CASE STUDY AND ACTIVITY REPORT

18CSE386T - PENETRATION TESTING AND

VULNERABILITY ASSESSMENT

Submitted by

KOLLIPARA SUHAS CHOUDARY[RA2111030010222]

Under the guidance of

Dr. B. BALAKIRUTHIGA

Assistant Professor, Networking and Communications

in partial fulfillment for the award of the degree of

BACHELOR OF TECHNOLOGY
in

COMPUTER SCIENCE & ENGINEERING

of

FACULTY OF ENGINEERING AND TECHNOLOGY

S.R.M.Nagar, Kattankulathur, Chengalpattu District

MAY 2024
 TABLE OF CONTENTS

S.No Title (Activity/ Case study) Date

1. Penetration Testing Use cases 22/01/2024

2. Footprinting Tools 21/02/2024

3. NMAP Commands 28/02/2024

4. Wireshark and Nessus 13/03/2024

5. MS Sql and Maltego 20/03/2024

6. Case Study – I (Security Assessment for 17/04/2024

Public Domain)
7. Mind Map – I (Social Engineering) 25/04/2024

8. Online Certificate Proof -

 PENETRATION TESTING USE CASES

Penetration testing, also known as pen testing, is a proactive approach to identify

security weaknesses in a system or network infrastructure. It simulates real-world
attacks to evaluate the security posture of an organization. Here are some
common use cases for penetration testing:

1. Network Penetration Testing: This involves assessing the security of network

infrastructure, including routers, switches, firewalls, and other network devices.
Testers attempt to exploit vulnerabilities to gain unauthorized access to sensitive
data or disrupt services.

2. Web Application Penetration Testing: Web applications are often targets

for attackers due to their accessibility over the internet. Penetration testers
evaluate the security of web applications by identifying vulnerabilities such as
SQL injection, cross-site scripting (XSS), and insecure authentication
mechanisms.

3. Mobile Application Penetration Testing: With the widespread use of

mobile devices, mobile applications are becoming increasingly targeted by
attackers. Penetration testing of mobile applications involves identifying
vulnerabilities specific to mobile platforms, such as insecure data storage,
improper session handling, and insecure communication.

4. Wireless Network Penetration Testing: Wireless networks are susceptible

to various security threats, including unauthorized access and eavesdropping.
Penetration testers assess the security of wireless networks by attempting to
exploit vulnerabilities in Wi-Fi protocols, encryption mechanisms, and access
controls.
5. Social Engineering Testing: Social engineering techniques exploit
human psychology to manipulate individuals into divulging confidential
information or performing actions that compromise security. Penetration
testers conduct social engineering tests to assess the effectiveness of security
awareness training and to identify weaknesses in organizational policies and
procedures.

6. Physical Security Testing: Physical security is often overlooked but is a

critical aspect of overall security posture. Penetration testers assess physical
security controls such as access controls, surveillance systems, and security
guards to identify vulnerabilities that could lead to unauthorized access to
sensitive areas or assets,

7. Red Team Exercises: Red team exercises simulate realistic attack scenarios
to evaluate the effectiveness of an organization's security defenses. Unlike
traditional penetration testing, red team exercises involve a more
comprehensive and prolonged engagement, often including multiple attack
vectors and techniques.

8. Compliance Testing: Many industries have regulatory requirements for

security standards and practices. Penetration testing can help organizations
demonstrate compliance with regulations such as PCI DSS (Payment Card
Industry Data Security Standard), HIPAA (Health Insurance Portability and
Accountability Act), and GDPR

(General Data Protection Regulation) by identifying and addressing security

vulnerabilities.

9. IoT (Internet of Things) Penetration Testing: With the proliferation of

IoT devices, ensuring the security of these interconnected devices is essential.
Penetration testers assess the security of IoT devices and their associated
networks to identify vulnerabilities that could be exploited to gain unauthorized
access or disrupt services.
10. Cloud Infrastructure Penetration Testing: As more organizations migrate
their infrastructure to cloud platforms, ensuring the security of cloud
environments is paramount. Penetration testing of cloud infrastructure involves
assessing the security controls implemented by cloud service providers and
identifying misconfigurations or vulnerabilities that could compromise the
confidentiality, integrity, or availability of data.
 VAPT nslookup findings
● nslookup command for a url domain

● command to find the specific type of name server

SOA - stores important information about a domain or zone such as the email
address of the administrator, when the domain was last updated, and how long the
server should wait between refreshes
 ● command to find info on start of authority of this NS

MX record - record directs email to a mail server. The MX record indicates how
email messages should be routed in accordance with the Simple Mail Transfer
Protocol (SMTP, the standard protocol for all email)

● command to find info on the mail exchanger for the specific

 Reverse Nslookup - A reverse DNS lookup is a DNS query for the domain
name associated with a given IP address. This accomplishes the opposite of
the more commonly used forward DNS lookup, in which the DNS system is
queried to return an IP address.

● command for reverse lookup

 Nmap commands
● to scan a target using nmap :

● nmap scan on a local host

● when protected by firewall , nmap to scan the protected target
● host protected by firewall, nmap command to scan the host

● for fast Scan

● to scan a target on version, port info , udp , tcp.

● ftp scan
● snmp scan using nmap
 Xmas and ARP ASSIGNMENT
● NMAP -SX

The program can be used to find live hosts on a network, perform port
scanning, ping sweeps, OS detection, and version detection.

● NMAP -sF

● Nmap -sN
● Arp

● Arp -v

● Arp -a

● Arp -a
● Arp -v
 Wireshark Assignment

What is Wireshark used for?

Wireshark is a widely used, open source network analyzer that can capture and
display real-time details of network traffic. It is particularly useful for
troubleshooting network issues, analyzing network protocols and ensuring
network security. Networks must be monitored to ensure smooth operations and
security

● process of capturing packets in wireshark starts with capture mode option

and where you can start and pause a session and record the session traffic
and save it on a .exe extension as shown below
● start and pause button and the display bar is used to filter the protocol
specific packets.

● saved file format of wireshark

● Light purple - tcp

● Light blue - udp

● Light green - http

● Light yellow - smb

● Black - error message

● Red - bad tcp

 MSSQL and Maltego
● Using Metasploit to Find Vulnerable MSSQL Systemsa11y.text Using
Metasploit to Find Vulnerable MSSQL Systems
● Searching for and locating MSSQL installations inside the internal network
can be achieved using UDP foot-printing. When MSSQL installs, it installs
either on TCP port 1433 or a randomized dynamic TCP port. If the port is
dynamically attributed, querying UDP port 1434 will provide us with
● information on the server including the TCP port on which the service is
listening.
● loading mssql_ping module. It is used for scanning and probing Microsoft
SQL Server instances to determine if they are reachable and responsive.
● is designed for executing arbitrary SQL queries or commands on Microsoft
SQL Server instances.

MALTEGO
● Maltego is a powerful OSINT (Open Source Intelligence) tool used for
data mining and link analysis.
● Installation: It's available for Windows, Linux, and Mac OS. Users can
download and install it from the official website or use package managers
like apt or brew.
● Working: Maltego collects data from various sources like public
databases, social networks, and online resources. It visualizes this data
using graph- based representations.
● Uses:
➔ Investigating cyber threats by mapping relationships between entities
like IP addresses, domains, and email addresses.
➔ Gathering information for digital forensics and intelligence gathering.
➔ Conducting footprinting and reconnaissance during penetration
testing.
➔ Identifying patterns and connections in complex datasets for
intelligence analysis.
● Users can customize and extend Maltego's functionality through additional
transforms and integrations with external APIs and data sources.
● It's essential to use Maltego ethically and legally, respecting privacy and
data protection regulations.
 CASE STUDY : Pentesting on Data
center
Phase 1: Reconnaissance :

1. Passive Reconnaissance:

● Hackers gather publicly available information about ABC Corporation,

including employee names, email addresses, organizational structure, and
technologies used.
● They scrape social media platforms, company websites, and online
forums for potential targets and vulnerabilities.
2. Active Reconnaissance:

● Using tools like Nmap, hackers scan ABC Corporation's network

● infrastructure to identify live hosts, open ports, and services running.
● They perform OS fingerprinting to determine the operating systems
used and version information of network devices and servers.

Phase 2: Enumeration :

1. Service Enumeration:

● Exploiting the identified open ports, hackers use tools like Nessus or
OpenVAS to conduct service enumeration and detect potential
vulnerabilities.
● They identify outdated software versions, misconfigurations, and weak
security controls that could be exploited.

2. User Enumeration:

● Hackers employ techniques such as LDAP enumeration,

SNMPenumeration, and DNS zone transfers to gather information
about user accounts and network resources.
 ● They identify valid user accounts and potential targets for further
exploitation.

Phase 3: Exploitation :
1. Vulnerability Exploitation:

● Leveraging the information obtained from reconnaissance and

enumeration phases, hackers exploit known vulnerabilities in ABC
Corporation's network infrastructure and applications.
● They use exploits from public databases like Exploit Database or
Metasploit to gain initial access to the network.

2. Social Engineering Attacks:

● Hackers craft convincing phishing emails targeting ABC Corporation's

employees, enticing them to click on malicious links or download
attachments.
● They impersonate trusted entities such as IT support or HR departments
to trick users into disclosing their credentials or executing malicious
code.

3. Password Attacks:

● Using tools like Hydra or John the Ripper, hackers launch password
guessing attacks against login interfaces, VPN gateways, or remote
access services.
● They attempt to brute-force weak passwords or crack hashed
passwords obtained from reconnaissance activities.
Phase 4: Post-Exploitation :

1. Privilege Escalation:

● Once initial access is gained, hackers escalate their privileges within the
network by exploiting misconfigurations or vulnerabilities in operating
systems and applications.
● They exploit weaknesses in access control mechanisms or insecure
default configurations to gain administrative privileges.
2. Lateral Movement:

● Hackers move laterally within ABC Corporation's network, pivoting from

compromised hosts to other systems to expand their foothold.
● They exploit trust relationships, weak segmentation, or unpatched
vulnerabilities to traverse the network undetected.

Phase 5: Data Exfiltration :

1. Data Theft:

● Having established a significant presence within the network, hackers

identify and exfiltrate sensitive data, including customer records,
financial information, and proprietary software.
● They use tools like Cobalt Strike or Mimikatz to harvest credentials,
escalate privileges, and exfiltrate data stealthily.
Mitigation Measures :

● Implement robust network segmentation to limit lateral movement.

● Regularly update and patch all software and systems to address known
vulnerabilities.
● Enforce strong password policies and multi-factor authentication to prevent
unauthorized access.
● Conduct regular security awareness training for employees to recognize
and report phishing attempts.
● Implement intrusion detection and prevention systems to detect and
block malicious activities.
● Deploy endpoint protection solutions to detect and mitigate malware
and unauthorized access attempts.
● Perform regular penetration testing and security assessments to identify
and address vulnerabilities proactively.
By implementing these mitigation measures, ABC Corporation can significantly
reduce the risk of a successful penetration attack and safeguard its data center
infrastructure from potential threats.
 Mind Map : Social engineering

1. Phishing:

● Spear Phishing: Targeted phishing attacks aimed at specific individuals or

organizations.
● Email Spoofing: Faking the sender's email address to appear as
someone else.

2. Pretexting:

● Phone Calls: Manipulating individuals over the phone to obtain sensitive

information or access.
● Impersonation: Pretending to be someone else to gain trust and access to
restricted areas or data.

3. Baiting:

● USB Dropping: Leaving infected USB drives in public places to be picked

up and used by unsuspecting victims.
● Physical Dropping: Placing physical items (e.g., CDs, DVDs) containing
malware in areas where they might be found and used.

4. CEO Fraud (BEC - Business Email Compromise):

● Whaling: Targeting high-profile individuals such as CEOs or executives.

5. Credential Harvesting:
● Malware Injection: Injecting malicious code into legitimate websites or
applications to capture user credentials.

6. Dumpster Diving:

● Searching through trash or recycling bins to find discarded documents

containing sensitive information.

7. Social Media Scanning:

● Monitoring and analyzing social media profiles to gather information for

targeted attacks or impersonation.
Each of these techniques represents different vectors that attackers can exploit
through social engineering to gain unauthorized access, compromise systems, or
steal sensitive information during penetration testing.
Online Certificate: