CMU Vulnarability Tests Report
Consideration/Scenario:A web development company configured its network with many devices and started working onwebsite development. They hired you as a penetration tester, and you need to perform penetration testing on alltheir clients systems and websites. To test the systems’ security, you must verify the system by creating a virus/trojans and injecting it into the system.This will help you analyze how the system is getting affected by the virus. After these tests are completed, you also needto ensure that the information transferred through email by the organizations employees is safe. For that purpose, you need to perform data encryption and steganography techniques to hide the information.Make a report of all the tests and share it with the administrator to take further actions.To start with the testing, we need to gather information about the website. To do so, perform the below tasks:Information Gathering on WebsitesGather information about Instagram (website).After information gathering, we need to test the companys security network as well. To do so, we will test their local system and its operating system (operating system). So, we need to perform enumeration and penetration testing on the company system.Enumeration and Penetration Testing on SystemEnumerate usernames from the local system using the Hyena tool and check the availability of a shared folder.Test the Windows 10 security usingProRAT (or msfvenom) and get access to the key logs. Delete the files from desktop or C drive and execute the commands to create a new folder on the desktop and upload any file from your system.Now, after testing the system/network, we must test the antivirus in their system.To do so, we will create a virus and inject it into their system to determine/exploit its vulnerabilities.Malware Creation and ExploitationCreate a virus using Tetrabit Virus Maker and execute the virus in the victim machine.After exploiting the system’s vulnerabilities, we must also test and exploit the vulnerabilities of the client websites. To do so, we need to perform penetration testing and DOS injection attack on their websites.Website Penetration Testing and DOS Injection AttacksPerform a DOS attack on windows 10 virtual machine using the LOIC tool and check the performance.Try the cookie stealing attack on testphp.vulnweb.comScan the website using the Vega tool and create a report with screenshots.Test the website using SQL injection manu ally for testphp.vulnweb.com website.After testing the systems and websites, one possibility that can steal sensitive information isfrom the communication medium, that is, email communications. We need to secure this transmission of messages by performing data encryption and hiding secret messages.Data Encryption, Decryption, and Hiding of Secret Messages.Hide the secret text file in the image using command prompts and SNOW tool.Encrypt any text file using the CryptForge tool with the Blowfish algorithm and use the calculator to encrypt the data with AES, MD5, SHA, etc.Tools Covered in the Project:Hyena ToolProRATmsfvenomTetrabit Virus MakerLOIC ToolSNOW ToolCryptForgeOutput to be Submitted:Make a step -by- step report and submit the respective screenshots for all the below tasks forverification.? Report on Instagram website information gathering containing register information, dates, registrant country,nameservers, techcontact, IP address, location, IP history, and registrar history?Report on enumeration to determine the usernames, password policies, and shared folders of the machine in a network.?Report on penetration testing to determine the open ports of the network.?Report to determine how the hackers can damage the user system if antivirus is not updated or not installed, and the firewall is not working.?Report on DOS injection attack to check the performance of the system.?Report on cookie stealing.?Report containing website user’s information using SQL injection.?Report on ways to secure the data transmitted using encryption and steganography
