Analyzing and Identifying Potential Vulnerabilities in a System Using genmap

Date:31.12.24 S.Nittin Balajee

Introduction

System vulnerability assessment involves identifying and analyzing potential weaknesses in IT

systems that could be exploited by attackers. Various tools assist in this process, ranging from
comprehensive vulnerability scanners to specialized network analysis utilities. This study
examines multiple tools, including Nessus, OpenVAS, Qualys, Metasploit, and Zenmap,
focusing on their features, use cases, and applications in vulnerability analysis.

Tools for Vulnerability Assessment

1. Nessus

 Type: Commercial vulnerability scanner.

 Key Features:

o Scans for vulnerabilities, misconfigurations, and missing patches.

o Provides real-time reporting and detailed remediation steps.

o Compliance checks against standards like PCI DSS and CIS benchmarks.

 Use Cases:

o Identifying security gaps in servers, databases, and web applications.

o Conducting comprehensive network scans to detect high-risk vulnerabilities.

2. OpenVAS (Open Vulnerability Assessment System)

 Type: Open-source vulnerability scanner.

 Key Features:

o Extensive vulnerability database with regular updates.

o Supports various protocols (e.g., SSH, SNMP, HTTP).

o Customizable scanning profiles.

 Use Cases:

o Network vulnerability scanning for small to medium-sized environments.

o Identifying outdated software and weak configurations.

3. Qualys Vulnerability Management

 Type: Cloud-based vulnerability management platform.

 Key Features:

o Scalable for large networks.

o Automated updates and continuous monitoring.

o Integration with patch management tools for streamlined remediation.

 Use Cases:

o Continuous vulnerability assessment in enterprise environments.

o Cloud and container security management.

4. Metasploit Framework

 Type: Penetration testing tool.

 Key Features:

o Provides a database of exploits for various vulnerabilities.

o Simulates real-world attacks to test system defenses.

o Supports scripting for custom exploit development.

 Use Cases:

o Testing the e ectiveness of implemented security controls.

o Validating vulnerabilities identified by other tools.

5. Zenmap

 Type: Network mapping and port scanning tool (GUI for Nmap).

 Key Features:

o Identifies active hosts, open ports, and running services.

o OS detection and version identification for software.

o Supports Nmap Scripting Engine (NSE) for advanced vulnerability analysis.

 Use Cases:

o Network discovery and topology visualization.

o Pre-assessment of network security by identifying open ports and outdated

services.

Core Features of Zenmap

1. Host Discovery:

o Zenmap identifies live hosts on a network.

 o It helps detect active systems, unauthorized devices, or rogue elements.

2. Port Scanning:

o Zenmap scans for open ports and the services running on them.

o Identifies services like HTTP, SSH, DNS, and FTP to assess their security posture.

3. Operating System Detection:

o Uses advanced fingerprinting techniques to identify the target system's

operating system and version.

o Helps assess systems for outdated or vulnerable OS versions.

4. Service Version Detection:

o Determines the exact versions of services running on open ports.

o Useful for identifying outdated or vulnerable software.

5. Nmap Scripting Engine (NSE):

o Zenmap integrates Nmap's scripting capabilities for vulnerability detection.

o Scripts can check for specific vulnerabilities, misconfigurations, or compliance

issues.

6. Topology Mapping:

o Zenmap visualizes the network structure, showing how devices are

interconnected.

o Useful for understanding network segmentation and identifying exposed

systems.

7. Customizable Profiles:

o Provides predefined scan profiles such as “Quick Scan,” “Intense Scan,” and
“Ping Scan.”

o Allows users to create and save custom profiles for repeated use.

8. Report Management:

o Zenmap saves scan results in XML format for analysis and comparison.

o Provides a search feature to locate specific details within reports.

How Zenmap Works

Zenmap utilizes the Nmap engine to perform scans. Its GUI allows users to input parameters
and interpret results visually, which can be daunting in the command-line version.

Step-by-Step Process:

1. Input Target Information:

 o Specify IP addresses, ranges, or domain names as targets.

o Use CIDR notation for broader scans (e.g., 192.168.0.0/24).

2. Select a Scan Profile:

o Choose from predefined profiles or define custom options.

o Example Profiles:

 Quick Scan: Identifies open ports and basic host information.

 Intense Scan: Provides detailed results, including OS detection and

traceroute.

 Ping Scan: Identifies live hosts without scanning ports.

3. Execute the Scan:

o Initiate the scan, and Zenmap processes the request through the Nmap engine.

o Results are displayed in real-time on the interface.

4. Review Results:

o Results include open ports, service versions, hostnames, and potential

vulnerabilities.

o Use tabs like “Ports/Hosts,” “Topology,” and “Host Details” for detailed insights.

Key Functionalities of Zenmap

1. Network Discovery

 Purpose:

o Identify devices connected to the network.

o Uncover hidden or unauthorized hosts.

 Example:

o Running a ping sweep to find live hosts in the subnet.

2. Port Scanning

 Purpose:

o Determine which ports are open and assess the security of associated services.

 Example:

o Detecting open port 23 (Telnet) and determining whether encryption is used.

3. Vulnerability Identification through NSE

 Purpose:

o Use predefined scripts to detect vulnerabilities.

  Examples of Scripts:

o ssl-enum-ciphers: Lists SSL/TLS ciphers and checks for weak configurations.

o ftp-anon: Checks for anonymous FTP login.

o http-title: Extracts the title of HTTP services to identify their purpose.

4. Network Topology Visualization

 Purpose:

o Understand the layout of devices and their interconnections.

o Identify exposed hosts or poorly segmented areas of the network.

5. OS and Service Fingerprinting

 Purpose:

o Gather detailed information about the OS and software versions.

o Example:

 Identifying that a server is running Apache 2.4.49, which is vulnerable to

CVE-2021-41773.

Example Use Case: Assessing a Web Server

Scenario:

You are tasked with assessing the security of a web server.

1. Setup:

o Target: 192.168.1.10 (IP of the web server).

o Tool: Zenmap with "Intense Scan" profile.

2. Execution:

o Run the scan and collect results.

3. Results:

o Open Ports: 80 (HTTP), 443 (HTTPS).

o Services: Apache HTTP Server 2.4.49 detected.

o Vulnerabilities:

 CVE-2021-41773: Path Traversal Vulnerability in Apache 2.4.49.

o Recommendations:

 Update Apache to the latest version.

 Restrict access to sensitive directories.

Strengths of Zenmap

1. User-Friendly Interface:

o Simplifies the use of Nmap through a visual interface.

2. Predefined Profiles:

o Tailored for various levels of detail and use cases.

3. Network Topology Visualization:

o Helps understand complex network structures.

4. Script Integration:

o Extends capabilities to include vulnerability detection and compliance checks.

5. Cross-Platform:

o Available on Windows, Linux, and macOS.

Limitations of Zenmap

1. Not a Dedicated Vulnerability Scanner:

o While it can highlight potential weaknesses, it lacks a vulnerability database or

detailed remediation guidance like Nessus or Qualys.

2. Potential for Overwhelming Data:

o Scans can generate a large volume of information, requiring expertise to

interpret.

3. No Automated Updates:

o Scripts and Nmap engine updates must be applied manually.

4. Performance:

o Large-scale scans can be time-consuming.

Conclusion

Zenmap is an invaluable tool for preliminary network security assessments and understanding
system configurations. It excels in network discovery, port scanning, and service fingerprinting,
making it ideal for mapping potential attack surfaces. While it lacks the automated vulnerability
detection capabilities of tools like Nessus, its integration with Nmap scripting o ers flexibility
and adaptability. For comprehensive security assessments, Zenmap is best used in conjunction
with dedicated vulnerability scanners and penetration testing tools.
 Ex 2 Access Control

07.1.25 By:S.Nittin Balajee

Aim:

To configure Access Control on Windows and Linux Systems.

Report:

Configuring access control on Windows and Linux systems involves setting permissions and

access rights for users and groups to ensure that only authorized individuals can access certain

resources.

1. Linux Access Control Configuration

 Check Users in a Specific Group : getent group group_name

 To add a user: sudo adduser username
 To add a group: sudo groupadd groupname
 To add a user to a group: sudo usermod -aG groupname username
 Using the id Command: id
 Setting File and Directory Permissions: Using the chmod command to set permissions.
 Access Control Lists (ACLs): Using getfacl to view ACLs.
 Switching to the New User: su – username
2. Windows Access Control Configuration

 mkdir : Creates a new directory with the specified name.

 pwd: Prints the current working directory path to the terminal.
 icacls: Displays or modifies Access Control Lists (ACLs) for files and directories in
Windows.
 Grant Users Read (grant users r) Grants specified users permission to read the contents
of a file or directory.
 Grant Users Write (grant users w) Grants specified users permission to modify or write to
a file or directory.
 Remove Users Write (remove users w) Revokes the write permission from specified
users, preventing them from modifying a file or directory.
 Deny Users Write (deny users w) Explicitly denies specified users the permission to write
to a file or directory, overriding any granted permissions.
 rmdir : Removes an empty directory from the file system.
Result:

Thus, Access Control commands and actions in Windows and Linux are executed

successfully.
 Ex.3 MULTI – FACTOR AUTHENTICATION
Date: 21.01.25

By:
S Nittin Balajee
23011103042

Aim:
To implement Multi Factor Authentication Concept on Windows and Linux Systems.

Report:

Implementing Multi-Factor Authentication (MFA) on Windows and Linux involves

enhancing security by requiring multiple authentication methods, typically combining
something the user knows (password), something they have (hardware token or smartphone
app), and/or something they are (biometric verification).

1. Linux Multi Factor Authentication

Here, we have installed google-authenticator through the terminal and ran the configuration.
This will generate a QR code which needs to be scanned through the Google Authenticator
App.
This QR code helps the app to configure with the system and generate verification codes for
it. Now, we must do the necessary changes in the security files of the system to set up MFA.

Given here is the name of the files to be modified.

Nano is a text editor that can be used in Linux.
We must add the authenticator to the sshd file. After adding it, we must enable
InteractiveAuthentication in the sshd_config file.

After this modification, restarting the sshd should set it up. We must test it in another terminal
window.
2. Windows Multi Factor Authentication

To set up MFA in Windows, we are using “Windows Hello for Business” .

Using Windows terminal to access Group Policy Editor.

Navigate to: Computer Configuration > Administrative Templates > Windows Components >
Windows Hello for Business

Enable the policies:

o Use Windows Hello for Business.

o Configure MFA by enabling biometrics or PIN.
Now, Check Sign-in Options:

Open Settings

Go to Accounts > Sign-in options.

Verify the available sign-in methods:
Look for Facial Recognition, Fingerprint, or PIN under "Windows Hello".
If they're available, Windows Hello is active.
Result:

MFA was implemented on Linux using Google Authenticator for SSH logins, requiring a
password and a time-based OTP, and on Windows using Windows Hello, enabling biometric
or PIN authentication. Both systems now enforce enhanced security.
 Ex.4 Firewall
Date: 28.01.25

By:
S Nittin Balajee
23011103042

Aim:
Implement and Configure a System Firewall on Windows and Linux

1. Linux

To check if the firewall is available and install the firewall.

To start the firewall and check if the firewall is up and running then the instructions are added
one by one.
The command below lists all the sets of instructions for the firewall.

The below images shows that the firewall is up and running and it cannot connect to one of
the blocked ports.
2. Windows

A new firewall rule is being added to block the inbound and outbound packets the HTTP port
and the firewall is enabled.

A new firewall rule is added to block inbound and outbound packets for the HTTPS port.
Even after setting up the rules the network can ping using those ports to solve this issue ping
should be blocked this is done using the a new firewall rule to block the ICMP .
The firewall successfully blocks any packets from being received or sent through the specific port so
our firewall is active.

Result:

Implementation and Configuration a System Firewall on Windows and Linux is successful.

 HIDS

28.01.25 S Nittin Balajee 23011103042

AIM:

To write a report on Host Intrusion Detection System (HIDS) Implementation and Analysis
in Windows and Linux.

REPORT:
Introduction A Host Intrusion Detection System (HIDS) is a security mechanism designed to
monitor and analyze activities on an individual host for signs of malicious behavior or policy
violations. Unlike Network Intrusion Detection Systems (NIDS), which operate at the network
level, HIDS focuses on endpoint security by analyzing system logs, file integrity, user activities,
and application behaviors.
This report provides an overview of HIDS implementation and analysis in both Windows and
Linux environments.

2.HIDS Architecture and Functionality HIDS functions by monitoring system

events such as log files, registry changes, and file integrity. It typically includes
the following components:
 Agent Software: Installed on the host to collect and analyze security events.
 Logging and Alerting Mechanism: Captures security incidents and triggers
alerts.
 Rules and Policies: Defines suspicious activities based on predefined
signatures or anomaly detection models.
 Integration with SIEM: Many HIDS solutions integrate with Security
Information and Event Management (SIEM) systems for centralized
monitoring.
3. HIDS Implementation in Windows
3.1 Common HIDS Solutions for Windows

 OSSEC: Open-source HIDS that provides log analysis, integrity checking, and
active response.
 Windows Defender Advanced Threat Protection (WDATP): Microsoft’s
built-in HIDS solution for monitoring and responding to threats.
 Splunk with Sysmon: Provides detailed event logging and anomaly detection.
3.2 Installation and Configuration
 OSSEC Implementation:
1. Download and install OSSEC agent.
 2. Configure the agent to communicate with the OSSEC server.
3. Define rules for log monitoring and integrity checking
4. Enable active response mechanisms to block threats.
 Windows Defender ATP Implementation:

1. Enable Defender ATP through Microsoft Security Center.

2. Configure policies for endpoint detection and response.
3. Set up alert notifications for suspicious activities.
4. HIDS Implementation in Linux

4.1 Common HIDS Solutions for Linux

 OSSEC: Cross-platform HIDS widely used for Linux systems.
 Tripwire: Integrity checking tool for monitoring file system changes.
 AIDE (Advanced Intrusion Detection Environment): Lightweight
tool for file integrity checking.
4.2 Installation and Configuration
 OSSEC Implementation:
1. Install OSSEC using package managers or source compilation.
2. Configure agent-server communication.
3. Define monitoring rules and log paths.
4. Implement real-time alerting and response mechanisms.

 Tripwire Implementation:
1. Install Tripwire using apt or yum package managers.
2. Initialize the baseline database of system files.
3. Regularly run integrity checks and analyze reports.
OUTPUT/PROCEDURE:

1.) LINUX:
Installing an initialising tripwire:
2.) WINDOWS:
Installing and viewing symon :
RESULTS:
Thus the implementation of HIDS is done in windows and linux.
 VPN

04.02.25 S Nittin Balajee 23011103042

AIM:
Configure a VPN for Secure Remote System Access.

REPORT:
A VPN (Virtual Private Network) is a technology that allows you to
create a secure and private connection over a less secure network, such as
the internet. It essentially extends a private network across a public
network, enabling you to send and receive data as if your devices were
directly connected to the private network, even when you're not physically
present.

key Functions of a VPN:

1. Security: A VPN encrypts your internet connection, protecting the data
that travels between your device and the VPN server. This makes it
harder for hackers or unauthorized parties to intercept or view your data.
2. Privacy: When using a VPN, your real IP address is masked, and you're
assigned an IP address from the VPN server. This helps maintain your
online anonymity and prevents websites or services from tracking your
real location.
3. Bypass Geo-Restrictions: VPNs can be used to access content that
might be restricted based on geographical location. For example, you
could access streaming services or websites available only in certain
countries by connecting to a server located in that country.
4. Remote Access: VPNs enable remote workers to securely connect to
their company's network from anywhere in the world, ensuring secure
access to internal resources like files, applications, and databases.
OUTPUT/PROCEDURE:

Installation of wireguard:

Configuration of IP:

Checking the status of VPN:

Working of the VPN:

RESULTS:
Thus the implementation of VPN is done in linux.
 Ex.7 HYBRID CRYPTOGRAPHY
Date: 18.02.25

By:
S Nittin Balajee
23011103042

Aim:
Implement a Hybrid (private+public) Encryption and Decryption Mechanism for Data
Protection in Transit.

Code:
import time
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
import base64

# 1. Generate RSA keys (Public and Private)

def generate_rsa_keys():
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
private_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
public_key = private_key.public_key()
public_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
return private_pem, public_pem

# 2. Encrypt Data using AES

def encrypt_data_with_aes(data, aes_key):
print("Encrypting data with AES...")
cipher = AES.new(aes_key, AES.MODE_CBC)
ct_bytes = cipher.encrypt(pad(data.encode(), AES.block_size))
return cipher.iv + ct_bytes # Return IV + Ciphertext

# 3. Encrypt AES key using RSA

def encrypt_aes_key_with_rsa(aes_key, public_key_pem):
print("Encrypting AES key with RSA...")
public_key = serialization.load_pem_public_key(public_key_pem)
encrypted_aes_key = public_key.encrypt(
aes_key,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return encrypted_aes_key

# 4. Decrypt AES Key using RSA

def decrypt_aes_key_with_rsa(encrypted_aes_key, private_key_pem):
print("Decrypting AES key with RSA...")
private_key = serialization.load_pem_private_key(private_key_pem, password=None)
decrypted_aes_key = private_key.decrypt(
encrypted_aes_key,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return decrypted_aes_key

# 5. Decrypt Data using AES

def decrypt_data_with_aes(encrypted_data, aes_key):
print("Decrypting data with AES...")
iv = encrypted_data[:AES.block_size]
ciphertext = encrypted_data[AES.block_size:]
cipher = AES.new(aes_key, AES.MODE_CBC, iv)
decrypted_data = unpad(cipher.decrypt(ciphertext), AES.block_size)
return decrypted_data.decode()

# Example Usage

# Generate RSA keys (Public and Private)

private_key_pem, public_key_pem = generate_rsa_keys()

# Generate a random AES key

aes_key = get_random_bytes(32) # 256-bit AES key
# Encrypt some data using AES
data = "Test message."
start_time = time.time()
encrypted_data = encrypt_data_with_aes(data, aes_key)
print(f"Encryption took {time.time() - start_time} seconds")

# Encrypt the AES key using the RSA public key

start_time = time.time()
encrypted_aes_key = encrypt_aes_key_with_rsa(aes_key, public_key_pem)
print(f"AES key encryption took {time.time() - start_time} seconds")

# Decrypt the AES key using RSA private key

start_time = time.time()
decrypted_aes_key = decrypt_aes_key_with_rsa(encrypted_aes_key, private_key_pem)
print(f"AES key decryption took {time.time() - start_time} seconds")

# Decrypt the data using the decrypted AES key

start_time = time.time()
decrypted_data = decrypt_data_with_aes(encrypted_data, decrypted_aes_key)
print(f"Decryption took {time.time() - start_time} seconds")

# Output the results

print("Original Data:", data)
print("Decrypted Data:", decrypted_data)

Output:
Result:
Implement a Hybrid (private+public) Encryption and Decryption Mechanism for Data
Protection in Transit is successful.
 Ex.8 PENTESTING
Date: 25.02.25

By:
S Nittin Balajee
23011103042

AIM:
Conduct any type of Penetration Testing on a Web Application.

Theory:
XSS is a web security vulnerability that allows attackers to inject malicious JavaScript code
into webpages viewed by other users. These scripts are executed in the browser of the victim, and
they can do many things like steal session cookies, perform actions on behalf of the user, deface the
website, or redirect users to malicious websites.
XSS vulnerabilities arise when user inputs (such as in forms, comments, or search fields) are not
properly sanitized, allowing malicious code to be executed within the user’s browser.

Algorithm:

Basic XSS Injection:

• Open a vulnerable web application, such as DVWA (Damn Vulnerable Web Application),
Juice Shop, or WebGoat, with XSS functionality enabled.
• Find an input field such as a comment box, search box, or any user-input form.
• Enter the following payload to check if the site is vulnerable to XSS:
<script>alert('XSS')</script>

OUTPUT:
Lets try it on a website called WWW.breddit.com
It has a comment page where all the comments are stored in the database.
Now we are entering the script in the website.

The popup has been shown . So it is vulnerable to XSS attack.

Lets try
another
Example:
now, lets enter the script.

Now lets run it.

RESULT:
Hence, to conduct any type of Penetration Testing on a Web Application is verified.