P1) Practical: Introduction to Vulnerabilities and OWASP Top 10

Objective:

To understand common web application vulnerabilities by working with intentionally insecure

applications such as OWASP Juice Shop or DVWA. The focus is on identifying and learning about
OWASP Top 10 vulnerabilities like SQL Injection and Cross-Site Scripting (XSS).

Steps:

1. Set Up the Environment:

o Install VirtualBox or VMware.

o Create a virtual machine (Ubuntu/Kali Linux preferred).

o Install and configure OWASP Juice Shop or DVWA.

 For Juice Shop (Docker-based setup):

 docker pull bkimminich/juice-shop

 docker run -d -p 3000:3000 bkimminich/juice-shop

 For DVWA (with XAMPP/LAMP):

 Install XAMPP.

 Place DVWA files in htdocs directory.

 Start Apache & MySQL from XAMPP control panel.

 Configure database from dvwa/setup.php.

2. Explore and Identify Vulnerabilities:

o Login as an admin (if applicable) and navigate through the app.

o Common vulnerabilities to test:

 SQL Injection:

 ' OR '1'='1

 Cross-Site Scripting (XSS):

 <script>alert('XSS')</script>

 Other OWASP Top 10 issues:

 Broken Authentication

 Security Misconfigurations

 Insecure Deserialization

 Sensitive Data Exposure, etc.

3. Document Findings:
 o Note down the vulnerable pages, payloads used, and behavior observed.

o Take screenshots as evidence.

Precautions:

 Do not test these vulnerabilities on real websites.

 Always use test environments like DVWA and Juice Shop.

 Disable outgoing internet traffic in the VM if needed.

Tools Used:

 VirtualBox / VMware

 OWASP Juice Shop

 DVWA (Damn Vulnerable Web App)

 Web Browser

 Command-line / Docker

P2) Practical: Network Scanning and Reconnaissance step-by-step:

1. Explore Network Configurations (Using Command-line Tools)

Run these commands inside your Virtual Machine (VM):

a) ipconfig (Windows) / ifconfig (Linux)

 Shows IP address, subnet mask, and default gateway.

 Example:

 ifconfig # Linux

 ipconfig # Windows

b) arp -a

 Displays ARP cache (IP-to-MAC mappings).

 Example:

 arp -a

c) ping <target_IP>

 Checks if a host is reachable.

 Example:

 ping 8.8.8.8

2. Perform Network Scanning (Using Nmap)

Example 1: Scan a specific IP address

nmap 192.168.1.1
Example 2: Scan a subnet

nmap 192.168.1.0/24

Example 3: Detect OS and open ports

nmap -O 192.168.1.1

Note: Use localhost or your own test network and get permission if you're scanning another
network.

3. Analyze Pre-Captured Traffic (Using Wireshark)

Steps:

1. Open Wireshark.

2. Go to File > Open, and load a .pcap file from:

o https://wiki.wireshark.org/SampleCaptures

3. Use filters like:

o http

o ip.addr == 192.168.1.1

o tcp.port == 80

What to Analyze:

 Check source/destination IPs

 Look at protocols used (TCP, UDP, HTTP, etc.)

 Identify potential anomalies (e.g., repeated SYNs = scanning behavior)

Tools Required:

 Nmap: Port and vulnerability scanning

 Wireshark: Network traffic analysis

 Command Line Tools: ipconfig/ifconfig, arp, ping

 Virtual Machines: For a safe test environment (e.g., Kali Linux, Ubuntu)

P3) Practical: Password Cracking (Test Environment)

Objective:

To understand how password hashes are cracked using tools like John the Ripper or Hashcat in a
controlled, legal, and ethical test environment.

Steps:

1. Generate Sample Hashes:

 o Use an online hash generator (e.g., https://www.md5hashgenerator.com) to create
hashes for simple passwords like:

 123456

 password

 admin123

o Save them in a file (hashes.txt) in the following format:

o 25f9e794323b453885f5181f1b624d0b

o 5f4dcc3b5aa765d61d8327deb882cf99

o 0192023a7bbd73250516f069df18b500

Using John the Ripper:

1. Install John the Ripper (Linux: sudo apt install john)

2. Run command:

3. john hashes.txt --format=raw-md5

4. To view cracked passwords:

5. john --show hashes.txt

Using Hashcat:

1. Install Hashcat (Linux: sudo apt install hashcat)

2. Run command:

3. hashcat -m 0 -a 0 hashes.txt rockyou.txt

o -m 0 = MD5 hash mode

o -a 0 = dictionary attack

o rockyou.txt is a common wordlist (available in Kali Linux)

Precautions:

 Do not use real system data.

 Use only sample or self-generated hashes.

 Always conduct testing in a virtual lab or test machine.

Tools Used:

 John the Ripper

 Hashcat

 Online hash generators

 Wordlists (e.g., rockyou.txt)

Here’s a detailed write-up for P4) Practical: Metasploit Basics for your file:

P4) Practical: Metasploit Basics

Objective:

To understand the basics of the Metasploit Framework by exploiting a vulnerable virtual machine
(Metasploitable2) in a safe test environment.

Steps:

1. Set Up Test Environment:

o Install Metasploitable2 as the target VM.

o Use Kali Linux or any penetration testing VM with Metasploit Framework installed
as the attacker machine.

o Ensure both VMs are on the same host-only or NAT network.

2. Launch Metasploit Framework:

o Open Terminal in Kali Linux.

o Run the command:

o msfconsole

3. Scanning the Target:

o Find the IP of Metasploitable2 using ifconfig.

o Use Nmap to scan for open ports:

o nmap -sV <target_ip>

4. Select and Use an Exploit:

o Use a known vulnerability like vsftpd 2.3.4:

o use exploit/unix/ftp/vsftpd_234_backdoor

o set RHOST <target_ip>

o run

5. Gain Shell Access:

o If successful, you’ll get a command shell of the target machine.

6. Post-Exploitation:

o Enumerate system info, users, etc.

o No real damage should be done—only observe and document.

Precautions:
 Do not attempt this on live or unauthorized systems.

 Always use isolated virtual environments for penetration testing.

 Ensure you understand the purpose is educational and ethical only.

Tools Used:

 Metasploit Framework

 Metasploitable2 (vulnerable VM)

 Kali Linux (attacker machine)

 Nmap (optional)

Here’s the detailed write-up for P5) Practical: Alternate Data Streams (ADS):

P5) Practical: Alternate Data Streams (ADS)

Objective:

To explore how Alternate Data Streams (ADS) can be used to hide files on NTFS file systems and
understand methods to detect and prevent such techniques.

Steps:

1. Set Up Windows VM:

o Use a Windows virtual machine (with an NTFS partition).

o Open Command Prompt with administrative privileges.

2. Create a Test File with ADS:

o Create a simple text file:

o echo This is a visible file > visible.txt

o Attach a hidden ADS stream:

o echo This is hidden > visible.txt:hidden.txt

3. Accessing the ADS:

o To read the hidden data:

o more < visible.txt:hidden.txt

o You will not see hidden.txt in File Explorer or regular dir listing.

4. Detecting ADS:

o Use Sysinternals Streams tool:

 Download from Microsoft:

https://docs.microsoft.com/en-us/sysinternals/downloads/streams

 Run:
  streams visible.txt

5. Deleting ADS:

o You can remove the stream by recreating the main file:

o type visible.txt > newfile.txt

o del visible.txt

o rename newfile.txt visible.txt

Precautions:

 ADS is a feature, not a flaw, but it can be misused by malware.

 Be cautious while experimenting—only use test files.

 Ensure the file system is NTFS (not FAT32, as ADS won't work there).

Tools Used:

 Windows VM

 NTFS file system

 Command Prompt

 Sysinternals Streams tool

P6) Practical: SQL Injection (Test Environment)

Objective:

To understand and perform SQL Injection attacks on vulnerable web applications like DVWA or
OWASP Juice Shop in a controlled environment, and learn how to mitigate such attacks.

Steps:

1. Set Up the Environment:

o Install DVWA or OWASP Juice Shop on a virtual machine using XAMPP, LAMP, or
Docker.

o Ensure the database and web server are running properly.

o Login to the DVWA interface and set Security Level to "Low" from the settings panel.

2. Perform SQL Injection Attack:

o Navigate to the SQL Injection section of DVWA.

o In the input field (e.g., User ID), try the following payloads:

 Basic:

 1' OR '1'='1

 Blind SQLi:
  1' AND 1=1 --

 Comment-based bypass:

 1' OR 'a'='a' --

o Observe the output. If the application is vulnerable, it will return user data from the
database.

3. Understand the Attack Flow:

o Learn how unvalidated inputs manipulate SQL queries.

o Example query before injection:

o SELECT * FROM users WHERE id = '1';

o After injection:

o SELECT * FROM users WHERE id = '1' OR '1'='1';

4. Mitigation Techniques:

o Input Validation: Allow only expected input types.

o Prepared Statements (Parameterized Queries):

o $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");

o $stmt->execute([$id]);

o Use of ORM tools to abstract direct SQL interaction.

Precautions:

 Only test on vulnerable apps in isolated environments.

 Do not perform these techniques on real or unauthorized systems.

Tools Used:

 DVWA (Damn Vulnerable Web Application)

 OWASP Juice Shop

 Web Browser

 VirtualBox / VMware

 XAMPP / LAMP / Docker

P7) Practical: Virtual Machine-Based Exercises

Objective:

To gain hands-on experience with real-world cybersecurity challenges by practicing on intentionally

vulnerable virtual machines available on VulnHub.

Steps:
 1. Set Up the Virtual Lab Environment:

o Install VirtualBox or VMware on your system.

o Download a Kali Linux VM for attacking and testing.

o Download a vulnerable machine (e.g., “Mr. Robot,” “Basic Pentesting 1”) from
VulnHub.

2. Configure the Network:

o Use Host-Only Adapter or NAT Network to ensure both attacker and target
machines are on the same subnet.

3. Start the Exercise:

o Boot both VMs (attacker and target).

o Use tools like netdiscover or nmap from Kali to discover the IP address of the
vulnerable machine:

o netdiscover

o nmap -sV <target-ip>

4. Enumeration and Exploitation:

o Use tools such as:

 nmap (port scanning & service discovery)

 nikto (web server scanning)

 gobuster or dirb (directory enumeration)

o Find and exploit vulnerabilities based on the machine’s challenge (e.g., default
credentials, outdated software, misconfigured services).

5. Privilege Escalation:

o Once you gain access, escalate privileges using local exploits or misconfigurations.

o Use tools like:

o linpeas.sh

or

sudo -l

6. Capture the Flag (CTF):

o Most VulnHub machines provide "flag" files as proof of exploitation (e.g., flag.txt,
proof.txt).

o Document the steps taken to solve the challenge.

Precautions:

 Ensure all exercises are performed in a closed and isolated virtual environment.
  Do not connect vulnerable machines to public or office networks.

Tools Used:

 VirtualBox / VMware

 Kali Linux (Attacker Machine)

 VulnHub VMs (Target Machines)

 nmap, netdiscover, nikto, gobuster, linpeas, etc.

P8) Practical: Framework Mapping

Objective:

To understand and apply cybersecurity frameworks like the NIST Cybersecurity Framework and
Lockheed Martin Cyber Kill Chain by mapping a sample security incident to their respective stages.
This helps in analyzing attacks systematically and preparing effective responses.

Part 1: Choose a Sample Security Incident

Let’s assume a phishing attack leading to malware installation.

Part 2: Mapping to the NIST Cybersecurity Framework

The NIST Framework has 5 key functions:

1. Identify

2. Protect

3. Detect

4. Respond

5. Recover

NIST Function Action in Phishing Scenario

Identify Assess which users/systems are vulnerable to phishing

Protect Implement email filtering and user awareness training

Detect Monitor email logs and malware alerts

Respond Quarantine infected systems, analyze malware behavior

Recover Remove malware, update defenses, and train users again

Part 3: Mapping to the Cyber Kill Chain

The Cyber Kill Chain includes 7 stages:

Kill Chain Stage Action in Phishing Scenario

1. Reconnaissance Attacker gathers employee emails from social media or company

Kill Chain Stage Action in Phishing Scenario

websites

2. Weaponization Attacker creates a malicious attachment or link

3. Delivery Email sent with malicious link/attachment

4. Exploitation User opens the link and triggers code execution

5. Installation Malware installs on the user’s system

6. Command & Control (C2) Infected machine connects to attacker’s server

7. Actions on Objectives Attacker steals data or spreads malware within the network

Conclusion:

Mapping incidents to these frameworks helps:

 Improve understanding of attack vectors

 Strengthen response planning

 Build layered defense strategies

P9) Practical: Vulnerability Assessment Report

Objective:

To perform a basic vulnerability assessment on a test virtual machine using OpenVAS or Nessus,
identify security weaknesses, and document the findings along with recommended actions for
mitigation.

Steps:

1. Set Up the Environment:

o Install Kali Linux or any supported Linux OS on a VM.

o Install and configure OpenVAS (Greenbone Vulnerability Manager) or use Nessus

Essentials.

o Set up a test virtual machine with common services running (e.g., Apache, MySQL,
FTP).

2. Configure Target Machine:

o Ensure that the target VM is on the same network and has services running that
could be scanned.

3. Perform the Scan:

o Launch OpenVAS or Nessus.

o Create a new scan task/project.

 o Input the target IP address of the test VM.

o Select default or custom scan policies as per the goal.

o Start the scan and monitor its progress.

4. Analyze Results:

o After the scan completes, analyze the output:

 List of open ports and services

 Detected vulnerabilities categorized by severity (Low, Medium, High, Critical)

 CVE references for vulnerabilities

5. Generate the Report:

o Export a detailed scan report in PDF/HTML.

o Structure the report with:

 Introduction

 Scope and Tools Used

 Findings Summary

 Detailed Vulnerability Analysis

 Recommendations

6. Provide Remediation Advice:

o For each high or critical vulnerability:

 Suggest patching software

 Recommend changing configurations

 Propose disabling unused services

Example Recommendations:

 Update outdated Apache server to the latest version.

 Disable anonymous login for FTP.

 Use strong encryption protocols (e.g., TLS 1.2+).

 Regularly patch OS and services.

Tools Used:

 OpenVAS (Greenbone Vulnerability Manager)

 Nessus Essentials

 VirtualBox / VMware

 Target Virtual Machine