LAB MANUAL

ON
ZENMAP & HONEYBOT

ESTABLISHMENT OF ADVANCED LABORATORY FOR CYBER SECURITY

TRAINING TO TECHNICAL TEACHERS
DEPARTMENT OF INFORMATION MANAGEMENT AND COORDINATION
SPONSORED BY MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY
GOVERNMENT OF INDIA
Principal Investigator: Prof. Maitreyee Dutta
Co Investigator: Prof. Shyam Sundar Pattnaik

PREPARED BY:
Prof. Maitreyee Dutta and Mr. Vipul Mandhar (Project Assistant)

0
Table of Contents
MANUAL-1: ............................................................................................ 3
A Practical Approach to make a trap for the Attacker....................... 3
What is a Computer Network? .................................................................. 4
What is Information Technology (IT)? ..................................................... 4
Computer Technologies ........................................................................ 5
Communication Technology ................................................................. 5
Network Essentials ................................................................................ 5
What is a Port? ........................................................................................ 6
Types of ports ........................................................................................ 6
Hardware Ports .................................................................................. 6
Software Ports ................................................................................... 6
................................................................................................................... 8
INSTALLATION OF KALI LINUX OPERATING SYSTEM IN
VMWARE WORKSTATION .............................................................. 10
Basics Requirements ........................................................................... 10
What is Zenmap ..................................................................................... 13
Types of scanning done by Zenmap.................................................... 13
Steps to run Zenmap ............................................................................ 15
WHAT ARE HONEYPOTS? ............................................................... 21
Classification of Honeypots ................................................................ 21
High interaction ............................................................................... 21
Low interaction................................................................................ 22
Physical Honeypots ......................................................................... 22
Virtual Honeypots ........................................................................... 22
Production Honeypots ..................................................................... 22

1
 Research Honeypots ........................................................................ 22
What is HoneyBOT ............................................................................... 23
How does it works? ............................................................................. 23
Steps to download and run Honey bot ............................................ 24

2
MANUAL-1:
A Practical
Approach to
make a trap
for the
Attacker
3
 What is a Computer Network?
When two or more computers or communications devices are connected
together by transmission media and channels and guided by a set of rules
for communication purposes that allow users to communicate with each
other and share information and data.

What is Information Technology (IT)?

Information
Technologies

Computer Communication
Technology Technology

4
 Computer Technologies

To collect, store, process, search, retrieve, and present electronic

information to meet the needs of various kinds of users, e.g., computer
hardware & software, PDAs, printers, groupware, smart cards….

Communication Technology

To deliver, disseminate, exchange, transmit, and receive electronic

information in local, regional or global contexts, e.g., networks, fax
machines, cell phones, email, satellites, GPS, Internet, telephony,

Network Essentials

Technologies Topologies Types

Ethernet Bus Topology LAN

Token Ring Star Topology MAN

Transmission Control
Mesh Topology WAN
Protocol/Internet Protocol

5
 What is a Port?
In computer hardware, a “port” serves as an interface between the
computer and other computer or peripheral devices.
The term “PORT” is derived from a latin word “porta” meaning (gate,
entrance, door)

Types of ports
1. Hardware Ports
2. Software Ports
Hardware Ports
It is a port serves as an interface between the computer and other
computers or peripheral devices. In computer terms, a port generally
refers to the female part of connection. Computer ports have many uses,
to connect a monitor, webcam, speakers, or other peripheral devices. On
the physical layer, a computer port is a specialized outlet on a piece of
equipment to which a plug or cable connects.
Software Ports
A software port (usually just called a 'port') is a virtual/logical data connection
that can be used by programs to exchange data directly.
The most common of these are TCP and UDP ports, which are used to
6
exchange data between computers on the Internet.

Types of Software ports

1. TCP (Transmission control Protocol) :-
TCP is a connection-oriented protocol; it creates a virtual connection
between two TCPs to send data. In addition, TCP uses flow and error
control mechanisms at the transport level.

2. UDP (User Datagram Protocol):-

The User Datagram Protocol (UDP) is called a connectionless, unreliable
transport protocol. It does not add anything to the services of IP except to
provide process-to-process communication instead of host-to-host
communication.

3. FTP (File Transfer Protocol):-

Protocol for transferring files over a network. It supports
both anonymous and password-mediated access.

7
 FTP is one of the most commonly used file transfer protocols
on the Internet and within private networks. An FTP server
can easily be set up with little networking knowledge and
provides the ability to easily relocate files from one system
to another. FTP control is handled on TCP port 21 and its
data transfer can use TCP port 20 as well as dynamic ports
depending on the specific configuration.

Some basic Port no:

Port Service name Transport protocol

20, 21 File Transfer Protocol (FTP) TCP

22 Secure Shell (SSH) TCP and UDP

23 Telnet TCP

Simple Mail Transfer Protocol

25 TCP
(SMTP)

50, 51 IPSec

53 Domain Name System (DNS) TCP and UDP

8
 Dynamic Host Configuration Protocol
67, 68 UDP
(DHCP)

69 Trivial File Transfer Protocol (TFTP) UDP

80 HyperText Transfer Protocol (HTTP) TCP

110 Post Office Protocol (POP3) TCP

Network News Transport Protocol

119 TCP
(NNTP)

123 Network Time Protocol (NTP) UDP

135-139 NetBIOS TCP and UDP

Internet Message Access Protocol

143 TCP and UDP
(IMAP4)

Simple Network Management

161, 162 TCP and UDP
Protocol (SNMP)

Lightweight Directory Access

389 TCP and UDP
Protocol

HTTP with Secure Sockets Layer

443 TCP and UDP
(SSL)

3389 Remote Desktop Protocol TCP and UDP

9
 INSTALLATION OF KALI LINUX
OPERATING SYSTEM IN
VMWARE WORKSTATION
Basics Requirements


 Minimum requirements in Computer: 8 GB RAM, 500 GB internal
memory
 VMware must be installed in main OS.
 Microsoft Windows 7/8/10 must be installed in VMware.
 Kali OS must be installed in VMware.

Step 1: Download VMware workstation 15.5 on Windows Operating

system.
 To download, navigate to the following link:
https://www.vmware.com/in/products/workstation-pro/workstation-
pro-evaluation.html
Step 2: Install VMware workstation 15.5 on Windows Operating
system desktop by:
 Start the installer by double clicking it.
 Click the next button after reading the instructions to move on to the
next screen.
 Select the folder in which you want to install the application and create
shortcuts for the desktop.
 Wait for installation to complete and restart the computer after
successful installation.
10
 Click the VMware workstation shortcut and run the program.
 When you will be asked for license, you can select the option- “I want
to try 30 days for free” and click continue.
Step 3: Download Kali Linux (32 or 64 bit iso file according to
requirements).
 To download, navigate to the following link:
https://www.kali.org/downloads/ and select first or second option
according to the requirements (i.e. 32 or 64bit).
Step 4: Installation of Kali Linux in VMware workstation.
 Open VMWare Workstation and click on “create a new virtual
machine”. Select Kali Linux Operating system.
 Select Graphical Install using the down arrow key and click continue.
 A dialog box will appear to select a language. Select English Language
and click continue.
 A dialog box will appear to select a location. Select India and click
continue.
 A dialog box will appear to select a keyboard layout. Select American
English and click continue.
 A dialog box will appear to select a location. Select India and click
continue.
 A dialog box will appear to enter the host name of system. Enter Kali
and click continue.
 A dialog box will appear to enter the domain name of system. Write
example.com and click continue.
 Set username and password and click continue.
 A dialog box will appear to partition your disk. Enter Kali and
continue. Select Guided – Use entire disk and click continue. Select
sda, VMware Virtual disk and click continue. Select all files in one
partition and click Continue.

11
 Select the Finish Partitioning and write changes to disk which should
be selected by default.
 A dialog box will appear to confirm changes to disk. Select yes and
click continue.
 Wait for the installation to complete.
 A dialog box will appear to configure network mirror for Package
manager. Select yes.
 A dialog box will appear to install the GRUB boot loader. Select yes.
Select /dev/sda and click Continue.
 Wait for the installation to complete.
 Login with username: root, Password: what you entered during the
installation process earlier (or toor if you have not entered any
password).

12
 What is Zenmap
Zenmap is the official Nmap Security Scanner GUI. It is a multi- latform
(Linux, Windows, Mac OS X, BSD, etc.) free and open source application
which aims to make Nmap easy for beginners to use while providing
advanced features for experienced Nmap users. Frequently used scans can
be saved as profiles to make them easy to run repeatedly. A command
creator allows interactive creation of Nmap command lines. Scan results
can be saved and viewed later. Saved scan results can be compared with
one another to see how they differ. The results of recent scans are stored
in a searchable database.

Types of scanning done by Zenmap

Intense scan: It is a fast, comprehensive and accurate scan utilizes all

TCP ports and evaluates the operating system, version ,script scanning
and trace route running on a host and provides the detailed results. It does
not need root information. The result gives information about how many
live hosts are present, find open TCP ports and for remote sysstem IP path
is addressed.
Intense scan plus UDP: It is an intense scan which scans UDP ports a
well. The UDP scan is a connectionless protocol. It scans if UDP ports are
open by sending UDP packets on ports on the target host and analyses the
feedback packets to verify the openness of service on the host. The UDP
scan sends an UDP packet with an empty header to the target port.
Ping Scan: This is basic type of scan observes network to locates target
hosts which are live utilizing ping such as ICMP echo and waiting for

13
reply. It can be utilized for testing and troubleshooting the network
connectivity.
Quick scan: This Scan faster than the intense scan as it scans limited
numbers of TCP ports that are common utilizing timing templates. It scans
common places in the network that are vulnerable.
Quick scan plus: It is a quick scan with addition of Operating System
and version detection.
Regular scan: This scans everything by default. This is a simple
mechanism helps in making the network functioning healthy. This is The
TCP SYN scan for common 1000 TCP ports utilizing the ICMP Echo ping
for host detection is done.
Slow comprehensive scan: It is a prominent and accurate scan that relies
on different protocols i.e. TCP, UDP and SCTP to evaluate the hosts. If a
host is detected then it identifies the Operating System, services and
versions the host is running.

14
 Steps to run Zenmap

Step 1: Click on application in Kali OS and type zenmap and press

Enter.

Step 2: Zenmap will open like this as shown in figure.

15
Step 3: Open cmd to get the IP Address

Step 4: In cmd type IPCONFIG to get the IP address of Main

Machine i.e. Windows.

Step 5: Here we get the IP Address of main OS. i.e. 192.168.43.88

16
Step 6: In Attackers machine i.e Kali just type the IP address of main
machine to scan the open ports. As shown in fig.

17
Step 7: We have so many different options to scan an particular IP
Address as shown in fig. given below.

Step 8: From the following scanning type we choose Quick scan to

get the information of Main Machine.

18
Step 9: After selecting the scan type i.e Quick scan the click on Scan
button.

Step 10: Scanning process will start

Step 11: After the scanning process it will show results like this, that
following ports are open on the Operating system whose IP
address is 192.168.43.88 (main machine).

19
20
 WHAT ARE HONEYPOTS?
Honeypot is an exciting new technology with enormous potential for the
security community.
According to Lance Spitzner, founder of honeypot project: “A honeypot
is an information system resource whose value lies in unauthorized or
illicit use of that resource.”
Used for monitoring, detecting and analyzing attacks.

Classification of Honeypots

By level of By By
Interaction Implementation Purpose

High Physical Production

Low Virtual Research

High interaction
 Simulates all aspects of the OS: real systems.
 Can be compromised completely, higher risk.
 Provide More Information
21
  Eg:-Honeynet
Low interaction
 Simulates some aspects of the system.
 Easy to deploy, minimal risk
 Provide Limited Information
Physical Honeypots
 Real machines
 Own IP Address
 High Intractive
Virtual Honeypots
 Simulated by other machines that:
o Respond to the network traffic sent to the honeypots.
o May simulate a lot of (different) virtual honeypots at the same
time.
Production Honeypots
 Help to mitigate risk in your organizations
It is further classified in 3 categories.
1. Prevention
o Keeping the bad guys out
o Mechanism such as encryption prevent attackers from
accessing critical information.
2. Detection
o Detecting the attacker when he breaks in.
o Challenges: False positive, False negative
3. Response
o Can easily be pulled offline.
Research Honeypots
 Capture extensive information.
 Used primarily by research, military, government organization.
22
 What is HoneyBOT
HoneyBOT is a medium interaction honeypot for windows.
A honeypot creates a safe environment to capture and interact with
unsolicited and often malicious traffic on a network. HoneyBOT is an
easy to use solution ideal for network security research or as part of an
early warning IDS. The logging capability of a honeypot is far greater
than any other network security tool and captures raw packet level data
even including the keystrokes and mistakes made by hackers. The
captured information is highly valuable as it contains only malicious
traffic with little to no false positives. Honeypots are becoming one of the
leading security tools used to monitor the latest tricks and exploits of
hackers by recording their every move so that the security community can
more quickly respond to new exploits.

How does it works?

HoneyBOT works by opening a range of listening sockets on your

computer which are designed to mimic vulnerable services. When an
attacker connects to these services they are fooled into thinking they are
attacking a real server. The honeypot safely captures all communications
with the attacker and logs these results for future analysis. Should an
attacker attempt an exploit or upload a rootkit or trojan to the server the
honeypot environment can safely store these files on your computer for
malware collection and analysis purposes.

23
Steps to download and run Honey bot

Step 1: To Download the honeybot visit the official web site i.e.
https://www.atomicsoftwaresolutions.com/

Step 2: Fill the following information to download the honeybot

Step 3: After that click on Hyperling i.e. “here” as shown in figure

given below.

24
Step 4: After that double click on setup of Honeybots to run.

Step 5: This is the view of the honeybot software.

25
Step 6: Click on start before running the Zenmap in attackers
machine.

Step 7: Select the IP Address to bind to or to listen on all adapters.

26
Step 8: After that run Zenmap in attackers OS i.e. Kali

Step 9: We have so many different options to scan an particular IP

Address as shown in fig. given below.

Step 10: From the following scanning type we choose Quick scan to
get the information of Main Machine.

27
Step 11: After selecting the scan type i.e Quick scan the click on Scan
button.

28
 Step 12: Scanning process will start

Step 13: After the scanning process it will show results like this, that
following ports are open on the Operating system whose IP
address is 192.168.43.88 (main machine).
After start the Honeybot it will show some fake open Port to attract
the Attacker.

29
Step 14: We are able to scan differen IP addresses by single scan in
Honeybot

Step 15: In setting we are also able to ADD, EDIT, or DELETE any
Services

30