INDEX

Practical 1
Aim : Using the tools for whois, traceroute, email tracking, google
hacking.
Tools: Ping, Tracert using ping, NSLookup, SmartWhois, HTTrack
Website Copier, eMailTracker Pro

Tool 1: Ping (Packet INternetGropher)

The ping command works by sending special Internet Protocol (IP) packets,
called Internet Control Message Protocol (ICMP) Echo Request datagrams, to a
specified destination. Each packet sent is a request for a reply. The output
response
for a ping contains the success ratio and round-trip time to the destination. From
this information, it is possible to determine if there is connectivity to a
destination. The ping command is used to test the NIC transmit and receive
function, the TCP/IP configuration, and network connectivity.

STEPS:

• To ping a computer using the ‘ping’ command open command prompt.

 • To specify the data length in bytes we use –l switch

• To specify that the packet should not be fragmented we use –f.

To Check for connectivity to particular IP address or hostname or website

namePing www.google.com
To find out the maximum frame size on the network
Ping www.google.com -f -l 1500
The –l value needs to be adjusted till we get a reply. The border where the reply
is received is said to be its
MTU (Maximum Transmission Unit)
To find out what happens when TTL expires
Ping www.google.com -i 3

Tool 2 : Tracert using ping (Using ping to emulate tracert)

This command is a computer network diagnostic tool for displaying or tracing
the route (path) between the sender and destination host. Traceroute can be
performed by using the –n and –i switches

STEPS:

The -n option tells the ping command to send 5 ICMP Echo Requests
instead of the default of 4
The -l option sets the packet size for each request to 1500 bytes
instead of the default of 32 bytes. ping www.google.com -i 1 -n
1
Keep on increasing the i value until the www.google.com site directly
replies to the ping. At each i value, the device in
the route will reply back.
Tool 3: NSLookup
NSLookup is used to perform DNS Foorprinting by using the windows
command nslookup.
Type nslookup in command prompt and then check the ‘set type=’
for SOA, NS, A, PTR, CNAME, MX, SRV

STEPS:

Use the -type=soa option to tell nslookup to display the authoritative name server.
Using the option -type=ns gives you the names of the servers which actually
belong to the msft.net domain), according to our DNS's (non-authoritative)
information.

You can query a domain for its MX Record using the -type=mx option
The MX Record is a map of mail exchange servers for a domain.
When you send email to a domain, for example "@microsoft.com",
mail is routed to Microsoft's MX servers.
Use -type=ptr if you know the IP address and what to find the
domain name.

Using set q=CNAME you can know the Canonical Name

Using SRV Command
Tool 4: SmartWhois
SmartWhois is a network information utility that allows you to look up most
available information on a hostname, IP address or domain SmartWhois
helps you to search for information such as:
The owner of the domain
The domain registration date and the owner’s contact information
The owner of die IP address block
STEPS :

Open SmartWhois

Write the website name in IP, host or domain text field and press enter. It
will show the detail of the website.
Tool 5: HTTrack Website Copier
HTTrack Website Copier is an Offline browser utility that allows you to
download a World Wide Web site through the Internet to your local directory.
STEPS:

Start > Programs >HTTrack Website Copier

Click on ‘Next’ to create Project and give a name to project and Click on ‘Next’.

Click on ‘Add URL’ and give the URL of the site to mirror from.
Any additional options that need to be set, can be set from the ‘Set Options’
menu, then click ‘Next’
By default, the radio button will be selected for Please adjust connection
parameters if necessary, then press FINISH to launch the mirroring
operation.
The mirroring of the site now begins. The site will be downloaded and saved in
the C:\My Web Sites\<Project Name>
Tool 6: eMailTracker Pro
The objective of using eMailTrackerPro is to:
Trace an email to its true geographical source
Collect Network (ISP) and domain Whoisinformation for any email traced

STEPS:

Start > Programs >eMailTracker Pro

Click on ‘Trace an email I have received’, then copy the email header fields
under the ‘Enter Details’ and then click on Trace
The results shows a location map, the Trace Route below and the
Whois/Network/Email summary in the right columns.

To view the HTML Report of it, go to the “My Trace Reports” tab and then click on
the “HTML Report” button.
 Practical 2
Aim: Using the tools for scanning network, IP fragmentation, war dialing
countermeasures, SSL Proxy, Censorship circumvention.

Tools: Advanced IP Scanner, AMap, NMap, CurrPorts, GFI Languard

2012, LANSurveyor, HTTPort/HTTHost, MegaPing, G-Zapper, Colasoft
Packet Builder, The Dude

Tool 1: Advanced IP Scanner

Advanced IP Scanner is a free network scanner that gives you various types of
information regarding local network computers. This tool is used to:
Perform a system and network scan
Enumerate user accounts
Execute remote penetration
Gather information about local network computers

STEPS:

On the attacker’s machine: Start > Programs> Advanced IP Scanner

Then start the victim’s machine
Switch back to the attacker’s victim
In the main window of Advanced IP Scanner, enter IP address range in the ‘Select Range’
field
Click Scan to start the scan

Advanced IP Scanner scans all the IP addresses within the range and displays the scan results
after completion
It will detect the victim’s IP address and display the status as live
Right-click any of the detected IP addresses. It will list Wake-On-LAN, Shut down, and Abort
Shut down.
The list displays properties of the detected computer, such as IP address, Name, MAC, and
NetBIOS information.
You can forcefully Shutdown, Reboot, and Abort Shutdown the selected victim machine/IP
address
Now you have the IP address, Name, and other details of the victim machine
Tool 2: Amap
Amap determines the applications running on each open port. With this tool you
can:
Identify the application protocols running on open ports 80
Detect application protocols

STEPS:
Start > Programs > Command Prompt
Navigate to the Amap directory
Type ‘amap www.certifiedhacker.com 80’, and press Enter
You can see the specific application protocols running on the entered host name
and the port 80.
Tool 3: Nmap
Nmap (Zenmap is the official Nmap GUI) is a free, open source (license) utility
for network exploration and security auditing. With the help of this tool you
can:
Scan TCP and UDP ports
Analyze host details and their topology
Determine the types of packet filters
Record and save all scan reports
Compare saved results for suspicious ports

STEPS:

Start > Programs >Zenmap. The Nmap - Zenmap GUI window appears.
Enter the victim virtual machine IP address in the ‘target’ text field. You are
performing a network inventory for the victim virtual machine
In the ‘Profile’ text field, select from the drop-down list, the type of profile you
want to scan. In this lab, select
‘Intense Scan’ and click ‘Scan’ to start scanning the virtual machine Nmap
scans the provided IP address with Intense scan and displays the scan result
below the Nmap Output tab.
Click the Ports/Hosts tab to display more information on the scan results.
Nmap also displays the Port, Protocol, State,
Service, and Version of the scan
Click the Topology tab to view Nmap’s topology for the provided IP address in
the Intense scan Profile

Click the Host Details tab to see the details of all hosts discovered during the
intense scan profile
Click the Scans tab to scan details for provided IP addresses.
Now, click the Services tab located in the right pane of the window. This tab
displays the list of services.

Click the http service to list all the HTTP Hostnames/lP addresses, Ports, and
their states (Open/Closed).
Click the msrpc service to list all the Microsoft Windows RPC.

Click the netbios-ssn service to list all NetBIOS hostnames.

Xmas Scan
Xmas scan sends a TCP frame to a remote device with URG, ACK, RST, SYN,
and FIN flags set. FIN scans only with OS TCP/IP developed according to RFC
793.

On the Profile tab, enter Xmas Scan in the Profile name text field.
Click the Scan tab, and select Xmas Tree scan (-sX) from the TCP scans:
dropdown list.
Select None in the Non-TCP scans: drop-down list & Aggressive (-T4) in
Timing template list & click Save Changes

Enter the IP address in the Target field, select the Xmas scan option from the
Profile field and click Scan
Nmap scans the target IP address provided and displays results on the Nmap
Output tab.
Click the Services tab located at the right side of the pane. It displays all the
services of that host.
ACK Flag Scan

Attackers send an ACK probe packet with a random sequence number. No

response means the port is filtered and an RST response means the port is
not filtered.
To perform an ACK Flag Scan for a target IP address, create a new profile. Click Profile >
New Profile or Command Ctrl+P.
On the Profile tab, input ACK Flag Scan in the Profile name text field.

To select the parameters for an ACK scan, click the Scan tab in the Profile Editor window,
select ACK scan (-sA) from the Non-TCP scans drop-down list, and select None for all the
other fields but leave the Targets field empty.
Now click the Ping tab and check IPProto probes (-PO) to probe the IP address, and then click
Save Changes.

In the Zenmap main window, input the IP address of the victim virtual machine,
select ACK Flag Scan from Profile drop-down list, and then click Scan.
Nmap scans the target IP address provided and displays results on Nmap Output
tab.
Tool 4: CurrPorts
CurrPorts is network monitoring software that displays the list of all currently
opened TCP/IP and UDP ports on your local computer. With the help of this
tool you can:
Scan the system for currently opened TCP/IP and UDP ports
Gather information on the ports and processes that are opened
List all the IP addresses that are currently established connections
Close unwanted TCP connections and kill the process that opened the ports
STEPS:

Start > Programs >CurrPorts. It automatically displays process name, ports, IP

and remote addresses, and their states
CurrPorts lists all the processes and their IDs, protocols used, local and remote
IP address, local and remote ports, and remote host names

To view only the selected report as HTML page, select reports and click View > HTML
Reports - Selected Items

To view all the reports as an HTML page, click View > HTML Report - All
Items
To view the properties of a port, select the port and click File > Properties

To close a TCP connection you think is suspicious, select the process and click
File > Close Selected TCPConnections (or Ctrl+T)
To exit from the CurrPorts utility, click File > Exit. The CurrPorts window
closes

Tool 5: GFI Languard 2012

GFI LanGuard scans networks and ports to detect, assess, and correct any
security vulnerabilities that are found. With the help of this tool you can:
Perform a vulnerability scan
Audit the network
Detect vulnerable ports
Identify security vulnerabilities
Correct security vulnerabilities with remedial action

STEPS:

Start > Programs > GFI LanGuard

Click ‘Launch a Scan’ option to perform a network scan
Launch a New scan window will appear
In the Scan Target option, select localhost from the drop-down list
In the Profile option, select Full Scan from the drop-down list
In the Credentials option, select currently logged on user from the drop-down
list
Click Scan.
Scanning will start; it will take some time to scan the network. After completing
the scan, the scan result will be shown in the left panel
To check the Scan Result Overview, click IP address of the machine. It shows
the Vulnerability Assessment and Network & Software Audit.
Click Vulnerability Assessment. It shows all the Vulnerability Assessment
indicators by category
Click Ports and under this click Open TCP Ports
Click System Information in the right side panel; it shows all the details of the
system information

Click Password Policy

Click Groups; it shows all the groups present in the system

Click the Dashboard tab; it shows all the scanned network information
Tool 6: LANSurveyor
LANSurveyor discovers a network and produces a comprehensive network
diagram that integrates OSI Layer 2 and Layer 3 topology data. With the help of
this tool you can:
Draw a map showing the logical connectivity of your network and navigate
around the map
Create a report that includes all your managed switches and hubs

STEPS:
Start > Programs >LANSurveyor. Review the limitations of the evaluation
software and then click ‘Continue with Evaluation’ to continue the evaluation.
The Getting Started with LANsurveyor dialog box is displayed. Click Start
Scanning Network

The Create A Network Map window will appears; in order to draw a network
diagram enter the IP address in Begin Address and End Address, and click Start
Network Discovery
LANsurveyor displays the map of your network
Tool 7: HTTPort/HTTHost
HTTPort is a program from HTTHost that creates a transparent tunnel through a
proxy server or firewall. HTTPort creates a transparent tunneling tunnel through
a proxy server or firewall.
HTTPort allows using all sorts of Internet Software from behind the proxy. It
bypasses HTTP proxies and HTTP, firewalls, and
transparent accelerators.

STEPS:
Open HTTHost folder and double click htthost.exe. The HTTHost wizard will open; select the
Options tab. On the
Options tab, set all the settings to default except Personal Password field, which should be
filled in with any other password. In this lab, the personal password is ‘magic’
Check the Revalidate DNS names and Log Connections options and click Apply.

Now leave HTTHost intact, and don’t turn off Windows Virtual Machine.
Now switch to other Windows Virtual Machine, and install HTTPort,
doubleclick httport3snfm.exe and follow the wizard-driven installation steps.
Start HTTPort. Start > Programs >HTTPort
Select the Proxy tab and enter the hostname or IP address of victim machine
(First Virtual Machine).
You cannot set the Username and Password fields.
In the User personal remote host at section, click start and then stop and then
enter the targeted Host machine IP address and port, which should be 80. Here
any password could be used. Enter the password as ‘magic’
Select the Port Mapping tab and click Add to create New Mapping
Select New Mapping Node, and right-click New Mapping, and click Edit
Rename this to ftp certified hacker, and select Local port node; then right-click Edit and enter
Port value to 21. Now right click on Remote host node to Edit and rename it as
ftp.certifiedhacker.com. Now right click on Remote port node to Edit and
enter the port value to 21.

Click Start on the Proxy tab of HTTPort to run the HTTP tunneling.
Now switch to the first Windows virtual machine and click the Applications log
tab. Check the last line if Listener listening at 0.0.0.0:80, and then it is running
properly.
Now switch to the second Windows virtual machine and turn ON the Windows Firewall. Go
to Windows Firewall with Advanced Security
Select Outbound rules from the left pane of the window, and then click New Rule in the right
pane of the window. In the New Outbound Rule Wizard, select the Port option in the Rule
Type section and click Next
Now select All remote ports in the Protocol and Ports section, and click Next
In the Action section, select the Block the connection option and click Next
In the Profile section, select all three options. The rule will apply to Domain, Public and
Private and then click Next
Type Port 21 Blocked in the Name field, and click Finish
The new rule Port 21 Blocked is created. Right-click the newly created rule and
select Properties
Select the Protocols and Ports tab. Change the Remote Port option to Specific
Ports and enter the Port number as 21.
Leave the other settings as their defaults and click Apply then click OK.
Type ftp ftp.certifiedhacker.com in the command prompt and press Enter. The
connection is blocked in the first Windows virtual machine by firewall.
Now open the command prompt on the second Windows virtual machine and
type ftp 127.0.0.1 and press Enter
Tool 8: MegaPing
MegaPing is an ultimate toolkit that provides complete essential utilities for
information system administrator and IT
solution providers. MegaPing security scanner checks your network for
potential vulnerabilities that might be used to attack your network, and saves
information in security reports. With the help of this tool you can:
Ping a destination address list
Traceroute
Perform NetBIOS scanning

STEPS:

Start > Programs >MegaPing

Select any one of the options from the left pane of the window.
Select IP scanner, and type in the IP range in the From and To field and click
Start.

You can select the IP range depending on your network. It will list down all the
IP addresses under that range with their TTL (Time to Live),
Status (dead or alive), and the statistics of the dead and alive hosts

Select the NetBIOS Scanner from the left pane and type in the IP range in the
From and To fields and click Start. The NetBIOS scan will list all the hosts with
their NetBIOS names and adapter addresses
Right-click any IP address and select the Traceroute option. It will open the
Traceroute window, and will trace the IP address selected.
Select Port Scanner from the left pane and add www.certifiedhacker.com in the
Destination Address List and then click the Start button. After clicking the
Start button it toggles to Stop. It will lists the ports associated with
www.certifiedhacker.com with the keyword, risk, and port number.
Tool 9: G-Zapper
G-Zapper is a utility to block Google cookies, clean Google cookies, and help
you stay anonymous while searching online.
G-Zapper helps protect your identity and search history. G-Zapper will read the
Google cookie installed on your PC, display the date it was installed, determine
how long your searches have been tracked, and display your Google searches.
G-Zapper allows you to automatically delete or entirely block the Google search
cookie from future installation.

STEPS:

Start > Programs > G-Zapper

To delete the Google search cookies, click the Delete Cookie button; a window
will appear that gives information about the deleted cookie location. Click OK
To block the Google search cookie, click the Block cookie button. A window
will appear asking if you want to
manually block the Google cookie. Click Yes
It will show a message that the Google cookie has been blocked. To verify,
click OK

To test the Google cookie that has been blocked, click the Test Google button.
Your default web browser will now open to Google’s Preferences page. Click
OK
To view the deleted cookie information, click the Setting button, and click View
Log in the cleaned cookies log. The deleted cookies information opens in
Notepad.
Tool 10: Colasoft Packet Builder
The Colasoft Packet Builder is a useful tool for creating custom network
packets. Colasoft Packet Builder creates and enables custom network packets.
This tool can be used to verify network protection against attacks and intruders.
Colasoft Packet Builder features a decoding editor allowing users to edit
specific protocol field values much easier. Users are also able to edit decoding
information in two editors: Decode Editor and Hex Editor. Users can select any
one of the provided templates: Ethernet Packet, IP Packet, ARP Packet, or TCP
Packet.
STEPS:

Start > Programs >Colasoft Packet Builder

Before starting of your task, check that the Adapter settings are set to default
and then click OK.
To add or create the packet, click Add in the menu section. When an Add
Packet dialog box pops up, you need to select the template and click OK. You
can view the added packets list on your right-hand side of your window.
Colasoft Packet Builder allows you to edit decoding information in the two
editors: Decode Editor and Hex Editor.
To send all packets at one time, click Send All from the menu bar. Check the
Burst Mode option in the Send All Packets
dialog window, and then click Start.
To export the packets sent from the File menu, select File > Export > All
Packets.
Tool 11: The Dude
The Dude network monitor is a new application that can dramatically improve
the way you manage your network
environment. The Dude automatically scans all devices within specified
subnets, draws and lays out a map of your networks, monitors services of your
devices, and alerts you in case some service has problems.

STEPS:
Start > Programs >The Dude
Click the Discover button on the toolbar of the main window. The Device
Discovery window appears.
In the Device Discovery window, specify Scan Networks range, select default
from the Agent drop-down list, select
DNS, SNMP, NETBIOS, and IP from the Device Name Preference drop-down
list, and click Discover.
Once the scan is complete, all the devices connected to a particular network will
be displayed.

Select a device and place the mouse cursor on it to display the detailed
information about that device. Now, click the down arrow for the Local
dropdown list to see information on History Actions, Tools, Files, Logs, and so
on.
Select options from the drop-down list to view complete information. As
described previously, you may select all the other options from the
dropdown list to view the respective
information. Once scanning is complete, click the button to disconnect
 Practical 3
Aim: Using NETBIOS Enumeration tool, SNMP Enumeration tool, LINUX/
UNIX. enumeration tools, NTP Enumeration tool, DNS analyzing and
enumeration tool.

Tools: Null session with NMap, SuperScan, NetBIOS Enumerator,

SolarWinds Toolset, Hyena, SoftPerfect Network Scanner.

Tool 1: Null session with NMap

Enumeration is the process of extracting user names, machine names, network
resources, shares, and services from a system. Enumeration techniques are
conducted in an intranet environment.

STEPS:

Steps:
Start > Programs >Nmap-Zenmap GUI
Perform the nmap -O scan to find the open ports running on the target/victim
machine
If Ports 139 and 445 are open then the machine can be NetBIOS enumerated.
Run Nbtstat by the command nbtstat -A <IPAddress>

To create a null scan, in the command prompt, type net use \\X.X.X.X\IPC$
““/u:”” (where X.X.X.X is the address of the host machine, and there are no
spaces between the double quotes). Confirm it by issuing a generic net use
command to see connected null sessions from your host. To confirm, type net
use, which should list your newly created null session.
Tool 2: SuperScan
SuperScan is a TCP port scanner, pinger, and resolver. The tool's features
include extensive Windows host enumeration capability,
TCP SYN scanning, and UDP scanning.

STEPS:
Start > Programs >SuperScan
Click the Windows Enumeration tab located on the top menu. Enter the Host
name/IP/URL in the text box.
Check the types of enumeration you want to perform. Now, click Enumerate.
SuperScan starts enumerating the provided host name and displays the results in
the right pane of the window.
Wait for a while to complete the enumeration process. After the completion of
the enumeration process, an Enumeration completion message displays.
Tool 3: NetBIOS Enumerator
Enumeration involves making active connections, so that they can be logged.
Typical information attackers look for in enumeration includes user account
names for future password guessing attacks. NetBIOS Enumerator is an
enumeration tool that shows how to use remote network support and to deal
with some other interesting web techniques, such as SMB.

STEPS:
Start > Programs > NetBIOS Enumerator
In the IP range to scan section at the top left of the window, enter an IP range in
from and to text fields. Click Scan.
NetBIOS Enumerator starts scanning for the range of IP addresses provided.
After the completion of scanning, the results are displayed in the left pane
of the window.
A Debug window section, located in the right pane, show’s the scanning of the
inserted IP range and displays Ready! after completion of the scan.
Tool 4: SolarWinds Toolset
The SolarWinds Toolset provides the tools you need as a network engineer or
network consultant to get your job done.
Toolset includes best-of-breed solutions that work simply and precisely,
providing the diagnostic, performance, and bandwidth measurements you
want, without extraneous, unnecessary features.

STEPS:

Configure SNMP services and select Start > Control Panel > Administrative
Tools > Services.
Double-click SNMP service. Click the Security tab, and click Add. The SNMP
Services Configuration window appears. Select READ ONLY from
Community rights and Public in Community Name, and click Add.
Select Accept SNMP packets from any host, and click OK.
Launch the tool. Start > Programs >SolarWinds Workspace Studio
Click External Tools, and then select Classic tools > Network Discovery > IP
Network Browser.
IP Network Browser will be shown. Enter the victim virtual machine IP address
and click Scan Device.
It will show the result in a line with the IP address and name of the computer
that is being scanned.
Now click the Plus (+) sign before the IP address. It will list all the information
of the targeted IP address.
Tool 5: Hyena
Hyena uses an Explorer-style interface for all operations, including right mouse
click pop-up context menus for all objects.
Management of users, groups (both local and global), shares, domains,
computers, services, devices, events, files, printers
and print jobs, sessions, open files, disk space, user rights, messaging, expo/ting
job scheduling, processes, and printing are all supported.

STEPS:
Tool 6: SoftPerfect Network Scanner
SoftPerfect Network Scanner is a free multi-threaded IP, NetBIOS, and SNMP
scanner with a modern interface and many advanced features.

STEPS:

Start > Programs >SoftPerfect Network Scanner

To start scanning your network, enter an IP range in the Range From field and
click Start Scanning.
The status bar displays the status of the scanned IP addresses at the bottom of
the window.
To view the properties of an individual IP address, right-click that particular IP
address.
 Practical 4
Aim: Study of System Hacking tool

Tools: PWdump7, LCP, RainbowCrack and WinRTGen, L0pthCrack,

Ophcrack, NTFS Streams, ADS Spy, Stealth Files Tool, Snow, Quick
Stego.

Tool 1: PWdump7
Pwdump7 can be used to dump protected files. You can always copy a used file
just by executing: pwdump7.exe -d
c:\lockedfile.dat backup-lockedfile.dat. Icon key

STEPS:
Open the command prompt and navigate to the PWdump7 folder
Now type pwdump7.exe and press Enter, which will display all the password
hashes

Now type pwdump7.exe > c:\sumanthpassword.txt in the command prompt, and

press Enter
This command will copy all the data of pwdump7.exe to the c:\hashes.txt file.
(To check the generated hashes you need to navigate to the C: drive)

Tool 2: LCP
Link Control Protocol (LCP) is part of the Point-to-Point (PPP) protocol. In PPP
communications, both the sending and receiving devices send out LCP packets
to determine specific information required for data transmission. LCP program
mainly audits user account passwords and recovers them in Windows 2008 and
2003. General features of this protocol are password recovery, brute force
session distribution, account information importing, and hashing. It can be used
to test
password security, or to recover lost passwords. The program can import from
the local (or remote) computer, or by loading a SAM, LC, LCS, PwDump or
Sniff file. LCP supports dictionary attack, brute force attack, as well as a hybrid
of dictionary and brute force attacks.

STEPS:

From the menu bar, select Import and then Import from PwDump File
computer.
Locate The sumanthpassword.txt File
It Will Show Imported File
Click On Play Button
It Will Perform Dictionary ,Brute Force And Hybrid Attack To Crack
Password.
Tool 3: RainbowCrack and WinRTGen
Winrtgen is a graphical Rainbow Tables Generator that supports LM, FastLM,
NTLM , LMCHALL, Half LMCHALL,
NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160,
MySQL323, MySQLSHA1, CiscoPIX, ORACLE,
SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes.
A rainbow table is a precomputed table for reversing cryptographic hash
functions, usually for cracking password hashes.
Tables are usually used in recovering plaintext passwords, up to a certain
length, consisting of a limited set of characters.

STEPS:
Double-click the winrtgen.exe file and click the Add Table button. Rainbow
Table properties window appears:
Select ntlm from the Hash drop-down list
Set the Min Len as 4, the Max Len as 9, and the Chain Count of 4000000
Select loweralpha from the Charset drop-down list (this depends on the
password) Click OK.
A file will be created; click OK.
Creating the hash table will take some time, depending on the selected hash and
charset. Created a hash table saved automatically in the folder containing
winrtgen.exe
RainbowCrack
RainbowCrack is a computer program that generates rainbow tables to be used
in password cracking. RainbowCrack
differs from "conventional" brute force crackers in that it uses large
precomputed tables called rainbow tables to reduce the length of time
needed to crack a password.

Steps:
Double-click the rcrack_gui.exe file. Click File, and then click Add Hash The
Add Hash window appears:
Navigate to c:\hashes, and open the hashes.txt file (which is already generated
using Pwdump7 located at c:\hashes.txt) Right-click, copy the hashes from
hashes.txt file
Paste into the Hash field, and give the comment (optional)
Click OK. The selected hash is added
To add more hashes, repeat the above step
Click the Rainbow Table from the menu bar, and click Search Rainbow Table
Browse the Rainbow Table that is already generated using WinRTGen and click
Open
It will crack the password
Tool 4: L0pthCrack
L0phtCrack is packed with powerful features, such as scheduling, hash
extraction from 64-bit Windows versions;
multiprocessor algorithms, and network monitoring and decoding. It can import
and crack UNIX password files and
remote Windows machines. L0phtCrack provides a scoring metric to quickly
assess password quality. Passwords are measured against current industry
best practices and are rated as Strong, Medium, Weak, or Fail.

STEPS:

Start > Programs > L0phtCrack6

Launch L0phtCrack, and in the L0phtCrack Wizard, click Next
Choose Retrieve from the local machine in the Get Encrypted Passwords wizard
and click Next
Choose Strong Password Audit from the Choose Auditing Method wizard and
click Next

In Pick Reporting Style, select all Display encrypted password hashes, click
Next and then click Finish
L0pthCrack6 shows an Audit Completed message, Click OK
Click Session options from the menu bar
Auditing options For This Session window appears:
Select the Enabled, Crack NTLM Passwords check boxes in Dictionary Crack.
Select the Enabled, Crack NTLM Passwords check boxes in Dictionary/Brute Hybrid Crack.
Select the Enabled, Crack NTLM Passwords check boxes in Brute Force Crack.
Select the Enable Brute Force Minimum Character Count check box.
Select the Enable Brute Force Maximum Character Count check box. Click
OK.
Click Begin from the menu bar. L0phtCrack cracks the administrator password
A report is generated with the cracked passwords
Tool 5: OphCrack
OphCrack is a free open source (GPL licensed) program that cracks Windows
passwords by using LM hashes through rainbow tables. Rainbow tables for LM
hashes of alphanumeric passwords are provided for free by developers. By
default,
OphCrack is bundled with tables that allow it to crack passwords no longer than
14 characters using only alphanumeric characters.

Steps:
Start > Programs >OphCrack
Click Load, and then click PWDUMP file.
Browse the PWDUMP file that is already generated by using PWDUMP7 and
click Open
Loaded hashes are shown

Click Table. The Table Selection window will appear

Note: You can download the free XP Rainbow Table, Vista Rainbow Tables
from http://ophcrack.sourceforge.net/tables.php
Select XP free fast, and click Install
The Browse For Folder window appears; select the table_xp_free_fast and click
OK
The selected table XP free fast is installed, it shows a green color ball which
means it is enabled. Click OK

Click Crack; it will crack the password

Tool 6: NTFS Streams
A stream consists of data associated with a main file or directory (known as the
main unnamed stream). Each fie and directory in NTFS can have multiple data
streams that are generally hidden from the user. NTFS supersedes the FAT file
system as the preferred file system for Microsoft Windows operating systems.
NTFS has several improvements over FAT and HPFS (High Performance File
System), such as improved support for metadata and use of advanced data
structures.

STEPS:
Create 2 files Sumanthfile1.txt and Sumanthfile2.txt
Put any content in it
Now in CMD navigate to the txt file path and hide Sumanthfile1.txt inside
Sumanthfile2.txt
Now Check the content of Sumanthfile1.txt which is hidden inside
Sumanthfile2.txt with the following command
Tool 7: ADS Spy
Ads Spy is a tool used to list, view, or delete Alternate Data Stream (ADS) on
Windows Server 2008 with NTFS file
systems. ADS Spy is a method of storing meta-information of files, without
actually storing the information inside the file it belongs to.

STEPS:
Double click to launch ADS Spy
Start an appropriate scan that you need. Click Scan the system for alternate data
streams.
Find the ADS hidden info file while you scan the system for alternative data
streams.

To remove the Alternate Data Stream, click Remove selected streams.

Tool 8: Stealth Files Tool
Stealth files use a process called steganography to hide any files inside of
another file. It is an alternative to encryption of files because no one can
decrypt the encrypted information/data from the files unless they know that
the hidden files exist.
STEPS:

Follow the wizard-driven installation instructions to install Stealth Files Tool

Launch Notepad and write Hello World and save the file as Readme.txt on the
desktop

Click Start > Programs > Stealth Files Tool

In the main window of Stealth Files 4.0, click Hide Files to start the process of
hiding the files and click Add files.

In Step 1, add the Calc.exe from c:\windows\system32\calc.exe

In Step 2 , choose the carrier file and add the file Readme.txt from the desktop

In Step 3, choose a password such as magic (you can type any desired
password)
Click Hide Files. It will hide the file calc.exe inside the readme.txt located on
the desktop
Open the notepad and check the file; calc.exe is copied inside it
Now open the Stealth files Control panel and click Retrieve Files
In Step 1, choose the file (Readme.txt) from desktop in which you have saved
the calc.exe
In Step 2, choose the path to store the retrieved hidden file. For this practical,
save it on the desktop
Enter the password magic (the password that is entered to hide the file) and
click on Retrieve Files!
The retrieved file is stored on the desktop
Tool 9: Snow
Snow is used to conceal messages in ASCII text by appending whitespace to the
end of lines. Because spaces and tabs are generally not visible in text viewers,
the message is effectively hidden from casual observers. And if the built-in
encryption is used, the message cannot be read even if it is detected. Snow
exploits the steganographic nature of whitespace. Locating trailing whitespace
in text is like finding a polar bear in a snowstorm. It uses the ICE encryption
algorithm, so the name is thematically consistent.

STEPS:

Open a command prompt and navigate to the folder ‘snow’

Open Notepad and type Hello World! and then press enter and press the Hyphen
key to draw a line below it
Save the file as readme.txt
Type this command in command shell: notepad sumanthreadme2.txt. It is the
name of another file that will be created automatically.
snow -C -m My swiss bank account number is 45656684512263 -p magic
sumanthreadme.txt sumanthreadme2.txt
(magic is the password, you can type your desired password also)
Now the data (“My Swiss bank account number is 45656684512263”) is hidden
inside the sumanthreadme2.txt the with the
contents of sumanthreadme.txt
The contents of sumanthreadme2.txt are sumanthreadme.txt + My Swiss bank
account number is 45656684512263.
Now type snow -C -p magic sumanthreadme2.txt: this will show the contents of
sumanthreadme.txt (magic is the password which was entered while hiding the
data)

To check the file in a GUI, open the sumanthreadme2.txt in Notepad and select
Edit > Select all. You will see the hidden data inside sumanthreadme2.txt in the
form of spaces and tabs
Tool 10: QuickStego
Steganography is the art and science of writing hidden messages in such a way
that no one, apart from the sender and intended recipient, suspects the existence
of the message, a form of security through obscurity. Steganography includes
the concealment of information within computer files. In digital steganography,
electronic communications may include stenographic coding inside of a
transport layer, such as a document file, image file, program, or protocol.
QuickStego hides text in pictures so that only other users of QuickStego can
retrieve and read the hidden secret messages.

STEPS:

Follow the wizard-driven installation steps to install QuickStego

Launch Quick Stego from Start menu apps, Start > Programs >QuickStego
Click Open Image in the Picture, Image, Photo File dialog box
Browse and select the image and then click Open
The selected image is added; it will show a message that reads: THIS IMAGE
DOES NOT HAVE A QUICK STEGO
SECRET TEXT MESSAGE
To add the text to the image, click Open Text from the Text File dialog box
Browse and select the text file and then click Open
The selected text will be added; click Hide Text in the Steganography dialog
box
It shows the following message: The text message is now hidden in image
To save the image (where the text is hidden inside the image) click Save Image
in the Picture, Image, Photo File dialog box
Provide the file name as stego, and click Save (to save this file on the desktop)
Exit from the QuickStego window. Again open QuickStego, and click Open
Image in the Picture, Image, Photo File dialog box
Browse the Stego file (which is saved on desktop)
The hidden text inside the image will appear
 Practical 5
Aim: Study of Denial of Service attack tools.
Tools: HPing3, DOSHTTP.

Tool 1: HPing3
Hping3 is a command-line oriented TCP/IP packet assembler/analyzer. Hping3
is a network tool able to send custom TCP/IP packets and to display target
replies like a ping program does with ICMP replies. Hping3 handles
fragmentation, arbitrary packets body, and size and can be used in order to
transfer files encapsulated under supported protocols. With the help of this
tool you can:
Perform denial-of-service attacks
Send huge amount of SYN packets continuously

STEPS:
Open terminal in Linux
sudo hping3 192.168.189.145 -S --flood --rand-source
Where -S stays to set SYN Flag, 80 is the port number to DOS attack and all
packets sent will seem to be coming from a random source
To view the packets on the victim’s machine, launch Wireshark and observe the
SYN packets
Tool 2: DoSHTTP
DoSHTTP is an HTTP flood denial-of-service (DoS) testing tool for Windows.
DoSHTTP includes port designation and reporting. HTTP flooding is an attack
that uses enormous useless packets to jam a web server. DoSHTTP is an HTTP
flood denial-of-service (DoS) testing tool for Windows. It includes URL
verification, HTTP redirection, and performance monitoring. DoSHTTP uses
multiple asynchronous sockets to perform an effective HTTP flood. DoSHTTP
can be used
simultaneously on multiple clients to emulate a distributed denial-of-service
(DDoS) attack. This tool is used by IT professionals
to test web server performance.

STEPS:

Start > Programs >DoSHTTP

The DoSHTTP main screen appears asking about free trial version. Click Try to
continue.
Enter the URL or IP address in the Target URL field. Select a User Agent,
number oft Sockets to send, and the type of Requests to send. Click Start.

Click OK in the DoSHTTP evaluation pop-up.

DoSHTTP sends asynchronous sockets and performs HTTP flooding of the
target network.
 Practical 6
Aim: Study of Web server Attack tools Tools:
HTTPRecon, IDServe.

Tool 1: HTTPRecon

The httprecon project undertakes research in the field of web server

fingerprinting, also known as http fingerprinting.
Httprecon is a tool for advanced web server fingerprinting, similar to httprint.
The httprecon project does research in the
field of web server fingerprinting, also known as http fingerprinting. The goal is
highly accurate identification of given httpd implementations.

STEPS:

Start > Programs >HTTPRecon

Enter the web site (URL) www.juggyboy.com that you want to footprint and
select the port number.
Click Analyze to start analyzing the entered web site. You should receive a
footprint of the entered web site.
Click the GET long request tab, which will list down the GET request. Then
click Fingerprint Details.
Tool 2: IDServe
IDServe is a simple,free, small (26 Kbytes), and fast general-purpose Internet
server identification utility. IDServe attempts to determine the domain name
associated with an IP. This process is known as a reverse DNS lookup and is
handy when checking firewall logs or receiving an IP address from someone.
Not all IPs that have a forward direction lookup (Domain-to-IP ) have a reverse
(IP-to-Domain) lookup, but many do.

STEPS:
Start > Programs >IDServe
Click the Server Query tab. In option 1, enter (or copy/paste an Internet server
URL or IP address) the web site (URL) you want to footprint.
Click Query the Server to start querying the entered web site.
After the completion of the query. IDServe displays the results of the entered
web site.
 Practical 7
Aim:Using Cryptanalysis Tools
Tools: HashCalc, MD5Calculator, AES Encryption Package, TrueCrypt,
Cryptool, BCText Encoder, ROHOS DiskEncryption.

Tool 1: HashCalc
HashCalc enables you to compute multiple hashes, checksums, and HMACs for
files, text, and hex strings. It supports
MD2, MD4, MD5, SHA1, SHA2 (SHA256, SHA384, SHA512), RIPEMD160,
PANAMA, TIGER, CRC32, ADLER32,
and the hash used in eDonkey and eMule tools.
HashCalc is a fast and easy-to-use calculator that allows computing message
digests, checksums, and HMACs for files, as well as for text and hex strings. It
offers a choice of 13 of the most popular hash and checksum algorithms for
calculations.

STEPS:

Start > Programs >HashCalc

From the Data Format drop-down list, select File. Enter/Browse the data to
calculate.
Choose the appropriate Hash algorithms and check the check boxes.
Now, click Calculate.
Document all Hash, MD5, and CRC values for further reference.
Tool 2: MD5Calculator
MD5 Calculator is a simple application that calculates the MD5 hash of a given
file. It can be used with big files (some
GB). It features a progress counter and a text field from which the final MD5
hash can be easily copied to the clipboard.
MD5 Calculator is a bare-bones program for calculating and comparing MD5
files. While its layout leaves something to bedesired, its results are fast and
simple.

Steps:
To find MD5 Hash o f any file, right-click the file and select MD5 Calculator
from the context menu.
Note: Alternatively, you can browse any file to calculate the MD5 hash and
click the Calculate button to calculate the MD5 hash of the file.

You have a certain text file

Right click on file and select MD5 Calculator

MD5 Calculator shows the MD5 digest of the selected file.

If You Modify The Previous Text File And Save It And Then Compare To The
Previous Digest Generated It Will Display A Not Equal To Sign ie The MD5
Digest Does Not Match
Tool 3: AES Encryption Package
Advanced Encryption Package is most noteworthy for its flexibility; not only
can you encrypt files for your own protection,
but you can easily create ‘self-decrypting’ versions of your files that others can
run without needing this or any software.

STEPS:
Start > Programs > Advanced Encryption Package
The Register Advanced Encryption Package 2013 trial period window appears.
Click Try Now!
The main window of Advanced Encryption Package appears
Select a sample file to encrypt. Click Encrypt. It will ask you to enter the
password.
Type the password in the Password field, and again type the password in the
Again field.
Click Encrypt Now! The encrypted sample file can be shown in the same
location of the original file.
To decrypt the file, first select the encrypted file. Click Decrypt; it will prompt
you to enter the password.
Click Decrypt Now!
Tool 4: TrueCrypt
TrueCrypt is a software system for establishing and maintaining an on-the-fly
encrypted data storage device. On-the-fly encryption means that data is
automatically encrypted or decrypted right before it is loaded or saved, without
any user intervention.

STEPS:

Start > Programs >TrueCrypt

Select the desired volume to be encrypted and click Create Volume.
The TrueCrypt Volume Creation Wizard window appears. Select the Create an
encrypted file container option. This option creates a virtual encrypted disk
within a file. By default, the Create an encrypted file container option is
selected. Click Next to proceed.

In the next step of the wizard, choose the type of volume. Select Standard
TrueCrypt volume; this creates a normal
TrueCrypt volume. Click Next to proceed.

In the next wizard, select Volume Location. Click Select File. Select desired
location; provide File name and Save it.
After saving file, Volume Location wizard continues. Click Next to proceed.
Encryption Options appear in wizard.
Select AES Encryption Algorithm and RIPEMD-160 Hash Algorithm and click
Next.
In next step, Volume Size option appears. Specify the size of the TrueCrypt
container to be 2 MB and click Next.

The Volume Password option appears. This is one of the most important steps.
Read the information displayed in the
wizard window on what is considered a good password carefully. Provide a
good password in the first input field, re-type it in the Confirm field, and
click Next.
The Volume Format option appears. Select FAT Filesystem, and set the cluster
to Default. Move your mouse as randomly as possible within the Volume
Creation Wizard window at least for 30 seconds.
Click Format.

After clicking Format volume creation begins. TrueCrypt will now create a file
called MyVolume in the provided
folder. This file depends on the TrueCrypt container. Depending on the size of
the volume, the volume creation may take a long time. After it finishes, a
dialog box appears. Click OK to close the dialog box.
You have successfully created a TrueCrypt volume (file container). In the
TrueCrypt Volume Creation wizard window, click Exit.

To mount a volume, launch TrueCrypt. In the main window of TrueCrypt. click

Select File.
In the file selector, browse to the container file, select the file, and click Open.
The file selector window disappears and returns to the main TrueCrypt window.
Click Mount.
The Password prompt dialog window appears. Type the password (which you
specified earlier for this volume) in the Password input field and click OK.
The Virtual disk has been successfully mounted. The virtual disk is entirely
encrypted (including file names,
allocation tables, tree space, etc.) and behaves like a real disk. You can save (or
copy, move, etc.) files to this virtual disk and they will be encrypted on the fly
as they are being written.
To dismount a volume, select the volume to dismount and click Dismount. The
volume is dismounted.
Tool 5: Cryptool
CrypTool is a freeware program that enables you to apply and analyze
cryptographic mechanisms. It has the typical look
and feel of a modern Windows application. CrypTool includes every state-
ofthe-art cryptographic function and allows you to learn and use
cryptography within the same environment.

STEPS:

Start > Programs >CrypTool

The How to Start dialog box appears. Check Don’t show this dialog again and
click Close.
The main window of CrypTool appears
To encrypt the desired data, click the File option and select New from the menu
bar.
Type a few lines in the opened Unnamed1 Notepad of CrypTool.
On the menu bar, select Encrypt/Decrypt, Symmetric (modern), and select any
encrypting algorithm. Select the RC2 encrypting algorithm.
In the Key Entry: RC2 wizard, select Key length from the drop-down list. Enter
the key using hexadecimal characters and click Encrypt.
RC2 encryption of Unnamed1 notepad will appear.
To Decrypt select Encrypt/Decrypt from menu bar ,select the algorithm you
choose , number of bits and the hash value earlier Click Decrypt.
It will show the Decrypted message.
Tool 6: BCText Encoder
BCTextEncoder simplifies encoding and decoding text data. Plaintext data is
compressed, encrypted, and converted to text format, which can then be easily
copied to the clipboard or saved as a text file.

STEPS:
Double-click the BCTextEncoder.exe file. The main window of
BCTextEncoder appears.
To encrypt the text, type the text in Clipboard (OR) select the secret data and
put it to clipboard with Ctrl+V.
Click Encode.

The Enter Password window will appear. Set the password and confirm the
same password in the respective fields. Click OK.
The encoded text appears
To decrypt the data, you first clean the Decoded plain text clipboard. Click the
Decode button
The Enter password for encoding text widow will appear. Enter the password in
the Password held, and click OK.

Decoded plaintext appears

Tool 7: ROHOS Disk Encryption
ROHOS Disk Encryption creates hidden and password protected partitions in
the computer or USB flash drive with megabytes of sensitive files and
private data on your computer or USB drive. ROHOS Disk uses NIST-
approved AES encryption algorithm, and 256 bit encryption key length.
Encryption is automatic and on-the-fly.

STEPS:
To install ROHOS Disk Encryption, double-click the rohos.exe file and follow
the instructions
After installation, the ROHOS Get Ready Wizard window will appear.
Specify the password to access the disk in the respective
field. Click Next.

The Setup USB Key window appears. Read the information, and click Next.
The ROHOS Updates window appears. Click Finish. The encrypted disk is
created successfully.
To decrypt the disk, click Disconnect.
After decrypting the disk, it will be displayed.
Practical 8
Aim: Study of Other Security Tools Tools:
Snort, KFSensor.

Tool 1: Snort
Snort is an open source network intrusion prevention and detection system
(IDS/IPS). An IPS is a network security appliance that monitors network
and system activities for malicious activity. The main functions of IPSes are
to identify
malicious activity, log information about said activity, attempt to block/stop
activity, & report activity. An IDS is a device
or software application that monitors network and/or system activities for
malicious activities or policy violations and produces reports to a
Management Station. It performs intrusion detection and attempt to stop
detected possible incidents.

STEPS:

Open snort.conf file (C:/Snort/etc/snort.conf) with notepad++

Replace all ipvar by var

Change HOME_NET value to IP address of the local host.

Change the EXTERNAL_NET value from any to !$HOME_NET.
Set RULE_PATH, PREPOC_RULE_PATH to point to C:\Snort\rules and
C:\Snort\prepoc_rules respectively
Set WHITE_LIST_PATH and BLACK_LIST_PATH to C:\Snort\Rules

Set configlogdir to point to the Snort log folder, ie C:\Snort\log

Configure the dynamicpreprocessor, dynamicengine, dynamicdetection

directories
Comment out all preprocessor normalize lines

In step 7, keep the line include $RULE_PATH/local.rules and delete/comment

all the include directories.
In C:\Snort\rules create text files local.rulesblack_list.ruleswhite_list.rules .
They all have the .rules extension

To test if Snort has been configured properly, run the command ‘snort
-i 4 -c C:\Snort\etc\snort.conf -l C:\Snort\log -A console -T’
-i is the interface number we get when we run snort with the –W command
-c is the location of the .conf file
-l is the location of the log folder
-A console states to output to console immediately
-T means to test the configuration
-K ascii means to generate a log folder for each machine interaction over the
network.
If test is successful it will show you a success message

Also Check The Index Number Of Interface

Open local.rules file and specify the custom rules.
Here we are creating an alert that will be displayed when our machine detects a
ping
Now run snort without the –T switch and ping the machine running snort to
generate the logs

Ping From Attacker Machine

Ping Alerted
To install Snort as a service, we use the switch /service/install
To verify if the service has been configured properly
Tool 2: KFSensor
KFSensor is a Windows based honeypot Intrusion Detection System (IDS).

STEPS:
Start > Programs >KFSensor
At the first-time launch of the KFSensor Set Up Wizard, click Next.
Check all the port classes to include and click Next.
Leave the domain name Held as default and click Next.
If you want to send KFSensor alerts by email, then specify the email address
details and click Next.

Choose options for Denial of Service, Port activity, Proxy Emulation, and
Network Protocol Analyzer and click Next.
Check the Install as system service option and click Next.
Click Finish to complete the Set Up wizard.
The KFSensor main window appears. It displays list of ID protocols, Visitor,
and Received automatically when it starts. All the nodes in the left block
crossed out with blue lines are the ports that are being used.
Start the command prompt. In the command prompt window, type netstat -an.
This will display a list of listening ports.
Once KFSensor is configured, it behaves like a Honeypot
Start a MegaPing Port Scan or NMap scan targeting the KFSensor machine. The
scan will start raising alerts which show up in red. When you click on them you
can see more detailed information on a port basis or visitor basis
Right click any ID and click on event details
 Practical 9
Aim: SQL Injection
QL injection is a code injection technique, used to attack data-driven
applications, in which nefarious SQL statements are inserted into an entry field
for execution

STEPS:

Open XAMPP and start Apache and MySQL services.

Download DVWA (Damn Vulnerable Web App) file and extract it to htdocs folder.
Rename
the file as dvwa.
Open the browser and type “localhost:10080/dvwa/setup.php”.

Click on “Create/Reset Database”. It will create a database.

Log in to the dvwa page with “Username” as “admin” and “Password” as
“password”.

In “DVWA Security” option, select the “Security Level” as “Low” and click on
“Submit”.
Go to “SQL Injection” page
Type “User ID” as “1” and click on “Submit”.

Type User ID as “ a’ or’ ‘=’ and click on Submit

Type “User ID” as “1=1” and click on “Submit”.

Type “User ID” as “1*” and click on “Submit”.

Practical 10
Aim : Study of backdoors and Trojan tools

Tool 1: ProRat

STEPS:
Open prorat,Click on create-> create prorate server
In Notifications tab type the DNS address (If You Don’t know your DNS address
then simply click on the arrow test to it. It will detect automatically)
In general settings tab give password

In Server Extensions tab select EXE

In Server Icon tab choose Icon

Click On ‘Bind with File’ Tab And Choose Any Image or text file to bind.
The Binded Server has been Created
Copy the binded Server in victim machine.
When Victim opens the file, this is what he’ll see.

From Attacker machine type the ip address of victim machine and click
on Connect.
Type the password which you had given

From attacker pc launch various attacks

Here flip screen attack is launched from attacker machine.
Result on Victim machine of flip screen attack

Attacker machine launched Message attack

Result on Victim machine

Attacker is informed that Victim Clicked on Ok Button From Alert box

message.
Victim types some message in notepad

Since attacker machine had launched a key logger attack ,the victims
message is displayed on machine (click on read log)
 Practical 11
Aim: Study Of Sniffing Tools
Tools: Cain & Abel, Colasoft Packet Buildet, Omniseek, Sniff-O-Metic,
Wireshark
Tool 1: Cain & Abel
Cain and Abel is a password recovery tool for Microsoft Windows. It can recover
many kinds of passwords using methods such as network packet sniffing,
cracking various password hashes by using methods such as dictionary attacks,
brute force and cryptanalysis attacks.

Steps:
Open Cain & Abel software.

Click on the Wireless Passwords option and click on the “+” button.

It will display the passwords of the saved “WiFi Networks”.

Go to “Traceroute” tab and enter the “Target” website’s name and click “Start”.
Click on “Hash Calculator” to calculate the hash.

Enter the string and click on “Calculate”. It will display the hash value of the string.
Tool 2: Colasoft Packet Builder

Colasoft Packet Builder is useful tool used for creating custom network
packets, you can use this tool to check your network protection against
attacks and intruders. ... In addition to building packets,Colasoft Packet
Builder also supports savingpackets to packet files and sending
packets to network.

Steps:
Open Colasoft and click on “Add”.

Select Template as “IP Packet” and set “Delta Time” as “0.2” and click “OK”.
Left Panel shows packet information and Right Panel shows number of packets.

“Right click” on the packet and select “Send Selected Packets”.

Check “Loop Sending” and click on “Select”.

Select the “Adapter” and click on “OK”.

Click on “Start”.

Wireshark shows the packet moving from source to destination.

Tool 3: Omnipeek
Omnipeek is a packet analyzer software tool from Savvius, a
LiveAction company, for network troubleshooting and protocol
analysis. It supports an application programming interface (API)
for plugins.

Steps:
Open Omnipeek. Click on “File -> New Capture”.

Select the “Adapter” and click on “OK”.

Click on “Start Capture” and it will start capturing the packets.

From Dashboard Section Click On Network/

From Capture Section Click On Packets

From Capture Section Click On Filters

From Expert Section Click On Application.

From The Visuals Section Click On Peer Map

From The Visuals Section Click On Graphs

Go to “Statistics -> Nodes” and right click on a node and select “Node Details”. It
will display the node details.
From the “Statistics” click on “Summary”.

In the “Filters” windows, right click on a filter and click on “Insert”.

Enter the IP Address range and click on “New Capture”.

Click on “Start Capture”. It will start filtering the packets of specified IP range.
Tool 4: Sniff –O –Matic
Sniff - O - Matic is a network protocol analyzer and packet sniffer with a
clear and intuitive interface. It can capture network traffic and enables
you to analyze the data. Detailed packet information is available in a tree
structure, with a raw data view ofthe packet available

Steps:
Open Sniff –O –Matic .

Select the network adapter and click on Play button. It will start capturing packets.
We can save the scan report.

Click on “Statistics” icon to “Pie Chart” report of the scan.

Click on the “Filter” icon and click on “Add” button. Enter the IP Address range and
click ok
Check the “UDP FILTER” and click on “OK”.
Click on the “Capture” to filter and capture the packets of specified range.

Tool 5: Wireshark
Wireshark is a free and open source network protocol analyzer that enables
users to interactively browse the data traffic on a computer network. The
development project was started under the name Ethereal, but was renamed
Wireshark in 2006.

Many networking developers from all around the world have contributed to this
project with network analysis, troubleshooting, software development and
communication protocols. Wireshark is used in many educational institutions
and other industrial sectors.

Steps:
Open Wireshark and click on ‘Capture->Interfaces’.

Select ‘Wifi Interface’ and click on ‘Start’.

It will start capturing the packets.

In the ‘Filter’ option type ‘http’ and click on ‘Apply’.

Open browser and login to ‘newtours.demoaut.com’.

In the ‘Filter’ option type ‘http.request.method==”POST”’ and click on ‘Apply’.
It will filter and display packets that have used ‘POST’ method. Select the ‘login page’
packet. It will display ‘username and password’.

In the ‘Filter’ option type ‘http.request.method==”GET”’ and click on ‘Apply’.

It will filter and display packets that have used ‘GET’ method.