Cs Practical-1

FACULTY OF ENGINEERING & TECHNOLOGY
Subject Name: Cyber Security Laboratory

Subject Code: 203105327
B.Tech. 3rd Year 6th Semester
PRACTICAL : 1
Aim: Implementation to gather information from any PC’s connected to the LAN
using who.is, port scanners, network scanning, Angry IP scanners etc.
Objective: To know how to gather information about the networks by using different
n/w reconnaissance tools.
Requirements: Laptop, who.is, n map, angry ip scanner
1. Who.is
 Theory
whois search for an object in a WHOIS database. WHOIS is a query and response
protocol that is widely used for querying databases that store the registered users of an
Internet resource, such as a domain name or an IP address block but is also used for a
wider range of other information. Most modern versions of whops try to guess the
right server to ask for the specified object. If no guess can be made, whops will
connect to whops.networksolutions.com for NIC handles or whops.arin.net for IPv4
addresses and network names.
Examples: Obtaining the domain WHOIS record for computer solutions.com
WHOIS record by IP querying Querying WHOIS in google search engine
To use the WHO.IS lookup tool, just enter the domain name whose information you'd
like to view into the search field on the WHOIS main page. You can retrieve key data
about a domain in this way, including availability, domain owner lookup, and
creation and expiration details. If you own multiple domains of your own, it can be
helpful to download exportable lists from the tool to analyze large amounts of
domains data.
 Implementation
Step 1: search who.is in web browser
Enrollment No. : 210303105321

Step 2: open the who.is tool
Step 3: Enter the Domain name or IP Address of which devices’ information you want
to gather

 Observation:
Get the information about searched domain name or IP Address
2. Port Scanners:
Nmap is convenient during penetration testing of networked systems. Nmap provides the
network details, and also helps to determine the security flaws present in the system. Nmap is
platform-independent and runs on popular operating systems such as Linux, Windows
and Mac. Nmap is a useful tool for network scanning and auditing purposes.
o It can search for hosts connected to the Network. o It can search for free
ports on the target host. o It detects all services running on the host with
the help of operating system. o It also detects any flaws or potential
vulnerabilities in networked systems.
It is effortless to work with the Nmap. With the release of a new graphical user
interface called GenMap User, it performs many tasks such as saving and comparing
scan results, scanning the results in a database, and visualize the network system
topology graphically, etc.

 Advantages of Nmap:
Nmap has a lot of advantages that make it different from other network scanning tools.
Nmap is open-source and free to use. Some other advantages are listed below.
o It is used for auditing network systems as it can detect new servers.

o It will search for subdomain and Domain Name System o With the help of
Nmap Scripting Engine (NSE), interaction can be made with the target host. o
It determines the nature of the service in the host and performs whether the
host is a mail service or a web server
 Port scanning using Nmap:
Implementation:
Step 1: Install Nmap in Windows
Step 2: Open Nmap

Step 3: Open command prompt and give command ipconfig to see local network
Step 4: paste ip address in target select scan type and press scan button
Nmap Output:

Step 5: Open Command prompt Run as administrator To

see the open ports run:
3. Angry IP Scanner
Implementation:

Once installed, open the application by searching for it in the Start Menu. As you can
see, the home screen of the application is pretty simple and straightforward. By
default, Angry IP scanner will enter your local IP address range and your computer
name as the hostname.

The good thing about Angry IP Scanner is that it lets you scan IP addresses in three
different ways. They are, the range you specified, a random IP address or a list of IP
addresses from a text file. You can easily select the scan mode from the drop-down
menu next to the IP address field.
As you can see from the above image, the Angry IP Scanner will only include default
fetchers like Ping, Hostname, and Ports. However, you can add more fetchers to get
and see more information about an IP address. To do that, select “Tools > Fetchers.”
In this window, you will see all the current fetchers on the left pane and all the
available fetchers in the right pane. To add a fetcher, select the fetcher on the right
pane and then click on the button that looks like “Less than” sign. In my case, I’ve

added new fetchers like MAC address, NetBIOS info, filtered ports, and Web
detectors.
Moreover, Angry IP Scanner will only tell whether the ports are open or not. It will not
list the individual ports that are open. So, if you want to do a port scan, then you need
to configure the application. To do that, simply navigate to “Tools” and then select the
option “Preferences.”
Here, navigate to the “Ports” tab and enter the ports you want to scan in the “Ports
Selection” field. As you can see, I’m scanning for port 80 and port 443. If you want to
scan a range of ports, then enter the port range like “1-1000.” After you have entered
the port number, click OK to save the changes.

Once you are done configuring the Angry IP Scanner, you can continue to scan. To
start off, set the scan mode to “IP Range,” enter the IP address range in the “IP
address” fields and then click on the button “Start.” For instance, I’ve entered an IP
range that is known to have live devices connected to it.
Depending on the number of addresses in the range, it may take some time to
complete. Once completed, the application will show you a summary of the scan. The
summary includes the number of hosts that are alive and the number of hosts that have
open ports. Just click on the button “Close” to continue.

Once you close the summary window, you will see the list of all the IP addresses. You
can also see additional details in different “fetcher” columns. In case you are
wondering, here’s what the colored dots next to each IP address mean.
Red: The IP address is inactive, dead or there is no device connected to this IP address.
Blue: The IP address is either active or busy and not responding to the requests sent by
Angry IP Scanner. This usually will be your own IP Address.
Green: The IP address is active, and the device connected to it is responding to the
requests made by Angry IP Scanner. There may also be open ports.
Apart from copying the details of an IP address, you can also perform a range of
different activities on the entries. You can open an IP address in the web browser, do
an FTP, trace routing, etc. For instance, if you want to traceroute an IP address, simply
right-click on the target IP address. After that, select the option Open and click on
Traceroute.

Once you are done scanning an IP address or the IP address range, you can save the
scan results. To do that, select the option Scan from the menu bar.

rd th
B.Tech. 3 Year 6 Semester
PRACTICAL – 2
AIM: Experiments with open source firewall/proxy packages like iptables, squid etc
IP-tables
◗ Simply put, iptables is a firewall program for Linux. It will monitor traffic from and to
your server using tables. These tables contain sets of rules, called chains, that will
filter incoming and outgoing data packets.
◗ When a packet matches a rule, it is given a target, which can be another chain or one of
these special values:
◗ ACCEPT – will allow the packet to pass through.
◗ DROP – will not let the packet pass through.
◗ RETURN – stops the packet from traversing through a chain and tell it to go back to the
previous chain.
Iptables chains:
◗ In this iptables pratical, we are going to work with one of the default tables, called filter.
It consists of three chains:
◗ INPUT – controls incoming packets to the server.
◗ FORWARD – filters incoming packets that will be forwarded somewhere else.
◗ OUTPUT – filter packets that are going out from your server.
How to Install and Use Iptables Linux Firewall
◗ Installing of Iptables
◗ sudo apt-get update
◗ sudo apt-get install iptables
◗ Check the status of your current iptables configuration by running.
◗ sudo iptables -L

Types of tables in iptables
commands
◗ Iptables –A INPUT –s your ip –j DROP
◗ Iptables –A INPUT –s your ip –j ACCEPT
◗ → to stop https websites
◗ → to stop http websites
◗ Iptables –A OUTPUT –p tcp –o eth0 –s your ipaddress -–dport 80 –j DROP
Follow the instructions to create a firewall rule that prevents the communication
between two systems via ping.
Step -1
CHECK YOUR IPADDRESS IN BOTH OPERATING SYSTEM(KALI LINUX AND
WINDOWS ) BY FOLLWING COMMANDS IN THE BELOW PICTURES

Attempt to ping both devices to verify whether they are responsive or not

Please create an iptables rule to stop communication between both devices, as shown in the picture.

Now try to ping on both devices its working or not.


Again if you want resume the communication then you have to write another
rule to “ACCEPT” the communication both device by iptable rule. Before you
accept the rule We have to remove the previous rule which we have given the
“DROP” rule.

To stop https request in our browser by ip address.

To resume the https request in browser by accept rule


PRACTICAL : 3
AIM: Implementation of Steganography

SCOPE:
Encompasses the detection of concealed messages and data within various media files,
emphasizing the application of steganographic methods for security and forensic purposes.
REQUIREMENTS:
The requirements are Hardware and Devices, Steg software, S-Tools, sample image,
Documentation Templates etc.
THEORY:
Steganography:
• The root “steganos” is Greek for “hidden” or “covered,” and the root “graph” is Greek
for “to write.” Steganography is the practice of hiding a secret message inside of (or
even on top of) something that is not secret.
• Examples of steganography involve embedding a secret piece of text inside of a
picture. Or hiding a secret message or script inside of a Word or Excel document. The
purpose of steganography is to conceal and deceive. It is a form of covert
communication and can involve the use of any medium to hide messages. • It’s not a
form of cryptography, because it doesn’t involve scrambling data or using a key.
Instead, it is a form of data hiding and can be executed in clever ways.
Types of Steganography?
1. Text steganography
Text steganography conceals a secret message inside a piece of text. The simplest version of
text steganography might use the first letter in each sentence to form the hidden message.
Other text steganography techniques might include adding meaningful typos or encoding
information through punctuation.
2. Image steganography
In image steganography, secret information is encoded within a digital image. This technique
relies on the fact that small changes in image color or noise are very difficult to detect with
the human eye. For example, one image can be concealed within another by using the least
significant bits of each pixel in the image to represent the hidden image instead.

3. Video steganography
Video steganography is a more sophisticated version of image steganography that can
encode entire videos. Because digital videos are represented as a sequence of consecutive
images, each video frame can encode a separate image, hiding a coherent video in plain
sight.
4. Audio steganography
Audio files, like images and videos, can be used to conceal information. One simple form of
audio steganography is “backmasking,” in which secret messages are played backwards on a
track (requiring the listener to play the entire track backwards). More sophisticated
techniques might involve the least significant bits of each byte in the audio file, similar to
image steganography.
5. Network steganography
Last but not least, network steganography is a clever digital steganography technique that
hides information inside network traffic. For example, data can be concealed within the
TCP/IP headers or payloads of network packets. The sender can even impart information
based on the time between sending different packets.
⚫ Download Stools

Extract the zip file in particular folder
EXAMINATION:
Step 1: Write a secret message in .txt format (Ex: evidence a.txt).
Step 2: Open the S tools

Step 3: Drag the original-zebras.bmp file and drop it into S tools
Step 4: Using S-Tools, drag and drop the secret message file on top of image file.

5: Now to encrypt the stego file. Create a new password for the encryption and click on the
“OK” button.
Step 6: generate a new stego image. To save the stego file, right-click on the image and select
the “Save as...” option.

Step 7: Specify the destination to save the stego image and click on the “Save” button in
order to save the file use .BMP extention.
Step 8: Now, to extract the concealed information from the stego image, run the S-Tools and
then drag and drop suspected file into it. Right-click on the image and select the “Reveal”
option from the top-down menu.
Step 9: “Revealed Archive” window displaying the secret message file name.

Step 10 : Now, Right-click on the file name and then select the “Save as…” option to save it
in a location. Next check the extracted file.

PRACTICAL : 4
AIM: Implementation of MITM- attack using wireshark /
network sniffers.
 Wireshark or Ettercap
We’ll need a client machine as well whose network traffic we will spoof and sniff to get cleartext
submission of passwords from certain vulnerable websites.
Ettercap is GUI based tool built into Kali so need to download and install anything, so let's get started
doing a MiTM attack with Ettercap.
Step #1: Start ettercap
Let's view the help file for ettercap by typing;

kali > ettercap -h
Enrollment No.:-210303105321
As you can see, ettercap has a significant help file for running it from a command line, but the only thing
we need from here is the switch to run it in graphical mode. In the bottom line of the screenshot (not the
bottom line of the actual help file as I have truncated it in the interest of space), you can see the -G switch.
This after the command ettercap will launch the ettercap GUI.
Kali > Ettercap -G
When we do, the ettercap GUI will start as seen below.
The first step in launching our MiTM attach is to start sniffing. Go to pulldown menu
that says "Sniff" and click on "Sniffing at startup".
When we do that, it asking us what interface we want to use and defaults to eth0.
Then click on TICK mark
When we click "OK", ettercap launches it sniffing and loads its plugins.
Our next step to find the hosts on the network. Click on the "Hosts" tab and you will
see a menu that includes "Scan for Hosts". Click on it and ettercap will begin scanning
the network for hosts.
Now, using that same "Hosts" tab, click on "Hosts List". This will display all the hosts
that ettercap has discovered on your network as seen in the screenshot below.
Now, select one of the hosts that will be the target of this attack in the window by clicking on it and then
click on "Add to Target 1" at the bottom of the window. When you do so, ettercap will add that host as the
first target in our MiTM attack as seen in the screenshot below.
Next, select the second host in this attack and then click "Add to Target 2".
Finally, go to the menu above and click on MITM tab and the drop down menu will have a selection
called "ARP Poisoning" as seen in the screenshot below.
Select it and it will open a pop window like below. Select "Sniff remote connections". When we press
OK, ettercap will begin ARP poisoning and you will see ettercap respond in its main windows with the
message below.
Now, we have successfully placed ourselves between the two targets systems and all
their traffic must flow through us. This is where the fun begins as we can now delete,
manipulate, impersonate and view all their traffic.
NOW open any browser on target IP address system and open any HTTP websites of
LOGIN PAGE type your id and password then it will show output in ettercap output
panel.
 WIRESHARK:-
A basic setup is complete and victim network traffic will now pass through the attacker machine.
To listen to these packets, we will use Wireshark (To know about the basics of Wireshark, read
our article here)
• Open up a new terminal and type wireshark. Go to the interface which is capturing all the data
flow (here eth0) and start the capture.
• Filter out packets according to what you are looking for. For the purpose of this demo, the user is
logging in to a vulnerable website DVWA which uses HTTP instead of the secure version HTTPS.
Filter protocol as http and search for required data.
Disclaimer: This tutorial is purely intended for educational purposes and should not be misused.
• Right click on the packet and follow TCP stream to open up the data contained within.
We can clearly obtain the login credentials of the user, that is the username and password.
MITM is one of the classic hacks and on a LAN connection, ARP spoofing is much preferred.
Today there have been various measures to prevent such an attack by use of HTTPS, use of VPN
and, strong WEP/WAP encryption on access points.
Practical No : 05
Aim: Implementation of Windows security using firewalls and other tools.
Tools: Windows Defender Firewall
Description:
Windows Firewall is a security feature that helps to protect your device by filtering
network traffic that enters and exits your device. This traffic can be filtered based on
several criteria, including source and destination IP address, IP protocol, or source and
destination port number. Windows Firewall can be configured to block or allow
network traffic based on the services and applications that are installed on your device.
This allows you to restrict network traffic to only those applications and services that
are explicitly allowed to communicate on the network.
The default behavior of Windows Firewall is to:
 block all incoming traffic, unless solicited or matching a rule

 allow all outgoing traffic, unless matching a rule
Firewall rules
Firewall rules identify allowed or blocked network traffic, and the conditions for this
to happen. The rules offer an extensive selection of conditions to identify traffic,
including:
• Application, service or program name

• Source and destination IP addresses
• Can make use dynamic values, like default gateway, DHCP servers, DNS
servers and local subnets
• Protocol name or type. For transport layer protocols, TCP and UDP, you can
specify ports or port ranges. For custom protocols, you can use a number
between
0 and 255 representing the protocol
 Interface type
• ICMP/ICMPv6 traffic type and code
Enrollment No.:- 210303105321

Implementation:
How Can You Blocked the Program?
Step: 1 Open Windows defender Firewall
Step: 2 Select Advance Settings
Step : 3 Select outbound Rules

Step : 4 Select New Rule
Step : 5 Select Program and Click on a next Button
Step : 6 Give the path of Program which you want to Block

For Example Chrome Browser
Step 7 : Select Block Connection Option
Select all 3 boxes and Click on a next button

Step : 8 Give a Name to your Created rule and Click on a finish Button
You can see that rule is created

Now go to the Chrome Browser and Search you are not able to access chrome
browser.

Cs Practical-1

Uploaded by

Copyright:

Available Formats

Cs Practical-1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cs Practical-1

Uploaded by

Copyright:

Available Formats

FACULTY OF ENGINEERING & TECHNOLOGY

Subject Name: Cyber Security Laboratory

Requirements: Laptop, who.is, n map, angry ip scanner

Step 1: search who.is in web browser

Enrollment No. : 210303105321

Step 2: open the who.is tool

Enrollment No. : 210303105321

Enrollment No. : 210303105321

o It is used for auditing network systems as it can detect new servers.

 Port scanning using Nmap:

Step 1: Install Nmap in Windows

Step 2: Open Nmap

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Step 5: Open Command prompt Run as administrator To

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

How to Install and Use Iptables Linux Firewall

Enrollment No. : 210303105321

Types of tables in iptables

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Now try to ping on both devices its working or not.

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

To resume the https request in browser by accept rule

Enrollment No. : 210303105321

Enrollment No. : 210303105321

AIM: Implementation of Steganography

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Extract the zip file in particular folder

Step 2: Open the S tools

Enrollment No. : 210303105321

Step 3: Drag the original-zebras.bmp file and drop it into S tools

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Enrollment No. : 210303105321

Step #1: Start ettercap

Let's view the help file for ettercap by typing;

Kali > Ettercap -G

When we do, the ettercap GUI will start as seen below.

Then click on TICK mark

Aim: Implementation of Windows security using firewalls and other tools.

Tools: Windows Defender Firewall

The default behavior of Windows Firewall is to:

 block all incoming traffic, unless solicited or matching a rule

• Application, service or program name

Enrollment No.:- 210303105321

Step: 1 Open Windows defender Firewall