MD Shanawaz 142.C

You might also like

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 47

CYBER SCURITY AND ETHICAL HACKING

EXPLOTATION OF WEB USING SQLMAP


Internship Report submitted to Osmania University, Hyderabad
in partial fulfilment of the requirement for the award of the
degree of

Bachelor of Engineering
in
Computer Science and Engineering
By
MOHAMMED SHANAWAZ
Under the Supervision of

MR.KHAJA MISBAH QUADRI

Department of Computer Science and Engineering


LORDS INSTITUTE OF ENGINEERING & TECHNOLOGY
(Autonomous)
Himayathsagar, Hyderabad – 500 091.

1
Department of Computer Science and Engineering
LORDS INSTITUTE OF ENGINEERING & TECHNOLOGY
(Autonomous)
(Approved by AICTE, recognized by the Govt. of TS, and affiliated to OU)
Himayathsagar, Hyderabad – 500 0091.

CERTIFICATE

This is to certify that the Internship report entitled EXPLOTATION OF WEB


USING SQLMAP being submitted by Mr. / Ms. MOHAMMED SHANAWAZ
bearing H.T.No: 160921733142, in partial fulfilment of the requirements for the award
of the degree of Bachelor of Engineering in Computer Science and Engineeringis a
record of bonafide work carried out by him.

Faculty Coordinator Head of the Department


MR.KHAJA MISBAHUDDIN QUADRI DR.SHAIK IMAAM SAHEB PROF
Associate Proffesor,CSE HOD, CSE

2
LORDS INSTITUTE OF ENGINEERING & TECHNOLOGY
(Autonomous)
Himayathsagar, Hyderabad – 500 091.

3
Department of Computer Science and Engineering

DECLARATION BY THE CANDIDATE

I, MOHAMMED SHANAWAZ, bearing Hall Ticket No.160921733142, hereby


declare that the Internship entitled “EXPLOTATION OF WEB USING SQLMAP”
under the guidance of Inbtership KHAJA MISBAHUDDIN QUADRI, Department of
Computer Science Engineering, Lords Institute of Engineering & Technology,
Hyderabad is submitted in partial fulfillment of the requirements for the award of the
degree of Bachelor of Engineering in Computer Science and Engineering.
This is a record of bonafide work carried out by me and the results embodied in this
project have not been reproduced or copied from any source. The results embodied in
this Internship report have not been submitted to any other university or institute for the
award of any other degree or diploma.

MOHAMMED SHANAWAZ
H.T.No: 160921733142

4
ACKNOWLEDGMENT

I am very pleased to present this report of my internship work. This period of my


student life has been truly rewarding a number of people were of immense help to me
during the course of my research and the preparation of my thesis.

First, I wish to thank GOD Almighty who created heavens and earth, who helped me in
completing this project and I also thank my parents who encouraged me in this period
of research.

I will thanks to huntmetrics, for guiding and providing the opportunity to work
along with them in real time.

I would like to thank Internship MR.KHAJA MISBAHUDDIN QUADRI, Dept. of


Computer Science and Engineering, Lords Institute of Engineering & Technology,
Hyderabad, my internship coordinator, for his guidance and help. His insight during
the course of my research and regular guidance were invaluable to me.

I would like to express my deep sense of gratitude to Mr.Shaik Imaam Saheb,


Professor & HOD, Head of the Department, Computer Science and Engineering,
Lords Institute of Engineering & Technology, Hyderabad, for his encouragement
and cooperation throughout the project.

MOHAMMED SHANAWAZ
H.T.No: 160921733142

5
ABSTRACT

Kali Linux contains industry specific modifications as well as several hundred tools targeted towards
various Information Security tasks, such as Penetration Testing, Security Research, Computer
Forensics, Reverse Engineering, Vulnerability Management and Red Team Testing. Kali Linux is a
multi-platform solution, accessible and freely available to information security professionals and
hobbyists.
Kali Linux is specifically tailored to the needs of penetration testing professionals, and therefore all
documentation on this site assumes prior knowledge of, and familiarity with, the Linux operating
system in general.

6
LIST OF DIAGRAMS

SL NO. NAME OF THE DIAGRAM PAGE NO.

1. 4.1 8

2. 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9 9

3. 7.1, 7.2, 7.3, 7.4 13

4. 15

5. 19

6. 20

7. 21

INDEX
7
Contents Page No.

Department Certificate i

Company Certificate ii

Declaration

Acknowledgement

Abstract iii

List of Diagrams iv

CHAPTER-1: INTRODUCTION

CHAPTER-2:LITERATURE SURVEY

CHAPTER-3: TOOLS USED

CHAPTER-4:DESIGN

CHAPTER-5: IMPLEMENTATION

CHAPTER-6:SAMPLE CODE

CHAPTER-7: PROJECT EXECUTION & TESTING

CHAPTER-8: CONCLUSION

CHAPTER-9:BIBLOGRAPHY

8
CHAPTER 1
INTRODUCTION

Should contain two parts i.e. Company introduction and


Internship Introduction

As an intern at Huntmetrics Pvt Ltd, a leading cybersecurity company, I've had the privilege
of learning from industry experts in Cyber threat Hunting, Cybersecurity Risk Advisory, and
Critical Infrastructure Security Solutions.

Threat Hunting Mastery: Huntmetrics employs cutting-edge technologies and threat


intelligence to proactively detect and neutralize elusive cyber threats, offering valuable
insights into identifying and mitigating evolving digital threats.

Cybersecurity Risk Advisory: The company provides strategic guidance, conducting risk
assessments and crafting robust cybersecurity policies to empower clients in managing
technology risks effectively.

Critical Infrastructure Security: Huntmetrics specializes in safeguarding critical


infrastructure through tailored solutions, including threat modelling, vulnerability
assessments, and incident response strategies.

My internship at Huntmetrics has been transformative, offering practical experience and


knowledge in the dynamic field of cybersecurity. It's been a journey of learning and
inspiration, reaffirming the critical role of cybersecurity in our digital era. I am grateful for
the wealth of knowledge and practical skills I have gained during my time here, and I look
forward to contributing to the ever-evolving field of cybersecurity in the future.

1
Operating System is the main system software which is responsible for the flawless
working of the machine. Some Operating Systems are designed for some specific purposes.
Though we could use them for anything we want to, but they have some special tools or
services available feasibly to its users which makes it a good OS for the specific purpose.
Like we generally prefer Windows in case of gaming as most of the games are available for
windows itself. Likewise, we prefer mac OS for designing related purposes as most of the
designing software is easily available for mac and can be used flawlessly. In the same way
when we have an OS for Network Security, Digital Forensics, Penetration testing, or
Ethical Hacking named Kali Linux.
Kali Linux is a Debian-derived Linux distribution that is maintained by Offensive Security.
It was developed by Mati Aharoni and Devon Kearns. Kali Linux is a specially designed
OS for network analysts, Penetration testers, or in simple words, it is for those who work
under the umbrella of cybersecurity and analysis. The official website of Kali Linux
is Kali.org. It gained its popularity when it was practically used in Mr. Robot Series. It was
not designed for general purposes, it is supposed to be used by professionals or by those
who know how to operate Linux/Kali. To know how to install Kali Linux check its official
documentation.
Advantages:
 It has 600+ Penetration testing and network security tools pre-installed.
 It is completely free and open source. So you can use it for free and even
contribute for its development.
 It supports many languages.
 Great for those who are intermediate in linux and have their hands on Linux
commands.
 Could be easily used with Raspberry Pi.
Disadvantages:
 It is not recommended for those who are new to linux and want to learn linux.
(As it is Penetration Oriented)
 It is a bit slower.
 Some software may malfunction.

2
CHAPTER 2
LITERATURE SURVEY
2.1 Introduction to cyber security

Cybersecurity is the practice of protecting computer systems, networks, and data from
unauthorized access, attacks, damage, or theft. It has become an essential part of our
increasingly digital and interconnected world. Cybersecurity encompasses a wide range of
technologies, processes, and practices designed to safeguard information technology (IT)
assets and ensure the confidentiality, integrity, and availability of data.

Here is an introduction to some key aspects of cybersecurity:

Cyber Threats: There are various types of cyber threats, including malware (such as viruses,
worms, and ransomware), phishing attacks, denial-of-service (DoS) attacks, data breaches,
and more. These threats can come from hackers, cybercriminals, nation-states, or even insider
threats.

Confidentiality, Integrity, and Availability (CIA): The CIA triad is a fundamental concept
in cybersecurity. It represents the three core principles of information security:

Confidentiality: Ensuring that data is accessible only to authorized individuals.

Integrity: Ensuring that data is accurate and unaltered.

Availability: Ensuring that data and systems are available when needed.

Cybersecurity Measures: To protect against cyber threats, organizations and individuals


employ a variety of cybersecurity measures, including:

Firewalls: These are network security devices that monitor and filter incoming and outgoing
network traffic to block or allow specific data packets based on predefined security rules.

Antivirus Software: Designed to detect and remove malware from computers and networks.

Encryption: The process of converting data into a code to prevent unauthorized access.

3
Multi-factor Authentication (MFA): Requires users to provide multiple forms of
identification before granting access to a system or account.

Regular Software Updates: Keeping software and operating systems up-to-date to patch
known vulnerabilities.

Security Policies: Organizations establish cybersecurity policies and procedures to define


how they will protect their assets and respond to security incidents. These policies cover
areas such as data handling, password management, and incident response.

Incident Response: Preparing for and responding to cybersecurity incidents is a critical


aspect of cybersecurity. Organizations develop incident response plans to mitigate the impact
of breaches and restore normal operations as quickly as possible.

Ethical Hacking: Ethical hackers, also known as penetration testers or white-hat hackers, use
their skills to identify vulnerabilities and weaknesses in systems and networks to help
organizations improve their security.

Compliance and Regulations: Many industries and regions have specific cybersecurity
regulations and compliance requirements that organizations must adhere to. Non-compliance
can result in legal consequences and fines.

User Awareness: Cybersecurity is not only about technology but also about people. Training
and raising awareness among employees and individuals about cybersecurity best practices
are crucial in preventing many types of attacks, such as phishing.

Emerging Technologies: As technology evolves, new cybersecurity challenges and solutions


arise. This includes areas like the Internet of Things (IoT), cloud security, and artificial
intelligence (AI) for threat detection.

Cybersecurity Career Paths: The field of cybersecurity offers a wide range of career
opportunities, including cybersecurity analysts, ethical hackers, security engineers, and chief
information security officers (CISOs).

In today's digital age, cybersecurity is a continuous and evolving process. As threats become
more sophisticated, the need for robust cybersecurity practices and professionals who can
protect our digital assets becomes increasingly important. Whether you are an individual
looking to protect your personal data or an organization safeguarding sensitive information,

4
understanding and implementing cybersecurity principles is essential in our interconnected
world.

2.2 Layers of cyber security

Cybersecurity is typically organized into multiple layers or domains, each of which focuses
on a specific aspect of protecting information technology systems, networks, and data. These
layers work together to create a comprehensive defense against cyber threats. Here are the
common layers of cybersecurity:

Physical Security:

This layer involves securing the physical infrastructure of an organization, including data
centers, server rooms, and hardware devices.

Measures may include access control systems, security cameras, biometric authentication,
and secure facility design.

Perimeter Security:

Also known as network security, this layer focuses on protecting the boundary between an
organization's internal network and the external world, typically the internet.

Technologies like firewalls, intrusion detection systems (IDS), intrusion prevention systems
(IPS), and demilitarized zones (DMZs) are used to safeguard against unauthorized access and
attacks.

Identity and Access Management (IAM):

IAM involves managing user identities, authentication, and authorization. This layer ensures
that only authorized individuals or entities have access to specific resources or data within an
organization's network.

Technologies include single sign-on (SSO), multi-factor authentication (MFA), and access
control policies.

5
Network Security:

Within the internal network, additional security measures are implemented to protect data and
resources. This may involve network segmentation, VLANs (Virtual Local Area Networks),
and traffic monitoring.

Endpoint Security:

Endpoint devices like computers, smartphones, and IoT devices are often entry points for
cyberattacks.

Endpoint security solutions, such as antivirus software, endpoint detection and response
(EDR) systems, and mobile device management (MDM) tools, help protect these devices.

Application Security:

This layer focuses on securing software applications, including web applications and mobile
apps. Security practices include code reviews, vulnerability scanning, penetration testing, and
secure coding standards.

Data Security:

Data is a valuable asset that must be protected both in transit and at rest.

Encryption, data loss prevention (DLP) tools, and data classification are used to safeguard
sensitive information.

Cloud Security:

With the increasing use of cloud services, organizations need to secure data and applications
hosted in the cloud. Cloud security involves identity and access management for cloud
services, encryption, and monitoring cloud environments.

Security Monitoring and Incident Response:

This layer focuses on detecting and responding to security incidents in real-time.

Security Information and Event Management (SIEM) systems, intrusion detection systems
(IDS), and incident response plans are key components.

User Education and Training:

6
The human element is often the weakest link in cybersecurity. Education and training
programs help users recognize and respond to threats, such as phishing attacks and social
engineering.

Vendor and Supply Chain Security:

Organizations should assess and ensure the security of third-party vendors and supply chain
partners to prevent vulnerabilities introduced through external connections.

Regulatory and Compliance:

Many industries have specific regulatory requirements for data protection and cybersecurity.

This layer involves compliance with regulations and industry standards, such as GDPR,
HIPAA, or ISO 27001.

These layers work in concert to create a multi-layered Défense strategy, often referred to as
Défense in depth. By implementing security measures at various levels, organizations can
increase their resilience against a wide range of cyber threats and reduce the risk of
successful attacks.

2.3 Application Security

Application security, often abbreviated as "AppSec," is a critical component of cybersecurity


that focuses on protecting software applications from security threats and vulnerabilities.
Given the increasing reliance on software in today's digital world, ensuring the security of
applications is essential to protect sensitive data, prevent unauthorized access, and maintain
the trust of users. Here are key aspects of application security:

Code Review and Static Analysis:

Developers review the source code of applications to identify and remediate security flaws
before deployment.

Static analysis tools automate this process by scanning the code for vulnerabilities and
providing recommendations.

7
Dynamic Application Security Testing (DAST):

DAST tools analyze running applications to identify vulnerabilities in real-time. They


simulate attacks to discover issues such as SQL injection, cross-site scripting (XSS), and
insecure configurations.

Penetration Testing:

Ethical hackers, often referred to as penetration testers, conduct controlled security


assessments to find vulnerabilities and weaknesses in applications.

These tests simulate real-world attack scenarios to uncover potential risks.

Secure Coding Practices:

Developers should follow secure coding guidelines and best practices when writing code.

This includes input validation, output encoding, and proper handling of authentication and
authorization.

Authentication and Authorization:

Ensure that only authorized users can access specific parts of an application.

Implement strong authentication mechanisms and proper authorization controls to prevent


unauthorized access.

Encryption:

Encrypt sensitive data at rest and in transit.

Use secure encryption algorithms and key management practices to protect data
confidentiality.

Session Management:

Manage user sessions securely to prevent session hijacking or fixation. Implement features
like session timeouts and secure session handling.

Error Handling:

8
Develop error handling mechanisms that reveal minimal information to attackers. Avoid
exposing stack traces or sensitive system details in error messages.

Security Patching and Updates:

Keep all application components, including libraries and frameworks, up to date to address
known vulnerabilities. Regularly apply security patches and updates.

Third-Party Component Security:

Be cautious when using third-party libraries and components in applications. Verify the
security of these components and keep them updated to address vulnerabilities.

API Security:

Secure the interfaces and APIs that applications use to interact with other systems. Implement
proper authentication, authorization, and input validation for APIs.

Content Security Policy (CSP):

Implement CSP headers to mitigate cross-site scripting (XSS) attacks by specifying which
sources of content are allowed to be loaded.

Secure File Uploads:

If your application allows file uploads, validate and sanitize uploaded files to prevent
malware or malicious code execution.

Logging and Monitoring:

Implement logging to track and monitor application activity. Analyze logs for suspicious
behavior and potential security incidents.

Security Training and Awareness:

Provide training to developers, testers, and other stakeholders to raise awareness of security
risks and best practices.

Incident Response Plan:

9
Develop an incident response plan to address security incidents promptly and minimize their
impact.

Application security is an ongoing process that requires continuous monitoring and


improvement. It's crucial to integrate security practices throughout the software development
life cycle (SDLC) and to conduct regular security assessments and audits to identify and
address emerging threats and vulnerabilities. By prioritizing application security,
organizations can reduce the risk of data breaches and ensure the trust and safety of their
users.

2.3.1 SSDLC

SSDLC stands for "Secure Software Development Life Cycle." It is a set of practices and
processes that integrate security measures and considerations into every phase of the software
development life cycle (SDLC). The goal of SSDLC is to proactively identify and mitigate
security vulnerabilities and weaknesses in software applications, rather than addressing them
as an afterthought.

Here are the key phases and principles of the Secure Software Development Life Cycle
(SSDLC):

Planning and Risk Assessment:

Identify and assess potential security risks and threats associated with the software project.

Define security requirements and objectives.

Requirements Analysis:

Integrate security requirements into the project's functional and non-functional requirements.

Consider security features, access controls, authentication, and data protection requirements.

Design and Architecture:

Develop a secure architectural design that incorporates security mechanisms. Identify


security controls, such as firewalls, encryption, and access control lists, within the system's
design.

10
Secure Coding Practices:

Developers follow secure coding guidelines and best practices. Code reviews and static
analysis tools are used to identify and fix security vulnerabilities.

Testing and Verification:

Conduct thorough security testing, including dynamic application security testing (DAST)
and penetration testing. Verify that security controls and features function as intended.

Integration and Deployment:

Deploy the application securely, considering factors like secure configuration management
and hardening. Employ continuous integration and continuous deployment (CI/CD) pipelines
with security checks.

Monitoring and Incident Response:

Implement real-time monitoring and logging to detect security incidents. Develop an incident
response plan to address security breaches promptly.

Documentation and Training:

Document security-related information, such as security requirements, design decisions, and


testing results. Provide training to developers, testers, and other stakeholders on secure
coding and best practices.

Security Review and Compliance:

Periodically review the software for security updates and vulnerabilities. Ensure compliance
with industry-specific security standards and regulations.

Post-Release Maintenance:

Continue to monitor and maintain the security of the software after it's deployed.

Address any newly discovered vulnerabilities or emerging threats.

SSDLC aims to make security an integral part of the software development process rather
than a separate activity performed at the end. By incorporating security considerations from

11
the initial planning stages, organizations can reduce the risk of security breaches and data
leaks while delivering more secure software to their users.

In addition to the above phases, various security tools and technologies, such as static
analysis tools, dynamic analysis tools, security scanning tools, and security-focused libraries
and frameworks, can be used to enhance the security of the software development process.

2.3.2 Web application architecture

Web application architecture refers to the structural design and organization of web-based
software applications. It defines how various components and modules of a web application
interact with each other to provide functionality and deliver content to users over the internet.
A well-designed web application architecture ensures that the application is scalable,
maintainable, secure, and performs efficiently. Here are key components and considerations
in web application architecture:

Client-Side Components:

User Interface (UI): The client-side of a web application is responsible for rendering the
user interface that users interact with. It typically consists of HTML, CSS, and JavaScript
code.

Client-Side Frameworks: Popular JavaScript frameworks and libraries like React, Angular,
and Vue.js are often used to build dynamic and responsive UIs.

Client-Side Routing: Client-side routing is used to manage and handle different URLs
within a web application without the need for server-side requests.

Server-Side Components:

Web Server: The web server handles incoming HTTP requests from clients and routes them
to the appropriate components of the application.

Application Server: The application server contains the business logic of the web
application. It processes requests, interacts with databases, and performs other application-
specific tasks.

12
Server-Side Frameworks: Backend frameworks like Node.js, Ruby on Rails, Django, and
Express.js provide tools and structure for building server-side logic.

APIs: RESTful or GraphQL APIs are often used to enable communication between the
client-side and server-side components.

Database:

The database stores and manages the application's data. It can be relational (e.g., MySQL,
PostgreSQL) or NoSQL (e.g., MongoDB, Cassandra), depending on the data requirements.

Object-Relational Mapping (ORM) or similar tools may be used to interact with the database.

Middleware:

Middleware components, such as authentication middleware and logging middleware,


provide additional functionality between the client and the server.

They can enhance security, performance, and monitoring.

Caching:

Caching mechanisms like content delivery networks (CDNs) and in-memory caching (e.g.,
Redis) can be used to improve the performance of the web application by storing and serving
frequently accessed data.

Load Balancing:

Load balancers distribute incoming traffic across multiple servers or instances to ensure high
availability and scalability. They help prevent server overload and ensure that requests are
evenly distributed.

Security:

Security is a crucial aspect of web application architecture. Measures such as input


validation, encryption, authentication, authorization, and protection against common web
vulnerabilities like SQL injection and cross-site scripting (XSS) must be implemented.

13
Scalability:

The architecture should be designed to scale horizontally (adding more servers or instances)
or vertically (upgrading server resources) to handle increased load and traffic.

Session Management:

Effective session management ensures that user sessions are secure and that users can
maintain their state while interacting with the application.

Logging and Monitoring:

Logging and monitoring tools help track application performance, detect errors, and
troubleshoot issues in real-time.

Deployment and Hosting:

Decisions about where and how the application will be deployed and hosted are critical.
Options include on-premises servers, cloud platforms (e.g., AWS, Azure, Google Cloud), and
serverless architectures.

Scalability:

The architecture should be designed to scale horizontally (adding more servers or instances)
or vertically (upgrading server resources) to handle increased load and traffic.

Web application architecture can vary significantly depending on the specific requirements of
the application, the technologies chosen, and the development team's expertise. It's essential
to carefully plan and design the architecture to meet performance, security, and scalability
goals while ensuring a positive user experience.

2.4 Network security

Network security is the practice of protecting computer networks from unauthorized access,
attacks, disruption, or destruction. It involves implementing a combination of hardware,
software, policies, and procedures to safeguard the integrity, confidentiality, and availability
of network resources and data. Network security is essential in today's interconnected world

14
to prevent data breaches, cyberattacks, and other threats. Here are key components and
practices in network security:

Firewalls:

Firewalls act as a barrier between a trusted internal network and untrusted external networks,
such as the internet. They inspect and control incoming and outgoing network traffic based
on predefined security rules to allow or block data packets.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS):

IDS monitors network traffic for suspicious activities or patterns that may indicate an
intrusion.

IPS goes a step further by actively blocking or mitigating threats when detected.

Virtual Private Networks (VPNs):

VPNs encrypt data transmitted between devices over public networks, ensuring secure and
private communication. They are commonly used for remote access and to protect data while
in transit.

Access Control and Authentication:

Access control mechanisms, like role-based access control (RBAC), restrict network resource
access to authorized users only.

Authentication methods, such as usernames and passwords, multi-factor authentication


(MFA), and biometrics, verify user identities.

Network Segmentation:

Dividing a network into smaller segments or subnetworks enhances security by isolating


critical assets and limiting the scope of potential breaches.

Encryption:

Encrypting data in transit (using protocols like SSL/TLS) and data at rest (using encryption
algorithms) prevents unauthorized access to sensitive information.

15
Patch Management:

Keeping network devices, operating systems, and software up-to-date with security patches
and updates is crucial to address known vulnerabilities.

Security Policies and Procedures:

Establishing and enforcing security policies and procedures ensures that network security
practices are consistently followed. Policies cover areas like password management, data
classification, and incident response.

Network Monitoring and Logging:

Continuously monitoring network traffic and maintaining logs of network activities help
detect anomalies, track security events, and investigate incidents.

Security Awareness and Training:

Educating employees and network users about security best practices, social engineering
risks, and how to recognize phishing attempts is essential.

Wireless Network Security:

Securing wireless networks (Wi-Fi) involves implementing encryption (WPA3), strong


authentication, and intrusion detection.

Security Appliances and Technologies:

Utilizing security appliances like anti-virus, anti-malware, and content filtering systems can
provide additional layers of defense.

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Mitigation:

Implementing strategies and technologies to protect against DoS and DDoS attacks ensures
network availability during attack attempts.

Incident Response Plan:

Preparing and documenting an incident response plan helps organizations respond effectively
to security incidents and minimize their impact.

16
Security Audits and Penetration Testing:

Regularly conducting security audits and penetration testing helps identify vulnerabilities and
weaknesses in network defenses.

Compliance and Regulations:

Many industries have specific regulations and compliance requirements related to network
security, such as the Payment Card Industry Data Security Standard (PCI DSS) or the Health
Insurance Portability and Accountability Act (HIPAA).

Network security is a continuous and evolving process as cyber threats constantly change and
adapt. It's crucial for organizations to stay vigilant, regularly assess their security posture, and
update their network security strategies to defend against emerging threats.

2.5 Cryptography

Cryptography is the science and practice of securing information by transforming it into an


unreadable format, called ciphertext, to protect it from unauthorized access or tampering. It
plays a crucial role in ensuring the confidentiality, integrity, and authenticity of data in
various applications, including information security, communication, and privacy. Here are
key concepts and components of cryptography:

Encryption and Decryption:

Encryption is the process of converting plaintext (original data) into ciphertext using an
encryption algorithm and a secret key. The resulting ciphertext should be unintelligible
without the corresponding decryption key.

Decryption is the reverse process of converting ciphertext back into plaintext using the
decryption key.

Key Management:

Keys are essential in cryptography. The security of encrypted data relies on the strength of
the encryption algorithm and the secrecy of the encryption keys.

17
Key management involves key generation, distribution, storage, and rotation to ensure the
security of encrypted communications and data.

Types of Cryptography:

Symmetric Key Cryptography: In symmetric cryptography, the same key is used for both
encryption and decryption. Popular symmetric algorithms include AES (Advanced
Encryption Standard) and DES (Data Encryption Standard).

Asymmetric Key Cryptography: Also known as public-key cryptography, asymmetric


cryptography uses a pair of keys: a public key for encryption and a private key for
decryption. RSA and ECC (Elliptic Curve Cryptography) are common asymmetric
algorithms.

Hash Functions:

Hash functions are cryptographic algorithms that transform data into a fixed-size hash value
or digest. These values are unique to the input data.

Hash functions are commonly used to verify data integrity and create digital signatures.

Digital Signatures:

Digital signatures provide a way to ensure the authenticity and integrity of digital messages
or documents. They involve using a private key to create a unique signature for a piece of
data, which can be verified by others using the corresponding public key.

Public Key Infrastructure (PKI):

PKI is a framework that manages digital keys and certificates, including public keys and
digital signatures, to secure communications and authenticate users or entities.

Secure Communication Protocols:

Cryptographic protocols like SSL/TLS (Secure Sockets Layer/Transport Layer Security) are
used to secure data transmission over networks, such as the internet. These protocols ensure
that data exchanged between parties remains confidential and tamper-proof.

Cryptanalysis:

Cryptanalysis is the science of analyzing and breaking cryptographic systems.

18
Cryptanalysts use mathematical techniques, computing power, and knowledge of
cryptographic principles to attempt to decipher encrypted data without knowledge of the
encryption key.

Quantum Cryptography:

Quantum cryptography leverages the principles of quantum mechanics to provide secure


communication channels. It offers protection against certain attacks, such as those involving
quantum computers.

Application Areas:

Cryptography is applied in various fields, including information security, secure


communication (e.g., email encryption), digital payments (e.g., cryptocurrency), secure
access control (e.g., biometrics), and data privacy (e.g., GDPR compliance).

Cryptography is a fundamental building block of modern information security. It enables


individuals and organizations to protect sensitive data, secure communications, and establish
trust in digital transactions. As computing power continues to advance, cryptographic
techniques and algorithms evolve to meet the challenges of an ever-changing threat
landscape.

2.6 Risk Rating

Risk rating, in the context of risk management and assessment, is a method used to evaluate
and quantify the level of risk associated with a particular event, action, asset, or situation. It
assigns a numerical or qualitative value to risks to help organizations prioritize them, make
informed decisions, and allocate resources effectively. Risk rating typically involves
considering factors such as the likelihood of an event occurring and the potential impact or
consequences if it does.

Here are key elements and considerations in risk rating:

Likelihood:

Likelihood assesses the probability or chance that a specific risk event will occur. It is often
expressed as a probability percentage (e.g., 10% chance of occurrence).

19
Factors affecting likelihood include historical data, current conditions, trends, and external
influences.

Impact:

Impact assesses the severity or consequences of a risk event if it were to occur. It considers
the potential harm or damage to assets, operations, reputation, and financial well-being.

Impact can be classified as low, medium, high, or assigned numerical values to quantify it.

Risk Rating Matrix:

Many organizations use a risk rating matrix or a risk assessment framework to combine
likelihood and impact assessments into an overall risk rating.

The matrix typically categorizes risks into different risk levels or risk zones (e.g., low,
moderate, high) based on the combined likelihood and impact ratings.

Risk Categories:

Risks can be categorized based on different criteria, such as operational risks, financial risks,
strategic risks, compliance risks, and cybersecurity risks.

Each category may have its own rating criteria and assessment process.

Qualitative vs. Quantitative Rating:

Risk rating can be qualitative or quantitative. Qualitative rating uses descriptive terms (e.g.,
low, medium, high) to assess risks, while quantitative rating assigns numerical values (e.g.,
on a scale of 1 to 5).

Quantitative risk rating often requires more data and analysis but provides a more precise
assessment.

Risk Tolerance and Acceptance:

Organizations must determine their risk tolerance, which is the level of risk they are willing
to accept or tolerate. Risks that exceed the acceptable risk tolerance may require mitigation or
risk transfer strategies.

20
Mitigation and Response:

Risk rating helps organizations prioritize risks and allocate resources to mitigate or manage
them effectively. Mitigation strategies may involve risk avoidance, risk reduction, risk
sharing, or risk acceptance.

Monitoring and Review:

Risk ratings should be periodically reviewed and updated to reflect changes in the risk
landscape, new information, or evolving conditions. Regular monitoring helps ensure that
risk assessments remain accurate and up to date.

Communication and Reporting:

Effective communication of risk ratings to stakeholders, including senior management and


decision-makers, is crucial for informed decision-making and risk-awareness throughout the
organization.

Scenario Analysis:

Organizations may conduct scenario analysis to assess how different risk events could impact
their operations, finances, and strategic objectives.

Effective risk rating and assessment help organizations identify, prioritize, and respond to
risks that may affect their ability to achieve their goals. It forms a critical component of risk
management strategies and informs decision-making at all levels of an organization.

CHAPTER 3
21
Tools Used and your observation during Internship

Information Gathering means gathering different kinds of information about the


target. It is basically, the first step or the beginning stage of Ethical Hacking,
where the penetration testers or hackers (both black hat or white hat) tries to
gather all the information about the target, in order to use it for Hacking. To
obtain more relevant results, we have to gather more information about the
target to increase the probability of a successful attack. 0
Information gathering is an art that every penetration-tester (pen-tester) and
hacker should master for a better experience in penetration testing. It is a
method used by analysts to determine the needs of customers and users.
Techniques that provide safety, utility, usability, learnability, etc. for
collaborators result in their collaboration, commitment, and honesty. Various
tools and techniques are available, including public
their collaboration, commitment, and honesty. Various tools and techniques are
available, including public sources such as Whois, nslookup which can help
hackers to gather user information. This step is very important because while
performing attacks on any target information (such as his pet name, best friend’s
name, age, or phone number to perform password guessing attacks(brute force)
or other kinds of attacks) are required.
Information gathering can be classified into the following categories:
 Footprinting

 Scanning
 Enumeration
 Reconnaissance
Nmap is an open-source network scanner that is used to recon/scan networks. It
is used to discover hosts, ports, and services along with their versions over a
network. It sends packets to the host and then analyzes the responses in order to
produce the desired results. It could even be used for host discovery, operating
system detection, or scanning for open ports. It is one of the most popular
reconnaissance tools.
22
To use nmap:
 Ping the host with the ping command to get the IP address
ping hostname
 Open the terminal and enter the following command there.
nmap -sV ipaddress
Replace the IP address with the IP address of the host you want to scan.
 It will display all the captured details of the host.
2. ZenMAP
It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux.
It uses the Graphical User Interface. It is a great tool for network discovery and
security auditing. It does the same functions as that of the Nmap tool or in other
words, it is the graphical Interface version of the Nmap tool. It uses command
line Interface. It is a free utility tool for network discovery and security auditing.
Tasks such as network inventory, managing service upgrade schedules, and
monitoring host or service uptime are considered really useful by systems and
network administrators.
. whois lookup
3. Whois lookup whois is a database record of all the
registered domains over the internet. It is used for many purposes, a few of them
are listed below.
 It is used by Network Administrators in order to identify and fix DNS or
domain-related issues.
 It is used to check the availability of domain names.
 It is used to identify trademark infringement.
 It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal
whois geeksforgeeks.org
4. SPARTA
SPARTA is a python based Graphical User Interface tool which is used in the
scanning and enumeration phase of information gathering. It is a toolkit having
a collection of some useful tools for information gathering. It is used for many
purposes, a few of them are listed below.
 It is used to export Nmap output to an XML file.

23
 It is used to automate the process of Nikto tool to every HTTP service or any
other service.
 It is used to save the scan of the hosts you have scanned earlier in order to save
time.
 It is used to reuse the password which is already found and is not present in the
wordlist.

CHAPTER 4
Design (If applicable and available)

24
Visual Refresh - Updated wallpapers and GRUB theme
Shell Prompt Changes - Visual improvements to improve readability when copying code
Refreshed Browser Landing Page - Firefox and Chromium homepage has had a
makeover to help you access everything Kali you need
Kali Everything Image - An all-packages-in-one solution now available to download
Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and
ciphers
VMware i3 Improvements - Host-guest features properly work now on i3

25
Accessibility Features - Speech synthesis is back in the Kali installer
New Tools - Various new tools added, many from ProjectDiscovery!

26
CHAPTER 5
METHODOLOGY
1. Install Git
Installing Git will allow you to download the sample codes from the repository of any
git. Some might call this step cloning a repository; nevertheless, you’ll still need to use a
git command.
To install Git, you’ll have to write: “apt install git”, and this step will solve the
dependencies that need addressing in the OS. Check the image below for a better
understanding. Then all you need to do is visit a GitHub repository, select anyone from
the list, and you’re good to go.

2. Configure Bash Aliases


This process involves updating and upgrading the computer. By the looks of it, this
method needs to be done frequently prior to installing software packages. Generally,
Bash Aliases are saved in a file that you can update to add new ones. For updating Bash
Aliases, the user has to type nano -/.bash_aliases and press enter.
Furthermore, the step will open a list of distinctive aliases.
Related Article:- About Linux Operating System

3. New-low Privileged User


Setting up a low privileged user is the need of the hour as it would require to stop
logging into a route more miniature than ever. It would also ensure that the attacker
cannot take over any computer whatsoever. The step plays a critical role as the software
segment that runs like a route can take over a computer irrespective of any
intervention.
In Kali Linux, adding low privilege users is relatively straightforward and
straightforward. The command is:
"Add user {name of the user account}"
Once the command is entered, you'll have to enter a new password alongside other
information like Room Number, Home Phone, and Work Phone. After entering the
data, the user has to certify that the inputs are correct.

Visit here to learn Linux Training in Hyderabad

4. Install Terminal Multiplexer

27
It will oversee the installation of several scripts right from a similar terminal window.
Generally, users transfer to a terminal window that runs a hand by enabling them to
run different things on different taps.
Command to install Terminal Multiplexer is also simple. All you have to do is type:
"apt install tilix". After the completion of the installation, users will have to type
"Tillix".

5. Installing Hacking Tools


After you're done installing Kali Linux, you'll immediately figure that Kali Linux
doesn't have tools. Installing tools one by one can be a slight hassle, so you can type:
"Sudo apt update && Sudo apt install and the name of the said data package."

28
CHAPTER 6
SAMPLE CODE
If code is available
To display present working directory

pwd

This command will display the current directory you are in.

29
2. To list the directories and files in the current directory.
ls

This command will display the list of files and directories in the current directory.
3. To change the current working directory
cd

This command will change the directory you are currently working on.
4. To find a word in a file.
grep keyword filename

This command will list all the lines containing the keyword in them.
5. To create a new directory
mkdir directory_name

30
This command will create a new directory in the current folder with the
name directory_name.
6. To remove a directory
rmdir directory_name

This command will remove the directory with the name directory_name from the
current directory.
7. To move a file
mv source destination

31
This command is used to move a file from one location to another.
8. To copy a file
cp source destination

This command will copy the file from the source to the destination.
9. To create a new file
touch filename

32
This command will create a new file with the name “filename”

CHAPTER 7
EXECUTION AND TESTING
DATABASE TOOLS

33
Step 1 − To open sqlmap, go to Applications → 04-Database Assessment →
sqlmap.

34
Step 2 − To start the sql injection testing, type “sqlmap – u URL of victim”

Step 3 − From the results, you will see that some variable are vulnerable.

35
36
CHAPTER 8
CONCLUSION
On analysing the reported vulnerabilities that have been identified during this testing
exercise, it appears that most of them might have kept in at different phases of the
deployment and software development cycle.
These findings underscore the need for vigorously applying a culture of security upon the
entire length and breadth of the SDLC model that is being applied for developing the
application. This would mean a continuous process of strengthening the threat model, risk
identification and mitigation processes at each stage of the application development
lifecycle.
While it is certain that fixing the vulnerabilities identified in this exercise would greatly
reduce the risk exposure of the application, it must be appreciated that the concept of total
security is complex. As complementary types of technical solutions are implemented at
various layers (network, physical etc) these need to be supplemented with strong and
verifiable policies, processes and procedures in order to achieve a strong defense in depth
capability.
As a tactical approach, all the external facing applications have to undergo a deep dive
penetration testing with the relevant remediation. On the strategic solution to Idea
Cellular, we would need to address all the internal and external devices and application
from the real malware and threats.
We suggest having a managed service model of running the scans on all the identified
devices and applications on a quarterly basis to rule out any existing threats.

37
CHAPTER 9
BIBLIOGRAPHY
https://nvd.nist.gov/vuln

https://www.cvedetails.com/

https://owasp.org/www-project-top-ten/

https://portswigger.net/web-security/all-labs

https://resources.infosecinstitute.com/topics/hacking/
https://thehackernews.com/

https://hackerone.com/bug-bounty-programs

https://xss-quiz.int21h.jp/
OWASP - https://www.owasp.org/index.php/The_Owasp_Code_Review_Top_9
WASC - http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
MSDN- http://msdn.microsoft.com/en-us/library/ff649268.aspx
MSDN- http://msdn.microsoft.com/en-us/library/ff648637.aspx#c21618429_006
SANS - http://www.sans.org/top25-software-errors/
CERT:https://www.securecoding.cert.org/confluence/display/seccode/
Top+10+Secure+Coding+Practices
Best Practices: http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf

38
39

You might also like