Documente Academic
Documente Profesional
Documente Cultură
ON
IN
CyberFoxTechnology
Submitted By-
Supervised By-
PREFACE
2
ACKNOWLEDGEMENT
DECLARATION
4
Sonalika
B.tech (CSE)
Executive Summary
1.1 Summary
COMPANY OVERVIEW
7
Cyber Fox Technology is the Best Institute For Ethical Hacking
Courses & Information Security Certifications & Core Java ,
Advance Java Training ,Tally Training Other IT Professional
Courses and Training Cyber Fox Technology is an Information
Security Training and development company We started our
operations on 10 April, 2014, since its foundation we are
committed to offer best information security training and
services to our students, clients and partners, with a high
standard content, because we believe that high standards bring
excellent output in long run, our standards is our strength, and
we maintain this
so that when we say "We are Professional in it" and we must
really mean it.In just a few years of its inception Cyber Fox
technology has grown with a rapid increment in its
students,clients and customers,. World's No.1 in classroom
training, online training, offshore training for EC-Council, Tally ,
CISCO, Microsoft , Complete penetration testing services
providers. There are few courses which we are providing in our
institute -.
C , C++ Training
Digital Marketing
Website Development
C , C++ Training
Digital Marketing
10
PHP , Html Training
Website Development
Industry Partnerships
Tally Academy
11
Careers at Cyber Fox
Technology
Information Secuity
Conslutant
Job Description
Responsibilities
12
Training customer staff on application security and
products.
Technical Qualifications
16
.Google search Engine
whois
whois.com
whois.net
And also to check the server where target site is hosted , how
many other website are running on same server .
17
18
Here result of http://beckabeads.com/ are showing above
via Whois.com and whois.net
19
Now You can see in screenshot whole information about target
site
same for next website.
http://ppsrudra.com/
Now we use whois.net same like whois.com
20
21
Now we will go find out vulnerability in our Target sites
for check the weakness we need a software it's name Acunetix
What is Scanning ?
After footprinting and reconnaissance, scanning is the second
phase of information gathering that hackers use to size up a
network. Scanning is where they dive deeper into the system to
look for valuable data and services in a specific IP address range.
22
What is website scanning ?
A web application security scanner is a program which
communicates with a web application through the web front-end
in order to identify potential security vulnerabilities in the web
application and architectural weaknesses. It performs a black-
box test.
What is acunetix ?
Acunetix Web Vulnerability Scanner is an automated web
application security testing tool that audits your web applications
by checking for vulnerabilities like SQL Injection, Cross site
scripting, and other exploitable vulnerabilities.
23
24
This Acunetix Report
Blind SQL Injection
Vulnerability description
This script is possibly vulnerable to SQL Injection attacks.
27
View HTML response
Retest alert(s)
28
Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS)
attacks.
30
script in the user context allowing the attacker to access any
cookies or session tokens retained by the browser.
This vulnerability affects /shop.asp.
Discovered by: Scripting (XSS.script).
Attack details
URL encoded GET input c was set to CLASPS"
onmouseover=prompt(904973) bad="
The input is reflected inside a tag parameter between double
quotes.
View HTTP headers
Retest alert(s)
Vulnerability description
This page contains an error/warning message that may disclose
sensitive information. The message can also contain the location
of the file that produced the unhandled exception.
33
This may be a false positive if the error message is found in
documentation pages.
Affected items
/shop.asp
The impact of this vulnerability
The error messages may disclose sensitive information. This
information can be used to launch further attacks.
How to fix this vulnerability
Review the source code for this script.
Vulnerability description
This form is served from an insecure page (http) page. This page
could be hijacked using a Man-in-the-middle attack and an
attacker can replace the form target.
34
Affected items
/shop.asp (0be1c7f488c5faca47af0b835336b8ba)
The impact of this vulnerability
Possible information disclosure.
How to fix this vulnerability
The form should be served from a secure (https) page.
Vulnerability description
Clickjacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into
clicking on something different from what the user perceives
they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on
seemingly innocuous web pages.
Vulnerability description
A possible sensitive directory has been found. This directory is
not directly linked from the website.This check looks for
common sensitive resources like backup directories, database
dumps, administration pages, temporary directories. Each one of
these directories could help an attacker to learn more about his
target.
Affected items
36
/admin
The impact of this vulnerability
This directory may expose sensitive information that could help
a malicious user to prepare more advanced attacks.
How to fix this vulnerability
Restrict access to this directory or remove it from the website.
Vulnerability description
This cookie does not have the HTTPOnly flag set. When a
cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by
client-side scripts. This is an important security protection for
session cookies.
Affected items
/
The impact of this vulnerability
None
How to fix this vulnerability
37
If possible, you should set the HTTPOnly flag for this cookie.
Vulnerability description
This cookie does not have the Secure flag set. When a cookie is
set with the Secure flag, it instructs the browser that the cookie
can only be accessed over secure SSL channels. This is an
important security protection for session cookies.
Affected items
/
The impact of this vulnerability
None
How to fix this vulnerability
If possible, you should set the Secure flag for this cookie.
Vulnerability description
One or more email addresses have been found on this page. The
majority of spam comes from email addresses harvested off the
internet. The spam-bots (also known as email harvesters and
38
email extractors) are programs that scour the internet looking for
email addresses on any website they come across. Spambot
programs look for strings like myname@mydomain.com and
then record any addresses found.
Affected items
/classes.asp
/contact.asp
The impact of this vulnerability
Email addresses posted on Web sites may attract spam.
How to fix this vulnerability
Check references for details on how to solve this problem.
39
Now Just take the next traget site ..........
=============================================
http://www.ppsrudra.com/
Vulnerability description
This script is possibly vulnerable to SQL Injection attacks.
41
Depending on the back-end database in use, SQL injection
vulnerabilities lead to varying levels of data/system access for
the attacker. It may be possible to not only manipulate existing
queries, but to UNION in arbitrary data, use sub selects, or
append additional queries. In some cases, it may be possible to
read in or write out to files, or to execute shell commands on the
underlying operating system.
Vulnerability description
This page is using an older version of jQuery that is vulnerable
to a Cross Site Scripting vulnerability. Many sites are using to
select elements using location.hash that allows someone to inject
script into the page. This problem was fixed in jQuery 1.6.3.
Affected items
42
/js/jquery-1.4.2.js
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX,
HTML or Flash into a vulnerable application to fool a user in
order to gather data from them. An attacker can steal the session
cookie and take over the account, impersonating the user. It is
also possible to modify the content of the page presented to the
user.
How to fix this vulnerability
Update to the latest version of jQuery.
Vulnerability description
It is possible to detect short names of files and directories which
have an 8.3 file naming scheme equivalent in Windows by using
some vectors in several versions of Microsoft IIS. For instance, it
is possible to detect all short-names of ".aspx" files as they have
4 letters in their extensions. This can be a major issue especially
for the .Net websites which are vulnerable to direct URL access
as an attacker can find important files and folders that they are
not normally visible.
Affected items
43
/
The impact of this vulnerability
Possible sensitive information disclosure.
How to fix this vulnerability
Consult the "Prevention Technique(s)" section from Soroush
Dalili's paper on this subject. A link to this paper is listed in the
Web references section below.
Vulnerability description
You are using a vulnerable Javascript library. One or more
vulnerabilities were reported for this version of the Javascript
library. Consult Attack details and Web References for more
information about the affected library and the vulnerabilities that
were reported.
Affected items
/admin/js/jquery-ui-1.8.21.custom.min.js
The impact of this vulnerability
44
Consult Web References for more information.
How to fix this vulnerability
Upgrade to the latest version.
Vulnerability description
This alert may be a false positive, manual confirmation is
required.
Vulnerability description
User credentials are transmitted over an unencrypted channel.
This information should always be transferred via an encrypted
channel (HTTPS) to avoid being intercepted by malicious users.
Affected items
/admin
The impact of this vulnerability
A third party may be able to read the user credentials by
intercepting an unencrypted HTTP connection.
How to fix this vulnerability
46
Because user credentials are considered sensitive information,
should always be transferred to the server over an encrypted
connection (HTTPS).
Vulnerability description
Clickjacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into
clicking on something different from what the user perceives
they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on
seemingly innocuous web pages.
Vulnerability description
A common threat web developers face is a password-guessing
attack known as a brute force attack. A brute-force attack is an
attempt to discover a password by systematically trying every
possible combination of letters, numbers, and symbols until you
discover the one correct combination that works.
SQL INJECTION
An SQL injection is a computer attack in which malicious code
is embedded in a poorly-designed application and then passed to
the backend database. The malicious data then produces database
query results or actions that should never have been executed.
49
3. havij
4. SQL map
1. blind SQL
Blind SQL Injection to throw an error to validate that
encapsulation isn't working. The goal here is to throw an error to
cause the application to show us that it is not encapsulating
quotes correctly
code to be enter in username & password is given below..
1'OR'1'='1
inurl:login.aspx
Now Just Take you target site which you have allready scanned
http://beckabeads.com/
This is the site which is vulnerabe by Blind SQL Injection.
Now Just fine the Admin page of this website to login it .
For find the admin page of this website you can take help of this
website.
open google.
and type : admin http://beckabeads.com/
50
Then you find out our admin page of your target site .
51
Now Just Put you Blind SQL Injection in your target site user
name and Pass ...
User name : 1'OR'1'='1
Password : 1'OR'1'='1
52
And Sumbit ...
After Login you got Admin Access ....
53
Now we have All Access of Website , we can do edit , save ,
Delete any thing from this website ...
Havij Tool:-
Havij is an automated SQL Injection tool that helps penetration
testers to find and exploit SQL Injection vulnerabilities on a web
page.
It can take advantage of a vulnerable web application. By using
this software user can perform back-end database fingerprint,
retrieve DBMS users and password hashes, dump tables and
54
columns, fetching data from the database, running SQL
statements and even accessing the underlying file system and
executing commands on the operating system.
The power of Havij that makes it different from similar tools is
its injection methods. The success rate is more than 95% at
injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and
automated settings and detections makes it easy to use for
everyone even amateur users.
Just open Havij Software and paste Target website.
55
http://www.ppsrudra.com/service.php?id=57 this url is infected
url of
http://www.ppsrudra.com/
56
you got several database of website ppsrudra.com
- ppsrudradb
- information_schema
- test
than select first database ppsrudradb and fetch tables of such
database.
We got several tables of ppsrudradb database
1 admin
2 contactdb
3 portfolio
4 servicedb
Now next process is to select first table i.e admin and fetch
column of admin table.
Which are as follows:
Id
Username
Password
Now select all three column and click on get data which
shows
57
the values of these columns as shown of picture below.
Put title and service detail and submit whatever written over here
59
display on website page as shown below.
61
When you consider other types, like Black hat, most of the
hacking involved doesn't have any rule book nor compliances.
Whereas in Ethical Hacking or White Hat, you'll have to strictly
comply with a company policy when hacking, it's a restricted
play ground.
Conclusion
62
Reference
63
Rinaldi, et al, Identifying, Understanding, and Analyzing Critical
Infrastructure Interdependencies (link is external), IEEE Control
Systems Magazine, 2001.
GAO-04-354, Critical Infrastructure Protection: Challenges and
Efforts to Secure Control Systems, U.S. GAO, 2004.
Stamp, Jason, et al., Common Vulnerabilities in Critical
Infrastructure Control Systems, Sandia National Laboratories,
2003.
Duggan, David, et al, Penetration Testing of Industrial Control
Systems, Sandia National Laboratories, Report No SAND2005-
2846P, 2005.
NIST SP: 800-40, Creating a Patch and Vulnerability
Management Program, 2005.
NIST SP: 800-34 Rev. 1, Contingency Planning Guide for
Information Technology Systems, 2010.
NIST SP: 800-61 Rev. 2, Computer Security Incident Handling
Guide, March 2012.
Mix, S., Supervisory Control and Data Acquisition (SCADA)
Systems Security Guide, EPRI, 2003.
NIST SP 800-53 Rev 4, Recommended Security and Privacy
Controls for Federal Information Systems and Organizations,
April 2013.
NIST SP 800-53A Rev 1, Guide for Assessing the Security
Controls in Federal Information Systems, June 2010.
64
NIST SP: 800-115, Technical Guide to Information Security
Testing and Assessment, September 2008.
ANSI/ISA-62443-3-3 (99.03.03)-2013 - Security for industrial
automation and control systems Part 3-3:
System security requirements and security levels
(www.isa.org/standards).
ISA-TR84.00.09-2013 - Security Countermeasures Related to
Safety Instrumented Systems (SIS) (www.isa.org/standards).
65