Major Project

Team Members Names, Email Id, Phone Number: -

1. sai charan panuku, saicharanpanuku@gmail.com, 9959007411

2.Amit Raj Karmakar, 200303126050@paruluniversity.ac.in, 7416747105

3. Aditya Singh, singhaditya5875@gmail.com, 7600438480 DOC Submitted

4. Anjala Tasneem S R,as1710@srmist.edu.in,8943395147, DOC Submitted

5. Anamika Jain, annie070104@gmail.com, 9810457208 Doc Submitted

6. Pulkit Khanna, pulkitkhanna310@gmail.com, 8082171029

7. Kirtheka Srinivasan, kirthusrinivasan@gmail.com, 8610474217

8. Mohamed Aslam, mohamedaslam12a@gmail.com, 8946046989

Penetration Testing: -
Target Company Name: -
https://www.nordicgamelab.org/
Andrew ball CEO & Founder

1. Reconnaissance (Information Gathering) Phases: -

 The first penetration testing phase is reconnaissance.
 In this phase, the tester gathers as much information about the target system as they can,
including information about the network topology, operating systems and applications, user
accounts, and other relevant information.
 The goal is to gather as much data as possible so that the tester can plan an effective attack
strategy.
 Reconnaissance can be categorized as either active or passive depending on what methods are
used to gather information.
 Passive reconnaissance pulls information from resources that are already publicly available.

Passive Scan: -
Shodan Report: -
Technologies being Used: -
Netcraft Report: -
Virus Total Report: -
Relations Founded: -
Communicating Files with the Domain: -

Malicious IPS: -
2. Scanning: -
Once all the relevant data has been gathered in the reconnaissance phase, it’s time to move on to
scanning. In this penetration testing phase, the tester uses various tools to identify open ports and check
network traffic on the target system. Because open ports are potential entry points for attackers,
penetration testers need to identify as many open ports as possible for the next penetration testing phase.

This step can also be performed outside of penetration testing; in those cases, it’s referred to simply as
vulnerability scanning and is usually an automated process. However, there are drawbacks to only
performing a scan without a full penetration test—namely, scanning can identify a potential threat but
cannot determine the level at which hackers can gain access (Agio, 2022). So, while scanning is essential
for cybersecurity, it also needs human intervention in the form of penetration testers to reach its full
potential.

Whois Lookup: -
Ip For Whois: -
3. Vulnerability Assessment: -
The third penetration testing phase is vulnerability assessment, in which the tester uses all the data
gathered in the reconnaissance and scanning phases to identify potential vulnerabilities and determine
whether they can be exploited. Much like scanning, vulnerability assessment is a useful tool on its own
but is more powerful when combined with the other penetration testing phases.

When determining the risk of discovered vulnerabilities during this stage, penetration testers have many
resources to turn to. One is the National Vulnerability Database (NVD), a repository of vulnerability
management data created and maintained by the U.S. government that analyzes the software
vulnerabilities published in the Common Vulnerabilities and Exposures (CVE) database. The NVD rates
the severity of known vulnerabilities using the Common Vulnerability Scoring System (CVSS).

Clickjacking Report: -
+

4. Exploitation: -
Once vulnerabilities have been identified, it’s time for exploitation. In this penetration testing phase, the
penetration tester attempts to access the target system and exploit the identified vulnerabilities, typically
by using a tool like Metasploit to simulate real-world attacks.

This is perhaps the most delicate penetration testing phase because accessing the target system requires
bypassing security restrictions. Though system crashes during penetration testing are rare, testers must
still be cautious to ensure that the system isn’t compromised or damaged (Basu, 2022).

What is an XSS vulnerability?

 Cross-Site Scripting (XSS), is classified as an injection attack where malicious JavaScript gets
injected into a web application to be executed by other users.
 If you can get JavaScript to run on a victim’s computer, there are numerous things you can
achieve. This can range from stealing the victim’s cookies to take over their session, running a
keylogger that will log every key the user presses on their keyboard while visiting the website,
redirecting the user to a different website altogether, or performing some kind of action on the
website such as placing an order or resetting their password, etc.

Types of XSS
1. DOM: -
DOM (Document Object Model) is a programming interface for HTML and XML documents. It
represents the page so that programs can change the document structure, style, and content. A
web page is a document, and this document can be either displayed in the browser window or as
the HTML source.
Example: -
  DOM-based: XSS code is executed in the page’s Document Object Model (DOM) by the
browser.. The vulnerability is in the client-side code, not the server-side code.

Practical: -
Script 1: -
https://example.com/?username=Intigriti
Output: -

Script 2: -
https://example.com/?username=%3Cscript%3Edocument.write(%22test%22)%3C/script%3E

Output: -

2. Reflected (non-persistent): -
Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage
source without any validation.
An example of this could be an error message which is in a query string of a URL that is reflected
on the webpage. The URL could look something like the following:
https://website.xyz/login?error=Username%20Is%20Incorrect
The error message could be replaced with JavaScript code which gets executed when a user
visits the page.
Example: -
 Reflected XSS: the malicious JavaScript is not stored, but is shown (reflected) in the
server response. For example, an error message like ‘file <JavaScript input> not found’.

Practical: -
Script 1: -
<script>alert(123)</script>

Script 2: -
http://nordicgamelab.orgposts?sort=votes

Script 3: -
http://nordicgamelab.org/posts?sort=<script>alert(“XSS”)</script>

Script 4: -
nordicgamelab.org/profile?name=<img+src=1+onerror=alert(1337)>

Script 5: -
https:// nordicgamelab.org /?user=Inteigriti

Output: -

Script 6: -
https:// nordicgamelab.org /?user=%3Cscript%3Ealert(document.domain)%3C/script%3E

Output: -

3. Stored (Persistent): -
XSS payload is stored on the web application (in a database, for example) and then gets run
when other users visit the site or web page. This type of XSS can be particularly damaging due to
the number of victims that may be affected.
Example: -
 Stored XSS: malicious JavaScript is stored in the database and displayed in the server
response when invoked. An example of stored XSS that is a guestbook feature in the
target application.
An example of this could be a blog that allows visitors to leave comments. If a visitor’s message
is not properly validated and checked for XSS payloads, then every subsequent visit to the blog
page would run the malicious JavaScript code.

Practical: -
Script 1: -
https:// nordicgamelab.org /forum/thread/1?content=this%20is%20a%20test

Output: -
Script 2: -
https://nordicgamelab.org/forum/thread/1?content=%3Cscript%3Eprint()%3C/script%3E

Output: -

4. Blind: -
Blind XSS is similar to a stored XSS in that your payload gets stored on the website for another
user to view, but in this instance, you can’t see the payload working or be able to test it against
yourself first.
An example of this could be a contact form. In the contact form, your message could contain an
XSS payload, which when a member of staff views the message gets executed.
What tool can you use to test for Blind XSS?

xsshunter

XSSHunter: -Is a tool that will automatically capture cookies, URLs, page contents and more.
This works by hosting specialized XSS probes which, upon firing, scan the page and send
information about the vulnerable page to the XSS Hunter service. You can visit
the xsshunter's site to learn more about it and sign up if you so wish.

How to Prevent XSS

 Sanitize data coming from a user: Never trust data coming from a user. If user
data needs to be processed and saved it should be encoded with html encoding
using special characters and only then should it be saved.
 Use a framework: Most frameworks come with preventive measures against
XSS attacks.
 Use the framework correctly: Almost all frameworks used to develop web
applications come with a sanitation feature but if this is not used properly there
still is a chance for XSS vulnerabilities to occur.
 Keep your framework up to date: Frameworks are developed by humans so
they too may contain XSS vulnerabilities. However, these kinds of vulnerabilities
are usually patched by security updates. So you should make sure that you have
completed your framework’s security updates.

5. Reporting: -
Once the exploitation phase is complete, the tester prepares a report documenting the penetration test’s
findings
.