CONFIDENTIAL Penetration Testing Report

On ditu.acm.org

PROJECT REPORT ON
Penetration Testing for
Club website(ditu.acm.org)

Undertaken at: NOIDA

30thMay 2019 – 15thJuly 2019

Submitted by: Sarthak Bansal Under the guidance of: Bharti Dubey
B.Tech Infrastructure Lead
Computer Science Engineering Sopra Steria group
with specilaisation in Noida
Cyber Security

Page 1 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
ACKNOWLEDGEMENT

The success and final outcome of this project required a lot of guidance and
assistance from many people and I am extremely privileged to have got this all
along the completion of my project. All that I have done is only due to such
supervision and assistance and I would not forget to thank them.
I respect and thank Mrs Bharti Dubey, for providing me an opportunity to do the
project and guidance which made me complete the project duly. I am extremely
thankful to her for providing such a nice support and guidance, although she had
busy schedule managing the corporate affairs. She took keen interest on our project
work and guided us all along.
I would not forget to remember Mr. Sunil Goyal, COO of Sopra Steria for their
encouragement and more over for their timely support and guidance till the
completion of our project work by providing all the necessary information for
developing a good system.

Page 2 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

CERTIFICATE

Date: 15,July 2019

TO WHOME IT MAY CONERN

This is to certify that Mr. Sarthak Bansal has done his externship in Sopra Steria, Noida from 30th May to 15th July.
He has worked on a project titled Penetration testing. This project was aimed to test a website for the dit acm club. .
As part of the project, he tested various tools and implemented them.
During the externship he demonstrated good coding skills with a self-motivated attitude to learn new things. His
performance exceeded expectations and was able to complete the project successfully on time.
We wish him all the best for his future endeavors.

Warm regards,

Head Sopra Steria ,India

Page 3 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

ABOUT SOPRA STERIA GROUP

Sopra steria group SA is a European information technology consultancy

established in September 2014 upon the merger of Sopra Steria SA and
Groupe Steria SCA .Technically , Sopra was the company to adopt the new
name, retaining its legal personality. Chairman is Pierre Pasquier and CEO of
this company is Vincent Paris .The primary business area is consultancy
services , systems integration and solutions, integration of ERP solutions,
implementation of application solutions, as well as subcontracting solutions
for providing technical support to users and application maintenance and
outsourcing.

Page 4 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

PENETRATION TESTING

Warning: THIS DOCUMENT, AND ALL ACCOMPANYING MATERIALS, MAY CONTAIN INFORMATION
THAT COULD DAMAGE OR IMPACT THE INTEGRITY AND SECURITY OF THE ORGANIZATION IF
DISCLOSED PUBLICLY. THIS DOCUMENT, AND ALL ACCOMPANYING MATERIALS, SHOULD BE
SAFEGUARDED AT ALL TIMES AND MAINTAINED IN A SECURE AREA WHEN NOT IN USE.

Disclaimer: THE RECOMMENDATIONS CONTAINED IN THIS REPORT ARE BASED ON INDUSTRY

STANDARD “BEST PRACTICES”. BEST PRACTICES ARE, BY NECESSITY, GENERIC IN NATURE AND
MAY NOT TAKE INTO ACCOUNT EXACERBATING OR MITIGATING CIRCUMSTANCES. THESE
RECOMMENDATIONS, EVEN IF CORRECTLY APPLIED, MAY CAUSE CONFLICTS IN THE OPERATING
SYSTEM OR INSTALLED APPLICATIONS. ANY RECOMMENDED CHANGES TO THE OPERATING SYSTEM
OR INSTALLED APPLICATION SHOULD FIRST BE EVALUATED IN A NON-PRODUCTION ENVIRONMENT
BEFORE BEING DEPLOYED IN YOUR PRODUCTION NETWORK.

PRESENTED BY- PRESENTED TO-

SARTHAK BANSAL AMANDEEP SAINI

Page 5 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
DOCUMENT DETAILS

Document Title Penetration Testing Report

Company ACM club website of DIT.

Date 15th July, 2019

Classification Confidential

Document Type Report

Version 1.2

Pen Testers

Reviewed By

Approved By

Version History Information

Date Version Author Comments

July 2019 v1.1 Initial summaries submitted in parts

July 2019 V1.2 Final Draft

Contact

Name Sarthak Bansal

Address Meerut

Phone 9412783125

Email bsarthak1998@gmail.com

Page 6 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
Table of Contents
ACKNOWLEDGEMENT....................................................................................................................................................................... 2
CERTIFICATE…………………………………………………………………………………………………………………………………………………………………3
ABOUT SOPRA STERIA GROUP .................................................................................................................................................. 4
DOCUMENT DETAILS .................................................................................................................................................................... 6
Version History Information ............................................................................................................................................................... 6
Contact .................................................................................................................................................................................................. 6
COMPREHENSIVE TECHNICAL REPORT……………………………………………………………………………………………………………………….8
HARDWARE AND SOFWARE USED………………………………………………………………………………………………………………………………8
1. Executive Summary.......................................................................................................................................................................... 9
1.1. Project Scope......................................................................................................................................................................... 10
1.2. Project Objectives................................................................................................................................................................. 10
1.3 Target Systems .......................................................................................................................................................................... 10
1.4 Assumptions............................................................................................................................................................................... 11
1.5 Timeline ...................................................................................................................................................................................... 11
1.6 Summary of Evaluation ............................................................................................................................................................. 11
1.7 Finding Rating Levels .......................................................................................................................................................... 12
1.8 Risk Assessment .................................................................................................................................................................... 13
Summary of Findings ........................................................................................................................................................................ 13
1.9 Summary of Recommendation ............................................................................................................................................ 14
1.9.0 Personnel ........................................................................................................................................................................... 14
1.9.1 Policies and Procedures ................................................................................................................................................... 14
1.9.2 Critical Vulnerabilities (Remediation) ........................................................................................................................... 14
1.10.0 Testing Methodology........................................................................................................................................................ 15
1.10.1 Information gathering/Reconnaissance ..................................................................................................................... 15
1.10.2 Scanning ....................................................................................................................................................................... 15
1.10.3 Enumeration................................................................................................................................................................. 15
1.10.4 Exploitation .................................................................................................................................................................. 15
[Challenge 2:] Network Scanning ..................................................................................................................................................... 25
Using the above result which shows vulnerabilities for which there is an associated exploit. ............................................................ 36
[Challenge 3:] Enumeration .............................................................................................................................................................. 37
Techniques for Enumeration ............................................................................................................................................................ 37
Services and Port to Enumerate ....................................................................................................................................................... 37
Conclusion……………………………………………………………………………………………………………….Er
ror! Bookmark not defined.
References ............................................................................................................................................................................................... 43

Page 7 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

1 Comprehensive Technical Report

2.1 HARDWARE AND SOFTWARE USED

A lab environment was set-up where a VM(Virtual Machine) was running for testing
purposes. Multiple VM was KALI LINUX(by offensive security) . A website which was live
hosted for test purposes.

SOFWARES LIKE
NESSUS,
MALTEGO,
NMAP,
ZENMAP,
WEBDATA EXTRACTOR,
KALI LINUX,

Page 8 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
BURP SUITE WERE USED

1. Executive Summary(ABSTRACT)

As a part of my externship project a Penetration Testing (Penetration Testing: PT) of network

systems of DIT University ACM test website (ditu.acm.org) was done during the period of
May 2019 to July 2019 . The objective was to discover significant vulnerabilities within the
website’s network infrastructure. The findings are to be utilized with a risk analysis to assist in
developing security architecture for the companyd.
The most significant findings relate to the overall design philosophy behind the website’s trust
model, the lack of a consistent Identification and Authentication (I&A) scheme, the inconsistent
and uneven implementation of and compliance with existing policies and procedures, a lack of
sufficient audit controls and procedures, many vulnerable ports left open and a significant
number of vulnerabilities that result in the network and systems being susceptible to
compromise from the internal network. The detailed penetration testing findings are described
later in this document and have been ordered according to severity.
The culture and philosophy of the company dictate the trust model. The trust model of an
organization is the philosophical basis upon which the security architecture is built. The security
architecture provides the common framework for all other security tools, policies, and
procedures
The vulnerabilities found during this assessment present several risks to the club(ditu.acm.org).
The most significant of these is that internal intrusions cannot be stopped and that both external
and internal intrusions cannot be detected. Information essential to the protection of critical data
is not available because it is not recorded. The situation is further exacerbated by the discovery
of significant vulnerabilities that would allow an internal user to easily compromise the most
critical information resources. In effect, an internal user could access almost any critical aspect
of the infrastructure and not only would they succeed, but there would be no record of the
intrusion and there would be almost no way of proving if the intrusion occurred or did not
occur.
In conclusion, I(Sarthak Bansal) strongly recommend that ditu.acm.org install several intrusion
detection systems (IDS) and develop a consistent user Identification and Authentication Service
(I&A) inside the network. Change coding methodoly including the type of database used.Close
open ports which are not needed. I also recommend an increase in internal audit controls to
ensure compliance with existing policies and to ensure that timely and adequate review of log
files is occurring.

Page 9 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.1. Project Scope
The assessment performed was focused on website ditu.acm.org and its related application
infrastructure. This result is intended to be an overall assessment of the network, and those
systems and subnets that fall within the scope of this project.
Furthermore, the findings in this report reflect the conditions found during the testing, and do
not necessarily reflect current conditions.

1.2. Project Objectives

The objective of this web application assessment is to determine the overall security by
analyzing all possible transactions, user input variables, and application components that reside
on network systems.
The objective of the penetration test of the network infrastructure supporting the application is
to determine the overall security of the network segments and hosts within the scope of the
engagement.
1.3 Target Systems
The following table lists all devices that were targeted during this assessment.

Target System Name ACM DITU club website(for testing only)

Target System URL http://ditu.acm.org

Test Type Internal Testing(White Box)

IP Addresses
162.254.252.104
Discovered

Network Details Hosted website

Web Server www.acm.org

System
Intel core i5, 64-bit, 2.40GHz
Configuration

Table 1: Target system

Page 10 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.4 Assumptions
We assumed that the website is not in use ,is for test purpose only and the organization has
implemented the security policies available with them.

1.5 Timeline
The timeline of the test is as below:

Categories Initiation Date/Time Completion Date/Time

Footprinting and 14th June 2019 21st June 2019
Reconnaissance
Network and 21st June 2018 28th June 2018
Host Scanning
Enumeration 2nd July 2018 10th July 2018

Table 2: Timeline

1.6 Summary of Evaluation

 Perform information gathering using various tools like whois, archive , webdataextractor.
 Perform broad scans to identify potential areas of exposure and services that may act as
entry points.
 Perform targeted scans and manual investigation to validate vulnerabilities
 Identify and validate vulnerabilities
 Rank vulnerabilities based on threat level, loss potential, and likelihood of exploitation by
Nessus tool.
 Perform supplemental research and development activities to support analysis
 Identify issues of immediate consequence and recommend solutions
 Develop long-term recommendations to enhance security
 Transfer knowledge
During the network level security checks we tried to probe the ports present on the various
servers and detect the services running on them with the existing security holes, if any. At the
web application level, we checked the web servers’ configuration issues, and more importantly
the logical errors in the web application itself.

Page 11 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.7 Finding Rating Levels
In the following Findings section, we use a rating system using stars (*) to indicate the level
of severity of our findings. All findings are vulnerabilities that have a business risk to the ditu
acm club.

Intruders can easily gain control of hosts and

5 Stars ***** Critical
network. This needs immediate attention.

Intruders can possibly gain control of the host, or

there may be potential leakage of highly sensitive
4 Stars **** High
information. This should be addressed as soon as
possible.

This could result in potential misuse of the host by

3 Stars *** Elevated intruders. Address this at your convenience but do
as soon as possible.

Intruders may be able to collect sensitive

information from the host, such as the precise
version of software installed. With this
2 Stars ** Moderate information, intruders can easily exploit known
vulnerabilities specific to software versions.
Address this the next time you perform a minor
reconfiguration of the host.

Intruders can collect information about the host

(open ports, services, etc.) and may be able to use
1 Stars * Low this information to find other vulnerabilities.
Address this the next time you perform a major
reconfiguration of the host.

Table 3: Severity Levels

Page 12 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.8 Risk Assessment

Value Number of
Risks

Low 0

Medium 1

High 2
Critical 1

Table 4: Summary of findings

Summary of Findings

Figure 1: Summary of findings

Page 13 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.9 Summary of Recommendation

This General Opinion will discuss several overarching concerns that became apparent
during the Penetration Testing. This discussion is intended to provide more in-depth and
detailed analysis of the various issues brought forth in the Executive Summary and provides
further illumination on the more significant risks to the website(ditu.acm.org).
1.9.0 Personnel
The club has a dedicated team to perform various operations but there can be discrepancies.
This requires a great deal of trust in these administrators, which is evidently well placed;
however, future employees who may hold these positions may not be as trustworthy.
Without measures in place to monitor the activity of such individuals, current or future
intrusions or compromises may not be detectable.

1.9.1 Policies and Procedures

To cater to the many students who would access the website , it shoud be made very
secure for the near future otherwise problems would take place. While the policies in place
are adequate in regard to what they address, there appear to be several missing policies,
either policies that are referenced and then are not readily available, or policies considered
necessary that do not appear to be present. These policies would generally indicate how
standards and procedures are to be created and how compliance with the existing policies,
standards, and procedures would be monitored.

1.9.2 Critical Vulnerabilities (Remediation)

A number of vulnerabilities discovered, both those that are critical in and of themselves
as well as those that can be exploited in concert to become critical vulnerabilities, leave
many of the most sensitive systems at ACM club exposed to internal users. The firewall and
perimeter devices are configured in such a way that it would be very difficult for an outside
user to successfully attack one of the sensitive systems. This is not the case for an attacker
on the inside. Any knowledgeable user could gain complete access to all of the critical
systems of the infrastructure due to the PHP unsupported version and the website potentially
vulnerable to clickjacking.

Page 14 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1.10.0 Testing Methodology

1.10.1 Information gathering/Reconnaissance

It is the first phase in which we get to know about the target systems .It is the first process of
ethical hacking. We correctly discover information about the target system.
1.10.2 Scanning
Utilizing the information gathered during the planning, we start to scan for Domain
name , IP addresses , Phone numbers, emails etc . It is of two types active and passive.

1.10.3 Enumeration
Here the attacker establishes an active connection with the victim and try to discover as much
attack vectors as possible, which can be used to exploit the system further. We gain information
like – Network shares , IP tables , Usernames and passwords.

1.10.4 Exploitation

In this step we finally exploit the system ie. take charge of the system by exploiting its
vulnerabilities. Based on the results from the three steps, we start analyzing the results. Our risk
rating is based on this calculation:

Risk = Threat * Vulnerability * Impact

After calculating the risk rating, we start writing the report on each risk and how to mitigate
it.

Page 15 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
[Challenge 1:] Footprinting or Information Gathering
Category: Authorization
Vendor Reference: -
PCI Vuln: Yes
Tools Used: whois,archive,webdataextractor,maltego
Threat Description: Information Gathering is the act of gathering different kinds of
information against the targeted victim or system. This is the first step or the beginning stage of
Ethical Hacking where the penetration testers or hackers (both black hat or white hat)
performed this stage; this is a necessary and crucial step to be performed. More the information
gathered about the target, more the probability to obtain appropriate results. Information
gathering is not just a phase of security testing; it is an art which every penetration-tester (pen-
tester) and hacker should master for a better experience in penetration testing. There are various
tools, techniques, and websites including public sources such as Whois, nslookup that can help
hackers to gather information. This step is necessary as because while performing attacks on
any target, You may need any information (such as his pet name, best friend's name, his age or
phone number to perform password guessing attack or other kinds of attacks).
Methodology:
1. Using whois.com like websites information about IP address, hostname or domain etc.
can be seen
2. Archive.org gives summary history of a company
3. Netcraft.com provides with the information about web-servers, operation systems, ISP,
language used, etc.
4. Webdata Extractor to extract email, phone number, etc.
5. Maltego gives network architecture.

Domain Name ditu.acm.org

Registrar NetworkSolutions. LLC
Registration Date 1992-02-14
Expiration Date 2023-02-15
IP Address 162.254.252.104

Page 16 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
1) WHOIS
Website used- whois.domaintools.com
We use whois.domaintools.com website to get detailed information about a domain name
information including its owner, its registrar, date of registration, expiry, name server, owner's
contact information, etc.

2) ARCHIVE
Website- archive.org
It gives information about the history of a website . It coontinuosly tracks and takes screenshots
of the website over time and records it.

Page 17 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

3) NETCRAFT
Website- netcraft.com

Netcraft provide internet security services including anti-fraud and anti-phishing

services, application testing and PCI scanning. It also analyses many aspects of the
internet, including the market share of web servers, operating systems, hosting
providers and SSL certificate authorities.

Page 18 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

4) WEB DATA EXTRACTER

Web Data Extractor is a web scraping tool specifically designed for mass-gathering of
various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as
meta tag information and body text.

Process logs
The different process that took place.

1)emails
The email ids extracted from the website

Page 19 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

2)phone
The phone numbers extracted from the website.

3)fax - The fax ids extracted from the website.

Page 20 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

4)link – The various links extracted from the website.

5)bad urls - The bad urls extracted from the website.

Page 21 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

5) MALTEGO(information gathering)
Available preinstalled on KALI LINUX
Use maltego community edition
Maltego focuses on providing a library of transforms for discovery of data from open sources,
and visualizing that information in a graph format, suitable for link analysis and data mining .

Page 22 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

It provides a graphical view of the different componets of a network and things which are
connected or not.
It provides a very premium kind of information gathering features and is very powerful.

Page 23 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 24 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
[Challenge 2:] Network Scanning
Category: Authorization
Vendor Reference: -
PCI Vuln: Yes
Threat Description:
Scanning is another essential step, which is necessary and it refers to the package of techniques
and procedures used to identify hosts, ports and various services within a network. Network
scanning is one of the components of intelligence gathering and information retrieving
mechanism an attacker used to create an overview scenario of the target organization (target
organization: means the group of people or organization which falls in the prey of the Hacker).
Vulnerability scanning is performed by pen-testers to detect the possibility of network security
attacks. This technique led hackers to identify vulnerabilities such as missing patches,
unnecessary services, weak authentication or weak encryption algorithm. So a pen-tester and/or
ethical hacker list down all such vulnerabilities found in an organization's network.
Methodology:
1) Nmap
Availabe preinstalled on kali linux

Nmap is used to discover hosts and services on a computer network by sending packets
and analyzing the responses. Nmap provides a number of features for probing computer
networks, including host discovery and service and operating system detection.

COMMAND- nmap –v –A ditu.acm.org

It gives complete information about the site like the operating system used and the
version .

Page 25 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 26 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
COMMAND- Ifconfig
It is used to view and change the configuration of the network interfaces on your system. ... eth0
is the first Ethernet interface. (Additional Ethernet interfaces would be named eth1, eth2, etc.)
COMMAND- nmap –sT 162.254.252.104 –p22
Provides information about the port in TCP SYN scan.(OS FINGERPRINTING)

Page 27 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
COMMAND- nmap –sS 162.254.252.104 –p443
Find out the most commonly used TCP ports using TCP SYN Scan. (stealthy scan)
COMMAND- nmap –sX 162.254.252.104 –p443
Find out the most commonly used TCP ports using TCP SYN Scan. (TCP Xmas scan to check
firewall)

COMMAND- nmap –sI 192.168.3.2 162.254.252.104 –p443

To use someone elses IP address to perform a scan .

Page 28 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Nessus
Tool used for vulnerability assessment.
1) BASIC NETWORK SCANNING

NOTE- 26 VULNERABILITIES FOUND IN THE NETWORK

Page 29 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 30 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 31 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

2) Web app scan

NOTE-12 VULNERABILITIES FOUND IN THIS SCAN

Page 32 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 33 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

W3AF
After testing on site url(ditu.acm.org)

Page 34 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 35 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
After testing on web server( 162.254.252.104)

Using the above result which shows vulnerabilities for which there is an associated exploit.
 The SSL server cannot be trusted and can occur in 3 different ways which can break the
chain of trust.
 The top of the certificate chain might not be descended from a known public certificate.
 The certificate might contain another certificate not valid.
 Or, it might contain a signature that didn’t verify the information.
 Solution is to purchase a proper certificate for the service.
 PHP unsupported version has been detected which needs to be checked as it is a critical
problem.
 Web application is potentially vulnerable to clickjacking.

Page 36 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
[Challenge 3:] Enumeration
Enumeration is defined as the process of extracting user names, machine names, network resources, shares and
services from a system. In this phase, the attacker creates an active connection to the system and performs
directed queries to gain more information about the target. The gathered information is used to identify the
vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.

Techniques for Enumeration

 Extracting user names using email ID's
 Extract information using the default password
 Brute Force Active Directory
 Extract user names using SNMP
 Extract user groups from Windows
 Extract information using DNS Zone transfer

Services and Port to Enumerate

 TCP 53: DNS Zone transfer
 TCP 135: Microsoft RPC Endpoint Mapper
 TCP 137: NetBIOS Name Service
 TCP 139: NetBIOS session Service (SMB over NetBIOS)
 TCP 445: SMB over TCP (Direct Host)
 UDP 161: SNMP
 TCP/UDP 389: LDAP
 TCP/UDP 3368: Global Catalog Service
 TCP 25: Simple Mail Transfer Protocol (SMTP)

Enumeration depend on the services that the systems offer. They can be −

 DNS enumeration
 NTP enumeration
 SNMP enumeration
 Linux/Windows enumeration
 SMB enumeration

Methodology-
ZENMAP(using zenmap to explore the open ports)

Page 37 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 38 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 39 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

EXPLOITATION of port 21
Using Exploit Database or Google Hacking Database we can gather more information about the
particular vulnerability or port.

Page 40 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
MYSQL AUXILIARY possible if there is a username and password file

BURP SUITE(it is used for testing security)

Page 41 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

Page 42 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org

CONCLUSION
Regardless of the frequency of vulnerability testing, no critical system can be considered
acceptably protected unless both the network segments and the critical hosts/servers are
monitored constantly for signs of abuse and intrusion attempts. Because new exploits and
vulnerabilities within devices and network operating systems are discovered regularly, it is
impossible to test a network completely, giving 100 percent assurance of being impervious
to penetration either from within or from outside.If we do not follow correct procedures then
it would become difficult to protect from a hacker.
I, believe the corrective actions and recommendations in this report will improve the
website’s ability to avoid breaches of information security. However, I , strongly
recommend that an Intrusion Detection capability be added to the network to detect
intrusions and provide the information necessary to support forensic investigations. It is also
recommended that additional audit controls such as compliance testing or independent log
review be implemented with the results of the IDS capability. A policy and procedure
review, combined with a risk analysis, would also be very beneficial at this point in time to
streamline and reiterate those policies that are critical to the functioning of the enterprise.

Page 43 of 44
Report
 CONFIDENTIAL Penetration Testing Report
On ditu.acm.org
References

 http://whois.domaintools.com/
 https://archive.org/
 http://www.webextractor.com/
 https://www.kali.org/downloads/
 https://www.tenable.com/products/nessus
 https://portswigger.net/burp
 https://www.paterva.com/buy/maltego-clients/maltego-ce.php

Page 44 of 44
Report