A fictional corporation named AspenMLC Research Labs has decided to add a web presence. Due to the nature of their business model, information confidentiality is critical and any leakage of sensitive research data has a direct negative impact on their bottom line. Their administrator has set up a mock environment that is similar to what they would like to eventually move to production. The business owner has asked the administrator to hire an outside consultant to review the environment and inform them of any vulnerabilities that may exist.
The administrator then contracts you to perform a penetration test on the mockup environment because he has ascertained that he is using security best practices, performed the initial vulnerability scans a few months ago, and found no issues. He reiterates that he is using well-known products that provide great support and prides himself on the fact that his shop is 100% open source.
When asking about the network, you find that there is only one web-facing server. This server is running the latest version of WordPress. The only other service mentioned is SSH, which he uses to access the site in case of an emergency. When at the office, the administrator uses a management zone to access the server directly, but this zone is not accessible from the Internet and is firewalled off. The IP address of the server is 192.168.10.25. When asking about the environment, the administrator lets you know that they use segmented internal networks, multiple firewalls, IDS, and WAF and is confident that this layered defensive approach is sufficient to protect the core data network where the important and confidential research information will eventually be stored.
It is up to you to provide the management with the confidence that if this setup is to go live their data is protected. You are to emulate an attacker with no prior knowledge of the network and a limited timeframe to perform attacks. The administrator mentions that he intends to use virtual images for the servers and that they will be brought down and restored to the original state every evening.