
|
|
|
Based on the results of this penetration test, #targetInSentence may be exposed to a production environment.
|
|
|
|
#pagebreak()
|
|
== Test Scope and Setup
|
|
|
|
The test was conducted from #helper.placeholder("01.01.1970") to #helper.placeholder("01.01.1970").
|
|
#helper.placeholder([
|
|
Connection to #targetHandy was made through a dedicated VPN connection via vpnhost.maride.inv. The inner IP address of the test device was 10.0.0.42.
|
|
])
|
|
|
|
The following scope was set for the penetration test:
|
|
|
|
#let inscope = table.cell("In scope", fill: lime, align: center)
|
|
#let outscope = table.cell("Out of scope", fill: gray, align: center)
|
|
|
|
#table(
|
|
columns: (25%, 50%, 25%,),
|
|
align: center,
|
|
[*Type*], [*Value*], [*State*],
|
|
[Address], [#helper.placeholder("10.23.42.1")], inscope,
|
|
[Address], [#helper.placeholder("2001:db8::2342")], inscope,
|
|
[Domain], [#helper.placeholder("*.maride.inv")], inscope,
|
|
[URL], [#helper.placeholder("secret.maride.inv/flag.txt")], outscope,
|
|
[URL], [#helper.placeholder("important.maride.inv/rickroll")], outscope,
|
|
)
|
|
|
|
From the perspective of the machine used for the penetration test, the network layout was seen as shown in the graph below - simplified by leaving out hops that are not relevant for the penetration test, like third-party network operators and ISPs.
|
|
|
|
#figure(
|
|
render("
|
|
digraph G {
|
|
rankdir=LR;
|
|
node [shape=rectangle];
|
|
|
|
subgraph stage1 {
|
|
style=filled;
|
|
color=red;
|
|
label=\"Connection\";
|
|
User -> Firewall [label=\"OpenVPN\"];
|
|
}
|
|
|
|
subgraph targetnet1 {
|
|
style=filled;
|
|
color=red;
|
|
label=\"Target Network\";
|
|
Firewall -> Target1;
|
|
Firewall -> Target2;
|
|
Firewall -> Target3;
|
|
Firewall -> Target4;
|
|
}
|
|
|
|
subgraph targetnet2 {
|
|
style=filled;
|
|
color=red;
|
|
label=\"Target Network\";
|
|
Target2 -> Target5;
|
|
Target2 -> Target6;
|
|
Target2 -> Target7;
|
|
}
|
|
|
|
subgraph targetnet3 {
|
|
style=filled;
|
|
color=red;
|
|
label=\"Target Network\";
|
|
Target4 -> Target8;
|
|
}
|
|
}
|
|
"),
|
|
caption: [
|
|
Schematic graph showing the test objective network
|
|
]
|
|
)
|
|
|
|
#pagebreak()
|
|
#include "findings.typ"
|
|
|
|
#pagebreak()
|
|
= Appendix
|
|
|
|
#context(
|
|
[
|
|
#if helper.hasCVSSTable.get() {
|
|
pages.cvssAppendix()
|
|
pagebreak()
|
|
pages.ciaAppendix()
|
|
}
|
|
]
|
|
)
|