The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.

1. VULNERABILITY ASSESSMENT
& PENETRATION TESTING
Made By :
DARSHAN BHAVSAR (20082291001)
SAGAR THAKOR (20082291023)

2. INDEX
• What Is Vulnerability Assessment
• What Is Penetration Testing
• Types Of Testing
• Steps Involved In vapt Process
• Some Images
• Tools Which Are Use
• Top Common Vulnerability
• Demo Website And Vm’s
• Some vulnerabilities and solution of them.

3. WHAT IS VULNERABILITY ASSESSMENT
• Vulnerability assessment (VA) is a systematic technical approach to finding the security
loopholes in a network or software system.
• It primarily adopts a scanning approach which is done.
• both manually and performed by certain tools.
• The outcome of a VA process is a report showing all vulnerabilities, which are
categorised based on their severity.
• This report is further used for the next step, which is penetration testing (PT).

4. WHAT IS PENETRATION TESTING
• A Penetration test (PT) is a proof-of-concept approach to actually explore and exploit
vulnerabilities.
• This process confirms whether the vulnerability really exists and further proves that
exploiting it can result in damage to the application or network.
• The outcome of a PT is, typically, evidence in the form of a screenshot or log, which
substantiates the finding and can be a useful aid towards remediation.

5. TYPES OF TESTING
• There Are Mainly 3 Types Of Testing.
1. BLACKBOX TESTING
2. GRAYBOX TESTING
3. WHITEBOX TESTING
• Black Box does not include any knowledge of the structure of the system, so this type of
testing simulates the approach of an outside attacker.
• Gray Box includes only a limited knowledge of the layout of the target.
• White Box testing occurs when a penetration tester has complete knowledge of the
layout of the target(s).

6. STEPS INVOLVED IN VAPT PROCESS
• Enumerates a vulnerability.
• Performs an attack manually
• Analyses the results of the attack Performs similar or different attacks based on previous
findings
• Assimilates the results to create a customised attack
• Exploits the vulnerability further to see if more attacks are possible
• Repeats the above steps for all vulnerabilities
• Prepare the final report of testing

10. TOOLS WHICH ARE USE
• HOSTEDSCAN
• NMAP
• OWASP ZAP
• WPSCAN
• NIKTO

11. • NMAP :- Nmap is a network scanning tool that uses IP packets to identify all the devices
connected to a network and to provide information on the services and operating
systems they are running.
• OWASP ZAP :- OWASP ZAP Penetration testing helps in finding vulnerabilities before
an attacker does. OSWAP ZAP is an open-source free tool and is used to perform
penetration tests. The main goal of Zap is to allow easy penetration testing to find the
vulnerabilities in web applications.
• NIKTO :- Nikto is an open source web server and web application scanner. Nikto can
perform comprehensive tests against web servers for multiple security threats, including
over 6700 potentially dangerous files/programs. Nikto can also perform checks for
outdated web servers software, and version-specific problems.

12. • WPSCAN :- The WPSSCAN CLI tool is a free, for non-commercial use, black box
WordPress security scanner written for security professionals and blog maintainers to
test the security of their sites.
• HOSTEDSCAN :- Vulnerability scans, automated for any business. Scan networks,
servers, and websites for security risks. Manage your risks via dashboards, reporting,
automation.

13. TOP COMMON VULNERABILITY
• SQL Injection
• Cross Site Scripting
• Broken Authentication and Session Management
• Insecure Direct Object References
• Security Misconfiguration
• Insecure Storage
• Failure to restrict URL Access
• Un-validated Redirects and Forwards

14. DEMO WEBSITE AND VM’S
• https://demo.testfire.net
• http://testphp.vulnweb.com
• OWASP Mutillidae II
• Attack-defense online lab

15. SOME VULNERABILITY

16. 1.Vulnerability name : XML RPC SEEMS TO BE ENABLED.
SEVERITY : MEDIUM.
IMPACT : Vulnerability in XML-RPC allows an attacker to make a system call which can be
dangerous for the application and servers. Also, an attacker can use this method to craft a
successful DOS and BRUTEFORCE attack against the application.
SOLUTION : Simply deleting the xmlrpc.php file. That's a WordPress core file that some 3rd-
party apps and plugins still rely on to interact with WordPress, so deleting it risks disrupting their
functionality. I'll describe three ways of disabling XML-RPC safely here:
1. Disable XML-RPC in WordPress using a plugin.
2. Block XML-RPC using the htaccess file.
3. Disable XML-RPC in WordPress via a filter.

18. 2. Vulnerability name : THEME VERSION IS OUT DATED.
SEVERITY : LOW.
IMPACT : Outdated theme versions are more prone to get affected by a security threat Over time
hackers find their way to exploit its core and ultimately execute the attack on the sites still using
outdated versions.
Solution : the WordPress team releases patches and newer versions with updated security
mechanisms. Update themes and plugins.

19. 3.Vulnerability name : BACKUP DIRECTORY FOUND.
SEVERITY : MEDIUM
IMPACT : The File Manager WordPress plugin, version 6.4 and lower, failed to restrict
external access to the fm_backups directory with a .htaccess file. This resulted in the ability for
unauthenticated users to browse and download any site backups, which sometimes include full
database backups, which the plugin had taken.
SOLUTION : Update the File Manager WordPress plugin, version 6.5 and higher.

21. 4.Vulnerability : USERID/USERNAME FOUND.
SEVERITY : HIGH
IMPACT : Attacker will do Bruteforce attack and get your password.
SOLUTION : Change username/id and password.
Create complex password.
Require multi-factor authentication
Enable and configure remote access. An access management tool like OneLogin will
mitigate the risk of a brute-force attack.

24. 5.VULNERABILITY : GOT ACESS OF DATABASE.
SEVERITY : CRITICAL.
IMPACT : WordPress Database is the brain of a WordPress website as it stores all the information about
and on the website like posts, pages, comments, tags, users data, categories, custom fields, and other site
options. This makes it a juicy target for malicious actors. Spammers and hackers run automated codes for
SQL injections. Here is how you can secure the WordPress database .
SOLUTION : Change Administrator Username and user id.
Change Database Prefix
Strict Database User Privileges
Create Backups and delete custom tables.
reference : https://www.getastra.com/blog/911/how-to-secure-wordpress-database/

26. 6. Vulnerability : USERID/USERNAME FOUND.
SEVERITY : HIGH
IMPACT : Attacker will do Bruteforce attack and get your password.
SOLUTION : Change username/id and password.
Create complex password.
Require multi-factor authentication
Enable and configure remote access.
An access management tool like OneLogin will mitigate the risk of a bruteforce attack

28. 7. Vulnerability : ROBOT.TXT FOUND.
SEVERITY : LOW
IMPACT : This file can be viewed by anyone, and it might contain sensitive information about the
server. For example, specifying which directories shouldn’t be indexed tells the attacker where the
sensitive files are. robot(s).txt to supply information to search engines and other indexing tools. This file
exists on your server.
SOLUTION : Make sure the file doesn’t contain any sensitive information. If any information in file so
remove it.

29. 6. Vulnerability : WORDPRESS VERSION IS OUT-DATED.
SEVERITY : LOW
IMPACT : Outdated WordPress versions are more prone to get affected by a security threat. Over
time hackers find their way to exploit its core and ultimately execute the attack on the sites still using
outdated versions.
SOLUTION : For the same reason, the WordPress team releases patches and newer versions with
updated security mechanisms. Running older versions of PHP can cause incompatibility issues. As
WordPress runs on PHP, it requires an updated version to operate properly.

33. 7. Vulnerability: - Cross Site Scripting (XSS) – Reflected
Severity: - Medium
Summary: -
 Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. When a web application is vulnerable to
this type of attack, it will pass unvalidated input sent through requests back to the client.
 The value of request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The input was echoed
unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Impact : Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
o Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to
trust the request and actually install the malware.
o Solution : Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should
consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses
should match a well-defined regular expression.
o Input which fails the validation should be rejected, not sanitized. User input should be HTML-encoded at any point where it is copied into application responses. All
HTML metacharacters, including <> " ' and =, should be replaced with the corresponding HTML entities (<> etc). -
o Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to
trust the request and actually install the malware.

34. VULNERABILITY FIND WITH HOSTEDSCAN
WEBSITE : HTTPS://DPSRKP.NET/

35. VULNERABILITY FIND WITH ZAP.
WEBSITE : HTTPS://DPSRKP.NET/

36. THANK YOU