The document details a penetration testing project conducted by Rishabh Upadhyay as part of his BCA program at the University of Allahabad, focusing on ethical hacking methodologies and network vulnerability assessments. Key findings highlight unprotected network devices, weak login credentials for various systems, and a demonstration of a man-in-the-middle attack. A simple network scanner was also developed to identify computers within a specified domain.

1. Ethical Hacking
&
Penetration Testing
Center of Computer
Center of Computer Education and Training
Institute of Professional Studies
December 23,2014
By: Rishabh Upadhyay
Batch: BCA[2012-15]
Under the Guidence of
Prof. R.R.Tewa

2. Pen Test University of Allahabad Local Area Network.
Network Mapping: Locate Important Host and Services,
Firewall and Switches and Hubs.
Develop a Simple Network Scanner.
Demonstrate Some Attacks.

3. What is a Penetration Testing?

4. Penetration Testing
“The process of evaluating systems,
applications, and protocols with the intent
of identifying vulnerabilities usually from the
perspective of an unprivileged or
anonymous user to determine potential real
world impacts…”

5. In short ...

6. Penetration Testing
…trying to break into stuff
before the bad guys do

7. PenTest
Methodologies

8. PenTest
Methodologies

9. Reconnaissance
Purpose:
Narrow down to Specific Target
and Technique
• Visiting Organisation Website
• Consulting Public Internet Registry
• Google Hacking
• Using Tools: Nikto ,Nessus,dig,
nslookup and lot more ..

10. Scanning
Purpose:
Look for Live Host , Firewall
Service Running ,Version
running
Types of Scan:
•
TCP connect Scan
•
SYN Scan
•
UDP Scan
Tools:
Nmap,Nessus ,tracert and lot more

11. Exploitation
Purpose:
To exploit the vulnerability and
to deploy payload on the remote
system
Tools:
Metasploit,Wireshark,Cain,Aircrack-ng,
Etherape,

12. Maintaining Access
Ways to Maintain Access
• Netcat,Crypt
•RootKits
•Remote Access Trojan(RAT)

13. Vulnerability Assessment
&
Penetration Testing
for
University Of Allahabad

14. Network Mapping
Why to Map network??
• Mapping Networks gives a better
understanding of underlying Internet and
network infrastructure.
• Network mapping makes testing ,evaluating
security of network easy and efficient.

15. Network Mapping
Network Mapped from SRK Hostel (172.16.233.7)
www.mail1.allduniv.ac.in
JK Web Server
www.allduniv.ac.in
www.proxy5.allduniv.ac.in
Cisco Managed Switched
SRK Hostel’s GateWay
Zonal Switch
CCE Gateway

16. Network Mapping
Network Mapped from EL Lab 1 (172.16.38.11)
www.mail1.allduniv.ac.in
www.proxy5.allduniv.ac.in www.allduniv.ac.in
www.ns2.allduniv.ac.in www.proxy2.allduniv.ac.in
JK Web Server
CCE Gateway
JK Institute Gateway
Fees Deposit Server (backups)
Gateway
Gateway
Gateway

17. Discoveries and
Findings …
Unprotected Switches and Routers
• UoA network has ample number unprotected
Switches and Gateways
• Login Credentials :
login:rwa
password:rwa
login:l2
password: l2
login: cisco
password:cisco
Refer Page 23 & 24 of the
Documentation for detailed
report

18. Discoveries and
Findings …
Unprotected
Switches
and
Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

19. Discoveries and
Findings …
Unprotected
Switches
and
Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

20. Discoveries and
Findings …
Unprotected
Switches
and
Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

21. Discoveries and
Findings …
Unprotected
Switches
and
Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

22. Discoveries and
Findings …
Unprotected Switches and Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

23. Discoveries and
Findings …
Unprotected
Switches
and
Routers
Refer Page 23 & 24 of the
Documentation for detailed
report

24. Discoveries and
Findings …
CCTV Cameras - Central Library
Refer Page 25 & 26 of the
Documentation for detailed
report
• UoA ‘s CCTV camera sends unencrypted over the network
• Weak Login Credentials :
login:admin
password: 1234

25. Footage of CCTV Cameras at Central Library

26. Discoveries and
Findings …
Refer Page 25 & 26 of the
Documentation for detailed
report
Footage of CCTV Cameras at Central Library

27. Discoveries and
Findings …
FTP Server running on 172.16.8.3
Refer Page 21 & 22 of the
Documentation for detailed
report
• Weak Login Credentials :
login:admin
password: auauau

29. UoA Hacking
Incident
Cause of Phishing Site and Hacking Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
• File Size : 2.94 GB
• Blue print of entire site
• Has credentials of
phpMyAdmin,Joomla
CMS
• It is the server end code
of the site

30. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report

31. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Right Now !! The Site is hosted on my machine

32. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Login into The Admin Pannel

33. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Log in Successful!! – Can create and delete post

34. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Total No of Admin the Site has

35. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Logging Into phpMyAdmin: SQL Server

36. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Logged in successfully

37. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Can view and manipulate the Professors Records

38. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Records of All student studing at UoA

39. UoA Hacking
Incident
Refer Page 21 & 22 of the
Documentation for detailed
report
Login Credentials with Salted MD5 Hash

40. Live Demonstration
Man in the Middle Attack:
Such type of attack are very easy to launch.
•In this type of attack the ,the attacker poisons
the ARP Table(Address Resolution Protocol)
•Hence, can divert all the traffic through its
System and can also alter the packets ,if he
wishes..
•Tools:
Etherape,
Driftnet

41. Live Demonstration
Man in the Middle Attack
***Caution****
1.The attack may or may not be successful
2.It may show some objectionable content

42. Simple Network
Scanner in C#
This simple network scanner scans the given work
group/domain for computers in Directory Services
The Developed Network Scanner take the limit of I P
addresses as Input and scans the entire domain and
outputs the Computer Name.
It uses the following Namespaces:
using System.Net;
using System.Net.Dns;
Methods:
Dns.GetHostByAddress();

43. Simple Network
Scanner in C#
Algorithm:
private void button1_Click(object sender, EventArgs e)
{
String ipAdress = textBox1.Text;
string machineName = string.Empty;
try
{
IPHostEntry hostEntry=Dns.GetHostEntry(ipAdress);
machineName=hostEntry.HostName;
}
catch (Exception ex)
{
textBox2.Text = "Machine Not Found";
}
textBox2.Text= machineName;

44. Simple Network
Scanner in C#
Screenshot

45. Thank You !!
Center of ComputerCenter of Computer Education and Training
Institute of Professional Studies
December 23,2014
By: Rishabh Upadhyay
Batch: BCA[2012-15]