The World's First Agentic AI Hacker.
Penligent
What takes humans a week, Penligent takes an hour.
Learn about Penligent
Penligent
Penligent
Find Vulnerabilities.Verify Findings.Execute Exploits.
Learn about Penligent
One-click reports with fully customizable editing.
Learn about Penligent
Reports
Penetration Testing Report
Test Name: Penetration Test for http://192.168.68.172:8080/
Test Report Date: 2025-12-27
Tested by: Penligent.AI
Executive Summary
test edit
This penetration test was conducted to identify and assess vulnerabilities in the target system/application/asset. The assessment identified 1 critical vulnerabilities, 2 high vulnerabilities, 1 medium vulnerabilities, and 0 low vulnerabilities.
Key Findings:
| Finding ID | Title | Severity | Target | Status |
|---|---|---|---|---|
| F-018 | HTTP Response Headers Expose Exact Software Versions | medium | http://192.168.68.172:8080/ | Not Remediated |
| F-017 | CVE-2017-9798 Optionsbleed - Apache HTTP OPTIONS Memory Leak | high | http://192.168.68.172:8080/ | Not Remediated |
| F-016 | Outdated Apache 2.4.10 Web Server with Known Vulnerabilities | high | http://192.168.68.172:8080/ | Not Remediated |
| F-015 | Critically Outdated PHP 5.4.1 with Multiple Known RCE Vulnerabilities | critical | http://192.168.68.172:8080/ | Not Remediated |
Overall security posture: Critical risk with vulnerabilities that require immediate attention.
Scope of Engagement
The scope of this penetration test included the following assets:
Target Basic Information
- Target: http://192.168.68.172:8080/
- Target Type: host
Location Information:
- ASN: -
- Cloud Provider: -
- Geographic Location: ZZ
IP Address List:
- 192.168.68.172
Network Information
Open Ports/Services:
- Port : ()
WAF/CDN:
- -
Web Application Information
Web Technology Stack:
- Apache 2.4.10
- PHP 5.4.1
- Debian Linux
TLS Certificate Information:
- Issuer: -
- Valid From: -
- Valid To: -
Out of Scope:
- Social engineering attacks
- Denial of Service (DoS) testing
Methodology
The following testing methodology was used:
- Information Gathering: External and internal reconnaissance to gather data about the target.
- Vulnerability Scanning: Automated tools were used to identify potential vulnerabilities.
- Manual Testing: Manual exploitation of identified vulnerabilities.
- Post-Exploitation: Analysis of system access and potential data exfiltration routes.
Severity Rating
The following severity rating scale was used for this report:
- Critical: Vulnerabilities that allow full system compromise or significant data exposure.
- High: Vulnerabilities that allow unauthorized access or data modification.
- Medium: Vulnerabilities that may cause issues but require specific conditions.
- Low: Minor vulnerabilities that do not pose significant risk.
Detailed Findings
Finding 1: HTTP Response Headers Expose Exact Software Versions
Risk ID: R-018
Severity: MEDIUM
Target: http://192.168.68.172:8080/
Description: The web server discloses detailed version information through HTTP response headers. The 'Server' header reveals 'Apache/2.4.10 (Debian)' and 'X-Powered-By' header exposes 'PHP/5.4.1'. This information disclosure enables attackers to perform precise reconnaissance, identify the exact software stack, and target known vulnerabilities specific to these versions. Version exposure significantly reduces the effort required for exploitation by eliminating the need for blind testing and allowing direct use of version-specific exploits from public databases like Exploit-DB and Metasploit.
Recommendation: Configure Apache to suppress version information by setting 'ServerTokens Prod' and 'ServerSignature Off' in httpd.conf. Disable PHP version disclosure by setting 'expose_php = Off' in php.ini. Implement custom server headers or generic values that don't reveal specific versions. Consider using a reverse proxy or WAF to strip detailed version headers. Restart Apache after configuration changes to apply settings.
Evidence:
WhatWeb (from Target Information Overview)
Evidence: X-Powered-By: PHP/5.4.1 Server: Apache/2.4.10 (Debian) Headers expose exact software versions
Finding 2: CVE-2017-9798 Optionsbleed - Apache HTTP OPTIONS Memory Leak
Risk ID: R-017
Severity: HIGH
Target: http://192.168.68.172:8080/
Description: Apache versions < 2.4.27 (including the detected 2.4.10) are vulnerable to CVE-2017-9798, known as "Optionsbleed". This vulnerability causes Apache to leak arbitrary memory contents when processing HTTP OPTIONS requests with corrupted Allow headers. Similar to Heartbleed, this flaw can expose sensitive information from server memory including authentication tokens, session cookies, encryption keys, and other confidential data. Exploitation requires minimal technical skill and can be performed remotely without authentication. The vulnerability exists in the core HTTP request processing logic and affects default configurations.
Recommendation: Upgrade Apache to version 2.4.27 or later immediately. If immediate upgrade is not feasible, apply the specific CVE-2017-9798 security patch for Apache 2.4.10. Implement memory protection mechanisms at the OS level. Review logs for anomalous OPTIONS requests. Rotate all potentially exposed credentials and session tokens as a precautionary measure. Test the vulnerability using: curl -X OPTIONS -i http://target/
Evidence:
searchsploit (tool_id 240)
Evidence: Apache < 2.2.34 / < 2.4.27 OPTIONS Memory Leak Exploit found: 42745.py Target version 2.4.10 < 2.4.27 confirmed vulnerable
Finding 3: Outdated Apache 2.4.10 Web Server with Known Vulnerabilities
Risk ID: R-016
Severity: HIGH
Target: http://192.168.68.172:8080/
Description: The web server runs Apache HTTP Server version 2.4.10 (released July 2014), which contains multiple known security vulnerabilities. This version is significantly outdated - the current stable release is 2.4.58+. Searchsploit analysis confirmed applicability of CVE-2017-9798 (Optionsbleed) affecting all Apache versions < 2.4.27. Additional vulnerabilities may exist including CVE-2017-7679 (mod_mime buffer overread), CVE-2017-3169 (mod_ssl NULL pointer dereference), and others. The 10+ year age gap represents substantial security debt and exposure to both known and potentially undiscovered vulnerabilities.
Recommendation: Upgrade Apache HTTP Server to the latest stable 2.4.x release. Review and apply all security patches released since 2014. Implement regular patching schedule for web server infrastructure. Disable unnecessary Apache modules to reduce attack surface. Consider implementing reverse proxy with updated software as interim protection layer.
Evidence:
WhatWeb (from Target Information Overview)
Evidence: Server: Apache/2.4.10 (Debian) Banner: Apache/2.4.10 (Debian) Web Technologies: Apache 2.4.10
searchsploit (tool_id 240)
Evidence: Apache < 2.2.34 / < 2.4.27 OPTIONS Memory Leak (CVE-2017-9798) Affects versions before 2.4.27 including 2.4.10
Finding 4: Critically Outdated PHP 5.4.1 with Multiple Known RCE Vulnerabilities
Risk ID: R-015
Severity: CRITICAL
Target: http://192.168.68.172:8080/
Description: The target web application runs PHP 5.4.1, which was released in 2012 and reached end-of-life in September 2015. This version contains numerous critical security vulnerabilities including remote code execution flaws (CVE-2015-8617, CVE-2015-8994, CVE-2015-2783, CVE-2015-4024, among others). The PHP project no longer provides security updates for this branch, leaving the system exposed to publicly documented exploits. Attackers can leverage known vulnerabilities to execute arbitrary code, compromise the web server, and potentially pivot to internal network resources.
Recommendation: Immediately upgrade PHP to the latest stable version (8.x series recommended, minimum 7.4+). Perform thorough testing after upgrade to ensure application compatibility. Implement a vulnerability management process to track and remediate outdated software components. Consider deploying Web Application Firewall (WAF) as interim mitigation during upgrade planning.
Evidence:
WhatWeb (Initial Detection)
Evidence: X-Powered-By: PHP/5.4.1 Web Technologies: PHP 5.4.1
searchsploit
Evidence: Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code | php/remote/29316.py Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Rem | php/remote/29290.c
Remediation Recommendations
Critical Findings:
- Immediately remediate all critical vulnerabilities identified.
- Apply security patches for known vulnerabilities.
- Implement input validation and parameterized queries.
High Findings:
- Address high severity vulnerabilities promptly.
- Enforce strong password policies and consider implementing multi-factor authentication (MFA).
- Review and strengthen authentication and authorization mechanisms.
Medium Findings:
- Review and remediate medium severity issues in a timely manner.
- Review HTTP headers to ensure sensitive data is not exposed.
- Update security configurations and settings.
Conclusion
In conclusion, the penetration test identified several critical and/or high vulnerabilities that require immediate remediation. The organization should address these vulnerabilities as a priority to mitigate the risk of unauthorized access and potential data breaches. Once the vulnerabilities are remediated, a retest should be conducted to verify the effectiveness of the fixes.
Acknowledgements
We would like to thank Penligent.AI for their cooperation and support during this engagement.
Appendix
A. Proof of Concept (PoC) & Evidence
- Logs from the testing phase
- Full list of discovered vulnerabilities with CVSS scores
B. Tools Used
- Nmap
- Burp Suite
- Metasploit
- OWASP ZAP
C. Glossary
- CVSS: Common Vulnerability Scoring System
- PoC: Proof of Concept
Prepared by: Penligent.AI
Date: 2025-12-27
200+ Industry Tools Supported
For security engineers, pentesters, and red teams, our AI pentesting engine lets you easily launch and manage industry-leading tools.
Scan for the latest CVEs and generate one-click PoC exploit scripts.
No complex setup required. Start in minutes.
Turn findings into verified impact with guided, step-by-step execution.
Prioritize what breaks real workflows, not just what scanners flag.
Every finding comes with artifacts, steps, and traceable proof.
Edit prompts, lock scope, and customize actions for your environment.
"Penligent is the closest thing I've seen to an AI red-team assistant that actually ships results. It doesn't just scan — it verifies, generates reproducible PoCs, and produces a clean report you can ship to stakeholders."
"Penligent is great for beginners learning pentesting, while giving experienced testers flexible, true human-in-the-loop control. It significantly boosts professional pentest efficiency."
"We've already had students using AI pentesting tools like Penligent heavily in real education and training. In an AI-native era, learning how to work with AI-driven offensive security is becoming essential."
"I'm using Penligent for real-world pentesting, not just casual security research. The one-click access to 200+ Kali tools feels genuinely powerful and makes the workflow incredibly smooth."
"I really like Penligent—especially for bug bounty. It's noticeably more efficient than traditional tools and workflows."
"This is a truly new kind of AI pentesting product—unlike anything I've used before. It makes pentesting genuinely intelligent and stays effective end-to-end, from finding and exploiting issues to verification and reporting."
"Penligent is the closest thing I've seen to an AI red-team assistant that actually ships results. It doesn't just scan — it verifies, generates reproducible PoCs, and produces a clean report you can ship to stakeholders."
"Penligent is great for beginners learning pentesting, while giving experienced testers flexible, true human-in-the-loop control. It significantly boosts professional pentest efficiency."
"We've already had students using AI pentesting tools like Penligent heavily in real education and training. In an AI-native era, learning how to work with AI-driven offensive security is becoming essential."
"I'm using Penligent for real-world pentesting, not just casual security research. The one-click access to 200+ Kali tools feels genuinely powerful and makes the workflow incredibly smooth."
"I really like Penligent—especially for bug bounty. It's noticeably more efficient than traditional tools and workflows."
"This is a truly new kind of AI pentesting product—unlike anything I've used before. It makes pentesting genuinely intelligent and stays effective end-to-end, from finding and exploiting issues to verification and reporting."
"Penligent is the closest thing I've seen to an AI red-team assistant that actually ships results. It doesn't just scan — it verifies, generates reproducible PoCs, and produces a clean report you can ship to stakeholders."
"Penligent is great for beginners learning pentesting, while giving experienced testers flexible, true human-in-the-loop control. It significantly boosts professional pentest efficiency."
"We've already had students using AI pentesting tools like Penligent heavily in real education and training. In an AI-native era, learning how to work with AI-driven offensive security is becoming essential."
"I'm using Penligent for real-world pentesting, not just casual security research. The one-click access to 200+ Kali tools feels genuinely powerful and makes the workflow incredibly smooth."
"I really like Penligent—especially for bug bounty. It's noticeably more efficient than traditional tools and workflows."
"This is a truly new kind of AI pentesting product—unlike anything I've used before. It makes pentesting genuinely intelligent and stays effective end-to-end, from finding and exploiting issues to verification and reporting."
"Penligent is the closest thing I've seen to an AI red-team assistant that actually ships results. It doesn't just scan — it verifies, generates reproducible PoCs, and produces a clean report you can ship to stakeholders."
"Penligent is great for beginners learning pentesting, while giving experienced testers flexible, true human-in-the-loop control. It significantly boosts professional pentest efficiency."
"We've already had students using AI pentesting tools like Penligent heavily in real education and training. In an AI-native era, learning how to work with AI-driven offensive security is becoming essential."
"I'm using Penligent for real-world pentesting, not just casual security research. The one-click access to 200+ Kali tools feels genuinely powerful and makes the workflow incredibly smooth."
"I really like Penligent—especially for bug bounty. It's noticeably more efficient than traditional tools and workflows."
"This is a truly new kind of AI pentesting product—unlike anything I've used before. It makes pentesting genuinely intelligent and stays effective end-to-end, from finding and exploiting issues to verification and reporting."