Kirti Prashant Khollam M.

Tech IS IS24M06

Name- Kirti Prashant Khollam

Program- M.Tech IS
Subject- VASH (Vulnerability Assessment and System Hardening)
Sem-2
Roll Number-IS24M06

Practical 1

Title- Tool Installation and Setup (Burp Suite, Nessus, Wireshark) Install Burp Suite, Nessus, and
Wireshark on your system. Ensure each tool is properly configured for your environment. Verify that
Burp Suite’s proxy works by intercepting traffic from a web browser, Nessus can scan for
vulnerabilities, and Wireshark can capture network traffic.

Tools used-

1. Burp Suite
2. Nessus
3. Wireshark

Concept-

Burp Suite – Web Application Security Testing

 Acts as an intercepting proxy between browser and server.

 Captures and modifies HTTP/HTTPS traffic.
 Used to test website vulnerabilities like XSS, SQLi, etc.
 Popular in manual and automated web security testing.

Nessus – Vulnerability Scanner

 Scans systems, servers, and networks for known vulnerabilities.

 Detects misconfigurations, missing patches, outdated software.
 Provides detailed reports with risk levels and fix recommendations.
 Useful for compliance and network security checks.

Wireshark – Network Protocol Analyzer

 Captures real-time packet data from your network.

 Helps in diagnosing network issues and suspicious traffic.
 Supports deep inspection of protocols like TCP, UDP, HTTP, DNS, etc.
 Useful for both learning and troubleshooting networks.

Steps to Install:

Burp Suite

1. Download from [PortSwigger site]-> https://portswigger.net/burp/communitydownload

2. Install and run
3. Set browser proxy to 127.0.0.1:8080
4. Enable "Intercept" to verify browser traffic is captured
Kirti Prashant Khollam M.Tech IS IS24M06

Nessus

1. Download from [Tenable site]-> https://www.tenable.com/downloads/nessus?

loginAttempted=true
2. Install & start Nessus service
3. Access via https://localhost:8834
4. Create account, update plugins
5. Run a scan and check results

Wireshark

1. Download from [Wireshark site]-> https://www.wireshark.org/download.html

2. Install and open
3. Select active network interface
4. Start capture and verify live traffic

Output-

Burpsuit-
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Nessus-
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Kiwi1234
Kirti Prashant Khollam M.Tech IS IS24M06

yaradoh592@cyluna.com

activation code- ML4P-6NT4-3YM9-AMCR-QCLV

Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Wireshark-
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Conclusion:

In this practical, we successfully installed and configured Burp Suite, Nessus, and Wireshark on our
system. Burp Suite's proxy was verified by intercepting web traffic from a browser, confirming its
ability to analyze and manipulate HTTP/HTTPS requests. Nessus was set up to perform vulnerability
scans, demonstrating its effectiveness in identifying potential security issues. Wireshark captured live
network traffic, enabling packet-level analysis. Overall, the tools were properly set up and validated,
forming a strong foundation for conducting web security assessments and network monitoring.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 2

Title- Basic Vulnerability Scanning with Nessus

Objectives- To perform a basic vulnerability scan on a target system using Nessus and analyze the
discovered vulnerabilities.

Tools used-

 Nessus (by Tenable)

 Web Browser (to access Nessus GUI)
 Target Machine (e.g., Windows/Linux system or virtual machine)

Concept

Nessus is a widely-used vulnerability scanner that identifies security issues in systems such as missing
patches, misconfigurations, and known vulnerabilities. It helps organizations strengthen their
security posture by scanning and reporting threats.

Steps and output-

1. Install and configure Nessus on the host machine.

2. Launch Nessus via the browser and log in.
3. Create a new scan and choose "Basic Network Scan."
4. Enter target IP address or hostname.
5. Configure scan settings if needed.
6. Launch the scan and wait for it to complete.
7. View the results and analyze discovered vulnerabilities.
8. Generate and download the scan report.
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Analysis of a Nessus vulnerability report:

1. Severity Levels: Vulnerabilities are ranked: Critical, High, Medium, Low, and Info.
2. Vulnerability Details: Each item includes CVE ID, plugin ID, description, and risk factor.
3. Affected Systems: The report shows which IP addresses or hosts are affected.
Kirti Prashant Khollam M.Tech IS IS24M06

4. Port and Service Info: Indicates the specific port/service where the vulnerability exists.
5. Exploit Availability: Some entries show if a public exploit exists, increasing risk.
6. Remediation Steps: Suggestions are given to fix or mitigate each vulnerability.
7. Plugin Output: Shows how Nessus detected the issue, useful for validation.
8. Prioritization: Focus first on Critical and High vulnerabilities with available fixes.

Conclusion

Using Nessus, we successfully scanned a target system and identified various vulnerabilities. This
practical demonstrated the importance of regular vulnerability assessments in maintaining system
security.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 3

Title-Web Application Testing Using Burp Suite (Intercepting HTTP Requests)

Objectives- To intercept and analyze HTTP requests between a web browser and a web server using
Burp Suite.

Tools Used:

 Burp Suite
 Web Browser (e.g., Firefox/Chrome)
 Test Web Application (e.g., DVWA or any login form)

Concept

Burp Suite acts as a man-in-the-middle proxy, allowing security testers to capture, inspect, and
modify HTTP/S requests and responses for testing web applications.

Steps and output

1. Launch Burp Suite and create a temporary project.
2. Go to the Proxy tab and ensure "Intercept is on".
3. Configure your browser to use Burp's proxy (127.0.0.1:8080).
4. Visit http://burp in the browser to download and install Burp’s SSL certificate.
5. Open a web application in your browser (e.g., login or form page).
6. Perform an action on the web page to generate an HTTP request.
7. The request will appear in Burp Suite under the Intercept tab.
8. Modify the request as needed (e.g., edit parameters, headers, or cookies).
9. Click "Forward" to send the modified request to the server.
10. Go to the HTTP History tab to view the full request and response.
11. Analyze the server's response to check the effect of the changes.
12. Optionally, send the request to Repeater or Intruder for further testing.

Testing for privilege escalation using burpsuit in website- http://testfire.net/

Step to reproduce:
1. Open link https://demo.testfire.net/bank/main.jsp in any browser.
2. Click to the fund transfer tab
3. Select account and transfer fund
4. Intercept request in Burp
5. Application allow modify the amount.
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Analysis-

The application allows client-side manipulation of the transfer amount via an intercepted HTTP
request in Burp Suite. This indicates a lack of server-side validation, which is a critical security flaw.
Attackers could exploit this to transfer unauthorized amounts of money by simply modifying the
amount parameter in the HTTP request. Such a vulnerability could lead to unauthorized fund
transfers, financial fraud, and loss of integrity in transactional operations. Proper input validation and
authorization checks must be enforced on the server side to prevent this.

Testing for session id before and after login which is same in below case-

Step to reproduce:

1. Open link https://demo.testfire.net/index.jsp in any browser.

2. Intercept the request using Burp Suite Pro.
3. Login using credential
4. Again intercept request after login
5. Observe both request
Kirti Prashant Khollam M.Tech IS IS24M06

After login-

Analysis:
The application retains the same session ID before and after user authentication, which is a security
flaw. This behavior indicates that the session is not re-generated upon successful login, making it
vulnerable to session fixation attacks. An attacker could exploit this by forcing a known session ID on
a victim and then logging in with that session, thereby hijacking the user's session after
authentication. Best practices require that a new, unique session ID be generated immediately after
login to prevent this kind of attack and ensure session integrity and user isolation.
Kirti Prashant Khollam M.Tech IS IS24M06

Host Header attack-

Steps to reproduce:
1. Navigate to https://demo.testfire.net/index.jsp
2. Enter username and password for login and click on login button.
3. Intercept request through burp suite
4. Change host name
5. Check response.
Kirti Prashant Khollam M.Tech IS IS24M06

Analysis-
The web application accepts and processes a modified Host header without validation. This can lead
to Host Header Injection, which may allow attackers to craft malicious links, poison caches, or exploit
password reset mechanisms. The lack of validation increases the risk of phishing, redirect, or internal
routing attacks.
Risk Level: Medium to High
Recommendation: Validate the Host header on the server and avoid using it for URL generation.

Conclusion
Burp Suite successfully intercepted HTTP requests, allowing us to analyze and manipulate web traffic.
This is essential for identifying vulnerabilities like insecure input handling, session flaws, and more
during web application testing.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 4
Title- Identifying SQL Injection Vulnerabilities with Burp Suite
Objectives-> To Detect SQL Injection vulnerabilities in a web application using Burp Suite.
Tools used
 Burp Suite (Community or Professional)
 Web browser (e.g., Firefox, Chrome)
 Target web app (e.g., https://demo.testfire.net)
Concept
SQL Injection occurs when user input is unsafely included in an SQL query, allowing attackers to
manipulate the database.
Steps and output
1. Intercepting Requests:
 Open Burp Suite and ensure that the Intercept is "On" in the "Proxy" tab.
 Browse the vulnerable web application and identify areas where user input is sent to
the server, such as:
o Search bars
o Login forms
o URL parameters (e.g., example.com/products?id=1)
o Form submissions
 As you interact with these elements, Burp Suite will capture the HTTP requests.
2. Identifying Potential Injection Points:
 In Burp Suite's "Proxy" -> "HTTP history" tab, examine the captured requests.
 Look for requests that include user-supplied data in the URL parameters or the
request body. These are potential injection points.
3. Basic Manual Testing:
 Single Quote ('): The most basic SQL Injection test involves injecting a single quote
into an input field. This often breaks the SQL query and can reveal an error message,
indicating a vulnerability.
Example: If you have a URL like example.com/products?id=1, try changing it to
example.com/products?id=1'.
o Observe the server's response in your browser or Burp Suite's "Response"
tab. If you see an SQL error or unexpected behavior, it's a strong indicator of
a vulnerability.
 SQL Comments (-- -, #, /* ... */): If a single quote causes an error, try using SQL
comments to comment out the rest of the original query.
Example: example.com/products?id=1-- - or example.com/products?id=1# or
example.com/products?id=1/*.
o If the application behaves differently (e.g., returns data it didn't before), it
suggests the comment was successful, and the application might be
vulnerable.
 Boolean-Based Blind SQL Injection: If you don't get direct error messages, you can
try boolean-based blind SQL injection. This involves crafting payloads that make the
SQL query evaluate to either true or false, and observing the difference in the
application's response.
Example:
example.com/products?id=1 AND 1=1 (should return the same result as the original)
example.com/products?id=1 AND 1=2 (should return a different or no result)
Kirti Prashant Khollam M.Tech IS IS24M06

o By systematically testing different conditions, you can infer information

about the database.
4. Using Burp Suite Intruder for Automated Testing:
 Manual testing is useful for initial identification, but Burp Suite Intruder allows for
automated and more comprehensive testing.
 Send the Request to Intruder: Right-click on a request you want to test in the "HTTP
history" tab and select "Send to Intruder."
Configure Payloads:
 Go to the "Intruder" tab and then the "Positions" sub-tab. Burp Suite will
automatically highlight potential injection points. You can adjust these selections as
needed. Choose the "Sniper" attack type for injecting payloads into one position at a
time.
 Go to the "Payloads" sub-tab. Here, you can define a list of SQL Injection payloads.
Burp Suite has built-in payload lists, or you can create your own. Some common
payloads include:
 Single quotes and variations (', '', \')
 SQL comments (-- -, #, /*)
 Common SQL keywords (SELECT, UNION, WHERE, OR, AND)
 Boolean-based payloads (' OR 1=1 -- -, ' OR '1'='1')
 Time-based payloads (e.g., using SLEEP() or BENCHMARK()) for blind SQL injection.
 Configure Options (Optional but Recommended):
 Go to the "Options" sub-tab.
 Grep - Match: Add patterns to look for in the responses that indicate a successful
injection or an error. For example, you might look for "SQL syntax error" or specific
data being returned that shouldn't be.
o Response Analysis: You can configure rules to flag responses based on their
length, status code, or content.
o Start the Attack: Click the "Start attack" button. Burp Suite will send multiple
requests with the defined payloads and highlight any interesting responses
based on your configured options.
5. Analyzing the Results:
o Examine the results in the Intruder window. Look for responses that:
o Have different lengths or status codes compared to the baseline requests.
o Contain error messages related to the database.
o Contain data that shouldn't normally be accessible.
o Match the grep patterns you defined.
o Exploiting the Vulnerability (Ethical Hacking):
o If you identify a vulnerability, you can try to exploit it further to understand its
impact. This might involve:
o Extracting Data: Using UNION SELECT statements to retrieve sensitive information
from other database tables.
o Bypassing Authentication: Crafting payloads to bypass login mechanisms.
o Modifying Data: In some cases, it might be possible to insert, update, or delete data.
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Conclusion
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 5
Title- Analyzing Network Traffic with Wireshark
Objectives-
 To understand how to capture and analyze network packets using Wireshark.
Tools used-
 Wireshark (latest stable version)
 Windows/Linux system with internet access
Concept
Wireshark is a GUI-based network packet analyzer that captures real-time data packets flowing
through a network interface. It helps users visualize how devices communicate over a network using
different protocols like TCP, UDP, DNS, HTTP, and more.
Each captured packet can be examined to view:
 Protocol type
 Source and destination IP addresses
 Ports used
 Payload data
Wireshark supports filtering and coloring rules for easy analysis, making it an essential tool for
network administrators and cybersecurity professionals. It is widely used for:
 Debugging network issues
 Monitoring performance
 Detecting unauthorized access or attacks (e.g., ARP spoofing, DDoS)
Steps and output-
i. Open Wireshark
Launch the tool and select your active network interface (e.g., Wi-Fi).
ii. Start Capture
Click the Start button to begin capturing packets.
iii. Generate Traffic
Open a website or run ping google.com to create network activity.
iv. Apply Filters
Use filters like http, dns, or ip.addr == 8.8.8.8 to focus on specific traffic.
v. Observe Color Codes
Check packet colors to identify protocols:
 Green = HTTP
 Blue = DNS
 Purple = TCP
 Black = TCP errors
vi. Inspect Packets
Click a packet to view details (source, destination, protocol, data).
vii. Stop and Save
Stop capture and save the file as .pcap for later analysis.
Kirti Prashant Khollam M.Tech IS IS24M06

Analysis of Wireshark Output (Short Points)

 Packet list shows all captured packets with time, source, destination, and protocol.
 Color codes help identify protocol types and errors quickly.
 Packet details pane shows headers from each OSI layer.
 TCP/UDP info includes ports, flags, and sequence numbers.
 Application layer shows data like HTTP requests or DNS queries.
 Packet bytes pane displays raw hex and ASCII data.
 Use filters to isolate specific traffic (e.g., http, dns).
 Follow stream shows full conversations between devices.
 Look for unusual IPs, ports, or repeated errors.
 Analyze DNS and HTTP traffic to track user activity.

Conclusion-
Wireshark output provides deep visibility into network activity. By interpreting the protocol, IP info,
flags, and raw data, you can diagnose network issues, detect intrusions, or understand how
applications communicate. The key is using filters, following streams, and analyzing patterns across
packets.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 6
Title- Dynamic Application Security Testing (DAST) Using Burp Suite
Objectives- Identify security vulnerabilities in a live web application using DAST techniques.
Tools used- Burp Suite, Web Browser
Concept- DAST tests the running application by intercepting and analyzing HTTP requests/responses
for vulnerabilities like XSS, SQL injection, etc.
Steps and output-
1. Open Burp Suite and configure browser proxy (127.0.0.1:8080).
2. Intercept HTTP requests while browsing the web app.
3. Use "Scanner" to find issues.
4. View detected vulnerabilities in the "Issues" tab.
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Conclusion-
Burp Suite effectively identifies real-time security flaws in applications, supporting better threat
mitigation and secure development.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 7
Title- Vulnerability Assessment with Nessus on Windows and Linux Systems
Objectives-
 To understand the process of vulnerability assessment using Nessus.
 To identify and evaluate security vulnerabilities in both Windows and Linux systems.
 To generate and analyze vulnerability assessment reports.
 To enhance system security by addressing discovered vulnerabilities.

Tools used-
 Nessus (by Tenable) – Vulnerability Scanner
 Windows 10/11 System – Target machine
 Ubuntu/Linux System – Target machine
 Web Browser – For accessing Nessus interface
 Internet Connection – For plugin updates
Concept-
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a
system. Nessus is a widely used vulnerability scanner that performs automated scans to detect
potential security issues such as missing patches, misconfigurations, and known exploits. It supports
various systems and platforms and provides detailed reporting to assist in securing IT infrastructure.

Steps and output-

Step 1: Download and Install Nessus
 Download Nessus from Tenable's official website.
 Choose the appropriate version for your operating system (Windows/Linux).
 Follow the on-screen installation instructions.
 Start the Nessus service and open a browser to https://localhost:8834.

Step 2: Configure Nessus

 Create an account and activate using the activation code received via email.
 Nessus will download and update necessary plugins (may take several minutes).

Step 3: Add a New Scan

 Navigate to Scans > New Scan.
 Choose a scan template, e.g., Basic Network Scan.
 Enter details:
 Name: Windows/Linux Scan
 Targets: IP addresses of the Windows and Linux machines
 Click Save, then Launch the scan.

Step 4: Review Scan Results

Once completed, click on the scan name to view the report.
Review the following:
 Vulnerability severity (Critical, High, Medium, Low, Info)
 CVE IDs associated with vulnerabilities
 Affected services and ports

Example Output Snapshot (Summary):

Kirti Prashant Khollam M.Tech IS IS24M06

Windows Machine:
 2 Critical vulnerabilities (e.g., SMB remote code execution)
 5 High (e.g., outdated software, misconfigured firewall)

Linux Machine:
 1 Critical (e.g., privilege escalation vulnerability)
 3 Medium (e.g., outdated Apache version)

Step 5: Export and Analyze Report

 Click Export and choose format (PDF/HTML).

Use the report for patch management and hardening tasks.

Windows->
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06
Kirti Prashant Khollam M.Tech IS IS24M06

Linux-

Cd downloads->
sudo dpkg -i Nessus-*.deb
Kirti Prashant Khollam M.Tech IS IS24M06

sudo systemctl start nessusd

sudo systemctl enable nessusd

sudo systemctl status nessusd

Kirti Prashant Khollam M.Tech IS IS24M06

Follow onscreen instructions as for windows done above

Activation key-> VEBE-5B6U-PYRU-Y867-HTNQ (linux)

sudo /opt/nessus/sbin/nessuscli fetch --register VEBE-5B6U-PYRU-Y867-HTNQ

Analysis of a Nessus vulnerability report:

1. Severity Levels: Vulnerabilities are ranked: Critical, High, Medium, Low, and Info.
2. Vulnerability Details: Each item includes CVE ID, plugin ID, description, and risk factor.
3. Affected Systems: The report shows which IP addresses or hosts are affected.
4. Port and Service Info: Indicates the specific port/service where the vulnerability exists.
5. Exploit Availability: Some entries show if a public exploit exists, increasing risk.
6. Remediation Steps: Suggestions are given to fix or mitigate each vulnerability.
7. Plugin Output: Shows how Nessus detected the issue, useful for validation.
Kirti Prashant Khollam M.Tech IS IS24M06

8. Prioritization: Focus first on Critical and High vulnerabilities with available fixes.

Conclusion-
Using Nessus, we successfully performed a vulnerability assessment on both Windows and Linux
systems. The scan identified multiple vulnerabilities of varying severities. This practical highlighted
the importance of regular vulnerability assessments to maintain system security. Applying the
recommended patches and configuration changes based on Nessus reports significantly reduces the
attack surface and enhances the security posture of the systems.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 8
Title- Protocol Analysis with Wireshark
Objectives- Analyze network traffic and understand protocol behavior using Wireshark.
Tools used- Wireshark
Concept- Wireshark captures and displays network packets in real-time, allowing inspection of
protocol-level details (e.g., HTTP, TCP, DNS).
Steps and output-
1. Open Wireshark and select active network interface.
2. Start capture and generate traffic (e.g., browse a website).
3. Apply filters (e.g., http, dns) to inspect protocols.
4. Analyze packet details in the middle and bottom panes.
Kirti Prashant Khollam M.Tech IS IS24M06

Conclusion-
Wireshark helps visualize and understand how network protocols operate, aiding in troubleshooting
and security analysis.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 9
Title: Exploring Common Vulnerabilities Using CVE Database

Objectives: Identify and research known software vulnerabilities using the CVE (Common
Vulnerabilities and Exposures) system.

Tools used: CVE Details website, NVD (National Vulnerability Database), Web browser

Concept: CVEs are standardized identifiers for known security vulnerabilities. The CVE database
allows users to look up vulnerability details, severity, and mitigation.

Steps and output:

1. Visit https://cvedetails.com or https://nvd.nist.gov.
2. Search for a software or product (e.g., Apache, OpenSSL).
3. View CVE IDs, descriptions, CVSS scores, and affected versions.
4. Note exploitability and patch information.
Kirti Prashant Khollam M.Tech IS IS24M06

Conclusion: The CVE database helps in understanding real-world vulnerabilities and aids in proactive
security management.
Kirti Prashant Khollam M.Tech IS IS24M06

Practical 10
Title: Operating System Hardening (Linux and Windows)
Objectives: Secure the OS by minimizing vulnerabilities, disabling unnecessary services, and applying
security policies.
Tools used: Terminal (Linux), Group Policy Editor (Windows), UFW/iptables, Windows Defender,
Security Configuration
Concept: OS hardening involves tightening security settings, managing user permissions, disabling
unused ports/services, and applying updates.
Steps and output:
Linux:

 Disable root login: sudo passwd -l root

 Enable firewall: sudo ufw enable
 Check services: sudo systemctl list-units --type=service

Windows:

 Run secpol.msc for local security policies.

 Disable unnecessary services via services.msc.
 Apply updates from Windows Update.

Conclusion: OS hardening reduces attack surface and strengthens system security against
unauthorized access or malware.