DEPARTMENT: B. E.

CSE(CYBER SECURITY)

LABORATORY: ETHICAL HACKING

Name : Roll No:

Semester: V Course: B. E Branch: CSE(CYBER SECURITY)

Subject Code & Title: CCS344- ETHICAL HACKING LABORATORY

University Register No:.

Certified that this is a bonafide record of work done by the above student in the laboratory
during the year 2024 - 2025.

Signature of the staff in-charge Head of the Department

INTERNAL EXAMINER EXTERNAL EXAMINER

 CONTENTS
Date Page
S.no Name of the experiment Mark Signature
no
 Experiment 1

Installing Kali Linux, Metasploitable, and Windows XP for Ethical Hacking Lab Setup

Aim:
To set up an ethical hacking lab environment by installing:
1. Kali Linux: A Linux distribution designed for penetration testing and security auditing.
2. Metasploitable: A vulnerable virtual machine used for testing exploits and learning
hacking techniques.
3. Windows XP: A legacy operating system often targeted in ethical hacking labs to
understand vulnerabilities.

Required Tools

• Virtualization software (e.g., VMware Workstation or Oracle VirtualBox).

• ISO files:
o Kali Linux
o Metasploitable
o Windows XP
• System with minimum 8GB RAM and 100GB storage for smooth operation.

Procedure

Step 1: Setting Up VirtualBox/VMware

1. Download and Install VirtualBox or VMware:
o Visit the official VirtualBox website (https://www.virtualbox.org/) or VMware
(https://www.vmware.com/) and download the software.
o Install the application following the on-screen instructions.

Step 2: Installing Kali Linux

1. Download Kali Linux ISO:
o Go to the Kali Linux website (https://www.kali.org/downloads) and download the
appropriate version for your system.
2. Create a New Virtual Machine:
o Open VirtualBox/VMware and click New.
o Name the VM "Kali Linux" and set:
▪ Type: Linux

3
 ▪ Version: Debian (64-bit or 32-bit based on your download)
o Allocate 2GB RAM (minimum) and 20GB storage.
3. Load the ISO and Start Installation:
o Select the downloaded ISO file as the boot medium.
o Follow the guided installation process:
▪ Choose the graphical install option.
▪ Set the hostname, username, and password.
▪ Select partitioning as "Guided – Use Entire Disk."
4. Finalize Installation:
o Complete the installation and reboot.
o Log in using the credentials created during installation.

Step 3: Installing Metasploitable

1. Download Metasploitable:
o Download the Metasploitable VM from SourceForge or other trusted repositories.
2. Import the Virtual Appliance:
o Open VirtualBox/VMware.
o Click File > Import Appliance, and select the Metasploitable .ova file.
o Follow the prompts to import.
3. Start the Virtual Machine:
o Power on the Metasploitable VM.
o Default credentials:
▪ Username: msfadmin
▪ Password: msfadmin

Step 4: Installing Windows XP (Optional)

1. Prepare the Windows XP ISO:
o Ensure you have a legitimate Windows XP ISO or installation media.
2. Create a New Virtual Machine:
o Name: Windows XP
o Type: Microsoft Windows
o Version: Windows XP (32-bit).
o Allocate 1GB RAM and 10GB storage.
3. Install Windows XP:

4
 o Select the ISO file and start the VM.
o Follow the installation wizard to complete the process.

Step 5: Networking Configuration

1. Set up a Host-Only Network:
o Ensure all VMs are on the same private network.
o Go to VirtualBox Settings > Network > Host-Only Networks and configure the
adapter.
2. Test Connectivity:
o Ping the other VMs to ensure network communication.
o For example, from Kali, ping the Metasploitable VM.

Result
After completing this experiment, you should have a fully functional ethical hacking lab with:
• A penetration testing tool (Kali Linux).
• A vulnerable system to exploit (Metasploitable).
• A legacy OS for testing (Windows XP).

5
 Experiment 2
Practicing the Basics of Reconnaissance

Aim:
To understand and practice the basics of reconnaissance techniques used in ethical hacking to
gather preliminary information about a target system or network.

Required Tools
• Kali Linux (or any other penetration testing platform).
• Internet access (for online reconnaissance).
• Target machine or website (preferably a controlled or test environment).

Theory
Reconnaissance is the first phase of ethical hacking where the attacker gathers information
about the target system or network to identify potential vulnerabilities. There are two types of
reconnaissance:
1. Active Reconnaissance: Interacting directly with the target (e.g., ping, port scanning).
2. Passive Reconnaissance: Gathering information without direct interaction (e.g., using
public websites, DNS lookups).

Procedure
Step 1: Passive Reconnaissance
1. Using WHOIS Lookup:
o Open Kali Linux terminal and type:
whois <target_domain>
o Analyze the information, including domain ownership, registration details, and
DNS records.
2. DNS Enumeration:
o Use the nslookup command to gather DNS records:
nslookup <target_domain>
o Perform reverse DNS lookups:
nslookup <IP_address>
3. Search Public Information:

6
 o Use search engines and tools like Google Dorking to find publicly available
information.
o Example: Search for file types or directories:
makefile
site:<target_domain> filetype:pdf

Step 2: Active Reconnaissance

1. Ping Sweep:
o Check if the target is live using the ping command:
ping <target_IP_or_domain>
2. Port Scanning with Nmap:
o Open a terminal in Kali Linux and type:
nmap -sS -Pn <target_IP_or_domain>
o Analyze open ports and services running on the target.
3. Service Version Detection:
o To identify the software version on open ports, use:
nmap -sV <target_IP>
4. Operating System Fingerprinting:
o Detect the operating system of the target using Nmap:
nmap -O <target_IP>

Step 3: Documentation
1. Record all findings systematically in a document.
2. Categorize the information into:
o Publicly available data.
o Detected services and their versions.
o Open ports and potential vulnerabilities.

Result
After completing this experiment, you should be able to:
• Perform basic reconnaissance to gather target information.
• Use tools like WHOIS, nslookup, and Nmap effectively.
• Document findings for further analysis in the ethical hacking process.

7
 Experiment 3
Using FOCA and SearchDiggity to Extract Metadata and Expand the Target List

Aim:
To use FOCA (Fingerprinting Organizations with Collected Archives) and Search Diggity tools
for extracting metadata from files and identifying additional targets associated with the main
target system or organization.

Required Tools
1. FOCA: A metadata extraction tool available for Windows.
o Download from ElevenPaths.
2. SearchDiggity: A reconnaissance tool for web data mining.
o Download from Bishop Fox.
3. A system running Windows for the tools.
4. A test target, such as a publicly available website or domain.

Theory
Metadata Extraction: Metadata is data about data. Documents like PDFs, Word files, and
images often contain metadata that can reveal sensitive information such as usernames,
software versions, and internal server paths.
Expanding the Target List: Metadata and web reconnaissance can help identify additional
domains, subdomains, IP addresses, and related assets belonging to the same organization.

Procedure
Step 1: Metadata Extraction Using FOCA
1. Install FOCA:
o Download and install FOCA on your Windows system.
2. Configure FOCA:
o Launch FOCA and create a new project.
o Enter the target domain (e.g., example.com).
3. Search and Download Files:
o Click Search All to locate files (PDF, DOCX, PPT, etc.) on the target domain.
o FOCA will list publicly available files from the domain.
4. Extract Metadata:

8
 o Select downloaded files and analyze them using FOCA.
o Review extracted metadata for information such as:
▪ Author names
▪ Email addresses
▪ Software and version used to create the file
▪ Server paths

Step 2: Web Reconnaissance Using SearchDiggity

1. Install SearchDiggity:
o Download and install the tool on your Windows system.
2. Perform Google Hacking:
o Use SearchDiggity to automate Google Dorking queries.
o Example queries to locate sensitive files:
vbnet
site:example.com filetype:pdf
site:example.com intitle:"index of"
o Review search results to identify additional documents or directories.
3. Subdomain Enumeration:
o Use SearchDiggity to search for subdomains related to the target:
▪ Example: site:*.example.com.
o Record identified subdomains for further analysis.

Step 3: Expanding the Target List

1. Correlate Metadata Findings:
o Cross-check metadata (e.g., author names, email addresses) with publicly
available information to identify new domains or associated systems.
2. Identify Linked Assets:
o Search for related IP addresses, domains, or servers using the extracted
metadata and Search Diggity results.
3. Document Findings:
o Organize all discovered information, including additional domains, subdomains,
and server paths.

9
Result
After completing this experiment, you should be able to:
• Use FOCA and SearchDiggity effectively for metadata extraction.
• Identify sensitive information embedded in files.
• Expand the target list by discovering additional domains, subdomains, and assets.

10
 Experiment 4
Aggregating Information from Public Databases Using Paterva’s Maltego

Aim:
To gather and aggregate information from public databases using Maltego, an open-source
intelligence (OSINT) and forensics tool, to map relationships between people, domains,
networks, and organizations.

Required Tools
1. Maltego: A data mining and analysis tool.
o Download from Maltego's website.
o Create a free account to access the Community Edition.
2. A system with at least 4GB of RAM and stable internet access.
3. Test target (e.g., a sample domain or organization).

Theory
OSINT (Open-Source Intelligence): The process of gathering publicly available data from open
sources such as websites, social media, and public databases.
Maltego: A powerful tool that automates OSINT by visualizing relationships between data points
like domains, email addresses, social media profiles, IP addresses, and more. It provides
"Transforms" that pull data from various public sources.

Procedure
Step 1: Setting Up Maltego
1. Install Maltego:
o Download the tool and install it on your system.
o Register for a free Maltego Community Edition account.
2. Launch Maltego:
o Log in using your credentials.
o Select the Community Edition if prompted.
3. Choose a Graph Template:
o Select a template based on the information you wish to gather (e.g., Domain,
Person, IP Address).

11
 o For this experiment, choose Domain Information Gathering.

Step 2: Aggregating Information

1. Enter the Target Information:
o Drag and drop the "Domain" entity onto the graph canvas.
o Enter the domain name (e.g., example.com) as the target.
2. Run Transforms:
o Right-click the domain entity and choose from the available "Transforms" to
extract information:
▪ DNS to IP: Resolves the domain to its associated IP address.
▪ WHOIS Information: Retrieves domain registration details.
▪ Email Addresses: Finds email addresses associated with the domain.
▪ Subdomains: Identifies subdomains of the target.
o Allow the tool to execute the selected transforms and populate the graph.
3. Analyze the Graph:
o Examine the connections between the target and discovered entities (e.g., IP
addresses, email addresses, and subdomains).
o Note relationships and patterns in the data.

Step 3: Refining the Information

1. Explore Additional Transforms:
o Apply further transforms to discovered entities (e.g., run WHOIS on an IP
address or find social media profiles linked to an email address).
2. Expand the Graph:
o Use the relationships to identify new entities and connections.
o Filter irrelevant data for clarity.
3. Document Findings:
o Export the graph and associated data for documentation and analysis.

12
Result
After completing this experiment, you should be able to:
• Use Maltego effectively to perform OSINT and aggregate information from public
sources.
• Visualize relationships between data points, such as domains, email addresses, and
networks.
• Identify valuable insights for ethical hacking purposes.

13
 Experiment 5
Information Gathering Using Tools like Robtex

Aim:
To learn how to use Robtex, an online tool for network and domain reconnaissance, to gather
critical information about a target such as IP addresses, subdomains, DNS records, and
connected entities.

Required Tools
1. Robtex: Accessible online at www.robtex.com.
2. A web browser with stable internet access.
3. Target domain or IP (use a controlled or test domain for this experiment).

Theory
Information Gathering: The process of collecting data about a target system or organization to
identify potential vulnerabilities.
Robtex: A free online tool that aggregates and analyzes public information about domains, IP
addresses, and networks. It provides insights into:
• DNS records
• Reverse DNS lookups
• Associated subdomains
• Shared hosts and networks
Robtex is widely used for passive reconnaissance, offering a non-intrusive way to gather
detailed information about a target.

Procedure
Step 1: Accessing Robtex
1. Open a web browser and navigate to www.robtex.com.
2. Familiarize yourself with the interface and features available.

Step 2: Performing Information Gathering

1. Domain Lookup:
o Enter the target domain (e.g., example.com) into the search bar.
o Review the results, which may include:

14
 ▪ DNS records (A, MX, NS, TXT).
▪ Reverse DNS (IP to domain).
▪ Subdomains linked to the main domain.
2. IP Address Analysis:
o If you have the target IP, enter it into Robtex.
o Analyze information such as:
▪ Geolocation of the IP address.
▪ Associated domains.
▪ ASN (Autonomous System Number) details.
3. Subnet Analysis:
o Explore the subnet details to identify other IPs and domains within the same
range.
o Look for shared hosting environments that could reveal related entities.
4. Graph Visualization:
o Use the graph feature to visualize relationships between domains, IPs, and
networks.
o Analyze connections to expand the target list.

Step 3: Document Findings

1. Record Information:
o Create a detailed log of DNS records, subdomains, IP addresses, and other
findings.
o Note any patterns or potential vulnerabilities.
2. Export Data:
o If applicable, use the export feature to save graphs or results for further analysis.

Result
After completing this experiment, you will be able to:
• Use Robtex effectively for network and domain reconnaissance.
• Gather and analyze DNS records, subdomains, and IP details.
• Expand your understanding of the target's digital infrastructure.

15
 Experiment 6
Scanning the Target Using Tools like Nessus

Aim:
To perform a vulnerability assessment by scanning a target system or network using Nessus, a
widely used vulnerability scanner, to identify potential security weaknesses.

Required Tools
1. Nessus: Downloadable from Tenable Nessus.
o Free versions like Nessus Essentials are suitable for this experiment.
2. A system with Nessus installed.
3. A target system or virtual machine (preferably a controlled environment like
Metasploitable or a local network system).

Theory
Vulnerability Scanning: A process of identifying and assessing security vulnerabilities in a
system, application, or network.
Nessus:
Nessus is a powerful vulnerability scanning tool that detects:
• Misconfigurations
• Missing patches
• Weak passwords
• Open ports and exploitable services

Procedure
Step 1: Install Nessus
1. Download and Install Nessus:
o Visit Tenable's website and download the suitable version.
o Install Nessus and activate it using a free license key (for Nessus Essentials).
2. Launch Nessus:
o Access the Nessus web interface by navigating to
https://<your_system_IP>:8834 in a browser.
o Log in using your credentials.

16
Step 2: Configure the Scan
1. Create a New Scan:
o Click on New Scan and select the appropriate template:
▪ Basic Network Scan: For general systems.
▪ Host Discovery: To identify live systems.
▪ Advanced Scan: For customized scanning.
2. Enter Target Details:
o Specify the target system's IP address or domain.
o Optionally, add a description for the scan.
3. Configure Scan Settings:
o Set credentials (if applicable) for authenticated scanning.
o Adjust scan policies if needed (e.g., for specific ports or protocols).
4. Launch the Scan:
o Save the scan configuration and click Start Scan.

Step 3: Analyze Scan Results

1. Review Findings:
o After the scan completes, open the scan report.
o Analyze the identified vulnerabilities, categorized by severity:
▪ Critical
▪ High
▪ Medium
▪ Low
2. Investigate Each Vulnerability:
o Click on a vulnerability to view detailed information, including:
▪ Description of the issue.
▪ Impact on the system.
▪ Recommendations for mitigation.
3. Export Results:
o Save the scan report in formats like PDF or CSV for documentation and analysis.

17
Result
After completing this experiment, you will be able to:
• Perform a vulnerability scan using Nessus.
• Identify and classify vulnerabilities based on severity.
• Document findings and provide recommendations for improving system security.

18
 Experiment 7
Viewing and Capturing Network Traffic Using Wireshark

Aim:
To use Wireshark, a powerful network protocol analyzer, to capture and analyze live
network traffic, and understand the data flow between systems.

Required Tools
1. Wireshark:
o Download from Wireshark’s official website.
2. A system with network access and Wireshark installed.
3. A controlled network or test environment for traffic analysis.

Theory
Network Traffic Analysis:
Network traffic analysis involves monitoring and capturing data packets traveling across a
network. It helps identify potential issues, understand protocols, and detect suspicious
activity.
Wireshark:
Wireshark is an open-source tool that captures packets in real-time and provides detailed
analysis of network communication. It supports various protocols like HTTP, TCP, UDP,
DNS, and more.

Procedure
Step 1: Install and Configure Wireshark
1. Download and Install Wireshark:
o Install the tool from the official website.
o If prompted, install additional drivers like WinPcap or Npcap for packet capture.
2. Launch Wireshark:
o Open Wireshark and familiarize yourself with its interface.

Step 2: Capture Network Traffic

1. Select a Network Interface:

19
 o Choose the appropriate network interface (e.g., Ethernet, Wi-Fi) from the list.
2. Start Capturing:
o Click on the Start Capturing Packets button (shark fin icon) to begin capturing
live traffic.
3. Perform Network Activities:
o Generate network traffic by performing actions like opening a website, pinging a
server, or transferring files.
4. Stop Capturing:
o Click the Stop button (red square icon) to end the capture.

Step 3: Analyze Captured Traffic

1. View Packet Details:
o Examine captured packets in the three-pane view:
▪ Packet List Pane: Shows all captured packets.
▪ Packet Details Pane: Displays protocol-specific details of a selected
packet.
▪ Packet Bytes Pane: Shows raw data of the packet in hexadecimal
format.
2. Filter Traffic:
o Use the filter bar to isolate specific types of traffic. Examples:
▪ http for HTTP traffic.
▪ ip.addr == 192.168.1.1 to view traffic involving a specific IP address.
▪ tcp.port == 80 for HTTP traffic on port 80.
3. Follow a TCP Stream:
o Right-click on a packet and select Follow TCP Stream to view the entire
conversation between client and server.
4. Save Captures:
o Export the captured traffic as a .pcap file for future analysis.

Result
After completing this experiment, you will be able to:
• Use Wireshark to capture and analyze network traffic.
• Understand the flow of packets and the protocols involved.
• Identify specific types of traffic using filters.

20
 Experiment 8
Automating Vulnerability Detection and Exploit Matching Using Armitage and Other
Tools

Aim:
To use Armitage, a GUI front-end for Metasploit, and other tools like FOCA, Nessus, and
Wireshark to automate vulnerability detection, exploit matching, and network traffic analysis.
This experiment involves leveraging multiple tools in a comprehensive ethical hacking workflow.

Required Tools
1. Armitage: A graphical cyber attack management tool integrated with Metasploit.
o Download from Armitage.
2. FOCA: A tool for metadata extraction and reconnaissance.
o Download from FOCA.
3. Nessus: A vulnerability scanner.
o Download from Tenable Nessus.
4. Wireshark: A network traffic analyzer.
o Download from Wireshark.
5. Kali Linux/Backtrack: A Linux distribution preloaded with penetration testing tools.
6. Metasploitable: A vulnerable virtual machine for practice.
7. Windows XP: As an example of a legacy target system.

Theory
Armitage: A tool that simplifies Metasploit usage by providing a graphical interface for
launching exploits, managing sessions, and visualizing attack strategies.
FOCA: Extracts metadata from files to identify useful information such as usernames, software
versions, and network paths.
Nessus: Scans for vulnerabilities in a system or network and provides detailed reports.
Wireshark: Captures and analyzes network packets for monitoring and troubleshooting
purposes.

Procedure
Step 1: Set Up the Environment
1. Install the required tools:

21
 o Set up Kali Linux or Backtrack on a virtual machine or as a standalone OS.
o Install Armitage, FOCA, Nessus, and Wireshark as per their respective
instructions.
2. Prepare the target environment:
o Deploy Metasploitable and/or Windows XP as vulnerable targets.

Step 2: Scanning and Gathering Information

1. FOCA for Metadata Extraction:
o Use FOCA to analyze documents from the target organization (e.g., PDFs,
DOCs).
o Extract metadata to identify potential entry points, usernames, and server details.
2. Nessus for Vulnerability Scanning:
o Launch Nessus and perform a vulnerability scan on the target system.
o Identify critical vulnerabilities and match them with possible exploits.
3. Wireshark for Network Traffic Analysis:
o Use Wireshark to capture network traffic.
o Filter traffic to detect open ports, running services, and anomalies.

Step 3: Exploiting with Armitage

1. Start Metasploit Framework:
o Launch the Metasploit Framework on Kali Linux.
2. Open Armitage:
o Start Armitage by typing armitage in the terminal.
o Connect to the Metasploit RPC server.
3. Import Nessus Results:
o Import Nessus scan results into Armitage to map vulnerabilities to exploits.
4. Scan the Target with Armitage:
o Use Armitage's built-in scanning features to discover open ports and services.
5. Match Exploits:
o Armitage will automatically suggest exploits for detected vulnerabilities.
6. Launch Exploits:
o Select a vulnerability and launch the appropriate exploit.
o Establish a session if the exploit is successful.

22
Step 4: Automating Workflow with Armitage
1. Use Bots in Armitage:
o Enable bots to automate the attack process, including scanning, exploiting, and
post-exploitation.
2. Collaborate in Teams:
o Use Armitage’s collaborative mode to share sessions and work with other ethical
hackers.

Result
After completing this experiment, you will be able to:
• Use Armitage to automate the process of scanning, exploiting, and managing
vulnerabilities.
• Leverage tools like FOCA, Nessus, and Wireshark for comprehensive reconnaissance.
• Understand how multiple tools can be integrated into a cohesive ethical hacking
workflow.

23