FACULTY OF ENGINEERING & TECHNOLOGY

CYEBR SECURITY (203105326) B. Tech. 3RD YEAR

ENROLLMENT NO: 2203031240799

PRACTICAL - 1
Aim: Implementation to gather information from any PC’s connected to the LAN using
who.is, port scanners, network scanning, Angry IP scanners etc.

Objective: To know how to gather information about the networks by using different
n/w reconnaissance tools.

Requirements: Laptop, who.is, n map, angry ip scanner

1. Who.is

⚫ Theory

whois search for an object in a WHOIS database. WHOIS is a query and response
protocol that is widely used for querying databases that store the registered users of an
Internet resource, such as a domain name or an IP address block but is also used for a
wider range of other information. Most modern versions of whops try to guess the right
server to ask for the specified object. If no guess can be made, whops will connect to
whops.networksolutions.com for NIC handles or whops.arin.net for IPv4 addresses and
network names.
Examples: Obtaining the domain WHOIS record for computer solutions.com WHOIS
record by IP querying Querying WHOIS in google search engine

To use the WHO.IS lookup tool, just enter the domain name whose information you'd
like to view into the search field on the WHOIS main page. You can retrieve key data
about a domain in this way, including availability, domain owner lookup, and creation
and expiration details. If you own multiple domains of your own, it can be helpful to
download exportable lists from the tool to analyze large amounts of domains data.

⚫ Implementation

Step 1: search who.is in web browser

 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step 2: open the who.is tool

Step 3: Enter the Domain name or IP Address of which devices’ information you want
to gather

⚫ Observation:
Get the information about searched domain name or IP Address

2. Port Scanners:
Nmap is convenient during penetration testing of networked systems. Nmap provides
the network details, and also helps to determine the security flaws present in the system.
Nmap is platform-independent and runs on popular operating systems such as Linux,
Windows and Mac.

Nmap is a useful tool for network scanning and auditing purposes.

o It can search for hosts connected to the Network.

o It can search for free ports on the target host.
o It detects all services running on the host with the help of operating system.
o It also detects any flaws or potential vulnerabilities in networked systems.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

It is effortless to work with the Nmap. With the release of a new graphical user interface
called GenMap User, it performs many tasks such as saving and comparing scan
results, scanning the results in a database, and visualize the network system topology
graphically, etc.

⚫ Advantages of Nmap:

Nmap has a lot of advantages that make it different from other network scanning tools.
Nmap is open-source and free to use.

Some other advantages are listed below.

o It is used for auditing network systems as it can detect new servers.

o It will search for subdomain and Domain Name System
o With the help of Nmap Scripting Engine (NSE), interaction can be made with
the target host.
o It determines the nature of the service in the host and performs whether the
host is a mail service or a web server

⚫ Port scanning using Nmap:

⚫ Implementation:

Step 1: Install Nmap in Windows

 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step 2: Open Nmap

Step 3: Open command prompt and give command ipconfig to see local network
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step 4: paste ip address in target select scan type and press scan button

Nmap Output:
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step 5: Open Command prompt Run as administrator

To see the open ports run:

3. Angry IP Scanner

⚫ Implementation:
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Once installed, open the application by searching for it in the Start Menu. As you can
see, the home screen of the application is pretty simple and straightforward. By
default, Angry IP scanner will enter your local IP address range and your computer
name as the hostname.

The good thing about Angry IP Scanner is that it lets you scan IP addresses in three
different ways. They are, the range you specified, a random IP address or a list of IP
addresses from a text file. You can easily select the scan mode from the drop-down
menu next to the IP address field.

As you can see from the above image, the Angry IP Scanner will only include default
fetchers like Ping, Hostname, and Ports. However, you can add more fetchers to get
and see more information about an IP address. To do that, select “Tools > Fetchers.”
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

In this window, you will see all the current fetchers on the left pane and all the
available fetchers in the right pane. To add a fetcher, select the fetcher on the right
pane and then click on the button that looks like “Less than” sign. In my case, I’ve
added new fetchers like MAC address, NetBIOS info, filtered ports, and Web
detectors.

Moreover, Angry IP Scanner will only tell whether the ports are open or not. It will
not list the individual ports that are open. So, if you want to do a port scan, then you
need to configure the application. To do that, simply navigate to “Tools” and then
select the option “Preferences.”

Here, navigate to the “Ports” tab and enter the ports you want to scan in the “Ports
Selection” field. As you can see, I’m scanning for port 80 and port 443. If you want to
scan a range of ports, then enter the port range like “1-1000.” After you have entered
the port number, click OK to save the changes.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Once you are done configuring the Angry IP Scanner, you can continue to scan. To
start off, set the scan mode to “IP Range,” enter the IP address range in the “IP
address” fields and then click on the button “Start.” For instance, I’ve entered an IP
range that is known to have live devices connected to it.

Depending on the number of addresses in the range, it may take some time to
complete. Once completed, the application will show you a summary of the scan. The
summary includes the number of hosts that are alive and the number of hosts that
have open ports. Just click on the button “Close” to continue.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Once you close the summary window, you will see the list of all the IP addresses. You
can also see additional details in different “fetcher” columns. In case you are
wondering, here’s what the colored dots next to each IP address mean.

Red: The IP address is inactive, dead or there is no device connected to this IP address.

Blue: The IP address is either active or busy and not responding to the requests sent
by Angry IP Scanner. This usually will be your own IP Address.

Green: The IP address is active, and the device connected to it is responding to the
requests made by Angry IP Scanner. There may also be open ports.

Apart from copying the details of an IP address, you can also perform a range of
different activities on the entries. You can open an IP address in the web browser, do
an FTP, trace routing, etc. For instance, if you want to traceroute an IP address,
simply right-click on the target IP address. After that, select the option Open and click
on Traceroute.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Once you are done scanning an IP address or the IP address range, you can save the
scan results. To do that, select the option Scan from the menu bar.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

PRACTICAL – 2

AIM: Experiments with open source firewall/proxy packages like iptables,

squid etc
IP-tables
◗ Simply put, iptables is a firewall program for Linux. It will monitor traffic from and to
your server using tables. These tables contain sets of rules, called chains, that will filter
incoming and outgoing data packets.
◗ When a packet matches a rule, it is given a target, which can be another chain or one of
these special values:
◗ ACCEPT – will allow the packet to pass through.
◗ DROP – will not let the packet pass through.
◗ RETURN – stops the packet from traversing through a chain and tell it to go back to the
previous chain.
Iptables chains:
◗ In this iptables pratical, we are going to work with one of the default tables,
called filter. It consists of three chains:
◗ INPUT – controls incoming packets to the server.
◗ FORWARD – filters incoming packets that will be forwarded somewhere else.
◗ OUTPUT – filter packets that are going out from your server.

How to Install and Use Iptables Linux Firewall

◗ Installing of Iptables
◗ sudo apt-get update
◗ sudo apt-get install iptables
◗ Check the status of your current iptables configuration by running.
◗ sudo iptables -L
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Types of tables in iptables

commands
◗ Iptables –A INPUT –s your ip –j DROP
◗ Iptables –A INPUT –s your ip –j ACCEPT
◗ → to stop https websites
◗ → to stop http websites
◗ Iptables –A OUTPUT –p tcp –o eth0 –s your ipaddress -–dport 80 –j DROP

Follow the instructions to create a firewall rule that prevents the communication
between two systems via ping.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step -1
CHECK YOUR IPADDRESS IN BOTH OPERATING SYSTEM(KALI LINUX AND
WINDOWS ) BY FOLLWING COMMANDS IN THE BELOW PICTURES
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Attempt to ping both devices to verify whether they are

responsive or not
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Please create an iptables rule to stop communication between both devices,

as shown in the picture.

Now try to ping on both devices its working or not.

CSE-PIET(PU) 1
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

CSE-PIET(PU) 1
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Again if you want resume the communication then you have to write another
rule to “ACCEPT” the communication both device by iptable rule. Before you
accept the rule We have to remove the previous rule which we have given the
“DROP” rule.

CSE-PIET(PU) 1
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

To remove the rule from iptable as see in picture

To stop https request in our browser by ip address.

 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

To resume the https request in browser by accept rule

FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Practical – 3

AIM: Implementation of Steganography

SCOPE:
Encompasses the detection of concealed messages and data within various media files,
emphasizing the application of steganographic methods for security and forensic purposes.

REQUIREMENTS:
The requirements are Hardware and Devices, Steg software, S-Tools, sample image,
Documentation Templates etc.

THEORY:
Steganography:
• The root “steganos” is Greek for “hidden” or “covered,” and the root “graph” is Greek
for “to write.” Steganography is the practice of hiding a secret message inside of (or
even on top of) something that is not secret.
• Examples of steganography involve embedding a secret piece of text inside of a picture.
Or hiding a secret message or script inside of a Word or Excel document. The purpose
of steganography is to conceal and deceive. It is a form of covert communication and
can involve the use of any medium to hide messages.
• It’s not a form of cryptography, because it doesn’t involve scrambling data or using a
key. Instead, it is a form of data hiding and can be executed in clever ways.

EXAMINATION:
Step 1: Write a secret message in .txt format (Ex: evidence a.txt).

Step 2: Using S-Tools, drag and drop the cover image file (original-zebras.bmp), and then
enter secret message file on top of it.

Step 3: Now to encrypt the stego file. Create a new password for the encryption and click on
the “OK” button.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Step 4: It was generate a new stego image. To save the stego file, right-click on the image
and select the “Save as...” option.
Step 5: Specify the destination to save the stego image and click on the “Save” button.

Step 6: Now, to extract the concealed information from the stego image, run the S-Tools and
then drag and drop the file into it. Right-click on the image and select the “Reveal” option
from the top-down menu.

Step 7: “Revealed Archive” window displaying the secret message file name.
OBSERVATION: Now, Right-click on the file name and then select the “Save as…” option
to save it in a location. Next check the extracted file.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

PRACTICAL-4

AIM: Implementation of MITM- attack using wireshark /

network sniffers.

Wireshark or Ettercap

We’ll need a client machine as well whose network traffic we will spoof and sniff to get
cleartext submission of passwords from certain vulnerable websites.

Ettercap is GUI based tool built into Kali so need to download and install anything, so
let's get started doing a MiTM attack with Ettercap.
Step #1: Start ettercap
Let's view the help file for ettercap by typing;
kali > ettercap -h
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

As you can see, ettercap has a significant help file for running it from a command line,
but the only thing we need from here is the switch to run it in graphical mode. In the
bottom line of the screenshot (not the bottom line of the actual help file as I have
truncated it in the interest of space), you can see the -G switch. This after the command
ettercap will launch the ettercap GUI.
kali > ettercap -G
When we do, the ettercap GUI will start as seen below.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

The first step in launching our MiTM attach is to start sniffing. Go to

pulldown menu that says "Sniff" and click on "Sniffing at startup".

When we do that, it asking us what interface we want to use and

defaults to eth0.

Then click on TICK mark

 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

When we click "OK", ettercap launches it sniffing and loads its plugins.
Our next step to find the hosts on the network. Click on the "Hosts"
tab and you will see a menu that includes "Scan for Hosts". Click on it
and ettercap will begin scanning the network for hosts.

Now, using that same "Hosts" tab, click on "Hosts List". This will
display all the hosts that ettercap has discovered on your network as
seen in the screenshot below.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Now, select one of the hosts that will be the target of this attack in the window by clicking
on it and then click on "Add to Target 1" at the bottom of the window. When you do so,
ettercap will add that host as the first target in our MiTM attack as seen in the screenshot
below.
Next, select the second host in this attack and then click "Add to Target 2".
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

Finally, go to the menu above and click on MITM tab and the drop down menu will have
a selection called "ARP Poisoning" as seen in the screenshot below.

Select it and it will open a pop window like below. Select "Sniff remote connections".
When we press OK, ettercap will begin ARP poisoning and you will see ettercap respond
in its main windows with the message below.

Now, we have successfully placed ourselves between the two targets

systems and all their traffic must flow through us. This is where the
fun begins as we can now delete, manipulate, impersonate and view all
their traffic.
 FACULTY OF ENGINEERING & TECHNOLOGY
CYEBR SECURITY (203105326) B. Tech. 3RD YEAR
ENROLLMENT NO: 2203031240799

NOW open any browser on target IP address system and open any
HTTP websites of LOGIN PAGE type your id and password then it will
show output in ettercap output panel.

WIRESHARK:-

A basic setup is complete and victim network traffic will now pass through the attacker
machine. To listen to these packets, we will use Wireshark (To know about the basics
of Wireshark, read our article here)

• Open up a new terminal and type wireshark. Go to the interface which is capturing all the
data flow (here eth0) and start the capture.
• Filter out packets according to what you are looking for. For the purpose of this demo,
the user is logging in to a vulnerable website DVWA which uses HTTP instead of the secure
version HTTPS. Filter protocol as http and search for required data.
Disclaimer: This tutorial is purely intended for educational purposes and should not be
misused.

• Right click on the packet and follow TCP stream to open up the data contained within.
We can clearly obtain the login credentials of the user, that is the username and password.

MITM is one of the classic hacks and on a LAN connection, ARP spoofing is much
preferred. Today there have been various measures to prevent such an attack by use of
HTTPS, use of VPN and, strong WEP/WAP encryption on access points.