top of page

Happy Accident Labs Pentest & Analysis

I will be going through the process and demonstrating a full pentest and analysis on a fictional business (Happy Accident Labs). Upon completing the penetration test on HAL, I will provide a complete write-up and summary for the fictional business.

PenTest Overview

Reconnaissance

Basic reconnaissance was done on Happy Accident Labs prior to planning the penetration test itself. A deep dive into the company, its location(s), employees, services, etc. was performed to get a complete idea on the company and potential weak points to exploit.

What was found through web searches:

Full domain: http://happyaccidentlabs.com (google provided the correct domain)

Domain Provider: GoDaddy (lookup.icann.org provided the correct provider) 

Email provider: mailgun.org (misk.com provided the email provider)

Technical Point of contact: DomainsByProxy

Address/Phone number: 222 S. 15th St. Omaha NE; 480-624-2599 (Information provided by whois lookup)

Building information:

  • Highrise Building Office Setting (Google Maps)

  • Potential social engineering (info gathered through Google Earth Recon)

    • Tables outside building where workers potentially eat their lunches, could tail behind an employee to gain access to the physical property. Shoulder surfing potential if employees are doing work outside in these areas.​

    • Black boxes behind the building (potentially dumpsters) which could lead to information through an "old-fashioned" dumpster dive.

Email addresses associated with the business:​​ Sarah Russel (russels@happyaccidentlabs.com). Using this I understand how the email structure works for this company. Potential spoofing opportunities available which could allow me to use social engineering in emails.

Planning

With the information from the reconnaissance gathered, I can now work on planning my attack/test. Steps I will be taking to pentest HAL:

  1. Cracking their wi-fi/wi-fi security test

  2. Scanning and Enummeration of their network

  3. Vulnerability Scanning of HAL

  4. Scanning and Enummeration through command prompt

  5. Cracking user passwords/user password security​​

Cracking their wi-fi/Wi-fi Security Test

However, I want to start with testing their wi-fi protection. This is done with cracking WPA/WPA2 through the following steps:

  • Scan the wi-fi using a wireless attack application, like Fern Cracker in Kali Linux to identify access points.

  • Use a Deauth attack to disconnect the device from the wi-fi.

  • Monitor Wireshark for the reconnection of the access point and capture the reconnection.

  • Using the capture file named HAL.cap, I now have a captured WPA handshake of one of the HAL corporate clients.

  • Use Aircrack-ng in Kali with the command aircrack-ng <bssid> -w<path to rockyou.txt> <path to HAL.cap>

    • This process took about a little over an hour to complete, but aircrack did it's job and provided me with a password: huskerare#1. With this information, I can now get access to their wi-fi.​

bottom of page