A Pentest Adventure: From Shells to Access Cards

The First Chapter: Initial Access

The story began with the exploitation of a vulnerability in a publicly exposed, redacted software component. Through careful analysis and methodical exploitation, we were able to achieve command execution on the target system.

This resulted in a reverse shell, giving us direct interaction with the compromised host. With further escalation and configuration abuse, we were also able to establish Remote Desktop Protocol (RDP) access — effectively granting us the same level of control as a legitimate user on that system.

At this stage, organisations assume the worst is over: a single compromised machine. This is often just the opening scene.

Mapping the Internal Network

With an initial foothold secured, we shifted into internal reconnaissance mode. Like digital explorers, we began mapping the internal network, identifying hosts, services, applications, and trust relationships.

During this phase, we uncovered something unexpected.

The Hidden System: Access Card Management

Buried within the internal environment was an application responsible for managing and printing physical access cards. These cards were used to grant entry to office buildings and facilities across multiple company locations.

More concerning was that the application was still running with default credentials.

With authenticated access to the system, we could theoretically:

• Create or modify access cards
• Print new cards for employees or visitors
• Issue credentials for multiple international branches
• Bypass physical security controls entirely

In effect, a digital compromise had the potential to turn into a physical security breach. Imagine holding keys to doors on the other side of the world — all unlocked because default settings were never changed.

Why This Matters: Digital Meets Physical Security

This scenario highlights a critical but often overlooked reality: cybersecurity and physical security are deeply interconnected.

Compromising an internal application does not just risk data loss. It can:

• Enable unauthorised physical access
• Put employees and assets at risk
• Disrupt operations across multiple locations
• Lead to regulatory and compliance issues

Attackers do not stop at the first win — they look for ways to expand impact, move laterally, and maximise access.

Lessons Learned

🔑 Default credentials remain a critical risk
Whether it is a server, an internal app, or a physical access system, default credentials must be changed before deployment.

🔑 Internal systems deserve the same protection as external ones
Just because a system is “internal” does not mean it is safe. Strong authentication, access controls, defence mechanisms, and monitoring are essential.

🔑 Assume breach, limit impact
Segmentation, least privilege, and logging can prevent a single compromise from becoming an enterprise-wide incident.

🔑 Regular testing uncovers hidden risks
Weaknesses only become known during hands-on penetration testing.

Do not Let Your Story Take a Dark Turn.

The lesson is clear: security is not about firewalls and patching software. It is also about securing the everyday systems quietly running in the background — systems that attackers love to exploit.

At Liverton Security, we specialise in uncovering these hidden gaps before someone with malicious intent does.

Contact Liverton Security to have your network tested and secured — before your security story takes an unexpected turn.

About Liverton Security

Digital technology has greatly expanded opportunities for businesses, but has also introduced complex security threats that organisations cannot ignore. Protecting people, critical data, and entire organisations requires proactive and continuous security strategies.

As an influential and respected leader in global cybersecurity, Liverton Security specialises in helping businesses and government organisations neutralise evolving cyber threats in the digital age.