Redynox Internship Tasks

Name: Waris Khan

Company: Redynox
Date: 23-08-2025

Task No: 1 Network Security Basics

1.1: Research - Viruses, Worms, Trojans, Phishing
1.2: Understanding Firewalls, Encryption and secure configuration
1.3: Basic Security Measures Apply in windows Firewall and change
default password

1.4: Monitoring traffic using Wireshark and analysis FTP DNS SSH etc.
1.5: Suspicious traffic identify
1.6: Documentation all those things with screenshots
Task No: 2 Web Application Security
2.1: Setup WebGoat install and understand how it’s works
2.2: Vulnerability Analysis using OWASP ZAP
2.3: Find SQL Injection or XSS (Cross Site Scripting)
2.4: understand those vulnerability mechanism
2.5: Test SQL injection manual in login form
2.6: Report those vulnerabilities and how to mitigate it (input
validation, parameterized queries)

Task No: 1 Network Security Basics

1.1: Research - Viruses, Worms, Trojans, Phishing
Virus: virus is a malicious computer program it replicate itself in a network to
compromise other computers cuasing demage to computer or data.

Worms: worms is a type of malicious computer program self-replicating

malware across network and system and they don’t need any user interact.
Trojans: Trojan is also a malicious computer program but it’s act like a legitimate
application or software the Trojan is inside a legitimate application or software
like winrar,VLC etc.
Phishing: phishing is a technique used by the hackers or cybercriminals to get
information form an induvial about the company or an organization.
 1.2: Understanding Firewalls, Encryption and secure configuration
What is Firewall and types?
Firewall is protecting us from the unauthorized access or any malicious traffic
firewall can be hardware,software and cloud based.
There are some types of firewalls:
Packet Filtering Firewall:
This is a simplest firewall which is examining each packet based on the IP
address and Port number.
Circuit-Level-Gateway:
This firewall monitor TCP three-way-handshake to ensure that the
connection between user and client is trusted or not.
Next-Generation-Firewall:
Modern firewalls that combine the features of traditional firewall with
advance security capability like deep packet inspection and intrusion detection
system and application awareness to block complex threats.

Encryption:
Encryption is a way or technique to convert plaint text into chipper text means
convert human readable text data into unreadable form here is a best example of
the encryption which is CIA Triad this module or method covers all about the
hashing,encryption and availability.

CIA:
Confidentiality: access information only those person who has
authorized.
Integrity: maintain the integrity of information means no any changes
occurs during the data in transmit or data in rest.
Availability: data available when client or customer needed.
1.3: Basic Security Measures Apply in windows Firewall and change
default password
Configure firewall for the allow rules:
Go to windows start menu and search for the “firewall”

Click on the “windows firewall with Advanced Security”

Here’s the window software based firewall configuration dialogue box now here
we will allow and disallow some ports like FTP SSH RDP SMB
Here click on the “Inbound Rules” is used for the incoming traffic and it is used to
which ports we want to allow

Now click on the “New Rule” button here we can defind which port to allow on
the system
Here we can set rules for the Program,Port and Custom but here we will be
seeing the port option click on the port option and then click on the next button
Here we can setup the TCP UDP both ports but here we will setup the telnet port
which is port 23
After enter the port number In the specific local port holder then click on the
next button
Here we can setup that port for the all connection and only for the secure
connection but the security prospective we will setup it into “Allow the
connection if it secure” then click on the next button
Here we can setup it for only current user and we can skip it for the current user
but we can setup it into “Only allow connections from these users” then click on
the next button but before that select system user for it just click on the Add
button

There we are here just select the system user and click on the ok button
Here set for who those rule are applied we can select here “private” option and
then click on the next button
Type here the name and description then click on the Finish button

Here is the rule which we have set

Configure firewall for the disallow rules:

Follow same steps which I have explained in the above steps open the firewall
and now here click on the “Outbound rules” is used for the outgoing traffic

after click on the Outbound rules

Here we can setup rules for the outgoing traffic means those traffic which we
want to blocked it just click on the “New Rule”
Here select the port option and click on the next button
Select the port number which we want to blocked here I,m selecting the port
3389 RDP port then click on the next button
Here select the “Block the connection” option and then click on the next button
Here we will select all the options means we don’t want to access anyone our
system then click on the next button
Now here setup the name and description then click on the Finish button

Here is it the blocked rules which we have setup

Change default password of Wi-Fi and setup encryption:

Now we will configure our router change the default password which is admin
and the setup the encryption like WPA2/WPA3 so first of all find the router ip
address and copy and paste it on a browser URL
Here is the router setup page the default username=root and password=admin
We will change it and also we will apply the encryption on it now click on the
login button

It is a warning because we are using a default password which is found in a data

breach
Here I was click on the security option and then here I,m selecting the “System
Managemnet” option
Here is I,m selecting the “Account Management” option now here is the default
username and password now I,m changing it into a strong password like
W@31sKH4N$123 like that which is my name but very strong with the special
symbols

1.4: Monitoring traffic using Wireshark and analysis FTP,DNS,FTP etc

Now we will using the Wireshark tool to analysis our network traffic and also we
will finding the malicious traffic and we will look out for the malicious website or
port number so first of all go to the Wireshark website and download and install
it

Here select the operating system which we use like windows linux macos here
I,m downloading it for my windows os click on the “Windows x86 Installer” the
downloading will be starting once the downloading is completed then open it and
just click on next,next and the installation will be completed now open the
wireshark tool

Here is the interface of Wireshark tool now here we will selecting the interface
like Ethernet or Wireless here I,m selecting the Wi-Fi option it will be starting the
network traffic
The network traffic is capturing is started now want to stop and save this file for
the analsyis

Click on the stop button and then press “crtl + shift + s”

Now we can save the file where we want to save it but I,m saving it into my
Desktop after that now we will analysis this file for the HTTP FTP SSH and any
malicious traffic

Now here we will use the Wireshark filters to find those ports here I,m typing in
the filters option http here’s the http traffics which we have examined in the
below steps now we will searching for the ftp and ssh ports

There is no ftp ssh telnet traffic on the captured file

1.5: Suspicious traffic identify

Here’s the network traffic but here’s a unique GET Request which contain
password.zip file now click on it
Here is the details of that packet

Now click on the “Export Objects”

Now select here the HTTP option

Here’s the file which is capture using network traffic monitoring now click on that
file and save it where you want and extract it in a VMware or Virtual-Box in a
controlled environment
Now click on the zip file here’s a text file inside the zip file now I,m opting it what
is inside it

Task No: 1 Summary

I gained practical experience in network security fundamentals, including
malware research, firewall configuration, router hardening, Wireshark-based
traffic analysis, and identifying suspicious network behavior. This strengthened
my ability to secure systems against common threats.
Task No:2 Web Application Security
2.1: Setup WebGoat install and understand how it’s works
Go to the WebGoat website download

Here’s is two option one is standalone jars file and one is Docker image but here
I,m installing the standalone jars file on my windows system click on it and
download it
Once we click on this it will redirect to the GitHub repo now here I,m
downloading the jar file click on it the downloading will be start after downloaded
the file

Now click on the Start option here is available the installation method about the
standalone jars file and Docker image file but here I,m installing the standalone
file on my system using this method

This is the method of standalone file installation follow this one go to the
standalone jar file where we downloaded it and then open the CMD in windows
and paste this command the WebGoat will be started
“java –jar file_name” then it will be running

After that open browser and paste this URL http://127.0.0.1:8080/WebGoat

Here’s it the webGoat is successfully installed in my system now create new user
on the “register yourself as a new user”

Here’s it now type here the username,password and agree the terms and click on
the Sign Up button
There we go we have created a new user successfully

2.2: Vulnerability Analysis using OWASP ZAP

Now we will installing the OWASP ZAP tool to scan the webgoat with that and
then we will perform some basic vulnerabilities scanning and exploiting it so go to
the owasp zap website and download it according to your system
Here I,m downloading it for my windows system click on the download button
and then open the downloaded file
Once click on the file it will be start running

Just click next,next the installation will be completed

like that then click on the Finish button
There we are the installation is completed successfully
Now search for the ZAP and open it after installation

Here’s it the OWASP ZAP is opened successfully now we will start scan on the
WebGoat so the WebGoat should be running and then we will be starting the
OWASP ZAP to scan it so I have already started my WebGoat and OWASP ZAP
Open the OWASP ZAP and click on the “Automated Scan”

In the “URL to attack” select here the website which you want to scan for the
vulnerabilities here I,m typing my WebGoat URL and “with” select here browser
which you want to use for it like chrome,firefox etc
Then click on the “Attack” button the scan will be started
Vulnerabilities scanning is started now wait and see

To check the website vulnerabilities go to the “Alerts” tab

Here are multiple vulnerabilities in the WebGoat based on the severity like
“Informational,Low,Medium,High,Critical”

2.3: Find SQL Injection or XSS (Cross Site Scripting)

Now we will finding the XSS vulnerability on the WebGoat but we have already
scan the website using the OWASP ZAP now we will check it and mark the XSS
vulnerability

Here’s the XSS vulnerability on the website now further we can exploit it and
fixed with that also understand the mechanism of those vulnerabilities

2.4: understand those vulnerability mechanism

Now we will understand how XSS (Cross Site Scripting) and SQL injection works

XSS (Cross Site Scripting):

XSS happens when an attacker injects malicious JavaScript into a website, and
that script runs in the victim’s browser.

Goal: Steal cookies, session tokens, or trick the user.

SQL Injection:
SQL injection happens when an attacker injects malicious SQL code into a query
that a website sends to the database.

Goal: Access, steal, or modify database data.

2.5: Test SQL injection manual in login form

Now we will testing a login form to bypass the login of a website but here we will
using the WebGoat

Here’s a login form which is provided by the WebGoat now we will perform SQL
injection on this form so here’s a user Tom we will perform sql injection on it
Here I,m trying a simple sql injection malicious code to bypass it but it’s not
worked on it now we will create a new user then we will login here
We have created a user now we will try to login into it
But we can’t access it now we will use Brup Suit to capture the requests open the
Brup Suit ON the Intercept
Now again we will go to the registration form and we will type all the details and
capture the request and then forward the request

Here’s it we have captured the request now we will changes on here and also we
will be adding payloads here

Now select the request and right click on it and “send to intruder” and drop the
request and OFF the intercept now
Here we have add some query which is “substring(database_version(),1,1)=’1”
we also add payload here on the 1 now go to the payloads tab and we will add
here payloads like 1,2,3,4 and so on

Here I have selected from 1 to 9 payloads again go to the Positions tab and start
the attack
Here the attack is goes and the value changing according to our payload now we
will copy this request and save it into a file because now we will using the sqlmap
tool to automate all those things to extract the username and password
Here’s the request which we have saved for the sqlmap tool now open it

And run this command on that file which we have saved for it and press enter

Here’s it we have found the database version now we will run another command
on the database

Now it will find for our current database on target system or WebGoat

Here’s a database which is “Public” now we will exploit this database and extract
the password
After the attack is complete, we obtain the password “thisisasecretfortom”
now go to the WebGoat sql injection login form and enter those credentials to
complete the lab

There we are the SQL injection lab is completed successfully.

How to mitigate it:

SQL Injection Mitigation:

Use prepared statements (parameterized queries) and validate user input.

XSS Mitigation:

Escape/encode user input before rendering and use Content Security Policy (CSP).