This repository documents my hands-on penetration testing practice using intentionally vulnerable machines hosted on self-hosted environments. These labs simulate real-world attack scenarios and cover the full exploitation lifecycle - from reconnaissance to post-exploitation.
-
Develop practical skills in penetration testing and ethical hacking.
-
Simulate real-world attacks in a safe, controlled environment.
-
Practice and reinforce knowledge of common vulnerabilities and exploitation techniques.
-
Network Enumeration:
- Tools: Nmap, Gobuster
- Services & port scanning, directory/file enumeration
-
Vulnerability Scanning & Web Exploitation:
- Exploited common web vulnerabilities like SQL Injection, Local File Inclusion (LFI), and Remote Code Execution (RCE)
-
Privilege Escalation
-
Post-Exploitation:
- Gathered credentials, performed lateral movement, and documented persistence mechanisms
Each lab includes:
-
A structured penetration test report detailing steps taken
-
Screenshots of critical stages
This repository is for educational purposes only. All activities were performed on machines intended for exploitation in a legal, controlled environment (self-hosted VMs).