Ravindra Kumar(IIITA)

Lab Manual For Cyber Security Course

1. Introduction..............................................................................................................................2
1.1 Network Diagram......................................................................................................... 2
1.2 List of Tools.................................................................................................................. 3
1.3 System Setup...............................................................................................................5
1.3.1 Kali Linux............................................................................................................ 5
1.3.2 DVWA + Burp Suite............................................................................................ 5
2. Lab Exercise.............................................................................................................................6
Lab 1: Network Enumeration............................................................................................. 6
Objective : In this task, you will assume the role of a network security
consultant hired by a company to perform a security assessment on their
internal network. Your objective is to use Nmap and its various features to
gather information about the network and identify potential security
vulnerabilities................................................................................................... 6
Lab Work 1.1: Scan Network....................................................................................... 6
Objective: Use Nmap to scan the network for active devices, open ports, and
running services............................................................................................... 6
Lab Work 1.2: Scan Device..........................................................................................6
Objective: Use Nmap to perform OS detection, service detection, and
vulnerability scanning.......................................................................................6
Lab Work 2: Network Analysis And Security Auditing with hping3.................................. 10
Objective: Configure and utilize the hping3 tool to perform various network
analysis and security auditing tasks. Focus on sending custom TCP/IP
packets, conducting port scans, simulating DoS attacks, and performing
traceroute operations. Evaluate the network's performance, identify potential
vulnerabilities, and assess the effectiveness of firewall configurations..........10
Lab Work 3: Network Traffic Analysis and IPv4 Packet Spoofing with Wireshark........... 12
Objective: Use Wireshark to understand network traffic analysis, how
 communication takes place when particular protocols are involved, diagnose
issues, and spoof IPv4 packets......................................................................12
Lab Work 4: Vulnerability Scanning with Nikto.................................................................13
Objective: Use Nikto to scan DVWA or another server or you can create a
test server for the lab. Focus on understanding the output and identifying
serious vulnerabilities.....................................................................................13
Lab 5: OWASP ZAP Installation and Vulnerability Scanning........................................... 14
Objective: Install OWASP ZAP, perform reconnaissance using the spidering
tool, conduct scans on the target web application, and generate a report
summarizing identified vulnerabilities.............................................................14
Lab Work 6 : Understanding of Web-Vulnerabilities through DVWA................................14
Objective : Install DVWA on a local server or a controlled virtual environment.
Discuss common web vulnerabilities such as SQL injection, XSS, etc..........14
Lab Work 7: Intercepting and Modifying HTTP Requests and Responses with Burp Suite
and DVWA....................................................................................................................... 16
Objective: Configure Burp Suite to intercept and modify HTTP requests and
responses with DVWA. Focus on manipulating sessions, capturing login
attempts, and modifying form data.................................................................16
Packets.......................................................................................................... 16
Lab Work 8: Using Burp Suite Intruder and Repeater Modules with DVWA....................16
Objective: Use the intruder module to perform automated attacks and the
repeater module to test specific vulnerabilities in DVWA............................... 16

1 Port Scanning

1.1 Nmap(Lab1)

1.2 Hping3(Lab2)

3 Network Analysis

3.1 Wireshark (Lab 3)

2 Vulnerability Scanning

2.1 Nikto (Lab 4)

2.2 OWASP ZAP (Lab 5)

3 Pentesting

3.1 DVWA/Burp Suite (Lab 6,7,8)

1.​Introduction
1.1 Network Diagram

Assumption: Below is the basic network topology to highlight the placement of

the devices and the use of the software in diff. Positions.
1.2 List of Tools

Tool Name Description Tool Purpose

Kali Kali Linux is an open-source, Mainly used for Network Security, Digital
Debian-based Linux distribution Forensics, Penetration testing, or
geared towards various information Ethical Hacking named Kali Linux.
security tasks, such as Penetration
Testing, Security Research,
Computer Forensics and Reverse
Engineering.

DVWA Damn Vulnerable Web Application, The main goal of this pentesting
shorter DVWA, is a PHP/MySQL playground is to aid penetration testers
web application that is damn and security professionals to test their
vulnerable. skills and tools. In addition it can aid
web devs better understand how to
secure web apps, but also to aid
students/teachers to learn all about web
app security and possible vulnerabilities.

Burp Suite Burp Suite is an industry-standard Understanding how systems are

tool for modern security attacked is essential for everyone
assessment and penetration testing working in security, whether they are
of web applications. developers or security professionals.
 Burp Suite is a platform and graphical
tool that work together to do security
testing on online applications.

Nmap Nmap is short for Network It is used to scan IP addresses and

Mapper. It is an open-source ports in a network and to detect
Linux command-line tool installed applications.
Nmap allows network admins to find
which devices are running on their
network, discover open ports and
services, and detect vulnerabilities.

Hping3 hping3 is a command-line utility for hping3 can be used to test the resilience
crafting and sending custom TCP/IP of your firewall rules by sending packets
packets. with various TCP flags and options.
Tracerouting: You can use hping3 to
trace the path taken by packets to reach
their destination.

Wireshark Wireshark is a Network Traffic Wireshark as a tool to understand

Analysis Tool. network traffic analysis, how
communication takes place when
particular protocols are involved and
where it goes wrong when certain
issues occur and to spoof IPv4 packets.

Nikto Nikto is an open-source scanner It is used to find vulnerabilities in web

and you can use it with any web servers and web applications.
server.

OWASP OWASP Zed Attack Proxy (ZAP) is It is designed to help security

ZAP a widely-used open-source web professionals, developers, and QA
application security scanner testers identify vulnerabilities in web
maintained by the Open Web applications. ZAP provides both
Application Security Project automated and manual tools to discover
(OWASP). security issues, making it a versatile
solution for conducting comprehensive
security assessments.

1.3 System Setup

In order to practice the lab work you need to install various software which is listed
below. The following tool would be required for system setup.
1.3.1 Kali Linux

Recommended System Requirements:

●​ Processor: 2.5 GHz or faster quad-core CPU
●​ RAM: 8 GB or more
●​ Hard Disk Space: 20 GB or more of free space
●​ Graphics: A graphics card capable of 1920x1080 resolution or higher
●​ Network: Internet connection for updates and tool installations.
●​ Additional Tools: A network interface that supports monitor mode for network analysis
and testing, especially for Wireshark and similar tools.
●​ Virtualization: If running Kali Linux in a virtual machine, ensure your system supports
virtualization and has sufficient resources allocated for smooth operation.
Reference Link For Installation :
About: Kali Docs | Kali Linux Documentation
Installation and Requirements For Kali Linux : Installing Kali Linux | Kali Linux Documentation

1.3.2 DVWA + Burp Suite

DVWA configuration:
Testing for SQL injection vulnerabilities with Burp Suite - PortSwigger
For Window: Installing DVWA in Windows with XAMPP

For Linux : Installing DVWA | How to Install and Setup Damn Vulnerable Web Application i…

Steps :

1.​ Download and Configure DVWA:

○​ Download the DVWA application from the GitHub repository:
https://github.com/ethicalhack3r/DVWA
○​ Extract the contents of the DVWA zip file to the XAMPP's web server directory.
This is typically in C:\xampp\htdocs\ or wherever you installed XAMPP.
2.​ Configure DVWA:
○​ In the DVWA directory, locate the config folder and make a copy of the
config.inc.php.dist file. Rename the copy to config.inc.php.
○​ Open config.inc.php in a text editor and configure the database settings:
■​ Set the database type to mysqli.
■​ Set the database host to localhost.
■​ Set the database name to the one you created (e.g., dvwa_db).
■​ Set the database user and password as you configured in step 3.
■​ Save the file.
3.​ Security Configuration:
○​ Before using DVWA, it's important to set the security level to low and then
increase it as you progress:
 ■​ In your browser, access DVWA at http://localhost/dvwa/.
■​ Log in with the default credentials (Username: admin, Password:
password).
■​ Click on the "DVWA Security" tab and set the security level to "Low."

Complete Tutorial : 0 - Intro/Setup - Damn Vulnerable Web Application (DVWA)

2. Lab Exercise
Lab 1: Network Enumeration
Objective : In this task, you will assume the role of a network security consultant hired by a
company to perform a security assessment on their internal network. Your objective is to use
Nmap and its various features to gather information about the network and identify potential
security vulnerabilities.

Lab Work 1.1: Scan Network

Objective: Use Nmap to scan the network for active devices, open ports, and running services.

Lab Work 1.2: Scan Device

Objective: Use Nmap to perform OS detection, service detection, and vulnerability scanning.

Procedure:

https://www.networkstraining.com/nmap-commands-cheat-sheet/
nmap | Kali Linux Tools
How To Use Nmap for Vulnerability Scanning: Complete Tutorial
Part 1: Host Discovery and Port Scanning

A.​ Use Nmap to perform a ping scan (-sn) on the given IP range (e.g., 192.168.1.0/24) to
discover live hosts on the network.

B.​ For each live host identified, perform a TCP Connect scan (-sT) to enumerate open
ports.

nmap -sT 172.31.2.3/24

 C.​ Save the output of the port scan in the Grepable format (e.g., nmap -oG output.txt) for
later analysis.

nmap -oG output.txt -sT 172.31.2.3

Part 2: Service and Version Detection

1.​ Choose three live hosts from the previous scan results 172.31.2.1, 172.31.2.2,
172.31.2.3, 172.31.2.4, 172.31.2.31, 172.31.2.32
2.​ Use Nmap's version detection to identify services and versions:

nmap -sV 172.31.2.1 172.31.2.2 172.31.2.3 172.31.2.4 172.31.2.31 172.31.2.32

3.​ Document the open ports, services, and versions detected for each host.
Part 3: Operating System Detection

1.​ Select two hosts from the scan results (e.g., 172.31.2.2).
2.​ Use Nmap's operating system detection:

nmap -O 172.31.2.2

3.​ Document the identified operating systems for each host.

Part 4: Vulnerability Scanning

1.​ Choose a live host with web services running (e.g., 172.31.2.2 running HTTP on port
80).
2.​ Use Nmap's scripting engine to scan for vulnerabilities related to web services:
 nmap --script=http-vuln* 172.31.2.2

Report :
●​ Scan Type: The specific type of Nmap scan performed(Host Discovery and Port
Scanning, Service and Version Detection, Operating System Detection,
Vulnerability Scanning, ).
●​ Findings: The information gathered and vulnerabilities identified during the scan.

Lab Work 2: Network Analysis And Security Auditing with hping3

Objective: Configure and utilize the hping3 tool to perform various network analysis and
security auditing tasks. Focus on sending custom TCP/IP packets, conducting port scans,
simulating DoS attacks, and performing traceroute operations. Evaluate the network's
performance, identify potential vulnerabilities, and assess the effectiveness of firewall
configurations.

Basic Usage:

●​ Ping with ICMP:

​ ​ ​ sudo hping3 -1 <target_ip>

 Sends an ICMP Echo (ping) request to the target IP address.

●​ SYN Scan:(Port scan)

sudo hping3 -S -p <port> <target_ip>

Performs a SYN scan on port X of the target IP address. This command sends SYN packets to
port X on the target IP address. The target will respond with a SYN-ACK packet if the port is
open.

●​ UDP Scan:

sudo hping3 -2 -p <port> <target_ip>

Sends a UDP packet to port 53 of the target IP address.

●​ Flood Mode (DOS Attack Simulation):

sudo hping3 --flood <target_ip>

●​ Traceroute

​ sudo hping3 --traceroute <target_ip>

This command sends packets with incrementing TTL (Time-To-Live) values to the target
IP address, allowing users to see each hop along the route.

●​ ICMP Traceroute:
○​ hping3 --traceroute -1 192.168.1.1
○​ --traceroute: Enables traceroute mode.
○​ -1: Specifies ICMP mode.
○​ 192.168.1.1: The target IP address.
●​ UDP Traceroute:
○​ hping3 --traceroute --udp -p 33434 192.168.1.1
○​ --traceroute: Enables traceroute mode.
○​ --udp: Specifies UDP mode.
○​ -p 33434: Sets the destination port for UDP packets. The default
starting port for traceroute is 33434, and it increases with each
hop.
○​ 192.168.1.1: The target IP address.

●​ TCP Traceroute:
○​ hping3 --traceroute -S -p 80 192.168.1.1
 ○​ --traceroute: Enables traceroute mode.
○​ -S: Send TCP SYN packets.
○​ -p 80: Sets the destination port for TCP packets (port 80 is
commonly used for HTTP).
○​ 192.168.1.1: The target IP address.

Tasks:
●​ Sent custom TCP/IP packets using hping3.
●​ Conducted port scans to identify open ports and services.
●​ Simulated a Denial of Service (DoS) attack and analyzed network impact.
●​ Performed traceroute operations to map network paths.
●​ Evaluated network performance metrics (latency, throughput).
●​ Identified potential vulnerabilities using hping3 scans.
●​ Assessed firewall effectiveness by testing with hping3.

Report Format:
●​ Interpreted results and discussed findings from each task.
●​ Reflected on challenges encountered and solutions implemented.

Lab Work 3: Network Traffic Analysis and IPv4 Packet Spoofing with
Wireshark

Objective: Use Wireshark to understand network traffic analysis, how communication takes
place when particular protocols are involved, diagnose issues, and spoof IPv4 packets.

Procedure:
Wireshark User’s Guide
Reference : Wireshark Tutorial for BEGINNERS // Where to start with Wireshark
Report Format:
●​ Interpretation of the results.
●​ Explanation of how the protocols work based on the captured traffic.
●​ Analysis of common issues identified and their causes.
●​ Report on the methods and implications of IPv4 packet spoofing.

Lab Work 4: Vulnerability Scanning with Nikto

Objective: Use Nikto to scan DVWA or another server or you can create a test server
for the lab. Focus on understanding the output and identifying serious vulnerabilities.

Peocecure:
Web Server Scanning With Nikto – A Beginner's Guide
https://www.linkedin.com/pulse/web-hacking-lab-octavious-w--3ylyc/
Reference: Nikto Web Vulnerability Scanner - Web Penetration Testing - #1

LAB WORK : Lab 43 – Web application vulnerability scanning with Nikto - 101Labs.net
 Report Format:

●​ Scan Summary: Overview of the scan configuration and target.

●​ Findings: Detailed information on vulnerabilities identified by Nikto.
●​ Impact: The potential impact of each vulnerability.

Lab 5: OWASP ZAP Installation and Vulnerability Scanning

Objective: Install OWASP ZAP, perform reconnaissance using the spidering tool,
conduct scans on the target web application, and generate a report summarizing
identified vulnerabilities.

Report Format:
●​ Generate a detailed report summarizing all findings from the passive scan, active
scan, and manual testing.
●​ Include recommendations for remediating the identified vulnerabilities.

Lab Work 6 : Understanding of Web-Vulnerabilities through DVWA

Objective : Install DVWA on a local server or a controlled virtual environment. Discuss common
web vulnerabilities such as SQL injection, XSS, etc.

Procedure:
Example : 1 - Brute Force (low/med/high) - Damn Vulnerable Web Application (DV…
Report Format:
●​ Root cause of the vuln.
●​ Impact
●​ Solution
Lab Work 7: Intercepting and Modifying HTTP Requests and Responses
with Burp Suite and DVWA
Objective: Configure Burp Suite to intercept and modify HTTP requests and responses with
DVWA. Focus on manipulating sessions, capturing login attempts, and modifying form data.

Packets.

Procedure:

What is Burp Suite? - Scaler Topics

Report Format:

●​ Packet: The specific network packet or HTTP request/response being analyzed or

modified.
●​ Modification: The exact changes made to the packet or request/response.
●​ Result: The outcome of the modification, including any changes in application behavior
or security implications.
●​

Lab Work 8: Using Burp Suite Intruder and Repeater Modules with DVWA
Objective: Use the intruder module to perform automated attacks and the repeater module to
test specific vulnerabilities in DVWA.
Procedure:

Reference: 02. Bruteforce (using Intruder) / Hacking DVWS with Burp Suite

Intercept Packet:

Action ->Send To Intruder and perform attack

Report Format:

●​ Attack/Vulnerability: The specific attack or vulnerability being tested.

●​ Intruder/Repeater Configuration: The setup and parameters used in the Intruder or
Repeater module.
●​ Result: The outcome of the attack or test, including any security implications or
observed behaviors.