This repository contains the comprehensive vulnerability audit and exploitation walkthrough conducted on the ExampleCorp target environment, as part of a cybersecurity ethical hacking assessment. The audit involved scanning, exploiting known vulnerabilities (CVE-2017-12635 & CVE-2017-12636), analyzing phishing campaign results, and compromising a web application using OSINT.
π ExampleCorp-Audit/ βββ π Reports/ β βββ Final_Penetration_Report.pdf β βββ CVSS_Score_Analysis.xlsx βββ πΈ Screenshots/ β βββ Nessus/ β βββ Nmap/ β βββ Exploits/ β βββ OSINT/ βββ π» Exploits/ β βββ CVE-2017-12635_exploit.json β βββ CVE-2017-12636_payload.py βββ π¦ Phishing_Credentials/ β βββ Compromised_Accounts.csv βββ π backdoor.php βββ README.md
- Nessus β Vulnerability scanning
- Nmap β Port and service discovery
- Metasploit β CVE exploitation
- SQLite β Phishing results parsing
- Curl β CouchDB verification
- Linux (Kali) β Attack OS
-
CVE-2017-12635
Improper validation of JSON fields in Apache CouchDB allowed the creation of unauthenticated admin accounts. -
CVE-2017-12636
Command injection in CouchDB allowed remote code execution as the CouchDB user.
- Ubuntu 16.04 system past end-of-life with critical Apache/CouchDB vulnerabilities
- Apache server exposed sensitive internal structure via
/server-status - At least 10 credentials successfully harvested from phishing database
- OSINT revealed whitelisted paths and firewall exceptions, aiding exploitation
- Full administrative access was obtained through CVE chaining
This audit reinforces the critical importance of:
- Regular patching & CVE monitoring
- Network segmentation and internal IP masking
- Properly configured WAF and access controls
- Monitoring for phishing and credential reuse
- β Nessus & Nmap scans
- β CVSS v3.0 scores with Temporal & Environmental vectors
- β Exploit walkthroughs for CVE-2017-12635 and CVE-2017-12636
- β OSINT-based compromise and web app abuse
- β β₯10 Phishing credentials extracted from database
Jamilu Ibrahim Richifa
Cybersecurity Enthusiast | Ethical Hacker | Open-Source Contributor
π« Connect on LinkedIn