WORKSHOP ON

ETHICAL HACKING
Web Application Penetration Testing: Web application penetration
testing is a comprehensive security assessment methodology focused
on identifying and mitigating vulnerabilities within web-based
applications. It involves simulating real world attacks to evaluate the
security posture of web applications, aiming to discover weaknesses
that could be exploited by malicious actors. This process helps
organisations safeguard sensitive data, maintain regulatory
compliance and protect the reputation from potential security
breaches .
OWASP Top 10 Security Risks (Open Web Application Security
Project):
1.Broken Access Control: Access control is the permissions granted
that allow a user to carry out an action within an application. Some
users may only be able to access data, while others can modify or
create data Broken access control is a critical security vulnerability in
which attackers can perform any action (access, modify, delete)
outside of an application’s intended permissions.
2.Cryptographic Failures : Cryptographic failures occur when an
application does not correctly implement cryptographic protocols or
algorithms. Sensitive data is often personal in nature, and can include
personal contact details; demographic information; data about
protected classes; financial data; health data; and other types of
data.
3.Injection: As a broad attack category, injection occurs when code
that's been entrusted or even malware is input in a way that allows
attackers to alter the meaning of key commands. These injection
attacks rely on coding vulnerabilities that make it possible for
invalidated users to enter input….
4.Insecure Design:
The insecure design does not refer to a specific mistake, but rather,
an overarching way of thinking that needs to be addressed.
5.Security Misconfiguration: Misconfigurations can arise at any level,
such as application servers or network services. Often, they occur
because unnecessary features (such as ports or accounts) are
enabled. Out-of-date software is also a notable problem.
6.Vulnerable and Outdated Components: This risk increases further
as many websites continue using components with known
vulnerabilities rather than updating them.
7.Identification and Authentication Failures: Failures related to
identification and authentication can occur in a variety of situations.
In general, however, they're most likely when applications have major
flaws relating to password protection, session identifiers, or no rate
limits on login attempts.
8.Software and Data Integrity Failures: When code and
infrastructure are unable to protect against integrity violations, it
could lead to security flaws impacting everything from frameworks to
client-side machines.
9.Security Logging and Monitoring Failures: This is a crucial strategy
for mitigating attacks, as excessive login failures are indicative of
breaches. These logs must be properly backed up and stored in
separate locations to prevent unintentional losses in the event of a
natural disaster or simple hardware failure.
10.Server-Side Request Forgery: Server-side request forgeries (SSRF)
occur when flaws in web applications allow malicious parties to
access or even modify resources simply by abusing basic server
functionality.
SQL Injection: SQL injection is a technique used to extract user data
by injecting web page inputs as statements through commands.
Basically, malicious users can use these instructions to manipulate
the application’s webserver.
 SQL injection is a code injection technique that can compromise your
database.
 SQL injection is 1 of the most common websites in techniques.
 SQL injection is the injection of malicious code into SQL statements via
operation input For this activity we use the tool of like Havij to know more
about SQL Injection by following steps:
 Paste any link in Havij target
 Click on analyse
 You can see the status at the bottom of HAvij
 Click on Tables

 Click on the Get DB’s(database).

 Click on Get Tables.
 Click on Get Columns.
 Now you will get the tables on the left hand side now click on the tables that
you want. Foreg users and password.
 Click on Get Data.
 Then you will get all the id and password of all the users.
 Then you will get all the id and password of all the users.
 Now if you want id and password of all the users.
 Click on admin.
 You will get it.

XSS-Injection: Cross-Site Scripting (XSS) attacks are a type of

injection, in which malicious scripts are injected into otherwise
benign and trusted websites. XSS attacks occur when an attacker uses
a web application to send malicious code, generally in the form of a
browser side script, to a different end user.
For this activity we use bwapp.hackhub.net to know more about SQL
Injection by following steps:
 Login
 Select Cross-Site scripting-Reflected(Get)

 Click on “hack”
HTML-Injection: For this activity we use bwapp.hackhub.net to know
more about HTML Injection by following steps:
 Login
 Select HTML Injection-Reflected(Get)
 Click on “hack”

IFrame Injection: For this activity also we use bwapp.hackhub.net to

know more about iFrame Injection by following steps:
 Login
 Select iFrame Injection-Reflected(Get)
 Click on “hack”.
 The iframe is displaying robots.txt in the current page.
 In this challenge the iframe which has GET parameter in the URL
such as ParamUrl, ParamWidth and ParamHeigh. We can easily
change the robots.txt to any other URL for example I changed it to
https://jaiguptanick.github.io/Blog/blog/Overpass_TryHackMe/ , it
displayed the requested webpage.
Denial of Service(DoS)Using BURPSUITE: When a Denial of service
(DOS) attacks curse a computer on network user is unable to access
resources like email and the Internet. An attack can be directed at an
operating system or at the network. A denial-of-service (DoS) attack
is a malicious attempt to overwhelm a web property or network
resource, rendering it unavailable to its intended users by disrupting
its normal functioning. These attacks can take various forms, but
their common goal is to disrupt services and prevent legitimate users
from accessing expected resources.

Now we can observe the use of a repeater in Burp Suite, to create a

weaker version of a DoS attack. With the repeater tool, We can
repeatedly send a single interceptor request back to the server, and
the boost memory, and disk can be observed from the task manager
by using below steps:
 On the intercept.
 Go to HTTP history and click on the send to repeater.
 With just 2pings we can observe the changes in memory.
Trojan: A Trojan Horse Virus is a type of malware that downloads
onto a computer disguised as a legitimate program. The delivery
method typically sees an attacker use social engineering to hide
malicious code within legitimate software to try and gain users'
system access with their software.
This trojan can prevented by Firewalls. This attack may occur by some
Remote Access Tojans(RATs).
They are:
 ActivTrak.
 ProRat.
 DarkComet.
In order to prevent from this Trojan, we can use some
Trojan removers:
• TotalAV
• Norton
• SurfShark
• Bitdifender
Also we can make changes in our windows defender firewalls. First,
type Firewall Defender in our windows search bar then
 Go to Inbound Rules-These are to do with other things accessing
your computer. If you are running a Web Server on your computer
then you will have to tell the Firewall that outsiders are allowed to
connect to it. Now go to Outbound Rules-These are so that you can
let some programs use the Internet, and Block others. You will want
to let your Web Browser (Internet Explorer ).
Firewall:
A firewall in a computer network provides security at the perimeter
by monitoring incoming and outgoing data packets in network traffic
for malware and anomalies A firewall is designed to follow a
predefined set of security rules to determine what to allow on your
network and what to block.
Types:
Basically, there are two types of delivery methods for firewalls:
 Software - a software firewall protects the host it runs on such as a
computer or device, and a hardware firewall protects the network.
 Hardware- It runs software installed on the hardware appliance,
while a software firewall in a computer network uses a computer as
the hardware device on which to run.
Software Firewall Types:
 Packet Filtering Firewall
 Stateful Inspection
 Firewall Proxy Firewall
 Next Generation Firewall (NGFW)
 Unified Threat Management (UTM)
 Cloud Firewall
 Web Application Firewall (WAF)
 Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
How to secure INSTAGRAM account(Secure Guide):
1.
 Inside the Instagram app, tap the profile tab in the bottom-right
corner
 Tap the menu bar in the top-right corner, then select Settings
 Select Security and type security checkup
2. Enable two-factor authentication: Two-factor authentication or
"2FA" adds an extra layer of security to your Instagram account by
requiring you to enter a unique code, as well as your username and
password, when logging into the app.

3.Revoke access to third-party apps: Over the years, you may

have linked your Instagram account to third-party apps and services.
These may be completely safe, but it's possible that some of them —
especially if they're old and no longer active.
4.Check login activity: If you're worried your Instagram account
may have already been compromised, you can check your login
activity to find out when and how it was accessed.
5. Block or report suspicious accounts: It's important to not only
block but also report these accounts to Instagram, so that they can
be investigated and removed.
Mobile Security:
 Lock Your Device for Maximum

1. Set Up a Strong Password or PIN

2. Utilize Biometric Authentication
3. Enable Auto Lock and Timeout
4. Keep Your Software Up to Date
5. Update Your Operating System Regularly
6. Update Your Apps
7. Protect Your Data with Backups

8.Protect Your Device on Public Networks

9.Avoid Unsecured Wi-Fi Networks
10.Educate Yourself and Practice Safe Habits.

AES(Advanced Encryption Standard):

Advanced encryption standard(AES) is a specification for the
encryption of electronic data established by the U.S National Institute
of Standards and Technology(NIST) in 2001. AES is widely used today
as it is a much stronger than DES and triple DES despite being harder
to implement. Points to remember:
1. AES is a block cipher.
2. The key size can be 128/192/256 bytes
3. Encrypts data in blocks of 128 bits each. AES Encryption: JavaInUse
is an online tool for both AES and DES encryption. It provides both
CBC and ECB modes of encryption and decryption.
AES Decryption: By using the encrypted data and the secret key, we
can perform decryption.

Breaking Windows password: Windows is the most common

desktop platform currently in use. As a result, it is not uncommon for
hackers to encounter a Windows password that they need to crack in
order to gain access to a specific account on a machine or move
laterally throughout the network. Now a days, Hackers using many
tools to crack the windows passwords.
Some of them are:
1. Password Cracker
2. Rainbow Crack
3. Cain and Abel
4. John The Ripper
5. WFuzz
Password Cracker:
Password Cracker is a desktop tool that will let you view hidden
passwords in Windows applications. Some applications hide
passwords by asterisks for security purposes when creating an
account. Using the tool, you don’t have to note down the passwords
on a piece of paper. When enabled, you only have to hover the
mouse to the Test field to see the password.
Cain and Abel:
Cain and Abel is a free password cracking tool that was developed for
forensics staff, security professionals, and network professionals. The
application can act as a sniffer for monitoring network data.
Additionally, the application can recover passwords by recording VoIP
conversations, analysing routing protocols, decoding scrambled
passwords, and reveal cached passwords.
John The Ripper: John The Ripper is a free tool that can be used for
remote and local password recovery. The software can be used by
security experts to find out the strength of the password. This tool
uses Brute Force attack and Dictionary Attack features to detect
passwords.

BitLocker is a security feature built into Microsoft Windows that

encrypts all hard drives, including the operating system, system files,
and user data. The encryption process is designed to protect
sensitive data on a computer from unauthorized access, theft, or
hacking attempts.
When you turn on BitLocker, it uses encryption to protect all the files
stored on the hard drives. It does this by converting the data into
unreadable code, which can only be unlocked with a specific key. The
encryption key can be unlocked by BitLocker using either the user's
password or a smart card.
Base64 Encoding and Decoding: Base64 is used because some
systems are restricted to ASCII characters but are actually used for all
kinds of data. Base64 can "camouflage" this data as ASCII and thus
help this data pass validation. We use Base64 Encode and Decode -
Online tool to encrypt and decrypt.

Hashing(SHA-256):

Hashing is a one-way mathematical function that turns data into a

string of nondescript text that cannot be reversed or decoded. In the
context of cybersecurity, hashing is a way to keep sensitive
information and data including passwords, messages, and documents
— secure. Once this content is converted via a hashing algorithm, the
resulting value (or hash code) is unreadable to humans and
extremely difficult to decrypt, even with the help of advanced
technology. Hashing has become an important cybersecurity tool for
organizations, especially given the rise in remote work and use of
personal devices.
SHA-256 is one of the cryptographic hashing algorithm used for
message file and data integrity verification.

CIA Triad: The CIA Triad refers to confidentiality, integrity and

availability, describing a model designed to guide policies for
information security (Infosec) within an organization. Confidentiality:
Roughly equivalent to privacy confidentiality measures are designed
to prevent sensitive information from unauthorized access attempts.
Its common for data to be classified according to the amount and
type of damage that could be done if it fell into the wrong hands.
1. Integrity: The consistency, accuracy and trustworthiness of data
must be maintained over its entire life cycle. For example, in data
breaches.
2. Availability: Information should be consistently and readily
accessible for unauthorized parties. This involves properly
maintaining hardware and technical infrastructure and systems that
hold and display the information.
AAA Framework: Authentication authorization and accounting(AAA)
is a security framework for controlling and tracking user access within
a computer network. AAA intelligently controls access to computer
resources, enforces policies, audits usage and provides the
information necessary to build for services.
Authentication: Authentication provides a way of identifying a user
typically by having them enter a valid user name and password
before access is granted. Other authentication processes can be used
instead, such as biometrics or a smart card.
Authorization: The user must be authorized to perform certain tasks.
After logging into a system, for instance, they might try to issue
commands. The authorization process determines whether the user
has the authority to issue such commands.
Accounting: Accounting measures the resources the user consumes
during access. This can include the amount of system time or data
the user has sent and received during a session.
NonRepudiation(Digital Signatures): Non-repudiation is a security
mechanism used to ensure that a party involved in a transaction or
communication cannot deny their involvement in the activity.
Digital Signatures for Nonrepudiation: • Digital signatures play a
crucial role in achieving nonrepudiation. • A digital signature ensures
non-repudiation by providing a verifiable and tamper proof way to
sign digital data. • Here’s how it works:
o Public Key Cryptography: Digital signatures rely on public key
cryptography, which involves two mathematically related keys: a
public key and a private key.
o Signing Process:  The sender uses their private key to create a
digital signature for a document.  This signature proves that the
document was electronically signed by the holder of that private key.
o Verification Process: The recipient verifies the signature using the
corresponding public key.
VAPT(Vulnerability Assessment & Penetration Testing): Vulnerability
Assessment and Penetration Testing (VAPT) is a security testing
method used by organizations to test their applications and IT
networks. How does VAPT defend against Data Breaches? Data
breaches are a huge problem and not just for companies and
organizations that get hacked. Data breaches can result in identity
theft, stolen funds, and damaged trust from a user’s perspective. The
most vulnerable asset in any organization is its data.
Types of VAPT:
 Network penetration testing.
 Web application penetration testing.
 Mobile penetration testing.
 API penetration testing.
 Cloud penetration testing. Let’s understand the benefits of VAPT
testing:
1. Uncover security vulnerability
2. Avoid data breaches
3. Protect customer data and trust
4. Maintain the reputation of the company
5. Achieve compliance
6. Detailed VAPT reports
What are VAPT Tools? VAPT tools are a group of software tools used
to test the security of a system, network, or application. Here are
some of the top open-source tools that can perform VAPT:
1.Wireshark: It is open-source and is the most popular network
analyzer in the world.
2.Nmap: Nmap is an open-source network administration tool for
monitoring network connections.
3.Metasploit: Metasploit is a framework for developing and executing
exploit code against a remote target machine.
SOLARWISNDS: Solar winds is a network management tool that helps
companies manage networks, systems, and other infrastructure. The
products provided by SolarWinds are effective, accessible and easy to
use. It was found by Donald Yonce and David Yonce(brothers) in the
year 1999 with its headquarters in Austin, Texas. Solar winds has
acquired numerous companies that offer services from security to
database management. SolarWinds network performance
monitor(NPM) is used to detect outages, diagnose and resolve
network performance issuesThe database performance emulator
helps in quickly identifying and resolving database performance
problem

WORKSHOP REPORTED BY:

VANKESWARAM SREE NIDHI
21F01A4622
CYBER SECURITY :3RD YEAR