1 Implement the following Substitution & Transposition Techniques concepts: a) Caesar Cipher b)

Rail fence row & Column Transformation

A) Caesar cipher

Encryption:

1. Choose a shift value(key):This is typically a number between 1 and 25. Let's use 3 as an
example
2. Convert plain text to upper case :This make it easier to handle letters.
3. Shift each letter: For each letter in the plane find its position in the alphabet (A=1,B=2,etc).
Add the shift value to the position and wrap around if you reach the end of
alphabets(Z+1becomes A)
4. Map shifted values to letters: Use the new position to find the corresponding letters in the
alphabet.
Example (plain text:”HELLO”,Shift:3)
H+3=k
F+3=H
L+3=O
L+3=O
O+3=R
Cipher text :”KHOOR”

Decryption:

1. Apply the opposite shift: Subtract the shift value from each letters position wrapping around
if necessary example
Ciphertext :”KHOOR”
K-3=H
H-3=E
O-3=L
0-3=L
R-3=O
Plaintext:” HELLO”
B) Rail Fence Technique:
In this the plaintext is written down as a sequence of diagonals and then read off as a
sequence of rows.
Eg:”all the best for exams”->Plaintext
To encrypt this with al rail fence of depth 2, we write the following
a l h b s f r x m
l t e e t o e a s
encrypted message is:
ALHBSFRXMLTEETOEAS

. COLUMN TRANSPOSITION:

We write the message in a rectangle, row by row and read the message of column by column but
permute the order of column.

Key: integer value unique digits from 0 to 9

Eg Plain- attack postponed until two am

Key- 4 3 1 2 5 6 7

a t ta ckp

o s t po ne

du n t i l t

w o a m x y z

ciphertext: TTNA APTM TSUO AODW COIX KNLY PETZ

2. Implement the Diffie-Hellman Key Exchange mechanism using HTML and JavaScript.
Consider the end user as one of the parties (Alice) and the JavaScript application as other
party (bob).

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Diffie-Hellman Key Exchange</title>
</head>
<body>
<h1>Diffie-Hellman Key Exchange</h1>
<div id="Alice">
<h2>Alice</h2>
<label for="Alice Private">Private Key:</label>
<input type="text" id="Alice Private" read only>
<br>
<label for="Alice Public">Public Key:</label>
<input type="text" id="Alice Public" read only>
</div>

<div id="bob">
<h2>Bob (JavaScript Application)</h2>
<label for="bob Private">Private Key:</label>
<input type="text" id="bob Private" read only>
<br>
<label for="bob Public">Public Key:</label>
<input type="text" id="bob Public" read only>
</div>

<div id="shared Secret">

<h2>Shared Secret</h2>
 <label for="shared Secret">Shared Secret:</label>
<input type="text" id="sharedSecret" readonly>
</div>

<script>
// Diffie-Hellman parameters (can be chosen randomly)
const prime = 23; // A large prime number
const generator = 5; // A primitive root modulo prime

// Alice's side (End User)

const Alice Private = Math.floor(Math.random() * 10) + 1; // Private key
const Alice Public = Math.pow(generator, alicePrivate) % prime; // Public key

// Bob's side (JavaScript Application)

const bobPrivate = Math.floor(Math.random() * 10) + 1; // Private key
const bobPublic = Math.pow(generator, bobPrivate) % prime; // Public key

// Shared Secret Calculation on both sides

const aliceSharedSecret = Math.pow(bobPublic, alicePrivate) % prime;
const bobSharedSecret = Math.pow(alicePublic, bobPrivate) % prime;

// Display values in the HTML

document.getElementById("alicePrivate").value = alicePrivate;
document.getElementById("alicePublic").value = alicePublic;

document.getElementById("bobPrivate").value = bobPrivate;
document.getElementById("bobPublic").value = bobPublic;

document.getElementById("sharedSecret").value = aliceSharedSecret;

// Check if both shared secrets match

if (aliceSharedSecret === bobSharedSecret) {
console.log("Shared secrets match!");
} else {
console.log("Error: Shared secrets do not match.");
}

</script>
</body>
</html>

3 Implement the following Attack: a) Dictionary Attack b) Brute Force Attack

A)Dictionary attack:-
 Concept:
. Utilizes a predefined list of words ( dictionary )containing potential passwords.
. Each entry in the list is systematically tired against the forget user's account until a match is
found

Implementation steps:
1. Acquire or created Dictionary of common passwords
2.Integrate through the list attempting each password against the target users account
3.If a match is found unauthorised access is gained

B)Brute Force Attack:

Concept:
1.Tries every possible combination of characters until the correct password is discovered
2.it's an exhaustive method that does not rely on a predefined list of potential passwords
Implementation steps:
1.Define a character set( example :letters, number ,symbols)
2.Generate all possible combination within a specified length
3. Try each combination until the correct password is found or until all possibilities are
exhausted.

4 Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.

1. Install Wireshark:

On Windows:

1. Download the Wireshark installer from the official website:

https://www.wireshark.org/download.html

2. Run the installer and follow the on-screen instructions.

3. TCP dump is often preinstalled:

Check if its already available use your terminal command like TCP dump -h

If not install via your system's package manage (eg. sudo apt install TCP dump on Ubuntu)

. Observing Data Transfer:

1. Start wireshark

Launch the wire shark application

2. Select interface

Choose the network interface you want to capture traffic from

3.Start capture

Click the start button to begin capturing packets

4. Generate traffic
Perform actions that generate network traffic example visit a website send a message

5.Stop capture

Click the stop button when you have captured enough data

. Identifying UDP/TCP Datagrams:

a. Filter for UDP/ TCP

Enter UDP or TCP in the filter bar to isolate those protocol

b. Examine packet details

Click on a UDP or TCP packet to view its details in the packet details pane

c. Lock for key fields

Identify fields like

 source / destination IP addresses

 Source /destination ports
 Protocol udp or TCP
 Sequence /acknowledgement numbers TCP
 Flags(tcp)
 Data payload

d. Analyse differences

Note the difference between udp and TCP data grams such as

TCP’S:-Connection oriented nature

UDP’S:-lack of reality mechanism

5 Installation of rootkits and study about the variety of options.

AIM:

Root kit is a stealth type of malicious software designed to hide the existence of certain process from
normal methods of detection and enables continued privileged access to a computer.

INTRODUCTION:

A rootkit is a type of malicious software that is activated each time your system boots up .Root kits
are difficult to detect because they are activated before your system operating system has
completely boosted up.

A root kit often allows the installation of hidden files process hidden user accounts and more in
system OS

Root kits are able to intercept data from terminals network connections and the keyboard. Root kits
have 2 primary function :remote command /control( back door) and software keeps dropping. Root
kits allow someone legitimate or otherwise to administratively control a computer .This means
executing file accessing logs monitoring user activity and even changing the computer's configuration
therefore in the strictest sense even versions of VNC are root kits.
PROCEDURE:

Step 1:Download root kit tool from GMER website

Step2:This displays the processes, module services, files registry, root kit malwares, auto start, CMD
of local host

Step 3: select process menu and kill any unwanted process if any

Step 4: modules menu display the various system files like .sys etc

Step 5: services menu displays the complete services running with auto start, enable, disable,
system, boot

Step 6:Files menu displays full files on hard disk volumes

Step 7:Registry display H _key _current_ user and h_ key_ local_ machine

Step 8: Root kits malicious scans the local drives selected

Step 9:AutoStart displays the registry base auto start application

Step 10:CMD allows the user to interact with command light utilises or registry

6 Perform an Experiment to Sniff Traffic using ARP Poisoning.

AIM:

ARP poisoning is also known as ARP SPOOFING.

ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical
addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the
recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address
is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it
can associate the fake MAC addresses with the IP address of a genuine computer on a network and
hijack the traffic.

ARP Poisoning − Exercise

In this exercise, we have used Better CAP to perform ARP poisoning in LAN environment using
VMware workstation in which we have installed Kali Linux and Ettercap tool to sniff the local traffic in
LAN.

For this exercise, you would need the following tools

 VMware workstation
 Kali Linux or Linux Operating system
 Ettercap Tool
 LAN connection

Step 1:Install the VMware workstation and install the Kali Linux operating system.

Step 2:Login into the Kali Linux using username pass “root, Toor”.
Step 3: Make sure you are connected to local LAN and check the IP address by typing the

Command ifconfig in the terminal.

Step 4: Open up the terminal and type “Ettercap –G” to start the graphical version of

Ettercap.

Step5:Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select the
interface. We are going to use “eth0” which means Ethernet connection.

Step 6: Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning

the whole network for the alive hosts

Step7: Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in

the network. This list also includes the default gateway address. We have to be careful when we
select the targets.

Step 8: Now we have to choose the targets. In MITM, our target is the host machine, and the route
will be the router address to forward the traffic. In an MITM attack, the attacker intercepts the
network and sniffs the packets. So, we will add the victim as “target 1” and the router address as
“target 2.”In VMware environment, the default gateway will always end with “2” because “1” is
assigned to the physical machine.

Step 9: In this scenario, our target is “192.168.121.129” and the router is “192.168.121.2”. So we

will add target 1 as victim IP and target 2 as router IP

Step 10:Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff remote
connections” and click OK

Step 11:Click “start” and select “start sniffing”. This will start ARP poisoning in the network which
means we have enabled our network card in “promiscuous mode” and now the local traffic can be
sniffed.

Step 12:Now it’s time to see the results; if our victim logged into some websites. You can see the
results in the toolbar of Ettercap.

7 Demonstrate intrusion detection system using any tool (snort or any other s/w).

AIM: Snort is an open source network intrusion detection system (NIDS) has the ability to perform
real-time traffic analysis and packet logging on internet protocol (IP) networks. Snort performs
protocol analysis, content searching and matching. Snort can be configured in three main modes:
sniffer, packet logger, and network intrusion detection.

Description:

Sniffer mode:-

Packet Logger mode

Network Intrusion Detection System mode

Sniffer mode :-
Snort –v Print out the TCP/IP packets header on the screen

Snort –vd show the TCP/IP ICMP header with application data in transmit

Packet Logger mode :-

snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go into
packet logger mode, it collects every packet it sees and places it in log directory.

snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to print out the data link and
TCP/IP headers as well as application data into the log directory. snort –l c:\log –b This is binary mode
logs everything into a single file.

Network Intrusion Detection System mode:-

snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule to each packet
to decide it an action based upon the rule type in the file.

Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to run in its most basic NIDS
form, logging packets that trigger rules specifies in the snort.conf.

PROCEDURE:

STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.

STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.

STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and snort will
automatically know to go into packet logger mode, it collects every packet it sees and places it in log
directory.

STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out the
data link and TCP/IP headers as well as application data into the log directory.

STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.

STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c snort.conf €
This is a configuration file that applies rule to each packet to decide it an action based upon the rule
type in the file.

STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in its most
basic NIDS form, logging packets that trigger rules specifies in the snort.conf.

STEP-8: Download SNORT from snort.org. Install snort with or without database support.

STEP-9: Select all the components and Click Next. Install and Close.

STEP-10: Skip the WinPcap driver installation.

STEP-11: Add the path variable in windows environment variable by selecting new classpath.
STEP-12: Create a path variable and point it at snort.exe variable name € path and variable value €
c:\snort\bin.

STEP-13: Click OK button and then close all dialog boxes.

8 Demonstrate how to provide secure data storage, secure data transmission and for creating
digital signatures.

AIM: Demonstrate how to provide secure data storage, secure data transmission and for creating
digital signatures (GnuPG).

INTRODUCTION:

 Here’s the final guide in my PGP basics series, this time focusing on Windows.
 The OS in question will be Windows 7, but it should work for Win8 and Win8.1 as well
 Obviously it’s not recommended to be using Windows to access the DNM, but I won’t go into
the reasons here.
 The tool well be using is GPG4Win .

INSTALLING THE SOFTWARE:-

1. Visit www.gpg4win.org. Click on the “Gpg4win 2.3.0” button.

2. Click the “Download Gpg4win” button.
3. When the “Welcome” screen is displayed, click the “Next” button
4. When the “License Agreement” page is displayed, click the “Next” button
5. Set the check box values as specified below, then click the “Next” button
6. Set the location where you want the software to be installed. The default location is fine. Then,
click the “Next” button.
7. Specify where you want shortcuts to the software placed, then click the “Next” button.
8. If you selected to have a GPG shortcut in your Start Menu, specify the folder in which it will be
placed. The default “Gpg4win” is OK. Click the “Install” button to continue.
9. A warning will be displayed if you have Outlook or Explorer opened. If this occurs, click the “OK”
button.
10. The installation process will tell you when it is complete. Click the “Next” button
11. Once the Gpg4win setup wizard is complete, the following screen will be displayed. Click the
“Finish” button
12. If you do not uncheck the “Show the README file” check box, the README file will be displayed.
The window can be closed after you’ve reviewed it.
CREATING YOUR PUBLIC AND PRIVATE KEYS :-
GPG encryption and decryption is based upon the keys of the person who will be receiving the
encrypted file or message. Any individual who wants to send the person an encrypted file or
message must possess the recipient’s public key certificate to encrypt the message. The
recipient must have the associated private key, which is different than the public key, to be able
to decrypt the file. The public and private key pair for an individual is usually generated by the
individual on his or her computer using the installed GPG program, called “Kleopatra” and the
following procedure:
1. From your start bar, select the “Kleopatra” icon to start the Kleopatra certificate
management software
2. Screen will be displayed.
3. From the “File” dropdown, click on the “New Certificate” option
4. Screen will be displayed. Click on “Create a personal OpenGPG key pair” and the “Next”
button
5. The Certificate Creation Wizard will start and display
6. Enter your name and e-mail address. You may also enter an optional comment. Then, click
the “Next” button
7. Review your entered values. If OK, click the “Create Key” button
8. You will be asked to enter a passphrase
9. The passphrase should follow strong password standards. After you’ve entered your
passphrase, click the “OK” button. You will be asked to re-enter the passphrase
10. Re-enter the passphrase value. Then click the “OK” button. If the passphrases match, the
certificate will be created. Once the certificate is created, the following screen will be
displayed. You can save a backup of your public and private keys by clicking the “Make a
backup Of Your Key Pair” button. This backup can be used to copy certificates onto other
authorized computers.
11. . If you choose to backup your key pair, you will be presented and specify the folder and
name the file. Then click the “OK” button
12. After the key is exported, the following will be displayed. Click the “OK” button then You will
be returned to the “Key Pair Successfully Created” screen. Click the “Finish” button.
13. Before the program closes, you will need to confirm that you want to close the program by
clicking on the “Quit Kleopatra” button

DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:

1. Open the email message and select GpgOL tab.

2. Click the “decrypt”button. A command window will open along with a window that asks
for the Passphrase to your private key that will be used to decrypt the incoming
message.
3. Enter your passphrase and click the “OK “button. The results window will tell you if the
decryption succeeded. Click the “Finish” button top close the window
4. Your unencrypted email message body will be displayed. When you close the e-mail you
will be asked if you want to save the e-mail message in its unencrypted form. For
maximum security, click the “No” button. This will keep the message encrypted within
the e-mail system and will require you to enter your passphrase each time you reopen
the e-mail message