FINAL YEAR PRACTICAL TRAINING SEMINAR REPORT
Penetration testing and vulerability assesment”
Submitted in partial fulfilment of the degree of Bachelor of Technology
Rajasthan Technical University
DEPARTMENT OF COMPUTER ENGINEERING
POORNIMA GROUP OF INSTITUTIONS,JAIPUR
FINAL YEAR PRACTICAL TRAINING SEMINAR REPORT
“Penetration testing and vulerability assesment”
Submitted in partial fulfilment of the degree of Bachelor of Technology
Rajasthan Technical University
DEPARTMENT OF COMPUTER ENGINEERING
POORNIMA GROUP OF INSTITUTIONS,JAIPUR
(Academic Year 2018-19)
Guide: Mr.satyendra singh (Trainer/Developer)
RAJASTHAN TECHNICAL UNIVERSITY POORNIMA GROUP OF INSTITUTIONS , JAIPUR
This is to certify that Final Year Practical Training Seminar Report entitled “Penetration testing and vulerability assesment” has been submitted by “kaushtubh kumar(PGI15CE024)”for partial fulfilment of the Degree of Bachelor of Technology of Rajasthan Technical University. It is found satisfactory and approved for submission.
Mr. Satyendra Singh Mr. Manish BhardwajProf. Pankaj DhemlaTrainer/Developer Head, Director,
Dept.ofComputerEngineering, PGI,JaipurServices. (Jaipur)
A project of such a vast coverage cannot be realized without help from numerous sources and people in the organization. I am thankful to Mr. Shashikant Singhi, Director General, PGC and Prof. Pankaj Dhemla, Director, PGI for providing me a platform to carry out such a training successfully.
I am also very grateful to Mr. Manish Bhardwaj (HOD,CE) for his kind support.
I am also grateful to the Mr.Satyendra Singh for his/her guidance and support.
I am thankful to Mr. Satyendra Singh for his/her kind support and providing me expertise of the domain to develop the project.
I am also privileged to have Mr. Chandan Kumar Dubey who has/have flourished me with his/her/their valuable facilities without which this work cannot be completed.
I would also like to express my hearts felt appreciation to all of my friends whose direct or indirect suggestions help me to develop this project and to entire team members for their valuable suggestions.
Lastly, thanks to all faculty members of Computer Engineering department for their moral support and guidance.
Main purpose of this training is to understand the concept of cyber security. In today s era cyber security is main part of IT industries. Because in current scenario security of data is more important then its storing. according a study next world war can be in cyber security. So we have to secure our data and system from hacking so it is an very important to learn it. In project “penetration testing and vulnerability assessment”we simply find out the vulnerabilities in a system threw that a hacker can enter in the system.
Computer networks( 6cs01a).
Linux and shell programming(3cs04a).
Cyber security, Penetration testing, vulnerability assessment.
TABLE OF CONTENT
1. Title i
2. College Certificateii
4. Acknowledgement Page iv
6.Table Of Contentsvi
7.List of Figuresviii
8.Chapter 1: Introduction
1.1 Significance of the Trainingix
1.2 Company Profilex
1.2.1 Company Infrastructurex
1.2.2 Services provided by the companyxii
1.2.3 Products of the companyxiv
9. Chapter 2: Technology Specification xv
2.1 Language Learned xv
2.2 Tools or company technology xvi
10.Chapter 3: Project description xvii
3.1 Introduction to the project xvii
3.2 Project Modules xvii
3.3 Device Permission requirements xviii
11. Chapter 4: Snapshots of the Project xix
12. Chapter 5: Code of the Project xxiv
13. Limitation xlix
14.Future Scope of the project xl
CHAPTER 1. INTRODUCTION
1.1 Significance of training:
The purpose of Industrial Training is to transform the students in to real work of environment experience that how to work in a company, to gain the knowledge through hands on observation and job execution. From the industrial training, the students will also develop skills in work ethics, communication, management and others. Moreover, this practical training program allows students to relate theoretical knowledge with its application in the manufacturing industry.
The objectives of industrial training are:
1.) To provide students the opportunity to test their interest in a particular career before permanent commitments are made.
2.) To develop skills in the application of theory to practical work situations.
3.) To develop skills and techniques directly applicable to their careers.
4.) Internships will increase a student’s sense of responsibility and good work habits.
5.) To expose students to real work environment experience gain knowledge in writing report in technical works/projects.
6.) Internship students will have higher levels of academic performance.
7.) Internship programs will increase student earning potential upon graduation.
8.) To build the strength, teamwork spirit and self-confidence in students life.
9.) To enhance the ability to improve students creativity skills and sharing ideas.
10.) To build a good communication skill with group of workers and learn to learn proper behaviour of corporate life in industrial sector.
11.) The student will be able instilled with good moral values such as responsibility , commitment and trustworthy during their training.
Company profile.Dr CBS Cyber Security Services was establish in 2015 with the targate of creating awareness in public, and give training in law enforcement agencies, educating and protecting the youth, corporate and financial institutions from the problem of cyber crime. it pledge to lead individuals and organizations towards the safe use of technology. We also take pride in being the first in Rajasthan to launch such a program and this puts us way ahead of our times.
To achieve this goal, they have launched the four dimensional ‘CYBER WELLNESS PROGRAM’ as :1) PREVENTION THROUGH AWARENESS OF PEOPLE
2) CYBER CRIME INVESTIGATION AND PROVIDE TRAINING
3) SECURE SOFTWARE DEVELOPMENT IN THE SYSTEM
4) INFORMATION TECHNOLOGY (IT) SECURITY AUDIT AND CYBER SECURITY
SERVICES OF COMPANY:
1.) CYBER CRIME INVESTIGATION AND PROVIDE TRAINING
Training Program for “Investigation of Cyber Crime”, in which training is imparted to the investigating officers on legal, technical, forensic aspects regarding registration of FIR, SOP of evidences (relevant and admissible digital/ electronic) in the computer resource, its seizure, preservation, procurement, sending to FSL,drafting the Charge Sheet and submission in the court of law in a legally admissible manner.
Due to new and different technical modus operendi of cyber criminals the investigating officers are often left confused ; misled. So, we have designed various cybercrime investigation courses for the investigating officers to enable them to handle and solve cyber crime cases skillfully.
2.) PREVENTION THROUGH AWARENESS OF PEOPLE
Digital technology has made our lives easier, has brought innumerable benefits to the society but at the same time we are facing new serious threats in the form of cyber crimes. Unintentionally, due to lack of proper knowledge many of our children, youth, corporate houses and innocent people are falling in its trap. They are becoming offenders and victims of this crime.
Dissemination of knowledge about cybercrime (its legality, technicality, variety, occurrence, modus operandi, magnitude and preventive measures etc.), and safe use of computer, laptop, tablet, smart phone, internet, Wi-Fi, bank cards, e-banking, social media etc. to protect from the clutches of cyber-crime, through lectures ; seminars in schools, colleges and universities in general ; professional, technical and engineering institutes in particular. These services are further extended to social ; business association and clubs also
3.)SECURE SOFTWARE DEVLUPMENT IN THE SYSTEM:
In the constant fear of unauthorized access to our valuable and secret data being revealed to hackers, due to some common loopholes and vulnerability in codes and functionality of software. In the era of “Everything online” it is of utmost necessity to secure our software applications from external threats.
4.) INFORMATION TECHNOLOGY (IT) SECURITY AUDIT AND CYBER SECURITY:
We are living in the age of technological revolution and are impacted both positively and negatively by the same. In the case of corporates, if not managed well, it can have disastrous impact across multiple facets like business operations/ results, company management teams, individuals and third parties.
The Government of India recognizes this and has mandated practices on Information Security by amending “The IT Act 2000” in the year 2008 by introducing a new section 43A.
43A. Compensation for failure to protect data. –
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.
Explanation–For the purposes of this section,
(i)”Body corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
(ii)”Reasonable security practices and procedures” means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. The IT( Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
(iii)”Sensitive personal data or information” means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. Ref.: Section 3- of the Rules mentioned in the above paragraph (ii).
Further to this, to know the adequacy of reasonable security practices and procedures, IT audit is required (as per CERT-In guidelines, which are mandated by Ministry of Communication and IT). During the audit, the existing security policy and controls are reviewed for their adequacy, as outlined in the standards of ISO 27001, COBIT etc.
Dr CBS Cyber Security Services LLP is capable of conducting IT Security Audit and Assurance as per the requirements of CERT-In. We specialize in various parameters of IT Audits, including network mapping, vulnerability assessment/ exploitation, penetration testing, review and assessment of security policies and controls as per best practices, application security assessment, log review, incidence response and forensic auditing, malware/ backdoor detection, etc. as enumerated by CERT-In.
PROFILE OF TEAM MEMBERS:
1. DR.C.B.SHARMA IPS(R) SIR:
2. MR.SACHIN SHARMA SIR:
3. MR. MUDIT CHATURVEDI SIR:
4. MR. SATYENDRA SINGH SIR:
5. MR. GAURAV KUMAR SIR:
6. MR RAMESH VERMA SIR:
CHAPTER 2. TECHNOLOGY SPECIFICATION
The purpose of training is to understand about the cyber security need of it.in this training session we learnt about the cyber security and penetration testing. our project is to find out the venerability assessment in given website. In today era safety of data is more important than storing so to reduce the cyber-crime and safe our data we have to secure our system first. The way to examination our security strength is pen testing
Penetration testing is defined as the authorised access in the system. It is the way we penetrate the system to find out the vulnerability. It is important to patch this vulnerability for a secure system.
Goal of penetration testing
The main goal of vulnerability assessment is to identify security vulnerabilities under controlled circumstances so they can be eliminated before unauthorized users exploit them. Computer system expert use pen testing to find out the vulnerability in a system, focusing on high rating like critical or high risks vulnerabilities. Penetration testing is a valued assurance assessment tool that keep track our system as per the security needs.
Why is Penetration Testing Required?
Penetration testing normally finds a system’s ability to protect its capability of networks, applications in the system, endpoints and users from external or internal threats in the system. It also attempts to protect the security controls and ensures only authorized access by the user or to the user.
Penetration testing is essential because ?
It identifies the environment in which a attacker can attack i.e., how an intruder may attack the system through white hat attack.
It helps to find vulnerable points where an attacker can attack to gain access to the computer’s features and data.
It use to safe or protect black hat attack and protects the original data of the users system.
It limits the the attack on potential business.
It provides evidence and give us detail that how we can safe the system and why it is important to increase investments in security aspect of technology.
When to Perform Penetration Testing?
Penetration testing is an essential feature and it needs to be performed on regularly basis for securing the functioning of a system and keep it protect. In addition to this, it should be performed whenever ?
•Security of the system discovers new threats by attackers.
•if we are adding a new network infrastructure.
•if we updating our system or install new software.
•if we relocate our office.
•if are setting up a new end-user program/policy.
Types of Pen Testing
these are the important types of penetration testing ?
Black Box Penetration Testing type
White Box Penetration Testing type
Grey Box Penetration Testing type
Black Box Penetration Testing
In black box penetration testing, tester has no idea about the systems that he is going to test means that he have a little knowledge about it. He is interested to gather information about the target network or system or he want to get information about it. For example, in this testing, a tester only knows what should be the expected outcome and he does not know how the outcomes arrives he don’t know about the whole system and out comes. He does not examine any programming codes means it have little knolege about code.
Advantages of the Black Box Penetration Testing system:
It has the following advantages of it ?
Tester need not necessarily be an expert, as it does not demand specific language knowledge means tester can be in learning phase.
Tester verifies contradictions in the actual system and the specifications that how it different or same.
Test is generally conducted with the according to the user, not the designer
Disadvantages of the Black Box Penetration Testing system
Its disadvantages of it are ?
Particularly, these kinds of test cases are very tuff to design.
Possibly, it is not worth, incase designer has already conducted a test case.it is not sure that tester would complete test.
It does not conduct every test of system.
White Box Penetration Testing
In tis type of testing tester have the whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc means it have all the information about the system. It is normally considered as a simulation of an attack by an internal source means a expert will penetrait the system. It is also known as structural testing, glass box testing, clear box testing , and open box testing of system.
White box penetration testing examines the code coverage and does data flow testing that how data is travel, path testing, loop testing that any loop hole is there or not, etc.
Advantages of White Box Penetration Testing
It carries the following advantages ?
It ensures that all independent paths of a module have been exercised or we can say all path should check.
It ensures that all logical decisions have been verified along with their true and false value means all destination should must verify.
It search about the typographical errors and does syntax checking.
It finds the design errors that may have occurred because of the difference between logical flow of the program and the actual execution or we can say it analyse difference between logical and actual error.
Grey Box Penetration Testing
In this type of testing, a tester usually provides partial or limited information about the internal details of the program of a system means it don’t have full system information. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization’s network infrastructure documents this is work on this way.
The Advantages of the Grey Box Penetration Testing system
It have the following advantages over it ?
As the tester does not require the access of source code means it cannot access source code, it is non-intrusive and unbiased it cannot access all things.
As there is clear difference between a developer and a tester, so there is least risk of personal conflict beacouse code in not access by devlouper or tester.
You don’t need to provide the internal information about the program functions and other operations beacouse it not need all.
Areas of Penetration Testing
Penetration testing is normally in the following areas they are ?
Network Penetration Testing ? In this testing, the physical structure of a system needs to be tested to identify the vulnerability and risk which ensures the security in a network oe in the organigatnal network. In the networking environment, a tester identities security flaws in design, implementation, or operation of the respective company/organization’s network means they deal with the only network of a system that how network will safe. The devices, which are tested by a tester can be computers, modems, or even remote access devices, etc mena they test all physical access also.
Application Penetration Testing ? In this testing, the logical structure of the system needs to be tested means ttey check the logical system that they are perfect or not. It is an attack simulation designed to expose the efficiency of an application’s security controls by identifying vulnerability and risk to prevent them tester test the application. The firewall and other monitoring systems are used to protect the security system, but sometime we have to keep testing especially when traffic is allowed to pass through the firewall beacouse it can crack by using some step so for it check the every step of the firewall.
The response or workflow of the system ? This is the third area that needs to be tested. Social engineering gathers information on human interaction to obtain information about an organization and its computers means they find about the information about social enggniarin that any person intract with them or not. It is beneficial to test the ability of the respective organization to prevent unauthorized access to its information systems. Likewise, this test is exclusively designed for the workflow of the organization/company it is also the good step for tester.
Penetration Testing – Manual ; Automated
Both manual penetration testing and automated penetration testing are conducted for the same purpose so they are in the same manner. The only difference between them is the way they are conducted. As the name suggests, manual penetration testing is do by human beings or pentester expert and automated penetration testing is done by any application or the machine that can used in it.
What is Manual Penetration Testing?
Manual penetration testing is the testing that is done by the pentest expert that is human. In such type of testing the vulnerability and risk of a system is tested by an expert engineer system engineer or we can say pen tester.
Generally testing engineers perform the following methods to conduct the pen testing ?
Data Collection ? Data collection plays a key role for testing it is very must. One can either collect data manually or can use tool services that are available in the online or offline such as webpage source code analysis technique domain analysis port scanner etc. freely available online. These tools help to collect information like table names, version of Database , database of system, software, hardware, or even about different third party plugins in the system (if any) etc.
Vulnerability Assessment ? Once the data is collected, it helps the testers to identify the security weakness of the system or weak points and take action steps according to it.
Actual Exploit ? This is a method throught this an expert tester uses to create an attack on a target system and likewise, reduces the risk of attack.
Report Preparation ? Once the penetration is done, the tester prepares a final report of the test analysis that describes all about the system of an organigation. Finally the report is analyzed and appropriate action is to take to protect the target system.
Types of Manual Penetration Testing
Manual penetration testing is normally categorized in two following ways ?
Focused Manual Penetration Testing ? It is a much focused method that tests specific vulnerabilities and risks. Automated penetration testing cannot perform this testing; it is done only by human experts who examine specific application vulnerabilities within the given domains.
Comprehensive Manual Penetration Testing ? It is through testing of whole systems connected with each other to identify all sorts of risk and vulnerability. However, the function of this testing is more situational, such as investigating whether multiple lower-risk faults can bring more vulnerable attack scenario, etcWhat is Automated Penetration Testing?
Automated penetration testing is much faster, efficient, easy, and reliable that tests the vulnerability and risk of a machine automatically. This technology does not require any expert engineer, rather it can be run by any person having least knowledge of this field.
Tools for automated penetration testing are Nessus, Metasploit, OpenVAs, backtract (series 5), etc. These are very efficient tools that changed the efficiency and meaning of penetration testing.
What is Manual Penetration Testing?
Manual penetration testing is the testing that is done by human beings. In such type of testing, vulnerability and risk of a machine is tested by an expert engineer.
Generally, testing engineers perform the following methods ?
Data Collection ? Data collection plays a key role for testing. One can either collect data manually or can use tool services (such as webpage source code analysis technique, etc.) freely available online. These tools help to collect information like table names, DB versions, database, software, hardware, or even about different third party plugins, etcVulnerability Assessment ? Once the data is collected, it helps the testers to identify the security weakness and take preventive steps accordingly.
Actual Exploit ? This is a typical method that an expert tester uses to launch an attack on a target system and likewise, reduces the risk of attack.
Report Preparation ? Once the penetration is done, the tester prepares a final report that describes everything about the system. Finally the report is analyzed to take corrective steps to protect the target system.
Qualification of Penetration Testers
This test can be performed only by a qualified penetration tester; therefore, qualification of a penetration tester is very important beacouse only expert can penetrait the system.
Either qualified internal expert or a qwalified other external can also perform the pen test until they are organizationally independent. It means that the pen tester expert should be organizationally independent from the management of the target systems. For example, if a third-party company is involved in the installation, maintenance, or support of target systems, then that party cannot perform penetration testing or it cannot able to penetrait the system.
Here are some qualification of a pen tester:.Certification
A certified person can perform penetration testing means pen tester should certified. Certification held by the tester is the symbol of his expertise and of his skill sets and competence of capable penetration tester.
Following are the important examples of penetration testing certification ?
Certified Ethical Hacker (CEH).
Offensive Security Certified Professional (OSCP).
CREST Penetration Testing Certifications.
Communication Electronic Security Group (CESG) IT Health Check Service certification.
Global Information Assurance Certification (GIAC) Certifications for example, GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), Advance Penetration Tester (GXPN), and GIAC Exploit Researcher.
STEPS FOR PEN TESTING:-
There are following steps of information gathering:
1.) Gather the information.
2.) Scan the system.
3.) Find out the vulnerability in system.
4.) Take the access.
5.) Maintain the access.
6.) Covering the tracks.
Phase of pen testing:
Phase 1 | Reconnaissance of the information
Reconnaissance is the act of gathering preliminary information that can access through online or offline tools or intelligence on our target. The information data is gathered in order to better plan for our attack on the system. Reconnaissance can be performed in the actively type meaning that you are directly touching the target or passively type meaning that our recon is being performed through an intermediary.
Phase 2 | Scanning the ports
The phase of scanning we requires the application of technical tools to collect information further intelligence on our target. We have to find the venerable port threw which we can enter in the system A good example would be the use of a vulnerability scanner on a target network or port scanner.
Phase 3 | Gaining Access from the system
gaining access requires taking control of one or more than one system or network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets access give us full control on system. means we can take the access of system and keep the control on system it will run according to us what we want to perform.
Phase 4 | Maintaining Access in system
Maintaining access means that we have to maintain the system as long as we want and it also requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. Means we can maintain the data as per our need that how long we want it. The attacker must remain stealthy in this phase, so as to not get caught while using the host system means it should maintain the safe session in the system.
Phase 5 | Covering Tracks from the system
The final phase of covering tracks means that we have to remove all our history regarding our access or regarding our work on system .Any changes that were made then authorizations that were escalated etc. so we must have to clear it. all must return to a state of non-recognition by the host admin means host admin should don’t see about its systems access.
PENETRATION TESTING TOOL IN KALI LINUX.
Nmap, also known as network mapper it is a free and very effective tool in kali linux and it is a pretty simple tool that allows us to scan a system or a network. It allows us to scan open ports in system , running services in it, NetBIOS, os detection in the system etc. Nmap uses various type of detection technique to evade IP filters firewalls in the system. Nmap has both command line interface and graphical user interface and supports almost all platforms including windows and mac os system. This the tool that you have to use before attacking a system or a server beacouse it give information about the open port. this tool provide valuable information regarding the system and port and os etc.
2. wire shark :
Wireshark is an open source tool in kali linux for network traffic and analyzing of packets. Such a tool is often referred to as a network analyzer in traffic of data, network protocol analyzer or sniffer of data packet. means it use to sniff the packet from a wireless area and also we can sniff the packet in any wireless transaction and decode the information from that packet. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic of data at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide very effective information about a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data of a data packet. This information can be useful for evaluating security events of a system and troubleshooting network security device issues.
The Metasploit Project is a hugely popular pen testing or hacking framework means it provide a frame work of the testing a system. It is a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks we can do many task upon it. It is widely used by the pen tester and cyber security professionals and ethical hackers.it give us the total framework or environment or prepare our system sufficient for hacking. Metasploit is essentially a computer security project that provides a framework and tools and give the user information regarding known security vulnerabilities and helps to formulate penetration testing and testing plans, strategies and methodologies for exploitation in the system.
Httrack is a website / webpage cloner or we can say it copy all the content of a website. from a penetration testing perspective, it is mainly used to create a fake website in the system, or phising page creation in attacker server. We can run httrack wizard by typing in the terminal :~$ httrackwe will be prompted, some configuration is needed with guidance. Such as, Project name, base path of the project, set the URL target and the proxy configuration. means we can create a same copy of website and keep it to any work on it.
5. owasp zed:
The OWASP Zed Attack Proxy (ZAP) is a free tool in kali linux and it is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers means have contain very vast information about vulnurabilities. It can help us automatically find security vulnerabilities in your web applications while we are developing and testing our applications means it give a list of vulnerability in asystem. It is s also a great tool for experienced pen testers to use for manual security testing it is give the very deep info about weak point. It test the website and generate the repoer in a complete list of it and give the information about vulnerable ports.