Minor Project

Project Name: Cyber Security November Minor Project

Problem Statement: 1. Perform Foot printing on Tessla Website and gather
information about website by using online Websites (Whois / netcraft / Shodan /
dnsdumpster., etc.) as much as possible and write report on gathered info along
with screenshots
In the world of Cyber Security, Footprinting is the first step which lets penetration testers
gather information about hardware or network. It is basically an exploration process which
helps us to know our enemy. In order to complete the penetration process, one ought to gather
as much information as possible. Footprinting can be done either actively or passively.
Assessing a company’s website with their permission is an illustration of passive footprinting
and trying to access sensitive information through social engineering is an illustration of active
information gathering.

Types of Footprinting:
 Footprinting through Search Engine
 Footprinting through social engineering
 Footprinting through Social Networking sites
 Website Footprinting
 Competitive Intelligence
 WHOIS Footprinting
 Footprinting using advanced Google hacking techniques
 Email Footprinting
 DNS Footprinting
 Network Footprinting
Browsing the target Website may Providing
 Whos is Details
 Software used and version
 OS Details
 Sub Domains
 File Name and File Path
 Scripting Platform & CMS Details
 Contact Details
Whois footprinting
WHOIS (pronounced as the phrase who is) is a query and response protocol and whois
footprinting is a method for glance information about ownership of a domain name as
following:
 Domain name details
 Contact details contain phone no. and email address of the owner
 Registration date for the domain name
 Expire date for the domain name
 Domain name servers

Whois Lookup
It is broadly used in support of querying databases that store the registered users or assignees
of an Internet resource, such as a domain name, an IP address block, or an autonomous
system, but is also used for a wider range of other information. The protocol stores and delivers
database content in a human-readable format.
Browse given URL http://whois.domaintools.com/in browser and type any domain name.
For example: let’s search pentestlab.in

Now you can see it has created a whois record for pentestlab.in where it contains details like
email address, IP, registrant Org. From the given record, anyone can guess that this domain has
some connection to raj chandel. The attacker needs to perform footprinting on raj chandel
taking help from the previous article.
There is so many other tools use for whois footprinting for example:
 Caller IP
 Whois Analyzer pro
 Whois lookup multiple addresses
DNS Footprinting
The attacker performs DNS footprinting in order to enumerate DNS record details and type of
servers. There is 10 type of DNS record which provide important information related to the
target location.
1. A/AAAA
2. SVR
3. NS
4. TXT
5. MX
6. CNAME
7. SOA
8. RP
9. PTR
10. HINFO
Domain Dossier: it is an online tool use for complete DNS footprinting as well as whois
footprinting.
There are so many online tool use for DNS footprinting, using domain dossier we will check for
DNS records of penetstlab.in, select the check box for DNS records and traceroute and then
click on go.
You can observe that the data which we received from whois lookup and from domain dossier
is the same to some extent. It has given same email ID as above i.e. [email protected]
moreover details of DNS records TXT, SOA, NS, MX, A and PTR.

DNS Dumpster: it is also an online use for DNS footprinting.

DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain.
Enumerate a domain and pull back up to 40K subdomains, results are available in an XLS for
easy reference.
Repeating the same process for pentestlab.in, it will search for its DNS record. From the given
screenshot, you can observe we have received the same details as above. More it will create a
copy as an output file in from XLS.
You get signal: it is also an online tool used for DNS footprinting as well as for Network
footprinting
A reverse IP domain check takes a domain name or IP address pointing to a web server and
searches for other sites known to be hosted on that same web server. Data is gathered from
search engine results, which are not guaranteed to be complete
Hence we get the IP 72.52.229.111 for pentestlab.inmoreover it dumped the name of 14 other
domain which is hosted on the same web server.

Website Footprinting
It is a technique used for extracting the details related to the website as following
 11. Archived description of the website
12. Content management system and framework
13. Script and platform of the website and web server
14. Web crawling
15. Extract metadata and contact details from the website
16. Website and web page monitoring and analyzer
Archive.org: It is an online tool use for visiting the archived version of any website.
Archive.org has search option as way back machine which is like a time machine for any
website. It contains entire information from past till present scenario of any website either their
layout or content everything related to the website is present inside. In simple words, it
contains the history of any website.
For example, I had a search for the hackingarticles.in the archived record of 2012.

Built With: It is an online tool used for detecting techniques and framework involved inside
running website.
BuiltWith.com technology tracking includes widgets, analytics, frameworks, content
management systems, advertisers, content delivery networks, web standards, and web servers
to name some of the technology categories.
Taking the example of hackingarticles.in again we found the following things:
 Content Management system: WordPress
 Framework: PHP

Whatweb
Whatweb can identify all sorts of information about a live website, like Platform, CMS platform,
Type of Script, Google Analytics, Web server Platform, and IP address Country. A pentester can
use this tool as both a recon tool & vulnerability scanner.
Open the terminal in Kali Linux and type following command
whatweb www.pentestlab.in
As result, we receive the same information as above
Web crawling
HTTrack is a free and open source Web crawler and offline browser, developed by Xavier Roche
It allows you to download a World Wide Web site from the Internet to a local directory,
building recursively all directories, getting HTML, images, and other files from the server to your
computer. HTTrack arranges the original site’s relative link-structure.
Give target URL for copy the web site as www.pentestlab.in which starts downloading the
website.

http://www.hackingarticles.in/5-ways-crawl-website/

Web Data Extractor

Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of
various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as
meta tag information and body text. A special feature of WDE Pro is custom extraction of
structured data.
Start new project Type target URL as ignitetechnologies.in and select folder to save the output
and click on ok.
Now, this tool will extract metadata, email contact no. and etc from inside the target URL.
From given screenshot, you can see it found 40 meta tags1 email 84-phone number from
ignitetechnologies.in website.
Similarly the other tool use as web data extractor:
Web spider

Competitive Intelligence
Website-Watcher is a powerful yet simple website-monitoring tool, perfectly suited to the
beginner and advanced user alike. You can download it from here.
Using the new tab and enter the target URL which starts monitoring the target website.
For example, I enter the URL hackingarticles.in for monitoring this website.
Similarly, there are some other tools uses for monitoring:
On web change
Follow that page
Informinder
Problem Statement: 2. Perform SQL injection on by on
http://testphp.vulnweb.com Write a report along with screenshots and mention
preventive steps to avoid SQL injections.

Bypass Authentication / Blind SQL Injection

Target: Websites Admin Panel or Admin login page
Websites: Home of Acunetix Art (vulnweb.com)
1. static website ----> pages will static it won't take any input from
end user
2. Dynamic Website ----> pages will be in dynamic in nature, it will
take input from users and respond
for both websites ---> we will be having admin logins
Search for Admin pages in google ---> xyz.com admin pages
Attackers ----> by using google dorks ---> advanaced searching in
google
attacker first uses default uid and pass --- failed
uid: 1'or'1'='1 (True) vishwa123
pass:1'or'1'='1 (True)
vishwa'or'1'='1 (true)
Logic behind DB
uid pass Resul
T F F
F T F
T T T
Reporting screenshots
Before Attack

Reporting Screenshots
After attack
During attack:-
Completion of attack:-

Payload ---> 1'or'1'='1 Mistakes:

1. Web developer ---> alpha numeric only keys should be allowed in username

2. Database Admin ---->data is not encrypted in database

cheatsheet link: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypasscheat-sheet/

Problem Statement: 3. Clone a Facebook page and try to perform Desktop
Phishing in your local machine and capture the credentials and write the
document along with screenshots and suggest the solution to avoid from
phishing.
Step1: open www.facebook.com and save the html page by Rightclicksave as (or) ctrl+s 
select
webpage,html only  click on save facebook.html

Step2: Write PHP code for to capture the username and password and redirection and save the
file
with facebook.php
Loaction is used to redirect the page after clicking on signin
Facebook.txt file is used to save the login username and password
Step3: select the html file Rightclick openwith notepad (or) sublimetext

Step4: search for action= in html code and replace the original link with
facebook.php on both
places as shown images
.

Step5: Now we need create an empty txt file with name of Facebook.txt

Step7: Now we need to upload those 3 files in to domain hosting, will use free 3 rd party services
to host files in to website (https://www.freewebhostingarea.com/ )
step8: create a free domain here and signup with email and password
Step9: Login in to Web FTP by clicking on links and login with credentails to upload phishing
pages
Step10: After login click on Upload button and upload all 3 files
(facebook.html/facebook.php/facebook.txt)
Step11: Change the permissions for 3 files to (read,write,execute) by clicking on chmod button.
Problem Statement:4. Use SET toolkit to perform automation task on
phishing and capture the details and write a report on this attack and
protection from social engineering attacks.
As a penetration tester there will be times that the client requirements will be to
perform social engineering attacks against their own employees in order to test if
they follow the policies and the security controls of the company. After all if an
attacker fails to gain access to a system, then it might try alternative ways like
social engineering attacks.
In this article we will see how we can use the Credential Harvester Attack
Vector of Social Engineering Toolkit in order to obtain valid passwords.
The first thing that we need to do is to attach our laptop into the network of the
company that we need to do the Social Engineering Attack.When our system
obtains a valid IP address from their DHCP Server we are ready to launch the attack.
To start the Toolkit, just type “toolkit” in your terminal window.

Our choice we will be the Website Attack Vectors because as the scenario indicates
we need to test how vulnerable are the employees of our client against phishing
attacks.
We will use the Credential Harvester Attack Method because we want to obtain
the credentials of the users.

As we can see in the next image SET is giving us 3 options (Web Templates, Site
Cloner and Custom Import).
For this example, we will go with “Web Templates” option because it has some
ready-made Web Templates which we can easily use.
Now we need to enter our IP Address where you want to receive all POST back
requests.

And in last stage, you need to choose the Web Template, and in this case, we
selected Facebook because it's one of the most popular social networking platforms.

Now it is time to send our internal IP to the users in the form of a website (such as
http://192.168.179.160).This can implemented via spoofed emails that will pretend
that are coming from Facebook and they will ask the users to login for some reason.
If a user reads the email and make a click to our link (which is our IP address) he will
see the Facebook login page.
Let's see what will happen if the victim enters his credentials…
As we can see from the moment that the victim will submit his credentials into the
fake website SET will send us his Email address and his password. This means that
our attack method had success.
If many users enter their credentials to our fake website, then it is time to inform
our client to re-evaluate his security policy and to provide additional measures
against these types of attacks.
Conclusion –
 In the scenario that the user would like to login with his account then our
attack will have 100% success but even if the user will not login with his
email and password the attack is still successful because the user has opened
a website that came from an untrusted source.
 This means that if the website had some sort of malware, then it would infect
the user computer because the user simply ignores the security policy of the
company and opened an untrusted link. So, the company must provide the
necessary training to their employees in order to have a clear understanding
about the risks.
 Educating the employees is the key fact because even if your organization is
using all the latest anti phishing software the employees could be the
weakest link by opening a link that comes from an unknown origin. They
must be aware about what is phishing,not to open any links and to put their
details and to always check the address bar and things that would not look
normal in order to avoid being scammed.
 Always remember that a system administrator can patch a computer but
there is no patch to human weakness.