CYBER SECURITY INTERNSHIP AT SHADOWFOX

(01 June 2025 – 30 June 2025)

Name - Manash Roy Sarkar

Batch - June 2025 B1
Gmail - [email protected]
Task Level- Beginner

1
 Task Level – Beginner
Table Of Content
S Title Page
No No

1 Find all the ports that are open on the 5-8

websitehttp://testphp.vulnweb.com/
2 Brute force the website 9-11
http://testphp.vulnweb.com/ and find the
directories that are present in the website.
3 Make a login in the website 12-17
http://testphp.vulnweb.com/ and intercept
the network traffic using wireshark and find
the credentials that were transferred through
the network.

List Of Figures
Figure Name Page
No No
1 Nmap Scanning 6
2 Dirb Scanning 9-10
3 Login Attempt 11-13
4 Wireshark Result 14-15

2
Introduction and Information about the report
❖ Introduction:
The tasks performed in this report focus on foundational
techniques in the field of cyber security and ethical hacking.
These practical activities are centered around identifying
vulnerabilities and gathering information from a publicly
available, intentionally vulnerable website:
http://testphp.vulnweb.com/
❖ Objective of Task:
❖ Port Scanning:
To identify open ports and services running on the target
website using Nmap, which helps determine potential
attack surfaces.
❖ Directory Brute Forcing:
To discover hidden directories and files on the web
server using tools like Gobuster or Dirb, which may
expose unprotected or sensitive resources.
❖ Traffic Interception:
To capture network traffic using Wireshark during a login

3
 session and analyze whether sensitive information like
credentials is transmitted securely.

Environment Setup
• Operating System: Kali Linux
Tools Used:
• Nmap – for port scanning
• Gobuster – for directory brute forcing
• Wireshark – for traffic capture and analysis
Target URL: http://testphp.vulnweb.com/

4
 Task Level (Beginner)
1) Find all the ports that are open on the website
http://testphp.vulnweb.com/

• Severity Score: 5.0 / 10 (Medium)

• Reason: It's a passive step, but opens the door for
serious follow-up attacks.
Tool Used:Nmap (Network Mapper)

Nmap (Network Mapper) is a command-line tool used to discover

hosts and services on a network by scanning IP addresses or
domain names.

➢ Step by Step:
Step 1: Open Terminal in Kali
Click on the Terminal icon or press Ctrl + Alt + T
Step 2: Basic Port Scan
Command: nmap testphp.vulnweb.com
5
 • It scans the 1000 most common ports on the domain
testphp.vulnweb.com.
• It shows you which of those ports are open, closed, or filtered.
Step 3: Detect Sevice Versions
Command : nmap -sV -p- testphp.vulnweb.com

• It checks all possible ports (1–65535).

• It tries to detect what service is running on each open port

Step 4 : Waiting for the Result

Nmap will start scanning for scan open Ports . This process can take
some time depending on the size of the Network and which type of
scan used in Scanning

Fig(1):Nmap Scanning

6
Step 5 : Review the Scan Result

Once the Scan is complete nmap will display , A list of all open ports
one the target device or Network. Analyze the result to understand
which service is running and Security risks.

Port Scan Result:

• Target: testphp.vulnweb.com
• IP: 44.228.249.3
• Open Port: 80/tcp
• Service: nginx 1.19.0
• OS Detected: Linux (x86_64)
• Unknown Service Path: /cgi-bin/submit.cgi

Impacts :

Information Gathering
• Attackers can detect live hosts, open ports, and running
services.
Exposure of Vulnerabilities
• Services with known exploits (e.g., outdated Apache or FTP
servers) can be discovered.
Firewall and Security Testing
• Scanning reveals which ports are blocked or filtered, exposing
firewall weaknesses.

7
Target Identification
• Scanners help attackers decide which systems are worth
attacking further.
System Performance Issues
• Aggressive scans may temporarily overload systems or
network interfaces.
Mitigation Techniques:
Firewall Rules
• Allow only necessary ports (e.g., 22, 80, 443). Block unused
ports using firewalls like iptables, UFW, or network-level
firewalls.
Port Knocking
• Use a sequence of port hits to open hidden ports dynamically.
Service Hardening
• Hide or remove service version banners (e.g., ServerTokens
Prod in Apache).
Intrusion Detection/Prevention Systems (IDS/IPS)
• Deploy tools like Snort, Suricata, or OSSEC to detect and block
suspicious scans.
Rate Limiting and Throttling
• Limit the number of connection attempts from a single IP to
slow down scanners

8
 Task Level- Beginner
2) Brute force the website http://testphp.vulnweb.com/ and
find the directories that are present in the website.

• Severity Score: 7.2 / 10 (High)

• Reason: Attackers can find admin panels, old code, or
file uploads which can be exploited directly.
Tool: DirBuster (comes pre-installed in Kali)
Dirb is a command-line web content scanner used in cybersecurity
to brute-force directories and files on web servers.
➢ Step-by-Step
Step 1: Open Terminal
Open a terminal in Kali Linux
If you are using kali linux dirb is by default is installed, if not installed
than you can install by running this command: sudo apt –get install
dirb
Step 2: Use the dirb command
Command: dirb http://testphp.vulnweb.com/
• This uses the default wordlist to brute-force directory names

9
Step 3: Wait for Result
Dirb will start searching for hidden Directories and Files .
Than dirb will show you directories/files that exist on the site.

Fig(2.1)
Step 4 : Check The Result
Once dirb finishes, it’ll show you a list of Directories And Files it
found. Some of this might be hidden or not linked from the main
web site Page.

Fig(2..2)
Found Directories:
• /admin/ (403)
10
 • /cgi-bin/ (403)
• /CVS/
• /images/
• /pictures/
• /secured/
• /vendor/
• /index.php

Impacts of Directory Brute Forcing

1. Sensitive Data Exposure
Hidden directories like /admin, /backup, or /config.php may
reveal sensitive data.
2. Unauthorized Access
Attackers may find entry points to restricted areas of the
website.
3. Increased Attack Surface
More directories mean more opportunities for exploitation
(e.g., outdated scripts)
Mitigation Measures:
1. Disable Directory Listing:
Prevent web servers from showing file indexes.
2. Use Proper Authentication:
Protect sensitive paths with login systems and access
controls.
3. Rename or Remove Unused Files:
Avoid leaving old scripts, backups, or development files on the
server.
4. Security Through Obscurity is Not Enough:
Do not rely on hiding files/directories—use actual security
controls.
11
 5. Regular Vulnerability Scans:
Continuously monitor and secure exposed paths.

Task Level- Beginner

3)Make a login in the website http://testphp.vulnweb.com/
and intercept the network traffic using wireshark and find
the credentials that were transferred through the network.

• Severity Score: 9.5 / 10 (Critical)

• Reason: Credentials are fully exposed in plaintext; no
exploit needed—just capture and login.
Intercepting Network Traffic with Wireshark On Kali Linux:
Wireshark is a network protocol analyzer used to capture and
inspect data packets on a network in real-time.

Step 1: Launch Wireshark on Kali Linux

Open Kali Linux and Launch wireshark from Terminal
Command : Wireshark or Sudo wireshark
Step 2: Choose Network Interface
Once Wireshark opens, you will see a list of network interfaces.
Common interfaces:
• eth0 → Ethernet (wired)
• wlan0 → Wireless (Wi-Fi)
• lo → Loopback (used for local processes)

12
Click on the interface name (e.g., eth0) to start capturing packets.

Fig(3.1)
Step 3: Start Capturing The Traffic
After selecting the netwrok interface card click on start to start
capturing the Traffic on the selected network interface.
In the top filter bar of Wireshark, type: Http
• Then press Enter.
• This will only show HTTP packets (not HTTPS or others).

Fig(3.2)
Step 4: Start The Browser To Search

13
Go to your Browser ( firefox or chrome ) , then go to
http://testphp.vulnweb.com/ and login
• Use fake credentials (don’t worry, this is a test site):
o Username: admin
o Password: admin123
• Click on Login

Fig(3.3)

Step 5:Find the POST Request in Wireshark

• Return to Wireshark.
• Look for a POST request in the Info column. It will say:
POST /login.php HTTP/1.1
• Click on that packet to select it.

14
 Fig(4)

Step 6: View Credentials in the Packet

Look at the bottom panel of Wireshark and click on the triangle to
exoand : Hypertext Transfer Protocol

Then find and expand: Line-based text data: application/x-www-

form-urlencoded

Then You will see something like:

uname=testuser&pass=test123&submit=Login

15
 Fig(4.1)

Step 7: Save the Capture (Optional)

• Go to: File > Export Specified Packets

• Save the capture as login_capture.pcap for proof.
➢ Impacts
1. User Credentials Can Be Easily Stolen
Since the website uses HTTP, the username and password are
sent as plain text. Anyone connected to the same network
(e.g., public Wi-Fi) can capture the login details using tools like
Wireshark.
2. High Risk of Man-in-the-Middle (MITM) Attacks
Attackers on the same network can perform MITM attacks to
intercept traffic, read sensitive data, or even modify what the
user sees.
3. Loss of Trust in the Website
If users discover that their credentials can be intercepted,

16
 they may stop using the website, leading to reputational
damage.
4. Potential for Account Hijacking
Captured credentials can be used to log in as the user, access
sensitive data, or even perform malicious actions under the
user’s identity.
➢ Mitigation Steps
1. Use HTTPS Instead of HTTP
The most effective fix is to install an SSL certificate on the web
server and enforce HTTPS. This encrypts the data, so it cannot
be easily read during transmission.
2. Redirect All Traffic to HTTPS
Even if HTTPS is available, the site should automatically
redirect users from HTTP to HTTPS to ensure security.
3. Educate Users to Check for HTTPS
Users should be taught to look for a lock icon in the browser
address bar and never enter login details on non-secure sites.
4. Use Secure Coding Practices
Developers should avoid building login forms on HTTP pages.
Even if login happens over HTTPS, having the form on HTTP can
still expose users.
5. Implement Two-Factor Authentication (2FA)
Even if credentials are stolen, 2FA can prevent unauthorized
access by requiring a second verification step.

17
18