SUMMER TRAINING

PROJECT REPORT
FORMAT
For
BCA 5th Semester

SUBMITTED BY:
Avinash
Mankotia
(01120602020)

Batch: 2020-2023

PROJECT GUIDE:
Ms. Sweety ( BCA Dept)

DEPARTMENT OF COMPUTER SCIENCE

Trinty Institute of Professional Studies

 DECLARATION

I, Avinash , bearing roll no _01120602020 , a student of Bachelor of Computer

Applications department hereby declare that I own the full responsibility for the
information, results etc. provided in this INTERNSHIP PROJECT submitted to
UPTOSKILLS and for the award of completion certificate. I have taken care in all
respect to honour the intellectual property right and have acknowledged the contribution
of others for using them in academic purpose and further declare that in case of any
violation of intellectual property right or copyright I, as a candidate, will be fully
responsible for the same. My supervisor should not be held responsible for full or partial
violation of copyright or intellectual property right.

NAME: Avinash
ENROLLMENT NO.: 01120602020
 ACKNOWLEDGEMENT

First, I would like to thank Mr. Shivam Aggarwal of UPTOSKILLS India for giving me
the opportunity to do an internship within the organization.

I also would like all the people that worked along with me UPTOSKILLS India with their
patience and openness they created an enjoyable working environment.

It is indeed with a great sense of pleasure and immense sense of gratitude that I
acknowledge the help of these individuals.

I am highly indebted to Director of Tecnia institute of advanced studies Dr. Ajay Kumar,
for the facilities provided to accomplish this internship. I would like to thank my Head of
the Department Dr. Deepak Sonkar for his constructive criticism throughout my
internship.

I am extremely great full to my department staff members and friends who helped me in
successful completion of this internship.
And I am extremely thankful to my faculty guide Ms. Sania Kukkar for her immense
support and guidance.
 ABSTRACT

In UPTOSKILLS we got to know and learn a lot of new things in Cyber Security and also learned about
the corporate culture. Every intern was assigned a task in the morning and was asked to devote 6 hours
and 6 days a week. The organisation offered us flexible working hours and the leaders were very
supportive and polite. Not just they taught us a lot in the Cyber Security but also taught us about team
work, leadership and working under pressure. We developed many small and big projects during this 3-
month internship. The learning was not just new to us but was also very fun. The first task of this
internship was to assimilate about networks which included various topologies, media, IP Addressing,
VLSM, CIDR, Subnetting, Protocols, TCP/IP Applications and Services. The second task was to master
Linux Administration and Commands, Security Policies, Physical Security, Risk Management, Threat
Modelling and Incident Management. The next task included deep knowledge of Foot printing and
Reconnaissance, Scanning Networks, Enumeration, Vulnerability Analysis, Sniffing. Social Engineering,
Evading IDS, Firewalls and Honeypots, Hacking Wireless Networks, IOT Hacking, Cloud Computing
and Cryptography. During my internship period a number of approaches and exposure methods were used
which included hands on training, various reading materials, Exposure to Cyber Security Industries and
conducting various penetration tests on websites. My responsibilities included me to have deep
knowledge of Linux operating systems and concepts related to hacking as mentioned above and a
profound understanding in various Cyber security tools.
 CONTENTS

S No Topic Page
No
1. Brief Description of the Organization 1
2. Systems Analysis of Existing System 2
1 System specification
2 Tools and Technology
3. AIM 6

4. Execution 6

5. Summary and Conclusions 18

 Brief Description of the Organization

UPTOSKILLS basically provide training in both fields Technical and non-

technical areas. They trained 1000+ professionals in a variety generic skill. New
age professionals and students of digital-economy and Partner with UptoSkills
and students in Skills required this Advent of technology which has created
vivid impacts on everything, even on the traditional teaching-learning process.
Nowadays students, professionals, competitive aspirants are more agile on
online learning than conventional classroom-based learning. “Our mission is
skill development. There can be no development with a satiated system.”
Narendra Modi. The main reasons for ascending popularity of online learning
mode have been delineated as time and accessing convenience and person to
person clarification. Over the past 4 years trained 1000+ professionals and
students in a variety of digital-economy and generic skills. In this new age
generations students are in need of new-age jobs.

1
 System/Project Requirement Specification

1, System specification

Hardware requirement:
The most common set of requirements defined by any operating system or software
application is the physical computer resources, also known as hardware, A hardware
requirements list is often accompanied by a hardware compatibility list (HCL),
especially in case of Operating systems. An HCL lists tested, compatible, and
sometimes incompatible hardware devices for a particular operating system or
application.
• Processor: 2.30 gigahertz (GHz) or faster.
• RAM: 8 gigabyte (GB) or more.
• Hard disk space: 512 GB (64-bit) or more.

Software Requirement:

Software requirements deal with defining software resource requirements and

prerequisites that need to be installed on a computer to provide optimal functioning
of an application.
These requirements or prerequisites are generally not included in the software
installation package and need to be installed separately before the software is
installed.

Operating System: Windows, MAC, Linux.

Software: Virtual Box or VMware.
Additional OS : Kali Linux , Parrot OS.

2
2 TOOLS AND TECHNOLOGIS

1. Nmap/Zenmap (Scanning)
2. Metasploit
3. SQLMAP

Nmap/Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux,

Windows, Mac OS X, BSD, etc.) free and opensource application which aims to
make Nmap easy for beginners to use while providing advanced features for
experienced Nmap users. Frequently used scans can be saved as profiles to make
them easy to run repeatedly. A command creator allows interactive creation of
Nmap command lines. Scan results can be saved and viewed later. Saved scan
results can be compared with one another to see how they differ. The results of
recent scans are stored in a searchable database.

Metasploit

Metasploit is not just a single tool. It is a complete framework. It is a Ruby-based,

modular penetration testing platform that enables you to write, test, and execute
exploit code, it is flexible and extremely robust and has tons of tools to perform
various simple and complex tasks.
Metasploit has three editions available.
 Metasploit Pro
 Metasploit Community
 Metasploit Framework

3
1. Auxiliaries

Auxiliaries are the modules that make Metasploit so easy to work with. A Metasploit
auxiliary is nothing but a specific piece of code written to perform a particular task.
For example, it can be used to check if we can access an FTP server anonymously or
to check if the webserver is vulnerable to a heart bleed attack. In fact, Metasploit has
more than 1,000 auxiliary modules that perform various tasks like scanning, fuzzing,
sniffing, and much more. These auxiliary modules are classified into 19 categories.

2. Payloads

You have already learned in the above topic that an exploit is a piece of code
that will be used against the component that is vulnerable. The exploit code
may run successfully, but what do you want to do once the exploit is
successfully defined by the payload. In simple terms, a payload can be defined
as the action that needs to be performed after the complete execution of an
exploit.

3. Exploits

Exploits are an extremely important part of Metasploit. The whole purpose of

the framework is to offer exploits that you can use for various vulnerabilities.
An exploit is a code that takes advantage of a software vulnerability or
security flaw and you will use this code on the target system to take advantage
of the vulnerabilities present in the target system. Metasploit has more than
1,800 exploits that can be classified into 17 categories.

4. Encoders

Metasploit helps you in generating a wide variety of payloads that you can
send to the target in multiple ways to perform any task. In the process, it is
quite possible that your payload gets detected by any of the security software
present on the target system or antivirus software. This is where encoders
came into work. Encoders use various algorithms and techniques to obscure
the payload in a way that it doesn’t get detected by antivirus software.

4
5. Post-Exploitation Activities (Post)

Once you have gained access to your target system using any of the available
exploits and here, we are talking about basic access, you can make use of the
post modules to further infiltrate the target system. These operations are
mostly done in Cyber Events with complete permissions and must be done in
an Ethical way. With the help of these modules, you can perform the
following post-exploitation activities:
 Escalating user privileges to administrator or root.
 Retrieving the system credentials
 Stealing cookies and saved credentials
 Capturing keystrokes on the target system
 Executing custom Power Shell scripts for performing

SQLMAP

SQLMAP is an open-source penetration testing tool that automates the process

of detecting and exploiting SQL injection flaws and taking over of database
servers. It comes with a powerful detection engine, many niche features for the
ultimate penetration tester, and a broad range of switches including database
fingerprinting, over data fetching from the database, accessing the underlying
file system, and executing commands on the operating system via out-of-band
connections.

5
 AIM
Try to login in website without Username or Password and also create
backdoors in website.

EXACUATION

Scanning

6
7
Searching for Database Table and get some vulnerability.

8
9
11
12
13
15
Adding backdoor in website.

16
17
 CONCLUSION

Today due to high internet penetration, cybersecurity is one of the biggest

needs of the world as cybersecurity threats are very dangerous to the country’s
security. Not only the government but also the citizens should spread
awareness among the people to always update your system and network
security settings and to the use proper anti-virus so that your system and
network security settings stay virus and malware-free. This project shows that
hack take control Over website and take your all details from website.
Through your details they sell it or use it in cybercrime.

18