19BIT0123 Akash Sharma

6) Open Mutillidae throughyour Metasploitable IP and perform the brute force attack through Burpsite.

i.Show the snapshots of proxy, positions, payloads, intercept, intruder

ii.Get the report of intruder attack

Question 5: DVWA[12Marks]To be done in Kali Linuxi)Open DVWA through your Metasploitable IP and perform a SQL injection
[5 Marks]a.the users in the dvwa database b.passwords stored in the users tableii)Perform a reflected and stored XSS on the
dvwa website running in the metasploit. Show the results with low and high vulnerability. Each of the textbox or alert box enter
your register no and name[5 Marks]iii)Exploit the File upload vulnerability by creating a simple webshell YourRegisterNumber.php and
edit the file type of the file with low and medium security levels. [2 Marks]
Question 2: NMap Scan[5 Marks]To be done in Kali Linuxi)You’re doing an internal security audit and you want to find out what
ports are open on all the VIT-Chennai website. Which NMAP command would you use? Show the results[2 Marks]ii)A hacker is
attempting to see the ports other than arp and dns which are open and filtered on the “Yahoo.com”. Which NMAP switch would
the hacker use? In Wireshark, capture the packets that contain yahoo and show the results[3 Marks]
Question 3: Nessus Scan / OWASP ZAP[6 Marks]Perform a Nessus or OWASP-ZAP scan on your metasploitable IP. The
vulnerability scanner can be installed in any OS. (Installed location snapshots if not in KALI for OWASP)List the vulnerabilities/
alerts identified in the scan. Export all the vulnerability report in html and put the file in a google drive linkIf Nessus, give the
following snapshotsSign in snapshot of your user detailsDate and time of scan started and completedFor any one vulnerability,
show the CVSS score(Or)If OWASP-ZAP, give the following snapshots of i) HTTP-request and HTTP-response ii) Spider and
Params result (How many URIs found?)