The document provides instructions for performing various security assessments and exploits on Metasploitable and DVWA virtual machines using tools like Burp Suite, Metasploit, Nmap, and OWASP ZAP. Specifically, it includes tasks to:
1. Use Burp Suite to perform a brute force attack on Mutillidae running on the Metasploitable IP and provide snapshots from the attack.
2. Conduct SQL injection and XSS exploits on DVWA running on Metasploitable and demonstrate results.
3. Use Nmap to scan open ports on VIT-Chennai and capture packets to identify open/filtered ports for Yahoo.
4. Perform a Nessus
The document provides instructions for performing various security assessments and exploits on Metasploitable and DVWA virtual machines using tools like Burp Suite, Metasploit, Nmap, and OWASP ZAP. Specifically, it includes tasks to:
1. Use Burp Suite to perform a brute force attack on Mutillidae running on the Metasploitable IP and provide snapshots from the attack.
2. Conduct SQL injection and XSS exploits on DVWA running on Metasploitable and demonstrate results.
3. Use Nmap to scan open ports on VIT-Chennai and capture packets to identify open/filtered ports for Yahoo.
4. Perform a Nessus
The document provides instructions for performing various security assessments and exploits on Metasploitable and DVWA virtual machines using tools like Burp Suite, Metasploit, Nmap, and OWASP ZAP. Specifically, it includes tasks to:
1. Use Burp Suite to perform a brute force attack on Mutillidae running on the Metasploitable IP and provide snapshots from the attack.
2. Conduct SQL injection and XSS exploits on DVWA running on Metasploitable and demonstrate results.
3. Use Nmap to scan open ports on VIT-Chennai and capture packets to identify open/filtered ports for Yahoo.
4. Perform a Nessus
6) Open Mutillidae throughyour Metasploitable IP and perform the brute force attack through Burpsite.
i.Show the snapshots of proxy, positions, payloads, intercept, intruder
ii.Get the report of intruder attack
Question 5: DVWA[12Marks]To be done in Kali Linuxi)Open DVWA through your Metasploitable IP and perform a SQL injection [5 Marks]a.the users in the dvwa database b.passwords stored in the users tableii)Perform a reflected and stored XSS on the dvwa website running in the metasploit. Show the results with low and high vulnerability. Each of the textbox or alert box enter your register no and name[5 Marks]iii)Exploit the File upload vulnerability by creating a simple webshell YourRegisterNumber.php and edit the file type of the file with low and medium security levels. [2 Marks] Question 2: NMap Scan[5 Marks]To be done in Kali Linuxi)You’re doing an internal security audit and you want to find out what ports are open on all the VIT-Chennai website. Which NMAP command would you use? Show the results[2 Marks]ii)A hacker is attempting to see the ports other than arp and dns which are open and filtered on the “Yahoo.com”. Which NMAP switch would the hacker use? In Wireshark, capture the packets that contain yahoo and show the results[3 Marks] Question 3: Nessus Scan / OWASP ZAP[6 Marks]Perform a Nessus or OWASP-ZAP scan on your metasploitable IP. The vulnerability scanner can be installed in any OS. (Installed location snapshots if not in KALI for OWASP)List the vulnerabilities/ alerts identified in the scan. Export all the vulnerability report in html and put the file in a google drive linkIf Nessus, give the following snapshotsSign in snapshot of your user detailsDate and time of scan started and completedFor any one vulnerability, show the CVSS score(Or)If OWASP-ZAP, give the following snapshots of i) HTTP-request and HTTP-response ii) Spider and Params result (How many URIs found?)