Acknowledgement

I am pleased to dedicate this space to express my sincere appreciation and gratitude to all
those who have supported me throughout my internship journey. I am truly thankful for the
unwavering support and guidance I received during my time at DefensyLAB. My heartfelt
thanks extend to each individual who contributed to my personal and professional growth
during this period.

I am especially grateful to my supervisors, Mr. Aziz Ifaoui and Mr. Seif-Allah Homrani,
whose mentorship was invaluable. Their guidance enabled me to enhance my skills and capabilities
significantly, and for that, I am profoundly grateful.

Additionally, I would like to express my deep appreciation to the pedagogical team at

ISETCOM and the esteemed jury members for their willingness to evaluate my work. Your
involvement is greatly appreciated, and I sincerely hope that my project meets your expectations.

i
Acronyms

RE Reverse Engineering
UML Unified Modeling Language
ELF Executable and Linkable Format
PE Portable Executable
GCC GNU Compiler Collection
VM Virtual Machine
ENIC Electronic Numerical Integrator and Computer
DRM Digital Rights Management
RELRO Relocation Read-Only
GOT Global Offset Table
ROP Return-oriented programming
LTS Long Term Support

ii
Contents
General Introduction 1

1 Company Presentation 2
1.1 DefensyLAB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2 Who are DefensyLAB . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.3 DefensyLAB’s Security Solutions . . . . . . . . . . . . . . . . . . . . . . 3
1.1.4 DefensyLAB Work Pillars . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Project Overview 5
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 The Essence of Cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Key Domains within Cybersecurity . . . . . . . . . . . . . . . . . . . . . 5
2.2.3 Challenges and Threats in Cybersecurity . . . . . . . . . . . . . . . . . . 7
2.2.3.1 Common Cybersecurity Threats: . . . . . . . . . . . . . . . . . 7
2.3 Web Exploitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.1 Web Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.2 The Client-Server Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.3 Request-Response Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.4 The Browser Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3.5 Browser Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3.6 Web Exploitation Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.3.6.1 Fundamentals of Web Exploitation . . . . . . . . . . . . . . . . 12
2.3.6.2 Key Elements of Web Exploitation . . . . . . . . . . . . . . . . 12
2.4 Working Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.4.1 Code editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

iii
CHAPTER CONTENTS

2.4.2 Snyk Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.4.3 Burp Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.4.4 Operating System: Kali Linux . . . . . . . . . . . . . . . . . . . . . . . . 15
2.4.5 Docker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.4.6 Docker’s Core Functionalities and Benefits . . . . . . . . . . . . . . . . . 17
2.4.7 Advantages of Docker Over Virtual Machines . . . . . . . . . . . . . . . 18
2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Project Execution 20
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.1 Executed tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.1.1 HTTP Parameter Pollution(HPP) . . . . . . . . . . . . . . . . . . . . . . 20
3.1.1.1 Building The Web Application . . . . . . . . . . . . . . . . . . 21
3.1.1.2 Exploiting The Application . . . . . . . . . . . . . . . . . . . . 22
3.1.2 Cross-site scripting (XSS) . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.1.2.1 Building The Application . . . . . . . . . . . . . . . . . . . . . 26
3.1.2.2 Exploiting The Application . . . . . . . . . . . . . . . . . . . . 27
3.2 Building an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

General Conclusion 33

Webography 34

iv
List of Figures

1.1 Host company logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.2 DefensyLAB Main Pillars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.1 Resquest / Response Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.2 HTML, CSS and JS designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.3 Visual Studio Code Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.4 Snyk Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.5 Burp Suite Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.6 Kali Linux Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.7 Docker Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.8 Applications on VMs and Containers . . . . . . . . . . . . . . . . . . . . . . . . 18

3.1 Dockerfile for the first Web Application . . . . . . . . . . . . . . . . . . . . . . . 21

3.2 Building an Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3 Running The Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.4 First Web Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.5 Registring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.6 Account informations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.7 Possible Vulnerability in The Application . . . . . . . . . . . . . . . . . . . . . . 23
3.8 Intercepting The request to modify it . . . . . . . . . . . . . . . . . . . . . . . . 24
3.9 Injecting mallious paramater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.10 Vulnerability Exploited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.11 Building the second Web Application . . . . . . . . . . . . . . . . . . . . . . . . 26
3.12 Running the second container . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.13 Second Web Application Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.14 Second Web Application Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.15 Vulnerable Input Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

v
CHAPTER LIST OF FIGURES

3.16 Malicious JavaScript code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.17 Hosting The Malicious JavaScript code . . . . . . . . . . . . . . . . . . . . . . . 28
3.18 finale payload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.19 Page response to malicious payload . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.20 Cookie Session retrieved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.21 Vulnerability Exploited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.22 Vulnerability Exploited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.23 Python payload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.24 Updated Blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.25 Python Jail’s Dockerfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

vi
General Introduction

At the 3Th of Feburary I completed my journey as an intern at DefensyLAB firm which is

a Tunisian cybersecurity company offering targeted security services to protect organizational
IT infrastructure, including network solutions, cloud security, and comprehensive cyber threat
assessments.

My interest in cybersecurity led me to do my internship in this company.

During my internship, I embraced significant responsibilities, which led to acquiring new and
meaningful experiences.The completed tasks proved to be very interesting and very enriching
for my professional experience.

The report is organized into three section,for The first chapter I will be going through
a general introduction for DefensyLAB company and also writing about some of its major
services.

In the second chapter I will give a complete study about the project I worked on during
this internship, by describing the needs and the solutions and mentioning the needed tools for
the realization.

The final chapter will present an in-depth analysis of the tasks I have fulfilled and the
various dimensions of my role throughout the internship.

Finally,I will conclude this report with a comprehensive summary that highlights the overarching
impact and the value gained from this internship.

1
Chapter 1

Company Presentation

1.1 DefensyLAB

1.1.1 Introduction

This chapter provides an overview of DefensyLAB, including a concise introduction to the

company and its background, as well as an outline of its various departments. Furthermore, it
encompasses a description of the diverse areas in which the company operates.

1.1.2 Who are DefensyLAB

DefensyLAB, founded in Tunisia in 2021, is a top cybersecurity consulting firm. It helps

organizations protect their data and assets from cyber threats. The company provides various
cybersecurity services like threat intelligence, incident response, security assessments, and
security operations center (SOC) services.

Figure 1.1: Host company logo

[1]

2
CHAPTER 1: COMPANY PRESENTATION

1.1.3 DefensyLAB’s Security Solutions

DefensyLAB equips enterprises with an extensive portfolio of cybersecurity mechanisms,

enabling them to adeptly address the complexities of contemporary cyber threats. The provision
of services is methodically organized into five principal categories:

• Detection and Monitoring of Cyber Threats: Through the deployment of advanced

technological solutions and expert analytical prowess, DefensyLAB excels in the early
identification and mitigation of cyber threats. This proactive stance furnishes clients with
critical insights, facilitating prompt and efficacious responses to potential cybersecurity
infringements.

• Assessment of Vulnerabilities and Penetration Testing: DefensyLAB surpasses

traditional security evaluations by conducting simulations of actual cyber-attacks, aimed
at uncovering vulnerabilities. Subsequently, they articulate detailed remediation strategies,
thereby augmenting the security defenses of clients and diminishing their susceptibility
to cyber-attack.

• Security Operations Center (SOC) as a Service:DefensyLab’s provision of SOC

services entails relentless surveillance by cybersecurity experts, ensuring around-the-clock
monitoring of clients’ digital infrastructures. This vigilant oversight aids in the expeditious
detection and resolution of security incidents, significantly mitigating potential damages
and disruptions.

• Strategic Cybersecurity Consulting:Leveraging the expertise of seasoned consultants,

DefensyLab offers customized strategic guidance on the development and implementation
of effective cybersecurity measures. This advisory service translates complex cybersecurity
challenges into actionable strategies, aligning security initiatives with business objectives
and compliance requirements.

• Cybersecurity Education and Awareness Initiatives:Recognizing the pivotal role

of workforce education in cybersecurity, DefensyLab designs and delivers comprehensive
training programs. These initiatives are aimed at enhancing the security awareness of
employees, thereby cultivating an organizational culture vigilant against cyber threats.

3
CHAPTER 1: COMPANY PRESENTATION

1.1.4 DefensyLAB Work Pillars

DefensyLAB is a company that operates on four main pillars to help businesses improve
their security posture. These pillars are :

Figure 1.2: DefensyLAB Main Pillars

• Administered Security, where the company provides managed security services to help
organizations alleviate the pressure of daily security operations;

• Intelligent Protection, which leverages artificial intelligence and machine learning to

make security operations more effective and efficient;

• Automated Processes, which aims to automate repetitive and tedious tasks to free up
the security analyst’s time;

• Reduction of Costs, which focuses on eliminating unnecessary expenses across the

cybersecurity workflow.

1.1.5 Conclusion

In summary, DefensyLAB emerges as a formidable force in the cybersecurity arena, leveraging

its inception in 2021 to pioneer innovative solutions aimed at safeguarding organizations against
an ever-evolving threat landscape. With a comprehensive suite of services encompassing proactive
threat detection, rigorous vulnerability assessments, 24/7 security operations, strategic consulting,
and targeted employee training, DefensyLAB offers a holistic approach to fortifying digital
defenses. Their strategic pillars of Administered Security, Intelligent Protection, Automated
Processes, and Reduction of Costs exemplify a commitment to efficiency, efficacy, and fiscal
responsibility. Through strategic alliances and technological prowess, DefensyLAB exemplifies
excellence in cybersecurity, empowering enterprises to navigate the complex digital realm with
confidence and resilience.

4
Chapter 2

Project Overview

2.1 Introduction

In this chapter, I will present an introduction to the project, including an overview of the
web architecture, the tools, and the software utilized. Additionally, I will explain some of the
fundamental concepts encountered during the research phase of the project.

2.2 Cybersecurity

2.2.1 The Essence of Cybersecurity

Cybersecurity involves the use of protective strategies to keep computer systems, software,
personal information, and financial assets safe from unauthorized access and various online
threats like viruses and ransomware. It plays a crucial role in maintaining the safety and
privacy of digital information across different devices and networks, from personal smartphones
to large business systems. The aim of cybersecurity is to ensure that digital spaces are secure
for everyone to use and conduct their activities without fear of intrusion or theft.

2.2.2 Key Domains within Cybersecurity

Cybersecurity is a broad and diverse area that covers many specialized fields. Important
areas within cybersecurity include:

5
CHAPTER 2: PROJECT OVERVIEW

1. Information Security: Concerned with the confidentiality, integrity, and availability of

data, information security ensures that sensitive information is accessible only to those
authorized to access it and is protected against unauthorized access and breaches

2. Network Security: This domain focuses on protecting the integrity and usability of
network and data. It involves implementing measures to prevent unauthorized access,
misuse, modification, or denial of the network and network-accessible resources.

3. Application Security: This area deals with measures and processes that protect applications
from threats that can come through flaws in the application design, development, deployment,
upgrade, or maintenance phases. Application security encompasses the security considerations
that happen during application development and design, but it also involves systems and
approaches to protect apps after they get deployed.

4. Operational Security(OpSec): Operational security involves the practices and decisions

for handling and protecting data assets. This includes the policies and procedures that
determine how sensitive information is stored, transmitted, and accessed, as well as the
measures taken to dispose of information securely.

5. Security Operations Center (SOC): SOC teams monitor, detect, analyze, and respond
to cybersecurity threats and incidents in real time using security information and event
management (SIEM) tools, threat intelligence feeds, and other security technologies.

6. Cryptography: Focuses on researching and applying cryptographic methods and rules

to protect messages, data, and systems against spying, interference, and unauthorized
entry. This includes using encryption, digital signatures, and managing cryptographic
keys.

7. End-User Education: Understanding that mistakes made by people can cause major
security problems, end-user education aims to teach individuals how to use safe practices
and recognize potential threats. This area is crucial for strengthening the user, often the
most vulnerable point in cybersecurity defenses.

8. Disaster Recovery and Business Continuity:This field outlines how an organization

responds to cybersecurity incidents or any other events that cause the loss of operations
or data. Disaster recovery policies dictate how the organization restores its operations
and information to return to the same operating capacity as before the disaster. Business
continuity is the plan the organization falls back on while trying to operate without certain
resources.

6
CHAPTER 2: PROJECT OVERVIEW

2.2.3 Challenges and Threats in Cybersecurity

Cybersecurity encounters ongoing challenges and threats, with risks constantly evolving in
the digital landscape. These include technical vulnerabilities and the potential for unauthorized
access, compounded by a shortage of skilled professionals. Ensuring data privacy and adhering
to regulatory standards further complicate the security efforts needed to protect digital assets
effectively. Continuous vigilance and adaptive security strategies are essential to mitigate these
risks.

2.2.3.1 Common Cybersecurity Threats:

• Phising: This is a tactic used by attackers to deceive individuals into providing sensitive
information, such as passwords and credit card numbers, by masquerading as a trustworthy
entity in an electronic communication. Phishing attacks often come in the form of
malicious emails or messages that urge the recipient to click on a link or download an
attachment, leading to the theft of personal data or the installation of malware.

• Malware: Short for malicious software, malware includes viruses, worms, trojans, and
ransomware. It is designed to harm or exploit any programmable device, service, or
network. Cybercriminals use malware for various purposes, including stealing, encrypting,
or deleting sensitive data, monitoring users’ computer activity, and disrupting business
operations.

• Ransomware: A type of malware that encrypts the victim’s files, with the attacker
then demanding a ransom from the victim to restore access to the data upon payment.
Ransomware attacks can cause significant disruption to operations and result in the loss
of critical information if backup measures are not in place.

• DoS and DDoS Attacks:These attacks aim to overwhelm the targeted servers, systems,
or networks with a flood of Internet traffic, rendering them unavailable to users. DDoS
attacks are executed from multiple compromised computer systems, amplifying the attack’s
impact.

• MitM Attacks: In these attacks, an attacker intercepts and possibly alters the communication
between two parties who believe they are directly communicating with each other. This
allows the attacker to eavesdrop or impersonate one of the entities, making it possible to
steal personal information, login credentials, or financial data.

7
CHAPTER 2: PROJECT OVERVIEW

2.3 Web Exploitation

Web exploitation refers to the practice of manipulating vulnerabilities in web applications to

gain unauthorized access or perform unauthorized actions. This includes a variety of activities
from stealing sensitive data to damaging websites and more. Attackers exploit flaws in web
design or coding errors to bypass security measures, underscoring the importance of robust
web security practices. Understanding web exploitation is crucial for defending against cyber
threats and safeguarding online resources.

2.3.1 Web Overview

The World Wide Web, it is an information system designed to share information over the
Internet in user-friendly ways. This approach aims to engage not only IT specialists and
hobbyists but also the general public, making digital content accessible and navigable for
everyone. By utilizing web browsers and simple interfaces, the Web democratizes access to
information, allowing people from all walks of life to explore, learn, and communicate online.
It bridges the gap between complex technology and everyday users, fostering a global exchange
of knowledge and culture.

2.3.2 The Client-Server Model

The client-server model is a fundamental framework in network computing that delineates

the interaction between two distinct types of systems: clients, which request services or resources,
and servers, which provide them. This model underpins the functionality of modern digital
services, from web applications to email and beyond, by defining a clear structure for managing
requests and responses over a network.

• Client Overview: In this architecture, clients are typically software applications such
as web browsers or mobile apps that initiate requests to servers for specific resources or
services. These requests can vary from retrieving web pages to querying databases. The
primary role of the client is to initiate communication, specify the needed resource or
service, and then process and display the response from the server.

8
CHAPTER 2: PROJECT OVERVIEW

• Server Functionality: Servers are robust computer systems engineered to process

requests from multiple clients. They listen for incoming requests over the network,
perform the required operations (like fetching data or executing queries), and send back
the appropriate responses to the clients. The centralized nature of servers facilitates
efficient resource management, data updates, and security measure implementation.

The client-server model enhances data exchange efficiency, enabling applications to scale
and meet growing demand while maintaining performance and security standards. Centralizing
resources on servers simplifies data management and updates, allows for more straightforward
application of security patches, and controls access to sensitive information. This model also
supports robust security protocols on the server side, providing a critical defense layer against
cyber threats

2.3.3 Request-Response Model

The request-response model is a fundamental communication pattern in network computing,

integral to the client-server architecture. It operates on a simple principle: a client sends a
request to the server asking for information or action, and the server processes this request
before sending back a response. This model is the backbone of web interactions, enabling the
flow of data across the internet and within networks.

Figure 2.1: Resquest / Response Model

9
CHAPTER 2: PROJECT OVERVIEW

• Request Mechanics: A request is initiated by the client when it needs to retrieve data or
perform an operation on the server. This could involve requesting a web page, submitting
form data, or querying a database. The request includes all necessary information for the
server to understand and fulfill what is being asked. This information might be embedded
in the URL, request headers, or the body of the request in the case of more complex
operations.

• Response Dynamics: Upon receiving a request, the server processes it based on the
provided information and the server’s current state. The server’s response to the client
includes the status of the request (example: success or error) and the requested data or
the result of the performed operation. The response also contains headers with metadata
about the response and, depending on the request, the body with the actual data being
returned.

The request-response model is an integral part of web communication, providing a clear and
efficient way for clients and servers to interact. Its design allows for scalable web applications
and services that, with proper security and state management practices, offer a robust platform
for the modern web ecosystem

2.3.4 The Browser Role

The browser provides a graphical interface that simplifies internet navigation, allowing users
to enter URLs to access specific web resources or perform searches through search engines. Upon
receiving a URL, the browser interprets the request and sends it to the respective server. Once
the browser sends a request to the server, the server processes the request and sends a response
back to the browser. The response can be a web page (in HTML), an image, a video file, or
any other type of content supported by the browser. The browser then interprets the received
content and presents it to the user in a readable and organized manner.

2.3.5 Browser Functionality

In the digital realm, the browser functions as a crucial interpreter, seamlessly integrating
HTML, CSS, and JavaScript to craft the web experiences we engage with daily. HTML sets the
stage with the structure of web content, CSS enhances it with stylistic design, and JavaScript
brings the page to life with dynamic interactions. Together, these three technologies form the
backbone of web development, enabling browsers to present the complex, interactive web pages
that have become integral to our personal and professional lives.

10
CHAPTER 2: PROJECT OVERVIEW

• HTML(The Structure): is the backbone of any website. It provides the basic structure
of sites, which is enhanced and modified by other technologies like CSS and JavaScript.
HTML uses tags to denote elements such as headings, paragraphs, links, images, and
other content blocks. These tags are interpreted by web browsers to display the content
of a web page.

• CSS(The Styling): is used for styling the visual presentation of web pages. It allows
you to apply styles to HTML elements, such as colors, fonts, spacing, layout designs,
and much more. CSS can be included directly within an HTML document, linked as an
external file, or even embedded in HTML tags via the "style" attribute.

• JS(The Behavior): is a powerful scripting language that enables interactive web pages.
It is used to create dynamic content updates, handle multimedia, animate images, and
pretty much anything else. (Okay, not everything, but JavaScript is incredibly versatile.)
Scripts are embedded in or included from HTML documents and run client-side by the
web browser.

Figure 2.2: HTML, CSS and JS designs

2.3.6 Web Exploitation Basics

Web exploitation encompasses the strategies and tactics utilized by attackers to manipulate
vulnerabilities in web applications for malicious purposes. These vulnerabilities, inherent in the
application’s code, configuration, or environment, can compromise data integrity, user privacy,
and overall system security. The essence of understanding web exploitation lies in recognizing
the dual imperative of protecting digital assets while foreseeing potential avenues of attack.

11
CHAPTER 2: PROJECT OVERVIEW

2.3.6.1 Fundamentals of Web Exploitation

The bedrock of web exploitation is a comprehensive understanding of common vulnerabilities

and the conditions that allow such security lapses to persist. These include, but are not limited
to:

• Vulnerability Identification: The initial step involves detecting weaknesses within

the application’s architecture, code, or deployment settings that could be exploited. This
meticulous process often employs both automated tools and manual inspection to unearth
vulnerabilities that could otherwise remain hidden. It is a critical first line of defense,
aiming to preemptively rectify issues before they can be exploited.

• Attack Vectors: These are the methods or pathways an attacker uses to exploit vulnerabilities,
tailored to the specific weaknesses of the system. Understanding these vectors is pivotal for
developing effective security measures and for anticipating potential attack scenarios. It
also aids in the creation of more resilient systems, designed to mitigate the risks associated
with these exploitation paths.

• Impact Assessment: Evaluating the potential consequences of an exploit, which can

range from data breaches to unauthorized system access, is crucial for understanding
the severity of a vulnerability. This evaluation not only highlights the potential damage
and disruption that could ensue but also helps prioritize security efforts based on the
risk profile of each identified vulnerability. It serves as a guiding principle for allocating
resources efficiently in the cybersecurity defense strategy.

2.3.6.2 Key Elements of Web Exploitation

Several core vulnerabilities are commonly targeted by attackers due to their prevalence and
impact. Understanding these is vital for both securing applications and comprehending the
landscape of web security threats:

• SQL Injection: This involves injecting malicious SQL code into input fields to manipulate
a database query, allowing unauthorized access to or manipulation of data. It exploits
weaknesses in data validation and input sanitization, enabling attackers to execute arbitrary
SQL commands within a target database. This vulnerability underscores the importance
of employing prepared statements and parameterized queries in database interactions to
enhance security.

12
CHAPTER 2: PROJECT OVERVIEW

• Cross-Site Scripting(XSS):XSS attacks involve inserting malicious scripts into web

pages viewed by other users, potentially leading to unauthorized access to user data
or session hijacking. These attacks highlight the critical need for web applications to
sanitize user inputs and implement content security policies that prevent the execution
of untrusted scripts, thereby safeguarding users from malicious content.

• Local File Inclusion(LFI): LFI vulnerabilities allow attackers to read or execute files
on the server that hosts the web application. This can lead to unauthorized access to
sensitive information or execution of malicious scripts on the server. To mitigate LFI
risks, developers should validate and sanitize user inputs, ensuring that file paths cannot
be manipulated to include files outside of intended directories.

• Insecure Direct Object References (IDOR): IDOR vulnerabilities occur when an

application provides direct access to objects based on user-supplied input. This flaw allows
attackers to bypass authorization and access resources directly, such as files, database
records, or other sensitive data, by altering an ID in a URL or request. Mitigation
involves implementing robust access control checks and ensuring that each request for an
object is properly authenticated and authorized.

• Command Injection: Command injection is a vulnerability that allows an attacker to

execute arbitrary commands on the host operating system through a vulnerable application.
This typically occurs when user input is improperly sanitized, and the input is passed to
a system command or shell. To mitigate this risk, developers should validate and sanitize
all user inputs, use secure coding practices to avoid executing commands directly, and
employ the principle of least privilege for application permissions.

Web exploitation poses a significant risk in the realm of cybersecurity, underscoring the
constant struggle to balance effective security measures against the innovative methods used
by cyber attackers. This journey through various vulnerabilities, including SQL Injection,
Cross-Site Scripting (XSS), Local File Inclusion (LFI), Insecure Direct Object References
(IDOR), and Command Injection, sheds light on the complex challenges faced in protecting web
applications. To counter these threats, a comprehensive approach is essential, incorporating
careful code examination, strict checking of user inputs, and robust security protocols. As
technology evolves, the need to understand and combat web exploitation grows increasingly
important. Protecting our digital environments is crucial for maintaining the security and
privacy of information in our interconnected world.

13
CHAPTER 2: PROJECT OVERVIEW

2.4 Working Environment

Every project requires specific software tools, and this project is no different. In this part I
will outline the essential software that supported the completion of our tasks. These tools were
key to making our work more efficient and played a crucial role in achieving our project goals.

2.4.1 Code editor

Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop
and is available for Windows, macOS and Linux. It comes with built-in support for JavaScript,
TypeScript and Node.js and has a rich ecosystem of extensions for other languages and run
times (such as C++, C, Java, Python, PHP, Go, .NET).

Figure 2.3: Visual Studio Code Design

2.4.2 Snyk Extension

The Snyk extension for Visual Studio Code (VS Code) represents a sophisticated enhancement
aimed at bolstering the security posture of software development projects. Seamlessly integrated
within the VS Code environment, this extension facilitates the proactive identification and
remediation of vulnerabilities within project dependencies. It accomplishes this by conducting
real-time scans and analyses, thereby ensuring that any security vulnerabilities in libraries
or packages are promptly identified and addressed. Moreover, the Snyk extension provides
developers with actionable insights and solutions for mitigating identified security issues, thereby
upholding the integrity and security of the software being developed.

14
CHAPTER 2: PROJECT OVERVIEW

Through its intuitive interface and deep integration with VS Code, the Snyk extension
serves as an essential tool for developers seeking to adhere to stringent security protocols while
minimizing impact on productivity.

Figure 2.4: Snyk Extension

2.4.3 Burp Suite

Burp Suite is an integrated platform designed for securing web applications. It combines
multiple tools for testing web security within a single interface, including automated vulnerability
scans, traffic interception for analysis and modification, and targeted attack simulations. Widely
used by security professionals and developers alike, Burp Suite helps identify and exploit web
vulnerabilities effectively, ensuring comprehensive application security testing. Its versatility
and depth make it a staple in the toolkit of those dedicated to enhancing web application
security.

Figure 2.5: Burp Suite Design

2.4.4 Operating System: Kali Linux

Kali Linux is a powerful and versatile operating system widely used for digital forensics and
penetration testing. Developed by Offensive Security, it comes pre-packaged with a comprehensive
suite of tools geared towards security professionals and ethical hackers. These tools support
a range of activities, from vulnerability analysis and network sniffing to hacking and securing
systems. Kali Linux is based on Debian and is designed with advanced penetration testing,
security auditing, and forensic investigations in mind. Its robust toolset and extensive documentation

15
CHAPTER 2: PROJECT OVERVIEW

make it a favorite among cybersecurity experts for conducting thorough security assessments
and for educational purposes in the field of information security.

Figure 2.6: Kali Linux Design

2.4.5 Docker

Docker utilizes containerization, a lightweight form of virtualization, to package and run

applications in isolated environments called containers. Unlike traditional virtualization, which
relies on emulating hardware to run multiple operating systems, Docker allows applications
to share the host OS kernel while maintaining separation. This method significantly reduces
overhead, leading to faster startup times and lower resource usage compared to running full
virtual machines. Docker’s approach enables developers to easily deploy and scale applications
across any environment, maintaining consistency and efficiency. This form of virtualization has
revolutionized how applications are developed, tested, and deployed, making Docker a key tool
in modern DevOps practices.

Figure 2.7: Docker Design

16
CHAPTER 2: PROJECT OVERVIEW

2.4.6 Docker’s Core Functionalities and Benefits

Docker is a powerful platform designed to make it easier to create, deploy, and run applications
by using containers. Containers allow a developer to package up an application with all of the
parts it needs, such as libraries and other dependencies, and ship it all out as one package.
Here’s an overview of Docker’s key functionalities:

• Containerization: At its core, Docker utilizes containers to encapsulate applications,

making them portable and consistent across various computing environments. This
isolation ensures that applications work uniformly despite differences in development and
staging environments.

• Image Management: Docker uses images as the basis for containers. An image is a
lightweight, stand-alone, executable software package that includes everything needed to
run a piece of software, including the code, a runtime, libraries, environment variables,
and config files. Docker images are immutable, which makes them a solid foundation for
deploying applications.

• Docker Hub and Registries:Docker Hub is a cloud-based registry service that allows
you to link to code repositories, build your images, test them, store manually pushed
images, and link to Docker Cloud so you can deploy images to your hosts. It provides a
centralized resource for container image discovery, distribution, and change management.

• Networking: Docker provides powerful networking capabilities that allow containers to

communicate with each other and with other external resources. Docker automatically
manages the networking of containers through the use of network drivers.

• Volumes and Storages: Docker offers volumes, which are persistent data storage areas
and storage options. Volumes are completely managed by Docker and are the best way
to persist data in Docker.

• Docker Compose: This is a tool for defining and running multi-container Docker
applications. With Compose, you use a YAML file to configure your application’s services,
networks, and volumes, and then create and start all the services from your configuration
with a single command.

• Security: Docker provides security features and best practices to build, ship, and run
containers securely. Namespaces provide the first level of isolation: each aspect of a
container runs in a separate namespace and its access is restricted to that namespace.

17
CHAPTER 2: PROJECT OVERVIEW

2.4.7 Advantages of Docker Over Virtual Machines

In the landscape of virtualization technologies, Docker stands apart from traditional Virtual
Machines (VMs) by offering a more streamlined, resource-efficient approach to application
deployment through containerization. Unlike VMs, which simulate entire hardware systems
and require full operating systems for each instance, Docker containers share the host’s OS
kernel, significantly reducing overhead and improving performance. This inherent efficiency of
Docker does not only translate to faster deployment times and lower resource consumption but
also presents a unique advantage in terms of security. While the isolation level of VMs is higher
due to their complete separation of operating environments, Docker’s model facilitates easier
management and patching of vulnerabilities within the containerized applications. By allowing
for rapid updates and consistent environments across development, testing, and production,
Docker can mitigate security risks more efficiently than the more static and compartmentalized
VMs. This makes Docker an appealing option for developers and organizations aiming to
maintain high security standards while leveraging the benefits of virtualization technology.

Figure 2.8: Applications on VMs and Containers

2.5 Conclusion

In this chapter, we explored the realm of cybersecurity, with a focus on web exploitation
and the critical tools necessary for identifying and addressing vulnerabilities.

18
CHAPTER 2: PROJECT OVERVIEW

Moving forward, the next chapter will cover the practical processes involved in investigating
common web vulnerabilities, alongside methodologies for testing and securing your applications
against such threats.

19
Chapter 3

Project Execution

Introduction

In the last chapter, we identified the main concept and tools for our project. This chapter
will focus on implementing the project, including the initial setup, the important features we
are adding, and finally, presenting the work we have completed.

3.1 Executed tasks

Throughout my internship, I focused on exploiting web vulnerabilities, delving into cybersecurity’s

complex aspects. I encountered and utilized various critical tools, each challenge enhancing my
technical skills and favouring a mindset geared towards continuous learning and adaptability
in this field.

3.1.1 HTTP Parameter Pollution(HPP)

HTTP Parameter Pollution (HPP) is a web vulnerability where attackers manipulate or

pollute the parameters of a web application’s HTTP requests. This is done by injecting
encoded query strings, modifying or adding parameters to trick the application into performing
unintended actions. It can lead to various security issues, such as bypassing input validation
checks, altering application logic, or accessing unauthorized data. Protecting against HPP
involves careful validation and sanitization of all user inputs, implementing web application
firewalls, and ensuring a clear separation of internal and external parameters in web applications

20
CHAPTER 3: PROJECT EXECUTION

3.1.1.1 Building The Web Application

To find vulnerabilities in a Web application, we built and hosted it locally using a Docker file
and other configuration files provided.

Figure 3.1: Dockerfile for the first Web Application

First of all, We need to build an image to run our container using this command:

Figure 3.2: Building an Image

Here the dot (.) refers to the current working directory which contains the Docker file,
and the -t flag stands for "tag". It allows you to assign a name and optionally a tag in the
’name:tag’ format to the image.
After that we need to run a container which is an instance of the image using the command:

Figure 3.3: Running The Container

Here we used –name to name our container and the Image ID that we are going to use

21
CHAPTER 3: PROJECT EXECUTION

3.1.1.2 Exploiting The Application

Now we have our Web Application running on our local host

Figure 3.4: First Web Application

We registered and logged in using those credentials we have just created

Figure 3.5: Registring

22
CHAPTER 3: PROJECT EXECUTION

First thing we notice when we login is that we have a Username, Balance , and a Wallet
Address.

Figure 3.6: Account informations

After looking over the code, we noticed that taking out exactly 1337 from the account lets
us get the flag. The problem is, the account is empty – we have no money in it. We first
thought about how to put money in or maybe even take out a negative amount, but none of
those ideas worked. Then, after checking the data sent to the database, we spotted a problem
with the website’s HTTP parameters that we might be able to use to our advantage.

Figure 3.7: Possible Vulnerability in The Application

23
CHAPTER 3: PROJECT EXECUTION

We need to intercept the the request of withdrawing money

Figure 3.8: Intercepting The request to modify it

24
CHAPTER 3: PROJECT EXECUTION

And we try to inject the parameter which can print the flag for us

Figure 3.9: Injecting mallious paramater

And there we have our flag which means we have successfully exploited the vulnerability

Figure 3.10: Vulnerability Exploited

25
CHAPTER 3: PROJECT EXECUTION

3.1.2 Cross-site scripting (XSS)

3.1.2.1 Building The Application

We will follow the same steps to set the second Web Application using Docker, first we build
the image:

Figure 3.11: Building the second Web Application

And then running our container:

Figure 3.12: Running the second container

Then we can use our Web application:

Figure 3.13: Second Web Application Interface

26
CHAPTER 3: PROJECT EXECUTION

3.1.2.2 Exploiting The Application

Upon inspecting the source code within our code editor, we utilized the Snyk extension and
identified a susceptibility to cross-site scripting (XSS) within the codebase.

Figure 3.14: Second Web Application Interface

27
CHAPTER 3: PROJECT EXECUTION

We have discovered that the "Halloween Name" entry field has a security issue that allows
for XSS attacks.

Figure 3.15: Vulnerable Input Field

However, a CSP (Content Security Policy) was in place, aimed at preventing such exploits
by restricting scripts to certain sources.

Despite the CSP, I found a workaround by using a CDN (Content Delivery Network) allowed
by the policy. I hosted a malicious script on GitHub, then used jsDelivr, a service included in
the CSP’s whitelist, to serve the script to the application. This method exploited the CSP’s
allowance for specific external scripts.

Figure 3.16: Malicious JavaScript code

Figure 3.17: Hosting The Malicious JavaScript code

Now our finale payload which we are going to use in the vulnerable input field should be
like this

Figure 3.18: finale payload

28
CHAPTER 3: PROJECT EXECUTION

We got a message saying "your request will be reviewed by our team!"

Figure 3.19: Page response to malicious payload

And if we check the URL for the "Webhook.site" we provided in our malicious JavaScript
file we will find a cookie session.

Figure 3.20: Cookie Session retrieved

Now we grab the cookie and try to decode it and there we have our flag which means we
successfully exploited the XSS vulnerability.

29
CHAPTER 3: PROJECT EXECUTION

Figure 3.21: Vulnerability Exploited

3.2 Building an Application

During my internship, I had the opportunity to work on a unique project: creating a small
application known as a "Python Jail." This project focused on building a secure environment
for running code. My goal was to make the application as safe as possible and to package it
using Docker for better isolation and deployment.
The script at first was like this:

Figure 3.22: Vulnerability Exploited

30
CHAPTER 3: PROJECT EXECUTION

We have established a blacklist to prevent certain inputs by users, as well as a specific set
of characters that are permitted for use.Not only that but The ’safe eval’ function is designed
to securely execute user-provided Python code by limiting access to only a few trusted built-in
functions
Unfortunately, after trying to break from this sandbox I found a payload that can bypass all
the restrictions.

Figure 3.23: Python payload

This payload is designed to take advantage of the flexible and deep-looking features of
Python to escape or break free from a secured coding area, often called a Python Jail. It
cleverly moves through Python’s built-in settings and structures to find and use the breakpoint
function.
The breakpoint function in Python stops the code’s execution and starts a debugging session
at the point where it is called. Think of it as hitting a pause button on your code to look around
and see what is happening at that moment. This can be very useful for developers trying to
figure out what their code is doing, but it should not be accessible in a secured environment
because it can be misused to inspect or alter the code’s execution flow in ways that were not
intended.

I have refined my script to extend the blacklist, now also excluding specific terms and characters
such as ".", ",", "[","]", "class", "register", "builtins", and "breakpoint".

Figure 3.24: Updated Blacklist

The revised blacklist significantly improves the application’s security by disallowing the
use of previously exploitable inputs. Nevertheless, the possibility remains that individuals
could discover alternate methods to bypass these restrictions, thereby posing a challenge to the
application’s integrity. This highlights the need to keep making security better and to keep an
eye out for any weak spots that could be exploited.

31
CHAPTER 3: PROJECT EXECUTION

Following extensive testing, we dockerized our application, ensuring it is now deployable

and capable of running on any machine.

Figure 3.25: Python Jail’s Dockerfile

The entrypoint.sh script is used to set up the Docker container’s environment and run any
initialization tasks required before the main application starts. The start.sh script typically
handles the actual starting of the application process within the container after any preliminary
setup is completed.

Conclusion

This chapter was about mainly about giving an overview of the build and setup of this
project, as well as the finished work.

32
General Conclusion

My time at DefensyLab has been a period of substantial growth and learning, particularly
in the sphere of web exploitation, a field that requires a methodical approach to understand
and protect against vulnerabilities in web applications. I dived deep into various attack vectors,
learning not only how to exploit these weaknesses but also how to reinforce defenses against
them.

Simultaneously, learning about Docker was a key experience. Docker allows us to package
an application with everything it needs to run. This makes the application secure and easy
to move from one computer system to another. I’ve learned important Docker commands and
how to manage containers, which are like little packages of software. This knowledge is crucial
for setting up software in a way that is protected against many common security issues.

As my internship at DefensyLab concludes, I am thankful for the opportunity to learn from

the experts there. I believe the skills and knowledge I’ve gained form a strong base for my
future work in cybersecurity.

33
Webography

[1] Computer programs. Retrieved January 1, 2023, from. url: https://learn.dreamhack.

io/67%13.

34