Intern Manoj Report
Intern Manoj Report
A Report to be submitted for the term work of Third year degree in Computer
Engineering
SUBMITTED BY
Thorat Manoj Rajendra
Exam No: T1907604302
Course Outcomes:
• CO1: To demonstrate professional competence through industry internship.
• CO2: To apply knowledge gained through internships to complete academic activities in
a professional manner.
• CO3: To choose appropriate technology and tools to solve given problem.
• CO4: To demonstrate abilities of a responsible professional and use ethical practices in
day to day life.
• CO5: Creating network and social circle, and developing relationships with industry peo-
ple.
• CO6: To analyze various career opportunities and decide carrier goals.
CO-OP-Mapping Matrix:
The CO-PO Mapping Matrix
CO/PO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12
CO1 2 2 2 2 3 1 1 1 1 2 1 1
CO2 1 2 2 2 3 2 1 1 1 2 2 1
CO3 - - - - - 1 - - 2 2 1 1
CO4 2 - - - - - 2 2 3 - - 2
CO5 - - - - 1 2 1 1 - 1 2 1
CO6 - - - - - 1 - 2 - 1 - 1
1
Acknowledgment
I would like to express my sincere gratitude to everyone who played a role in the successful
completion of my internship in Cybersecurity and Penetration Testing at Netsleap IT Training
and Solution. This internship has been an invaluable step in developing my technical knowledge,
hands-on skills, and overall professional growth.
First and foremost, I would like to thank my internship guide, Prof. S. R. Palkar, for their
continuous support, guidance, and insightful feedback throughout this journey. Their mentorship
was instrumental in deepening my understanding of cybersecurity concepts, penetration testing
methodologies, and industry best practices.
I am equally grateful to Prof. Dr. N. R. Wankhede, Head of the Department, for granting me
the opportunity to pursue this internship and for their consistent encouragement and support.
Their academic leadership greatly enriched my learning experience.
A heartfelt thank you to the entire team at Netsleap IT Training and Solution—especially
my mentors and colleagues—for their cooperation, knowledge sharing, and for creating such a
collaborative and motivating environment. Their real-world experience and constant support
were key to enhancing my practical abilities.
This internship has marked a major milestone in my academic and professional journey. I
truly appreciate the support and encouragement from everyone involved, and I am eager to apply
the skills and knowledge I’ve gained to future endeavors in the field of cybersecurity.
- Manoj R. Thorat
2
Late G.N. Sapkal College of Engineering
CERTIFICATE
This is to certify that the Internship Report submitted by Mr.Thorat Manoj Rajendra
is approved for the partial fulfillment of the requirements for the Term Work of Internship
of Savitribai Phule Pune University, for the award of the degree of Bachelor of Engineering
(Computer Engineering).
3
ISO 9001:2015
CERTIFICATE OF INTERNSHIP
This internship program certificate is proudly awarded to
MANOJ THORAT
4
For his outstanding completion of the compulsory internship program
5
Assessment
Rubrics
Table 4: Rubrics
6
Contents
1 INTRODUCTION 9
1.1 Brief Overview of Cybersecurity and Penetration Testing . . . . . . . . . . . . . 9
1.2 Importance of Penetration Testing in Modern Cybersecurity . . . . . . . . . . . 9
1.3 Overview of Netsleap IT Training and Solution . . . . . . . . . . . . . . . . . . 9
1.4 Purpose of the Internship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 METHODOLOGICAL DETAILS 15
4.1 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 System Analysis : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3 Specific Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3.1 Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3.2 Non-Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3.3 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . 17
4.4 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4.1 Minimum Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4.2 Recommended Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.4.3 Virtualization Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.5 Project Overview and Technology Scope . . . . . . . . . . . . . . . . . . . . . . 19
4.5.1 • Ethical Hacking Framework: . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.2 • Penetration Testing: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.3 • Vulnerability Assessment: . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6 Tools Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6.1 1. Kali Linux (v2023.4): . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6.2 Metasploit Framework (v6.3) . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6.3 Wireshark (v4.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5 Data Analysis 25
5.1 Vulnerability Scanning Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.2 Exploitation Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3 Network Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.4 Summary of Key Insights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7
5.5 Data Analysis & Interpretation of Project . . . . . . . . . . . . . . . . . . . . . 27
5.5.1 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.5.2 Screenshots Of Projects Development: . . . . . . . . . . . . . . . . . . . 27
5.5.3 Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6 Attendance Record 33
8
1 INTRODUCTION
1.1 Brief Overview of Cybersecurity and Penetration Testing
Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access,
cyberattacks, and data breaches. As threats like ransomware, phishing, and advanced persistent
threats (APTs) become more frequent and complex, organizations increasingly invest in security
solutions to safeguard their digital assets.
Penetration Testing, also known as ethical hacking, is a proactive approach to cybersecurity.
It involves simulating real-world cyberattacks to identify and address vulnerabilities before ma-
licious actors can exploit them. Professionals use tools such as Kali Linux, Metasploit, Nmap,
Burp Suite, and Wireshark to perform thorough assessments of networks, systems, and applica-
tions.
Given the increasing sophistication of cyber threats, regular penetration testing is essential
for maintaining strong and resilient security systems.
• Security consultancy to help businesses implement effective defenses and achieve compli-
ance.
By combining practical training with real-world security projects, Netsleap IT plays a sig-
nificant role in preparing the next generation of cybersecurity professionals and helping organi-
zations counter emerging threats.
9
1.4 Purpose of the Internship
The main goal of this internship was to bridge the gap between academic knowledge and real-
world cybersecurity practice. Key learning outcomes included:
• Working with essential tools like Kali Linux, Burp Suite, SQLMap, Wireshark, and Metas-
ploit.
• Enhancing report writing by documenting findings, assessing risk, and recommending so-
lutions.
10
2 PROBLEM STATEMENT AND OBJECTIVES
2.1 Problem Statement
The growing sophistication of cyber threats poses a serious challenge to organizations in main-
taining secure IT environments. Many institutions lack the necessary expertise and tools to
identify and mitigate vulnerabilities within their systems, networks, and applications. Tradi-
tional security measures often fall short in detecting advanced threats, leading to data breaches,
service disruptions, and financial losses. Moreover, without regular vulnerability assessments
and penetration testing, organizations remain unaware of critical security gaps that attackers
can exploit.
2.2 Objectives
The primary objectives of this internship were to:
• Perform hands-on penetration testing on networks, web applications, and systems using
tools like Kali Linux, Metasploit, Burp Suite, Nmap, and Wireshark.
• Identify common vulnerabilities such as SQL injection, cross-site scripting (XSS), and
insecure configurations, and understand how to exploit and mitigate them.
• Learn and apply standardized frameworks such as the OWASP Top 10 and PTES (Pene-
tration Testing Execution Standard) to conduct structured security assessments.
• Develop skills in creating detailed, professional reports that document vulnerabilities, as-
sess risk levels, and propose remediation steps for both technical and non-technical audi-
ences.
11
3 MOTIVATION / SCOPE AND RATIONALE OF THE
STUDY
3.1 Motivation
The motivation behind undertaking this internship stems from three critical factors:
• Future-Proofing: Cyberattacks are projected to cost $10.5 trillion annually by 2025 (Cy-
bersecurity Ventures), ensuring long-term relevance of cybersecurity skills.
• Ethical Alignment: Unlike malicious hacking, pentesting has a legal framework (e.g.,
written consent, defined scope) to improve security.
• Tool Fascination: Hands-on work with tools like Metasploit (exploitation) and Burp Suite
(web app testing) provides technical satisfaction.
• Employer Expectations: 78% of cybersecurity job postings require hands-on testing ex-
perience (LinkedIn, 2023).
12
3.2 Scope
The internship focused on three measurable domains:
• Wireless Security: Assessed Wi-Fi networks for WPA2 cracking using Aircrack-ng
13
3.3 Rationale of the Study
This internship addressed three systemic needs:
– Preventive Impact: Identified critical vulnerabilities (e.g., unpatched RCE flaws) be-
fore attackers could exploit them.
– ROI Demonstration: Showed how pentesting could help prevent average breach costs
of $4.45 million (IBM, 2023).
– Security Awareness: Findings were used to train staff through initiatives like phishing
simulations.
14
4 METHODOLOGICAL DETAILS
4.1 Modules
The internship work was divided into distinct modules to structure learning and ensure
practical application of each domain in cybersecurity and penetration testing.
Module 1: Information Gathering Scanning : Tools Used: Nmap, Netdiscover,
WhatWeb
Activities:
Identifying active hosts and open ports
Fingerprinting services and OS
Enumerating network topology
Module 2: Web Application Testing Tools Used: Burp Suite, SQLmap, Nikto
Activities:
Manual and automated testing for XSS, SQLi, CSRF, and file upload vulnerabilities
Intercepting and modifying HTTP requests/responses
Module 3: System Exploitation Tools Used: Metasploit Framework, msfvenom
Activities:
Exploiting known vulnerabilities (e.g., EternalBlue/MS17-010)
Gaining shell access and remote code execution
Module 4: Privilege Escalation Tools Used: LinPEAS, WinPEAS, manual enumeration
Activities:
Exploiting misconfigurations
Abusing SUID/SGID bits and vulnerable services
Module 5: Network Analysis Tools Used: Wireshark
Activities:
Capturing and analyzing packets
Identifying clear-text credentials, insecure protocols
Module 6: Reporting Tools Used: Word, Markdown, CVSS Calculator
Activities: Documenting findings with evidence
Assigning severity levels and proposing remediations
15
4.2 System Analysis :
The systems analyzed during the internship ranged from intentionally vulnerable virtual
machines to real-world web applications.
Target Platforms: Windows 7 (vulnerable to SMB exploits)
Linux-based VMs (Kali, Parrot)
Web servers running on Apache, PHP, MySQL
Analysis Process: Threat Identification: Using enumeration techniques to identify system
exposures.
Vulnerability Correlation: Matching services with CVEs (Common Vulnerabilities and
Exposures).
Exploit Feasibility: Testing if theoretical vulnerabilities were practically exploitable.
Post-Exploitation: Verifying access levels and the ability to move laterally or extract data.
The goal of the system analysis was not only to break into the systems but to understand
how the vulnerability exists, why it exists, and how it can be fixed or mitigated.
16
4.3 Specific Requirements
4.3.1 Functional Requirements
FR1: The intern must be able to perform reconnaissance using tools like Nmap and Wire-
shark.
FR2: The intern must identify vulnerabilities using scanners like SQLmap and Nikto.
FR3: The intern must exploit vulnerabilities using Metasploit Framework.
FR4: The intern must analyze and document findings in a formal report.
FR5: The intern must suggest remediation techniques for discovered vulnerabilities.
17
4.4.2 Recommended Requirements
18
4.5 Project Overview and Technology Scope
This internship project focused on simulating a real-world penetration testing engagement
targeting a Windows 7 virtual machine (VM). The objective was to identify, exploit, and doc-
ument vulnerabilities using industry-standard tools and methodologies, adhering to ethical
hacking principles. The project emphasized hands-on learning in vulnerability assessment,
exploit development, and post-exploitation analysis.
Technology Scope:
Automated tools like Nessus and manual techniques were used to identify misconfigurations
(e.g., weak user permissions, unpatched services).
Modules Used:
19
Figure 1: Kali Linux Desktop With Tools
Workflow:
20
Windows 7 VM (SP1, 32-bit)
Purpose: Mimic legacy systems still in use across industries (e.g., healthcare,
manufacturing).
21
Figure 4: User Interface ofWireshark
22
4. Post-Exploitation:
– Privilege Escalation: Used getsystem to gain SYSTEM-level access
– Persistence: Created a backdoor with: persistence -X -i 60 -p 443 -r 192.168.1.50
Metasploit Framework:
Architecture:
23
Kali Linux
Tool Categories:
Service-Based Simulation:
Metasploit:
Kali Linux:
Wireshark:
24
5 Data Analysis
The data analysis phase focused on evaluating the outcomes of various cybersecurity tasks
conducted during the internship. These included vulnerability scanning, exploitation, and
network traffic monitoring, all performed in a secure and controlled lab environment. The
objective was to assess the overall security posture of target systems and identify critical
weaknesses that could be exploited by attackers.
Key Findings
– SQL Injection (SQLi): Multiple injection points were found in login and search
fields. SQLmap was used to extract data from backend databases, exploiting unsanitized
inputs.
– Cross-Site Scripting (XSS): Both reflected and stored XSS vulnerabilities were de-
tected. JavaScript payloads like <script>alert(1)</script> executed successfully,
indicating poor input filtering.
– Outdated Software: Scans revealed deprecated Apache versions prone to known
CVEs. Some web pages lacked HTTPS, leading to insecure data transmission.
– Security Misconfigurations: Accessible directories (e.g., /admin, /backup) and miss-
ing headers such as X-Frame-Options increased attack surface.
25
Notable Observations
– ARP Spoofing: Simulated ARP poisoning using arpspoof enabled a successful MITM
attack, allowing HTTP credential capture.
– Insecure Data Transfers: Sensitive information such as usernames and passwords
was transmitted in plaintext over HTTP.
– Scan Detection: Network scans using Nmap (SYN, NULL, ACK) were visible in traffic
captures, showing how attackers map open ports.
– DNS Spoofing: Fake DNS responses redirected users to a malicious web page, high-
lighting risks of unsecured DNS protocols.
Security Recommendations
– Use secure coding practices, including input validation and parameterized queries.
– Enforce HTTPS across all communication channels.
– Apply regular updates and security patches to all software components.
– Configure HTTP headers to prevent clickjacking and XSS.
– Adopt multi-factor authentication and strong password policies.
– Continuously monitor system logs and network traffic for unusual activities.
26
5.5 Data Analysis & Interpretation of Project
5.5.1 Objective
To exploit a vulnerable Windows 7 machine using the Metasploit Framework and gain remote
access.
Steps Followed:
– B] Kali Linux:
27
Steps 2 :Creating a Payload for Windows
28
Steps 6: Start Metasploits MFSCONSOLE
29
Steps 10 : Open .exe File in Windows
A] Sysinfo:
30
B] Screenshare:
5.5.3 Interpretation
∗ The successful exploitation of the Windows 7 machine resulted in full remote
control of the target system, demonstrating the effectiveness of the Metasploit
Framework in real-world scenarios.
∗ It was observed that legacy vulnerabilities such as ms08 067 netapi, when left
unpatched, serve as critical attack vectors and can be easily leveraged by threat
actors.
∗ This project strongly highlighted the importance of regular system updates and
security patching. Systems that remain unpatched are at a significantly higher
risk of being compromised, even with minimal attacker effort.
31
Conclusion
The cybersecurity and penetration testing internship at Netsleap IT Training and
Solutions proved to be a transformative experience, offering extensive hands-on ex-
posure to real-world cybersecurity challenges. During the course of this internship,
I was trained to identify, exploit, and mitigate various digital vulnerabilities across
systems and networks. Working with industry-standard tools such as Kali Linux,
Metasploit, SQLmap, Wireshark, and Burp Suite enabled me to perform compre-
hensive security assessments that simulated actual cyberattacks. These practical
tasks deepened my technical proficiency and enhanced my understanding of how
different tools complement each other in the penetration testing lifecycle.
Engaging in realistic simulations allowed me to explore contemporary attack vec-
tors, including web-based exploits, network vulnerabilities, and system misconfig-
urations. I developed a keen understanding of exploitation techniques, privilege
escalation methods, and post-exploitation tactics, which are critical for assessing
the impact of breaches and designing mitigation strategies. Additionally, the in-
ternship emphasized the importance of documenting and communicating findings
clearly. I learned to generate professional, well-structured reports tailored for both
technical teams and non-technical stakeholders, which is essential for effective risk
management in any organization.
In summary, the internship not only strengthened my foundation in proactive cy-
bersecurity practices but also reinforced my commitment to continuous learning and
professional growth. I now feel confident in my ability to contribute meaningfully
to the field of cybersecurity, with a strong sense of purpose in defending digital
assets and supporting organizations against emerging threats.
32
6 Attendance Record
Student Name: Thorat Manoj Rajendra.
Internship: Cyber Security & Penetration Testing.
Batch: 1st Jan 2025 To 15th Feb 2025.
Contact: 8862009080
Day In Time Out Time Hours Day In Time Out Time Hours
01- 25-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
02- 27-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
03- 28-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
04- 29-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
06- 30-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
07- 31-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Jan-25
08- 01-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
09- 03-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
10- 04-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
11- 05-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
13- 06-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
14- 07-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
15- 08-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
16- 10-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
17- 11-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
18- 12-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
20- 13-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
21- 14-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
22- 15-
02:00 PM 07:00 PM 5 02:00 PM 07:00 PM 5
Jan-25 Feb-25
23-
02:00 PM 07:00 PM 5
Jan-25
sectionReferences
33
References
[1] Open Web Application Security Project (OWASP), “OWASP Top Ten – 2021,”
[Online]. Available: https://owasp.org/www-project-top-ten/
[2] P. Engebretson, The Basics of Hacking and Penetration Testing, 3rd ed., Syn-
gress, 2018.
[3] National Institute of Standards and Technology (NIST), “Technical Guide
to Information Security Testing and Assessment (SP 800-115),” 2008.
[Online]. Available: https://csrc.nist.gov/publications/detail/sp/
800-115/final
[4] Rapid7, “Metasploit Framework Documentation,” 2023. [Online]. Available:
https://www.metasploit.com/documentation
[5] J. Forshaw, Attacking Network Protocols: A Hacker’s Guide to Capture, Anal-
ysis, and Exploitation, No Starch Press, 2018.
[6] SANS Institute, “Incident Handler’s Handbook,” 2022. [Online]. Available:
https://www.sans.org/white-papers/33901/
[7] EC-Council, Certified Ethical Hacker (CEH) v12 Official Courseware, 2022.
[8] MITRE Corporation, “Common Vulnerabilities and Exposures (CVE),” 2023.
[Online]. Available: https://cve.mitre.org/
[9] D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni, Metasploit: The Pen-
etration Tester’s Guide, No Starch Press, 2011.
[10] International Organization for Standardization, “ISO/IEC 27001:2022 – Infor-
mation Security Management Systems.”
34
Additional Resources
∗ Kali Linux Documentation: https://www.kali.org/docs/
∗ Nmap Official Documentation: https://nmap.org/book/
∗ PCI Security Standards Council: https://www.pcisecuritystandards.org/
∗ IBM Security – Cost of a Data Breach Report 2023: https://www.ibm.com/
reports/data-breach
∗ OWASP Top 10 Security Risks: https://owasp.org/www-project-top-ten/
∗ Metasploit Unleashed by Offensive Security: https://www.offensive-security.
com/metasploit-unleashed/
∗ MITRE ATT&CK Framework: https://attack.mitre.org/
∗ CVE (Common Vulnerabilities and Exposures) Database: https://cve.mitre.
org/
∗ Cybersecurity and Infrastructure Security Agency (CISA): https://www.cisa.
gov/
∗ Burp Suite Documentation: https://portswigger.net/burp/documentation
∗ Wireshark User Guide: https://www.wireshark.org/docs/wsug_html_chunked/
35