Downloaded 14 times
More Related Content
Similar to Cybersecurity and Ethical Hacking: Capstone Project
More from Boston Institute of Analytics
Cybersecurity and Ethical Hacking: Capstone Project
- 1. CYBER SECURITY ÐICAL HACKING CAPSTONE PROJECT
- 2. PROJECT TITILE:- Scan awebsite and find out what open ports are actively running and what are the functions, benefits and threats of such ports being opened,test the vulnerability in the website.
- 3. PROJECT GOAL:- • Research •Data Collection • Identify Vulnerabilities • Technology Analysis • Port and Server Security • Recommendation • Presentation
- 4.
- 5. TOOLS USED INTHIS PROJECT ARE:-
- 6. ABOUT TOOLS Burp Suiteis a powerful web vulnerability scanner and testing tool used to identify, exploit, and remediate security issues in web applications through active and passive scans.
- 7. ABOUT TOOLS An open-sourceweb server scanner that identifies potential vulnerabilities and misconfigurations.
- 8. ABOUT TOOLS Nmap (NetworkMapper) is a versatile network scanning tool used to discover hosts, open ports, services, and vulnerabilities, aiding in security audits and network exploration.
- 9. ABOUT TOOLS A toolto identify the technologies used by a website, such as frameworks, databases, and analytics tools.
- 10. ABOUT TOOLS A platformused for analyzing website rankings, traffic data, and audience behavior.
- 11. TARGET OVERVIEW THROUGHSIMILAREB ON WWW.ROYALENFIELD.COM
- 12. TARGET OVERVIEW • URL:www.royalenfield.com • Category: E-commerce • Global Rank: #8,027 • India Rank: #769 • Total Visits: 2.21 million • Visit Duration: 2min • Bounce Rate: 54% • Pages Per Visit: 3.26
- 13. TARGET TECHNOLOGY ANALYSISTHROUGH WAPPALYZER ON WWW.ROYALENFIELD.COM
- 14. TECHNOLOGY OVERVIEW • Database:Firebase • Development: Firebase Hosting Technologies identified via Wappalyzer indicate modern frameworks and hosting solutions, ensuring performance and scalability.
- 15. NMAP TEST ONWWW.ROYALENFIELD.COM
- 16.
- 17. |-> nmap -Pnroyalenfield.com Initiates the Nmap tool Disables host discovery and assumes the host is up. website name (target) COMMAND USED
- 18. OUTPUT FOR THIS •Found open ports 80 (HTTP) • Found open ports 443 (HTTPS) Scan Duration: Completed in 5.54 seconds.
- 19.
- 20. |-> nmap -P-royalenfield.com Initiates the Nmap tool Scans all 65535 ports on the target. website name (target) COMMAND USED Enables very verbose mode for detailed output. -vvv
- 21. OUTPUT FOR THIS •Scan confirmed the host is up with IP address 104.123.216.158 Scan Duration: Completed in 313.34 seconds. • DNS Resolved at a104-123-216-158.deploy.static.akamaitechnologies.com • Found open ports 80 (HTTP) and 443 (HTTPS)
- 22. COMPARISON OF COMMANDS AspectCommand 1 Command 2 Command Ports Scanned Open Ports Time Taken Output Detail nmap -p- royalenfield.com -vvv nmap -Pn royalenfield.com Top 1000 ports Skipped Concise All 65535 ports Performed 80(HTTP),443(HTTPS) Highly Verbose 80(HTTP),443(HTTPS)
- 23.
- 24. |-> nmap -Sv-sC royalenfield.com Initiates the Nmap tool performs a service version Detection website name (target) COMMAND USED uses Nmap's default scripts
- 25. OUTPUT FOR THIS •The host is up with IP address 104.123.216.158 • Port 80 (HTTP): Hosted on AkamaiGHost (HTTP Acceleration/Mirror service). • Port 443 (HTTPS): Hosted on AkamaiGHost with an SSL certificate issued. • SSL Details: • Subject: Royal Enfield (Unit of Eicher Motors Ltd) (Location: Haryana, India) • Validity: 2024-05-28 to 2025-05-29. • Observed Issue: TLS randomness does not represent time correctly.
- 26. NIKTO TEST ONWWW.ROYALENFIELD.COM
- 27.
- 28. |-> nikto -hroyalenfield.com Initiates the nikto tool This flag specifies the target host website name (target) COMMAND USED
- 29. OUTPUT FOR THIS •Server: AkamaiGHost • Missing Security Headers: X-Frame-Options: Prevents clickjacking attacks. X-Content-Type-Options: Prevents MIME-sniffing attacks. • Server-Timing Header: Reveals server performance details. • Redirection: The website redirects to HTTPS for secure communication.
- 30. VULNERBILITY TEST THROUGHBURP SUITE ON WWW.ROYAKENFIELD.COM
- 31. FOUNDED OTP BYPASSVULERABILITY POC:- https://drive.google.com/file/d/1phxXxUmonFe6FtGmU Lp-k7d7yArDwMX1/view?usp=sharing
- 32. ABOUT VULNERABILITY A criticalvulnerability was identified where OTP validation can be bypassed, allowing unauthorized account creation. This poses a high risk of fraudulent activity and misuse. Recommendations: • Strengthen server-side OTP validation. • Introduce rate-limiting to prevent brute force attacks. • Add CAPTCHAs to block automated requests. • Implement detailed logging and monitoring for OTP-related activities.
- 33. MITIGATION Secure Open Ports(Nmap Results): • Close unnecessary open ports to reduce the attack surface. • Use firewalls to restrict access to sensitive ports. • Implement intrusion detection systems (IDS) to monitor unusual activity on open ports.
- 34. MITIGATION Secure Open Ports(Nmap Results): • Close unnecessary open ports to reduce the attack surface. • Use firewalls to restrict access to sensitive ports. • Implement intrusion detection systems (IDS) to monitor unusual activity on open ports.
- 35. MITIGATION Address Web ServerVulnerabilities (Nikto Results): • Add missing security headers like: • Disable unnecessary HTTP methods (e.g., TRACE, OPTIONS). • Regularly update web server software to the latest version to patch known vulnerabilities. • X-Frame-Options to prevent clickjacking attacks. • X-Content-Type-Options to block MIME-sniffing.
- 36. MITIGATION Strengthen OTP Validation(OTP Bypass): • Implement strict server-side validation for OTPs to prevent bypass attempts. • Limit the number of OTP attempts per user session to thwart brute- force attacks. • Introduce CAPTCHA for OTP-related actions to block automated scripts.
- 37.
- 38.