SlideShare a Scribd company logo

INTERNSHIP REPORT TITLE

Download as PPTX, PDF
S
SuhailShaik16

The document is an internship report that includes: - Details about the internship organization and the internship period. - An overview of ethical hacking and the internship project involving identifying vulnerabilities. - A description of tasks completed including Portswigger labs, detecting vulnerabilities on a banking website, and executing a payload on a vulnerable website. - Results from ethical hacking quizzes and a generated vulnerability report using OWASP-ZAP. - Conclusions about gaining technical security knowledge around hacking techniques and prevention.

Engineering
1 of 32
INTERNSHIP REPORT&PROJECT REVIEW-1 INTERNSHIP PERIOD: 20-07-22 / 24-08-22 P MOHAMMED ISHAQ-20691A3726-III CSC CYBER SECURITY REVIEW DATE : 04-11-2022 INTERNSHIP MENTOR : Mr.Abdul Jaleel D
ABOUT INDUSTRY/ORGANIZATION DETAILS ORGANIZATION NAME : INTERNSHIP STUDIO • Internship Studio is an online training and internship platform founded on the principle that students interested in any field should not be required to have any sort of perspective knowledge in order to start their journey in that field. • The Founder and CEO of Internship Studio is Mr. Aniket Bihani. • I have done this internship by virtual mode. • The Internship Studio is located in MVPM Spark, Lane No 6, Ram Indu Park, Nr. Balewadi High St, Baner, Pune-411045, Maharashtra, IN. • Contact details: contact@internshipstudio.com
Internship Certificate
MY INTERNSHIP ETHICAL HACKING  ETHICAL HACKING is a process of detecting vulnerabilities in an application, system, or organization's infrastructure.  Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data.  Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.  This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.  Hence, Ethical hackers use their knowledge to secure and improve the technology of organizations.
INTERNSHIP DESCRIPTION: • I thoroughly enjoyed my experience as an intern for the ethical hacking team. • The work was challenging and engaging, and I appreciated the opportunity to work on such a wide variety of projects. • I would recommend this internship to anyone interested in ethical hacking or cybersecurity. • The purpose of this project is to identify, assess, and document potential vulnerabilities in an information system. • The project will also develop recommendations for mitigating or eliminating the identified vulnerabilities. The goal of this project is to ensure that the information system is secure and protected from attack. • By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation. • This project is important because it will help to protect the information system from being compromised. By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation.
THINGS I LEARNED IN THIS INTERNSHIP:  Kali Linux  Networking  Wireshark and analysis  Cryptography  Man in the middle attack  Information gathering  Android Hacking With Metasploit  Password Cracking  Proxy chains and TOR  Web Application Security  Cross Site Scripting Practical  Types of CSS: Introduction to Portswigger  Social Engineering attack  Automatic Vulnerability Scanner  Reporting And Communication: Hands On Bug Bounty
My Personal Benefit • I feel this internship has set me up for a better understanding of what legal studies are. • I feel empowered to be successful through the tools I have learned throughout this process. • This internship has allowed me to create a better understanding of how to find resources and other information systems to create real-life experience for comparing law and legal culture for future jobs. • The skills I have learned through creating this legal comparison has allowed me to build on my critical thinking skills. • Learning how to conduct ethical hacking assessments and penetration tests. • Gaining practical experience in report writing and presenting findings to clients or senior management.
Networking: The fundamental of Hacking A network is a collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data. Protocols: ★ TCP(Transmission Control Protocol) ★ IP(Internet Protocol) ★ UDP(User Datagram Protocol) ★ FTP(File Transfer Protocol) ★ HTTP(Hyper Text Transfer Protocol) ★ HTTPS(Hyper Text Transfer Protocol Secure) ★ SMTP(Simple Mail Transfer Protocol) Internet Protocol addresses (IP addresses): makes the world go 'round. Or, at least, enable us to email, Skype, and navigate the web. It's almost as important as the world going around! Each digital device (computer, laptop, phone, tablet, etc.) is assigned an IP address, and this is what enables us to communicate and connect with it. Imagine an IP address as similar to your house address. Without that address, no one could find you and send you snail mail.
Cryptography: Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. Objectives of Cryptography ★ Confidentiality : the information cannot be understood by anyone for whom it was unintended ★ Integrity : the information cannot be altered in storage or transit between sender and receiver. ★ Non-repudiation : the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information ★ Authentication: the sender and receiver can confirm each other's identity and the origin/destination of the information Types of Cryptography 1. Single-key or symmetric-key encryption 2. Public-Key or asymmetric-key encryption
Man in the Middle Attack: A man in the middle attack is a type of attack where the attacker intercepts communications between two parties and impersonates each party to the other. The attacker then has the ability to eavesdrop on the conversations, modify the messages, or even inject new messages.
ARP Spoofing Tool :We can use arpsoof tool available in linux to spoof the arp and act as MITM. Let’s dive into the real man in the middle attack Steps to reproduce: Install ARPSPOOF by typing apt-get install dsniff Syntax: Arpsoof -i (interface) -t (Client IP) (Your gateway) Arpsoof -i (interface) -t (Your Gateway) (Client IP)
Information Gathering Using Nmap: • Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. • Ping Scan: Scan can list devices up or running. • > nmap -sp 192.168.1.1/24 • Scan a single host: Scans a single host for 1000 well-known ports. These ports are the ones used by popular services like SQL, SNTP, apache, and others • It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then use it to attack a machine using an exploitation tool like Metasploit.
Web Application Security: • A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface • Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application's code. ... The inherent complexity of their source code, which increases the likelihood of unattended vulnerabilities and malicious code manipulation. Different types of security tests: Dynamic Application Security Test (DAST) Static Application Security Test (SAST) Penetration Test Runtime Application Self Protection (RASP)
We have three training weeks in internship. Each week there was 1 Quiz , so we have three Quiz’s Ethical hacking quiz 1: I scored 100%
Ethical hacking quiz 2: I scored 100%
Ethical hacking quiz 3: I scored 100%
ASSESSING VULNERABILITIES It is the process of identifying vulnerabilities in the computer systems, networks, and the communication channels. It is performed as a part of auditing and also to defend the systems from further attacks. The vulnerabilities are identified, classified and reported to the authorities so that necessary measures can be taken to fix them and protect the organization.
IN THIS PROJECT WE HAVE GIVEN THREE TASKS • TASK 1 : COMPLETING 3 PORTSWIGGER LABS • TASK 2: THEY’VE GIVEN A BANK APPLICATION WEBSITE . IN THIS WEBSITE WE DETECT VULNERABILITIES • TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
TASK 1: COMPLETING 3 PORTSWIGGER LABS LAB 1 Reflected XSS into HTML context with nothing encoded
LAB 2 : Stored XSS into HTML context with nothing encoded
LAB 3: DOM XSS in document.write sink using source location. search
TASK 2: GIVEN THAT TO FIND A VULNERABILITY OF A GIVEN WEBSITE/COMPANY AND GENERATE A REPORT OF THE VULNERABILITY THAT ARE AVAILABLE IN THE WEBSITE.
THE GENERATED REPORT IS DONE FROM THE OWASP-ZAP TOOL AND THE GENERATED REPORT IS SHOWN AS BELOW.
TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
WRITING REPORT TO COMPANY
• Title : Cross Site Scripting • Domain : vulnweb.com • SubDomain: testasp.vulnweb.com Steps to reproduce: step1: Visit http://testasp.vulnweb.com step2: On the top of the menu you will find a search option step3: Click on it and you will be prompted to the search box step4: you can intercept the request in the burp suite step5: Now you can find different payloads for XSS(cross site scripting) step6: Send the request to the intruder and paste all the payloads step7: Try to find a successful payload for XSS
Effect of this attack : Cross Site Scripting can lead to stealing of your user data and it can be harmful for your website/company Mitigation: If you want to prevent your website from XSS then you can just enable noscript on browser and by modifying the code which is vulnerable for which is linked with the user data.
Conclusion • From this ethical hacking internship, I have gained a better insight into the network and computer security of an organization. • I have also gained a lot of technical knowledge. I have learnt the techniques of hacking and have also learnt how to prevent the network and computers of an organization from being hacked. • I have also learnt how to secure the data of an organization. I have also learnt about the legal aspects of hacking. • I have also learnt about the various tools used by hackers. I have also learnt about the various types of attacks that can be launched on an organization.

Recommended

Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 

Recommended

Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 

More Related Content

Similar to INTERNSHIP REPORT TITLE

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 

Similar to INTERNSHIP REPORT TITLE (20)

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Computer security
Computer securityComputer security
Computer security
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
Application security
Application securityApplication security
Application security
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
 

Recently uploaded

VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 

Recently uploaded (20)

VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 

INTERNSHIP REPORT TITLE

  • 1. INTERNSHIP REPORT&PROJECT REVIEW-1 INTERNSHIP PERIOD: 20-07-22 / 24-08-22 P MOHAMMED ISHAQ-20691A3726-III CSC CYBER SECURITY REVIEW DATE : 04-11-2022 INTERNSHIP MENTOR : Mr.Abdul Jaleel D
  • 2. ABOUT INDUSTRY/ORGANIZATION DETAILS ORGANIZATION NAME : INTERNSHIP STUDIO • Internship Studio is an online training and internship platform founded on the principle that students interested in any field should not be required to have any sort of perspective knowledge in order to start their journey in that field. • The Founder and CEO of Internship Studio is Mr. Aniket Bihani. • I have done this internship by virtual mode. • The Internship Studio is located in MVPM Spark, Lane No 6, Ram Indu Park, Nr. Balewadi High St, Baner, Pune-411045, Maharashtra, IN. • Contact details: contact@internshipstudio.com
  • 4. MY INTERNSHIP ETHICAL HACKING  ETHICAL HACKING is a process of detecting vulnerabilities in an application, system, or organization's infrastructure.  Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data.  Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.  This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.  Hence, Ethical hackers use their knowledge to secure and improve the technology of organizations.
  • 5. INTERNSHIP DESCRIPTION: • I thoroughly enjoyed my experience as an intern for the ethical hacking team. • The work was challenging and engaging, and I appreciated the opportunity to work on such a wide variety of projects. • I would recommend this internship to anyone interested in ethical hacking or cybersecurity. • The purpose of this project is to identify, assess, and document potential vulnerabilities in an information system. • The project will also develop recommendations for mitigating or eliminating the identified vulnerabilities. The goal of this project is to ensure that the information system is secure and protected from attack. • By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation. • This project is important because it will help to protect the information system from being compromised. By identifying and assessing potential vulnerabilities, the project will help to ensure that the system is not susceptible to exploitation.
  • 6. THINGS I LEARNED IN THIS INTERNSHIP:  Kali Linux  Networking  Wireshark and analysis  Cryptography  Man in the middle attack  Information gathering  Android Hacking With Metasploit  Password Cracking  Proxy chains and TOR  Web Application Security  Cross Site Scripting Practical  Types of CSS: Introduction to Portswigger  Social Engineering attack  Automatic Vulnerability Scanner  Reporting And Communication: Hands On Bug Bounty
  • 7. My Personal Benefit • I feel this internship has set me up for a better understanding of what legal studies are. • I feel empowered to be successful through the tools I have learned throughout this process. • This internship has allowed me to create a better understanding of how to find resources and other information systems to create real-life experience for comparing law and legal culture for future jobs. • The skills I have learned through creating this legal comparison has allowed me to build on my critical thinking skills. • Learning how to conduct ethical hacking assessments and penetration tests. • Gaining practical experience in report writing and presenting findings to clients or senior management.
  • 8. Networking: The fundamental of Hacking A network is a collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data. Protocols: ★ TCP(Transmission Control Protocol) ★ IP(Internet Protocol) ★ UDP(User Datagram Protocol) ★ FTP(File Transfer Protocol) ★ HTTP(Hyper Text Transfer Protocol) ★ HTTPS(Hyper Text Transfer Protocol Secure) ★ SMTP(Simple Mail Transfer Protocol) Internet Protocol addresses (IP addresses): makes the world go 'round. Or, at least, enable us to email, Skype, and navigate the web. It's almost as important as the world going around! Each digital device (computer, laptop, phone, tablet, etc.) is assigned an IP address, and this is what enables us to communicate and connect with it. Imagine an IP address as similar to your house address. Without that address, no one could find you and send you snail mail.
  • 9. Cryptography: Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. Objectives of Cryptography ★ Confidentiality : the information cannot be understood by anyone for whom it was unintended ★ Integrity : the information cannot be altered in storage or transit between sender and receiver. ★ Non-repudiation : the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information ★ Authentication: the sender and receiver can confirm each other's identity and the origin/destination of the information Types of Cryptography 1. Single-key or symmetric-key encryption 2. Public-Key or asymmetric-key encryption
  • 10. Man in the Middle Attack: A man in the middle attack is a type of attack where the attacker intercepts communications between two parties and impersonates each party to the other. The attacker then has the ability to eavesdrop on the conversations, modify the messages, or even inject new messages.
  • 11. ARP Spoofing Tool :We can use arpsoof tool available in linux to spoof the arp and act as MITM. Let’s dive into the real man in the middle attack Steps to reproduce: Install ARPSPOOF by typing apt-get install dsniff Syntax: Arpsoof -i (interface) -t (Client IP) (Your gateway) Arpsoof -i (interface) -t (Your Gateway) (Client IP)
  • 12. Information Gathering Using Nmap: • Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. • Ping Scan: Scan can list devices up or running. • > nmap -sp 192.168.1.1/24 • Scan a single host: Scans a single host for 1000 well-known ports. These ports are the ones used by popular services like SQL, SNTP, apache, and others • It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then use it to attack a machine using an exploitation tool like Metasploit.
  • 13. Web Application Security: • A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface • Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application's code. ... The inherent complexity of their source code, which increases the likelihood of unattended vulnerabilities and malicious code manipulation. Different types of security tests: Dynamic Application Security Test (DAST) Static Application Security Test (SAST) Penetration Test Runtime Application Self Protection (RASP)
  • 14. We have three training weeks in internship. Each week there was 1 Quiz , so we have three Quiz’s Ethical hacking quiz 1: I scored 100%
  • 15. Ethical hacking quiz 2: I scored 100%
  • 16. Ethical hacking quiz 3: I scored 100%
  • 17. ASSESSING VULNERABILITIES It is the process of identifying vulnerabilities in the computer systems, networks, and the communication channels. It is performed as a part of auditing and also to defend the systems from further attacks. The vulnerabilities are identified, classified and reported to the authorities so that necessary measures can be taken to fix them and protect the organization.
  • 18. IN THIS PROJECT WE HAVE GIVEN THREE TASKS • TASK 1 : COMPLETING 3 PORTSWIGGER LABS • TASK 2: THEY’VE GIVEN A BANK APPLICATION WEBSITE . IN THIS WEBSITE WE DETECT VULNERABILITIES • TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
  • 19. TASK 1: COMPLETING 3 PORTSWIGGER LABS LAB 1 Reflected XSS into HTML context with nothing encoded
  • 20.
  • 21. LAB 2 : Stored XSS into HTML context with nothing encoded
  • 22.
  • 23. LAB 3: DOM XSS in document.write sink using source location. search
  • 24.
  • 25. TASK 2: GIVEN THAT TO FIND A VULNERABILITY OF A GIVEN WEBSITE/COMPANY AND GENERATE A REPORT OF THE VULNERABILITY THAT ARE AVAILABLE IN THE WEBSITE.
  • 26. THE GENERATED REPORT IS DONE FROM THE OWASP-ZAP TOOL AND THE GENERATED REPORT IS SHOWN AS BELOW.
  • 27. TASK 3: TO EXECUTE A PAYLOAD IN THE WEBSITE(VULNWEB.COM) AND REPORT THE EFFECT OF THE VULNERABILITY IN THE WEBSITE.
  • 28.
  • 30. • Title : Cross Site Scripting • Domain : vulnweb.com • SubDomain: testasp.vulnweb.com Steps to reproduce: step1: Visit http://testasp.vulnweb.com step2: On the top of the menu you will find a search option step3: Click on it and you will be prompted to the search box step4: you can intercept the request in the burp suite step5: Now you can find different payloads for XSS(cross site scripting) step6: Send the request to the intruder and paste all the payloads step7: Try to find a successful payload for XSS
  • 31. Effect of this attack : Cross Site Scripting can lead to stealing of your user data and it can be harmful for your website/company Mitigation: If you want to prevent your website from XSS then you can just enable noscript on browser and by modifying the code which is vulnerable for which is linked with the user data.
  • 32. Conclusion • From this ethical hacking internship, I have gained a better insight into the network and computer security of an organization. • I have also gained a lot of technical knowledge. I have learnt the techniques of hacking and have also learnt how to prevent the network and computers of an organization from being hacked. • I have also learnt how to secure the data of an organization. I have also learnt about the legal aspects of hacking. • I have also learnt about the various tools used by hackers. I have also learnt about the various types of attacks that can be launched on an organization.