SSM COLLEGE OF ENGINEERING

KOMARAPALAYAM- 638 183.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CCS340 – CYBER SECURITY LABORATORY

(Regulations 2021)

SEMESTER VI
(ACADEMIC YEAR 2024-25)

RECORD NOTE BOOK

REGISTER NUMBER

NAME OF THE STUDENT

1
 SSM COLLEGE OF ENGINEERING
KOMARAPALAYAM- 638183.

Department of Computer Science and Engineering Cyber security Laboratory

Record. NAME:_________________________________
COURSE : B.E (CSE) REGISTENO:__________________________
YEAR : III Year VI Sem

Certified that this is bonafide record of work done by the above student of
the CCS340 – Cyber security during the year 2024-2025.

Signature of Lab in Charge Signature of Head of the Department

Submitted for the Practical examination held on

Internal Examiner ExternalExaminer

2
 LIST OF EXPERIMENTS

SI NO DATE NAME OF THE PG NO MARKS SIGN

EXPERIMENT

1 Install Kali Linux on Virtual box

Explore Kali Linux and bash

2 scripting

3 Perform open source

intelligence gathering using
Netcraft, Whois Lookups, DNS
Reconnaissance, Harvester and
Maltego
Understand the nmap command
4 d and scan a target using nmap

Install metasploitable2 on the

5 virtual box and search for
unpatched vulnerabilities
Use Metasploit to exploit an
6 unpatched vulnerability

Install Linus server on the virtual

7 box and install ssh

Use Fail2ban to scan log files

8 and ban Ips that show the
malicious signs
Launch brute-force attacks on the
9 Linux server using Hydra

Perform real-time network traffic

10 analysis and data pocket logging
using Snort

3
Ex No:1
Date: INSTALL KALI LINUX ON VIRTUAL BOX

AIM:
To install kali linux on virtual box.

PREREQUISITES:
• At least 20 GB of disk space
• At least 1 GB of RAM (preferably 2) for i386 and amd64 architectures
• VirtualBox (or alternative virtualization software)

PROCEDURE/OUTPUT:
Step 1: Download Kali Linux ISO Image
On the official Kali Linux website downloads section, you can find Kali
Linux .iso images. These images are uploaded every few months, providing the latest official
releases.Navigate to the Kali Linux Downloads page and find the packages available for download.
Depending on the system you have, download the 64-Bit or 32-Bit version.

4
Step 2: Create Kali Linux VirtualBox Container
After downloading the .iso image, create a new virtual machine and import Kali as its OS.
1. Launch VirtualBox Manager and click the New icon.
2. Name and operating system. A pop-up window for creating a new VM appears. Specify a
name and a destination folder. The Type and Version change automatically, based on the name
you provide. Make sure the information matches the package you downloaded and click Next.

3. Memory size. Choose how much memory to allocate to the virtual machine and click Next. The
default setting for Linux is 1024 MB. However, this varies depending on your individual needs.
4. Hard disk. The default option is to create a virtual hard disk for the new VM.
Click Create to continue. Alternatively, you can use an existing virtual hard disk file or decide not to
add one at all.

5
5. Hard disk file type. Stick to the default file type for the new virtual hard disk,
VDI (VirtualBox Disk Image). Click Next to continue.
6.Storage on a physical hard disk. Decide between Dynamically allocated and Fixed size. The
first choice allows the new hard disk to grow and fill up space dedicated to it. The second, fixed
size, uses the maximum capacity from the start. Click Next.
7.File location and size. Specify the name and where you want to store the virtual hard disk.
Choose the amount of file data the VM is allowed to store on the hard disk. We advise giving it at
least 8 gigabytes. Click Create to finish.
Now you created a new VM. The VM appears on the list in the VirtualBox Manager.

6
 Step 3: Configure Virtual Machine Settings
The next step is adjusting the default virtual machine settings.
1. Select a virtual machine and click the Settings icon. Make sure you marked the correct VM and
that the right-hand side is displaying details for Kali Linux.

7
2. In the Kali Linux – Settings window, navigate to General > Advanced tab. Change
the Shared Clipboard and Drag’n’Drop settings to Bidirectional. This feature allows you to copy
and paste between the host and guest machine.

3. Go to System > Motherboard. Set the boot order to start from Optical, followed by Hard Disk.
Uncheck Floppy as it is unnecessary.

8
4. Next, move to the Processor tab in the same window. Increase the number of processors to
two (2) to enhance performance.

5. Finally, navigate to Storage settings. Add the downloaded Kali image to a storage device under
Controller: IDE. Click the disk icon to search for the image. Once finished, close the Settings
window.

9
6. Click the Start icon to begin installing Kali.

Step 4: Installing and Setting Up Kali Linux

After you booted the installation menu by clicking Start, a new VM VirtualBox window appears
with the Kali welcome screen.
Select the Graphical install option and go through the following installation steps for setting up Kali
Linux in VirtualBox.

10
1. Select a language. Choose the default language for the system (which will also be the
language used during the installation process).
2. Select your location. Find and select your country from the list (or choose “other”).
3. Configure the keyboard. Decide which keymap to use. In most cases, the best option is to select
American English.
4. Configure the network. First, enter a hostname for the system and click Continue.
5. Next, create a domain name (the part of your internet address after your hostname). Domain
names usually end in .com, .net, .edu, etc. Make sure you use the same domain name on all your
machines.
6. Set up users and passwords. Create a strong root password for the system administrator
account.

11
 7.Configure the clock. Select your time zone from the available options.
8.Partition disks. Select how you would like to partition the hard disk. Unless you have a good
reason to do it manually, go for the Guided –use entire disk option.

12
 9.Then, select which disk you want to use for partitioning. As you created a single virtual hard disk
in Step 3: Adjust VM Settings, you do not have to worry about data loss. Select the only available
option – SCSI3 (0,0,0) (sda) – 68.7 GB ATA VBOK HARDDISK (the details after the dash vary
depending on your virtualization software).
10.Next, select the scheme for partitioning. If you are a new user, go for All files in one
partition.
11.The wizard gives you an overview of the configured partitions. Continue by navigating to
Finish partitioning and write changes to disk. Click Continue and confirm with Yes.
12.The wizard starts installing Kali. While the installation bar loads, additional configuration
settings appear.
13.Configure the package manager. Select whether you want to use a network mirror and click
Continue. Enter the HTTP proxy information if you are using one. Otherwise, leave the field blank
and click Continue again.
14.Install the GRUB boot loader on a hard disk. Select Yes and Continue. Then, select a boot loader
device to ensure the newly installed system is bootable.
15.Once you receive the message Installation is complete, click Continue to reboot your VM.

13
With this, you have successfully installed Kali Linux on VirtualBox. After rebooting, the Kali login
screen appears. Type in a username (root) and password you entered in the previous steps.
Finally, the interface of Kali Linux appears on your screen.

RESULT:
Thus the procedures to install kali linux on virtual box has been done and the kali linux has
been installed in the virtual box.
Ex No:2
Date: EXPLORE KALI LINUX AND BASH SCRIPTING

14
AIM:
To explore kali linux and bash scripting.

EXPLORING KALI LINUX:

The Kali Desktop has a few tabs you should initially make a note of and become familiar
with. Applications Tab, Places Tab, and the Kali Linux Dock.

Applications Tab
Provides a Graphical Dropdown List of all the applications and tools pre-installed on Kali
Linux. Reviewing the Applications Tab is a great way to become familiar with the featured enriched
Kali Linux Operating System. Two applications we’ll discuss in this Kali Linux tutorial are Nmap
and Metasploit. The applications are placed into different categories which makes searching for an
application much easier.

Accessing Applications
Step 1) Click on Applications Tab
Step 2) Browse to the particular category you’re interested in exploring Step 3)
Click on the Application you would like to start.

15
Places Tab
Similar to any other GUI Operating System, such as Windows or Mac, easy access to your
Folders, Pictures and My Documents is an essential component. Places on Kali Linux provides that
accessibility that is vital to any Operating System. By default, the Places menu has the following
tabs, Home, Desktop, Documents, Downloads, Music, Pictures, Videos, Computer and Browse
Network.

Accessing Places
Step 1) Click on the Places Tab
Step 2) Select the location you would like to access.

16
Kali Linux Dock
Similar to Apple Mac’s Dock or Microsoft Windows Task Bar, the Kali Linux Dock
provides quick access to frequently used / favorite applications. Applications can be added or
removed easily.
To Remove an Item from the Dock Step 1)
Right-Click on the Dock Item Step 2) Select
Remove From Favorites

17
To Add Item to Dock
Adding an item to the Dock is very similar to removing an item from the Dock Step 1)
Click on the Show Applications button at the bottom of the Dock
Step 2) Right Click on Application Step
3) Select Add to Favorites
Once completed the item will be displayed within the Dock

18
Kali Linux has many other unique features, which makes this Operating System the primary choice
by Security Engineers and Hackers alike.
BASH SCRIPTING:

Introduction to bash scripting:

A Bash script is a plain-text file that contains a series of commands that are executed as if
they had been typed on terminal window. In general, Bash scripts have an optional extension of .sh
for identification (but it can be run without extension name), begin
wit #!/bin/bash and must have executable permission set before the script can be executed.
Let's write a simple "Hello World" Bash script on a new file using any text editor, named it
hello-world.sh and write the following contains inside it:

#!/bin/bash
# Hello World on Bash Script. echo
"Hello World!"
Then save and close it. In the above script we used some components which we need to explain:
• Line 1: #! is known as shebang, and it is ignored by the Bash interpreter. The second part,
/bin/bash, is absolute path to the interpreter, which is used to run the script. For this we can
identify that, this a "Bash script". There are various types of shell scripts like "zsh" and "C
Shell script" etc.
• Line 2: # is used to add a comment. Hashed (#) tests will be ignored by interpreter. This
comments will help us to take special notes for the scripts.
• Line 3: echo "Hello World!" uses the echo Linux command utility to print a given string
to the terminal, which in this case is "Hello World!".
Now we need to make this script executable by running following command: chmod +x
hello-world.sh
In the following screenshot we can see the output of the above command:

Now we can run the script by using following command:

bash hello-world.sh
We can see that our script shows output of "Hello World!" on our terminal as we can see in the
following screenshot:

19
The chmod command, with +x flag is used to make the bash script executable
and bash along with scriptname.sh we can run it. We can ./scriptname.sh to run the script. This
was our first Bash script. Let's explore Bash in a bit more detail.

Variables:
Variables are used for temporarily store data. We c an declare a variable to assign a value
inside it, or read a variable, which will ""expand" or "resolve" it to its store value.
We can declare variable values in various ways. The easiest method is to set the value directly with
a simple name=value declaration. We should remember that there are no spaces between or after the
"=" sign.
On our terminal we can run following command:
name=Kali
Then we again run another command:
surname=Linux
Variable declaring is pointless unless we can use/reference it. To do this, we precede the
variable with $ character. Whenever Bash see this ($) syntax in a command, it replaces the variable
name with it's value before executing the command. For an example we
can echo both this variable by using following command: echo
$name $surname
In the following screenshot we can the output shows the values of the variables:

20
 Variables names might be uppercase, lowercase or a mixture of both. Bash is case sensitive,
so we must be consistent when declaring and expending variables. The good practice to use
descriptive variable names, which make our script much easier for others to understand and
maintain.
Bash interprets certain characters in specific ways. For example, the following declaration demonstrates an
improper multi-value variable declaration:
hello=Hello World
In the following screenshot, we can see the output.

This was not necessarily what we expected. To fix this type of error we can use single quote
(') or double quote (") to enclose our text. Here we need to know that Bash treats single quotes and
double quotes differently. When Bash meets the single quotes, Bash interprets every enclosed
character literally. When enclosed in double quotes, all characters are viewed literally expect "$"
and "\" meaning variables will be expended in an initial substitution pass on the enclosed text.
In the case of above scenario we the following will help to clarify: hello='Hello
World'
Now we can print this variable using echo, shown in following screenshot:

21
In the above example, we had used the single quote (') to use the variable. But when we use the
hello variable with something other then we need to use double quote ("), we can see following for
better understanding:
hello2="Hi, $hello"
Now we can see the print (echo) of new $hello2 variable on the following screenshot:

We can also set the value of the variable to the result of a command or script. This is also
known as command substitution, which allows us to take the output of a command (what would
normally be printed to the screen) and have it saved as the value of a variable.
To do this, place the variable name in parentheses "()", preceded by a "$" character:
user=$(whoami)
echo $user
Here we assigned the output of the whoami command the user variable. We then displayed it's
value by echo. In the following screenshot we can see the output of the above command:

22
An alternative syntax for command substitution using backtick (`), as we can see in the following
commands:
user2=`whoami` echo
$user2
This backtick method is older and typically discouraged as there are differences in how the two
methods of command substitution behave. It is also important to note that command substitution
happens in a subshell and changes to variables in the subshell will not alter variables from the
master process.

Arguments:
Not all Bash scripts require arguments. However, it is extremely important to understand
how they are interpreted by bash and how to use them. We have already executed Linux commands
with arguments. For example, when we run command ls -l /var/log, both - l and /var/log are
arguments to the ls command.
Bash scripts are not different, we can supply command-line arguments and use them in our scripts.
For an example we can see following screenshot:

23
In the above screenshot, we have created a simple Bash script, set executable permissions on it, and
then ran it with two arguments. The $1 and $2 variables represents the first and second arguments
passed to the script. Let's explore a few special Bash variables:

Variable Name Description

$0 The name of the Bash script

$1 - $9 The first 9 arguments to the Bash script

$# Number of arguments passed to the Bash script

$@ All arguments passed to the Bash script

$? The exit status of the most recently run process

$$ The process id of the current script

$USER The username of the user running the script

$HOSTNME The hostname of the machine

$RANDOM A random number

$LINENO The current line number in the script

Some of these special variable can be useful when debugging a script. For example, we might be
able to obtain the exit status of a command to determine whether it was successfully executed or
not.

Reading user input:

Command-line arguments are a form of user input, but we can also capture interactive user
input during a script is running with the read command. We are going to use read to capture user
input and assign it to a variable, as we did in the following screenshot

24
We can alter the behavior of the read command with various command line options. Two of the
most commonly flags include -p, which allows us to specify a prompt, and -s, which makes the
user input silent/invisible (might be helpful for credentials). We can see an example in the
following screenshot:

If, else, elif:

If, Else, Elif are considered as most common conditional statements, which allow us to
show different actions based on different conditions.

25
The if statement is quite simple. This checks to see if a condition is true, but it requires a very
specific syntax. We need to be careful to attention to this syntax, especially the use of required
spaces.

In the above screenshot if "some statement" is true the script will "do some action", these action can
be any command between then and fi. Lets look at an actual example.

On the above example, we used an if statement to check the age inputted by a user. If the user's age
was less than (-lt) 12, the script would output a warning message.
Here the square brackets ([ &]) in the if statement above are originally reference to the test
command. This simply means we can use all of the operators that are allowed by the test command.
Some of the widely used operators include:
• -n VAR - True if the length of VAR is greater than zero.
• -z VAR - True if the VAR is empty.
• STRING1 = STRING2 - True if STRING1 and STRING2 are equal.
• STRING1 != STRING2 - True if STRING1 and STRING2 are not equal.

26
 • INTEGER1 -eq INTEGER2 - True if INTEGER1 and INTEGER2 are equal.
• INTEGER1 -gt INTEGER2 - True if INTEGER1 is greater than INTEGER2.
• INTEGER1 -lt INTEGER2 - True if INTEGER1 is less than INTEGER2.
• INTEGER1 -ge INTEGER2 - True if INTEGER1 is equal or greater than INTEGER2.
• INTEGER1 -le INTEGER2 - True if INTEGER1 is equal or less than INTEGER2.

• -h FILE - True if the FILE exists and is a symbolic link.

• -r FILE - True if the FILE exists and is readable.
• -w FILE - True if the FILE exists and is writable.
• -x FILE - True if the FILE exists and is executable.
• -d FILE - True if the FILE exists and is a directory.
• -e FILE - True if the FILE exists and is a file, regardless of type (node, directory,
socket, etc.).
• -f FILE - True if the FILE exists and is a regular file (not a directory or device).
We had applied these things to the above if statement example and we remove the square brackets
using test string. But we think that the square bracket makes the code more readable.
We also can perform a particular set of actions if a statement is true and other statement is false. To
do this, we can use the else statement, which has the following syntax:

Now for an example we expand our previous age example including our else statement, as shown
in the following screenshot:

27
We can easily notice that the else statement was executed when the inputted age was not less than
12
We can add more arguments to the statements with the help of elif statement. The example will be
following:

28
Let's extend our age example with elif statement in the following screenshot:

On the above example we can see that the code is little bit complex compared to if and else. Here
when the user inputs the age grater than 60 elif statement will be executed and output the
"Salute ..." message.

RESULT:
Thus the kali linux and bash scripting in kali linux have been explored successfully.

29
EX NO:3 PERFORM OPEN SOURCE INTELLIGENCE GATHERING USING
DATE: NETCRAFT, WHOIS LOOKUPS, DNS RECONNAISSANCE,
HARVESTER AND MALTEGO

AIM:
To perform open source intelligence gathering using Netcraft, Whois Lookups, DNS
Reconnaissance, Harvester and Maltego.

PROCEDURE/OUTPUT:

TheHarvester:
theHarvester is a command-line tool included in Kali Linux that acts as a wrapper for a
variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open
ports / banners, and employee names related to a domain from different public sources (such as
search engines and PGP key servers).
This package is installed in the kali linux using the following command: sudo apt
install theharvester
Now, let us perform open source intelligence gathering using theHarvester on the domain name
kali.org and the command used for it will be,
theHarvester -d kali.org -l 500 -b duckduckgo
Using this command we are performing osint on the domain name kali.org and limiting the results
to 500 and we are using the browser duckduckgo.

30
Whois lookup:
whois is a database record of all the registered domains over the internet. It is used for many
purposes, a few of them are listed below.
• It is used by Network Administrators in order to identify and fix DNS or domain-
related issues.
• It is used to check the availability of domain names.
• It is used to identify trademark infringement.
• It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal whois
geeksforgeeks.org
Replace geeksforgeeks.org with the name of the website you want to lookup.

31
Maltego:
Maltego is an open-source intelligence forensic application. Which will help you to get
more accurate information and in a smarter way. In simple words, it is an information- gathering
tool.

Features of Maltego:
• It is used for gathering information for security related work. It will save your time and
make you work smarter and accurately.
• It will help you in the thinking process by demonstrating connected links between all the
searched items.
• If you want to get hidden information, it(Maltego) can help you to discover it. It is
pre-installed (in the information gathering section )in Kali Linux.

Using Maltego tool in Kali Linux

1. Open Terminal and type “maltego” to run Maltego tool:

32
maltego

2. You have to register yourself first to use Maltego and remember your password as you will need
it again the next time you login into Maltego. After the registration process, you can log in to
Maltego. After that click on Machines and then choose Run Machine.

3. Machine: A machine is simply what type of foot printing we want to do against our target.
Select the machine that you want to use.

33
4. You have to register yourself first to use Maltego and remember your password as you will need
it again the next time you login into Maltego. After the registration process, you can log in to
Maltego. After that click on Machines and then choose Run Machine.

5. Machine: A machine is simply what type of foot printing we want to do against our target.
Select the machine that you want to use.

34
Netcraft:
Netcraft is a UK company that tracks websites. From this data, they’re able to calculate
market share for web servers, uptime, etc. Another service is data about websites. This data can be
extremely valuable to the hacker.

Now let us perform osint gathering on medium.com.

35
Searching for medium returns the above results. Lets choose the first item and click ‘report’.

With this report we can gather a lot of information about our target without touching it or firing any
kind of alarm.
As always, not all information gathered is relevant and might not be correct. But reconnaissance is
all about gathering info and determine what is relevant and what is not.

36
Dnsrecon
DNS reconnaissance is part of the information gathering phase of hacking or penetration
testing because sometimes attackers can easily use such tools to grab subdomains of organizations
and host their own phishing pages. So we can check all our DNS records at once through this tool to
protect us from hackers.

dnsrecon -d secnhack.in

RESULT:
Thus open source intelligence gathering using Netcraft, Whois Lookups, DNS
Reconnaissance, Harvester and Maltego have been performed successfully.

37
EX NO:4 UNDERSTAND THE NMAP COMMAND D AND SCAN A TARGET
DATE: USING NMAP

AIM:
To understand the nmap command d and scan a target using nmap.

PROCEDURE/OUTPUT:

Nmap Commands
The nmap command comes with many options and use cases depending on the situation at
hand. Below are some of the most common and useful nmap commands in Linux with examples.

1. Nmap Command to Scan for Open Ports

When scanning hosts, Nmap commands can use server names, IPV4 addresses or IPV6
addresses. A basic Nmap command will produce information about the given host.
nmap subdomain.server.com
Without flags, as written above, Nmap reveals open services and ports on the given host or hosts.
nmap 192.168.0.1
Nmap can reveal open services and ports by IP address as well as by domain name. nmap -F
192.168.0.1
If you need to perform a scan quickly, you can use the -F flag. The -F flag will list ports on the
nmap-services files. Because the -F "Fast Scan" flag does not scan as many ports, it isn’t as
thorough.

2. Scan Multiple Hosts

Nmap can scan multiple locations at once rather than scanning a single host at a time.
This is useful for more extensive network infrastructures. There are several ways to scan numerous
locations at once, depending on how many locations you need to examine.
Add multiple domains or multiple IP addresses in a row to scan multiple hosts at the same time.
nmap 192.168.0.1 192.168.0.2 192.168.0.3

38
Use the * wildcard to scan an entire subnet at once.

nmap 192.168.0.*
Separate different address endings with commas rather than typing out the entire IP address. nmap
192.168.0.1,2,3
Use a hyphen to scan a range of IP addresses. nmap
192.168.0.1-4

3. Excluding Hosts from Search

When scanning a network, you may want to select an entire group (such as a whole subnet)
while excluding a single host.
nmap 192.168.0.* --exclude 192.168.0.2
You can exclude certain hosts from your search using the -exclude flag. nmap
192.168.0.* --excludefile /file.txt
You can also exclude a list of hosts from your search using the -exclude flag and linking to a
specific file. This is the easiest way to exclude multiple hosts from your search.

4. Scan to Find out OS Information

In addition to general information, Nmap can also provide operating system detection, script
scanning, traceroute, and version detection. It’s important to note that Nmap will do its best to
identify things like operating systems and versions, but it may not always be entirely accurate.
Add in the -A flag on your Nmap command, so you can discover the operating system information
of the hosts that are mapped.
nmap -A 192.168.0.1
The -A flag can be used in combination with other Nmap commands.
Using the -O flag on your Nmap command will reveal further operating system information of the
mapped hosts. The -O flag enables OS detection.
nmap -O 192.168.0.1
Additional tags include -osscan-limit and -osscan-guess.

39
The -osscan-limit command will only guess easy operating system targets. The -osscan- guess
command will be more aggressive about guessing operating systems. Again, operating systems are
detected based on certain hallmarks: it isn’t a certainty that the information is accurate.

5.Scan to Detect Firewall Settings

Detecting firewall settings can be useful during penetration testing and vulnerability scans.
Several functions can be used to detect firewall settings across the given hosts, but the -sA flag is
the most common.
nmap -sA 192.168.0.1
Using the -sA flag will let you know whether a firewall is active on the host. This uses an
ACK scan to receive the information.

6.Find Information About Service Versions

At times, you may need to detect service and version information from open ports.
This is useful for troubleshooting, scanning for vulnerabilities, or locating services that need to be
updated.
nmap -sV 192.168.0.1
This will give you the necessary information regarding the services across the given host.
You can use --version-intensity level from 0 to 9 to determine the intensity level of this search.
You can also use --version-trace to show more detailed information of the scan if the scan does
not come out with the results that you would ordinarily expect.

7.Scan for Ports

Port scanning is one of the basic utilities that Nmap offers and consequently, there are a few
ways that this command can be customized.
With the -p flag followed by a port, you can scan for information regarding a specific port on a host.
nmap -p 443 192.168.0.1
By adding a type of port before the port itself, you can scan for information regarding a specific
type of connection.
nmap -p T:8888,443 192.168.0.1
You can scan for multiple ports with the -p flag by separating them with a comma. nmap

40
-p 80,443 192.168.0.1
You can also scan for multiple ports with the -p flag by marking a range with the hyphen. nmap -p
80-443 192.168.0.1

To scan ports in order rather than randomly, add the flag -r to the command. You can also use the
command --top-ports followed by a number to find the most common ports, up to that amount.

8.Complete a Scan in Stealth Mode

If it is necessary to complete a stealthy scan, use the following Nmap command: nmap -
sS 192.168.0.1
Using the -sS flag will initiate a stealth scan with TCP SYN. The -sS flag can be used in
conjunction with other types of Nmap commands. However, this type of scan is slower and may
not be as aggressive as other options.

9.Identify Hostnames
There are a few ways you can implement host discovery through Nmap. The most common
of which is through -sL. For example:
nmap -sL 192.168.0.1
The -sL flag will find the hostnames for the given host, completing a DNS query for each one.
Additionally, the -n option can be used to skip DNS resolution, while the -R flag can be used to
always resolve DNS. The -Pn flag will skip host discovery entirely, instead of treating hosts as
though they are online regardless.

10.Scan from a File

If you have a long list of addresses that you need to scan, you can import a file directly
through the command line.
nmap -iL /file.txt
This will produce a scan for the given IP addresses. In addition to scanning those IP addresses, you
can also add other commands and flags. This is useful if there is a set of hosts that you often need to
reference.

41
11.Get More Information with Verbose
A verbose output generally gives you far more information regarding a command.
Sometimes this output is unnecessary. However, if you’re debugging a particularly tricky
situation or you want more information, you can set the given command to verbose mode.
nmap -v 192.168.0.1
The -v flag will provide additional information about a completed scan. It can be added to most
commands to give more information. Without the -v flag, Nmap will generally return only the
critical information available.

12.Scan IPv6 Addresses

IPv6 is becoming more commonplace, and Nmap supports it just as it supports domains and
older IP addresses. IPv6 works with any of the available Nmap commands. But, a flag is required to
tell Nmap that an IPv6 address is being referenced.
nmap -6 ::ffff:c0a8:1
Use the -6 option with other flags to perform more complicated Nmap functions with IPv6.

13.Scan to See Which Servers are Active

One of the most simple abilities for Nmap is the ability to ping active machines. The - sP
command locates machines, make sure that machines are responding, or identifies unexpected
machines across a network.
nmap -sP 192.168.0.0/24
The -sP command will produce a list of which machines are active and available.

14.Find Host Interfaces, Routes, and Packets

It may become necessary to find host interfaces, print interfaces, and routes to debug.
To do this, use the --iflist command:
nmap --iflist
The --iflist command will produce a list of the relevant interfaces and routes. nmap --
packet-trace
Similarly, --packet-trace will show packets sent and received, providing similar value for

42
debugging.

15.Aggressive Scans and Timings

Sometimes you may need to scan more aggressively or want to run a quick scan. You can
control this through the use of the timing mechanisms. In Nmap, timing controls both the speed and
the depth of the scan.
nmap -T5 192.168.0.1
An aggressive scan is going to be faster, but it also could be more disruptive and inaccurate. There
are other options such as T1, T2, T3, and T4 scans. For most scans, T3 and T4 timings are
sufficient.

16.Get Some Help

If you have any questions about Nmap or any of the given commands, you can use a tag to
get context-based information.
nmap -h
The -h tag will show the help screen for Nmap commands, including giving information regarding
the available flags.

17.Create Decoys While Scanning

Nmap can also be used to create decoys, which are intended to fool firewalls. While decoys
can be used for nefarious purposes, it’s generally used to debug.
nmap -D 192.168.0.1,192.168.0.2,...
When using the -D command, you can follow the command with a list of decoy addresses. These
decoy addresses will also show as though they are scanning the network, to obfuscate the scan that
is actually being done.
Similarly, it’s possible to use commands such as --spoof-mac to spoof an Nmap MAC address, as
well as the command -S to spoof a source address.

43
PROCEDURE:

Procedure to scan a target using nmap:

In this exercise we will perform a scan on the target : geeksforgeeks.org The
command for it is,
nmap www.geeksforgeeks.org

OUTPUT:

RESULT:
Thus the nmap commands have been explored and a target has been scanned using nmap
commands successfully.

44
 EX NO:5 INSTALL METASPLOITABLE2 ON THE VIRTUAL BOX AND
DATE: SEARCH FOR UNPATCHED
VULNERABILITIES

AIM:
To install metasploitable2 on the virtual box and search for unpatched vulnerabilities.

PROCEDURE/OUTPUT:

Procedure to install metasploitable2 on the virtual box:

Metasploitable is a virtual machine intentionally vulnerable version of Ubuntu designed for
testing security tools and demonstrating common vulnerabilities.
Step 1: Download the Metasploitable 2 file.

45
Step 2: The file initially will be in zip format so we need to extract it, after extracting the file open
VirtualBox.

Step 3: Now as shown in the above image click on the new option in the Virtual box.

46
 • now a window will pop up and you will be asked to provide some details like the name
of your machine, installation path, type, and version.
• fill in the details like: Name:
as per your choice Path: leave as
recommended Type: Linux
Version: other (64-bit)

47
Step 4: Select the RAM you want to provide to the virtual machine. recommended (512Mb).

48
Step 5: Now choose the option to use an existing virtual hard disk file.

• Now locate the file that we have extracted.

Step 6: Now save the file and you will see that the instance is created with the name you have
given.

• We are good to go with the machine just press the start button from the top and wait for it
to start and load the instance.

49
Step 7. once the instance is loaded you will be asked to provide a login name and password. By
default the credentials are :
Default login: msfadmin
Default password: msfadmin

50
51
 • once you log in with credentials you will be directed to the machine and we are done with
the installation process.

Procedure to search for vulnerabilities using Metasploit and nmap:

Step 1: To begin, we launch Metasploit and activate the port scanner module. use
auxiliary/scanner/portscan/tcp

Step 2: Then we use show options to configure the settings for this module. show
options

52
Step 3: We configure RHOSTS with the IP/IP(s) of our machine(s), and if we want we can modify
the scan for certain ports by setting PORTS.
set RHOSTS 192.168.56.103

set PORTS 22,25,80,110,21

Step 4: Following the scan, we will receive an output indicating the open ports on the previously
defined target machine.
set THREADS 3

53
run

Step 5: Once we’ve established a clear picture of the available ports, we can begin enumerating
them in order to observe and locate the operating services, as well as their versions.
db_nmap -sV -p 25,80,22 192.168.56.103

Step 6: Once we’ve identified the open ports and the services that operate on them, we can continue
our scan to check for detailed version numbers on each service running on each port, so we may try
different auxiliary modules in Metasploit to uncover potential vulnerabilities.
db_nmap -sV -A -p 25,80,22 192.168.56.103

54
Step 7: Analyze all the results.

RESULT:
Thus the metasploitable2 have been installed successfully in the kali linux and a search for
unpatched vulnerabilities have also been performed successfully.

55
EX NO:6 USE METASPLOIT TO EXPLOIT AN UNPATCHED
DATE: VULNERABILITY

AIM:
To use Metasploit to exploit an unpatched vulnerability in kali linux.

PROCEDURE/OUTPUT:
Step 1: open your both machines Metasploitable 2 and kali Linux side by side.
• First, we need to run both instances at the same time side by side so that we will be able to
see the changes clearly. launch Vbox and start both Linux and Metasploitable 2 side by
side.

Step 2: let’s check the IP addresses of both machines to get an overview of the target machine.
• now let’s open the terminal and check for the IP address of Metasploitable 2 on which we
are going to perform the attack. use the following command:
msfadmin@metasploitable:~$ ifconfig
• from the above image, we can see that we have an IP address i.e. 192.168.10.5 of the target
machine.

Step 3: now we will be performing a network scan with the help of the Nmap tool to see what
services are running on target and which are way into the target.

56
 • now the first step is to look for loops and vulnerabilities so that we can exploit the
machine, to do so we will use Nmap scan on a Linux terminal. use command:
root-user-#/ $ nmap -sV -O 192.168.10.5

• in the above command -sV is used for getting the versions of services running on the target
machine and -O is used to detect the operating system on the target machine.
• now we can see that we have so many exploitations ways and vulnerabilities to
perform, we will be using the vsftpd_234_backdoor exploit, for exploitation and
gaining access to the machine.
• open Metasploit Framework with the command:

Step 4: Now that we have all the info related to the exploit that we need to use i.e.
vsftpd_backdoor so now we can use Metasploit to exploit the machine and get access to the
command shell. which will eventually give us access to the target machine.
• start the Metasploit Framework by the command mentioned below:
root-user-#/ $ msfconsole
• after following the commands, we are going to choose the exploit that is
vsftpd_backdoor and then set Rhost (targeted IP).

Step 5: Now all we need to do is deploy the exploit into the target machine with the help of msfconsole, to
do so we need to follow some basic steps that are:
• first, let’s select the exploit that we are going to use in this case it is vsftpd_backdoor, so we
will use the following command :

57
msf6~/ use exploit/unix/ftp/vsftpd_234_backdoor
• after selecting the above exploit let’s set up the target to which we are deploying the
exploit.
msf6~/ (unix/ftp/vsftpd_234_backdoor): show options

• now we can see that we have the option to set RHOST which is the receiver host. so we
will set it to the IP address of the target machine.
msf6~/ (unix/ftp/vsftpd_234_backdoor): set RHOST 192.168.10.5

Step 6: The final step is to run the exploit, by command exploit.

msf6~/ (unix/ftp/vsftpd_234_backdoor): exploit

• after setting RHOST just enter the exploit command and you will see the command shell
of the target machine is obtained.

58
 • now we have successfully penetrated the target by obtaining a shell, you can try
commands and verify in both machines at the same time.

Step 7: Verify by using some command shell commands like print the working directory or ls items
in a folder.
pwd, ls -l, ls -a etc
• so we have successfully taken look into how Metasploitable is useful for practicing
penetration testing skills.
• we can see that both sides of the files are the same and we have root access to the
machine.

RESULT:
Thus an unpatched vulnerability has been exploited using the metasploitable 2 and kali
linux successfully.

59
EX NO:7
DATE: INSTALL LINUX SERVER ON THE VIRTUAL BOX AND
INSTALL SSH

AIM:
To install Linus server on the virtual box and install ssh.

PROCEDURE/OUPUT:

Step 1. Download VirtualBox & Ubuntu Server

First we need to download and install VirtualBox itself, followed by a Linux installer.
• Download VirtualBox for your host OS (Windows, Mac, or Linux) from the
VirtualBox downloads page.
• Run the installer, and follow the directions onscreen.
• Download Ubuntu Server from the Ubuntu downloads page. You’ll have a choice between
the latest version and a “Long Term Support” version; choose the LTS version because it’ll
be more stable. (Ubuntu is just one of many Linux distributions available, but we’ve
chosen Ubuntu because it’s common and relatively easy to use.)
• A big .iso file will be downloaded. Make note of the folder it gets downloaded to; we’ll
need to find it in a minute. .iso stands for ISO 9660, a standard for representing the contents
of CD-ROMs and DVD-ROMs as computer files.

Step 2. Set Up a Virtual Machine Host

Now we need to create and configure a virtual machine within VirtualBox.
• Launch VirtualBox, and click the “New” button in the toolbar to create a new virtual
machine.
• Go through the wizard dialog to configure the new virtual machine, leaving all values at the
default except the following:
o Name: This can be whatever you want, but since we’re simulating a server at our
hosting company, we’re going to use the name “hostcom”.
o Type: “Linux”

60
 o Version: “Ubuntu (64-bit)”

• Click the “Create” button in the wizard to create your new virtual machine.

Step 3. Install a Ubuntu Linux Server

Now you have a virtual machine, but its virtual hard drive is empty. There’s no operating system
for it to boot with. If it were a physical computer, we’d pop in a CD or other installation media,
which would allow the machine to boot and install an operating system to its hard drive. We’re
going to do the virtual equivalent of that now.
• Back at the main VirtualBox window, select your new virtual machine from the list of
machines, and click the “Start” button in the toolbar to “power it on”.
• Another dialog should appear, basically saying we need to “insert” the installation
media. Click the folder icon, navigate to the folder you downloaded the .iso file to
previously, select the file, and click “Open”.
• Back at the dialog, click “Start” to start the virtual machine.
• The virtual machine will boot, and the Ubuntu installer will load.
• Go through the menus to configure Ubuntu, leaving all values at the default except the
following (don’t include quotation marks):
o Hostname: “hostcom” (or another all-lower-case network name for your
server).
o User full name: Your full name (e.g. “Jay McGavren”).

o Username: Your user name, which should be short, one word, and all lower case
(e.g. “jay”).
o Password: Enter and confirm a password. Remember it, because you’ll need it to
log in or run administrative commands on the virtual machine.
o Write partition changes to disk: “No” will be selected by default; choose
“Yes”.
o Write to disk (again): “No” will be selected by default; choose “Yes”.

o Software selection: “standard system utilities” will be selected by default, so just

hit Enter. Other packages you need should be installed using the apt-
get program later.
o GRUB boot loader: The default choice is actually the correct one on this screen,
but to avoid confusion: The installer will confirm this “is the only operating
system on this computer”. And it is the only operating system on this virtual

61
 machine. So go ahead and choose “Yes”.
At this point the installation will be complete. Choose “Continue” to reboot the virtual machine.
(There’s no need to “eject” the virtual installation media.) When the virtual machine reboots, it’ll
load the Ubuntu OS itself. You’ll be prompted for a login; enter the user name and password you
created while installing Ubuntu. You’re now logged in to your new virtual server.

Step 4. Connect to the Server Via SSH

The window on your screen right now emulates a monitor that’s connected to your virtual
machine. What you type on your keyboard emulates a keyboard that’s connected directly to your
virtual machine. But to connect to servers out on the Internet, you would use the Secure SHell
program, or ssh. ssh connects you to a terminal on a remote computer, and it encrypts everything you
do so no one can eavesdrop on the passwords and commands you’re sending. From now on, we’re
going to want to connect via SSH. Let’s set that up now.
SSH usually listens for network traffic on port 22, and the SSH on our virtual server will be no
different. We can tell VirtualBox to open a port on our local computer, and send all network traffic
that it receives on that port, to a port on our virtual server. So we’re going to open port 2222 on our
host machine, and forward all traffic to port 22 on our virtual machine. When we use the ssh port to
connect to port 2222 on the host, we’ll wind up talking to the SSH service on the virtual machine.
• In the main VirtualBox window, select your virtual machine from the list of machines, and
click the “Settings” button in the toolbar.
• In the configuration window that appears, click the “Network” tab.
• You’ll see sub-tabs for “Adapter 1” through “Adapter 4”. Ensure Adapter 1 (the main
virtual networking hardware) is selected.
• Click the arrow by the “Advanced” label to expand the advanced settings section.
• Click “Port Forwarding”. A new sub-window will appear with a table of port
forwarding rules.

62
• Click the plus-sign icon to add a new rule.

• Set the fields as follows (don’t include quotation marks):

o Name: This can be any descriptive string, but we recommend “ssh”

o Protocol: “TCP”

o Host IP: Leave blank

o Host port: “2222”

o Guest IP: Leave blank

o Guest Port: “22”

• If you’re planning to set up a server on the guest later, you may also want to add another
rule to forward traffic from a port on the host to the port on the guest that the server will be
running on. (E.g. for a web server, forward host port “8080” to guest port “80”.)
• Click “OK” to close the forwarding rules window when you’re done.
• Click “OK” in the virtual machine settings window to save your changes.

63
The SSH service may not be installed on your virtual Linux server yet. To install it:
• Start your virtual machine if it’s not already running, switch to the window that shows its
screen, and log in.
• At the $ prompt, run this command: sudo apt-get install openssh-server
• You’ll be prompted for a password; enter the one you created when installing Ubuntu.
• The SSH server software will be installed, and the service should start automatically.
The last step will be to try connecting from your host machine to the virtual machine via SSH.
We’re going to direct our SSH client program to connect from our computer, back to port 2222 on
that same computer. We can connect to the same computer we’re running on by using the special
IP address 127.0.0.1. The traffic will be forwarded to port 22 of our virtual machine, and it should
connect.
Readers running Mac or Linux as their host operating systems should already have the ssh
client program installed. Open a terminal on your host machine, and run this
command (substituting the user name you set up when installing Ubuntu for “yourlogin”): ssh
yourlogin@127.0.0.1 -p 2222

Windows users may need to download PuTTY, a free SSH client app. Follow these directions to
establish a connection, using “localhost” as the host name, “SSH” as the protocol, and “2222” as
the port. You’ll be prompted to enter a user name later, as you log in.
Regardless of whether you’re connecting via the ssh program or PuTTY, you’ll see a warning
saying something like “the SSH server isn’t recognized”, which is normal, since this is our first time
connecting. Type “yes” to confirm that it’s OK to connect.
Then type the login (if prompted for one) and password that you set up when installing Ubuntu.
You should be taken to a system prompt, where you can start running Linux commands.

64
You have a virtual Linux server running on your computer.

RESULT:
Thus the linux server has been installed in the virtual box and ssh has also been installed
successfully.

65
EX NO:8 USE FAIL2BAN TO SCAN LOG FILES AND BAN IPS THAT SHOW THE
DATE: MALICIOUS SIGNS

AIM:
To use Fail2banto scan log files and ban Ips that show the malicious signs.

PROCEDURE/OUTPUT:

Installation:
Fail2ban is available in the official repositories of all the most used Linux distributions. To
install it on Debian and Debian-based distribution, we can use the following command:
$ sudo apt install fail2ban
Once Fail2ban package is installed, all its configuration files can be found under
the /etc/fail2ban directory. We should avoid modifying files which come as part of the installation
(those with the “.conf” extension), and place custom configurations in corresponding files with the
“.local” extensions, instead. The main fail2ban configuration file is /etc/fail2ban/fail2ban.conf. This
file contains generic settings, such as the fail2ban loglevel. We place override values in the
/etc/fail2ban/fail2ban.local file, which should be created if it doesn’t exist. To change the loglevel
from “INFO” (the default) to “DEBUG”, for example, we would write:
[DEFAULT]
loglevel = DEBUG
There are three main “entities” we have to deal with when working with Fail2ban: filters, actions
and jails. Let’s take a look at them.

Filters
Fail2ban scans log files and searches for failed authentication attempts. With filters,
we basically tell it how to recognize authentication attempts in the log files of specific services.
Ready to use filters can be found under the /etc/fail2ban/filter.d directory:
$ ls /etc/fail2ban/filter.d

66
3proxy.conf domino-smtp.conf mysqld-auth.conf selinux-ssh.conf apache-
auth.conf dovecot.conf nagios.conf sendmail-auth.conf apache-
badbots.conf dropbear.conf named-refused.conf sendmail-reject.conf

apache-botsearch.conf drupal-auth.conf nginx-botsearch.conf sieve.conf apache-

common.conf ejabberd-auth.conf nginx-http-auth.conf slapd.conf
apache-fakegooglebot.conf exim-common.conf nginx-limit-req.conf softethervpn.conf
apache-modsecurity.conf exim.conf nsd.conf sogo-auth.conf
apache-nohome.conf exim-spam.conf openhab.conf solid-pop3d.conf
apache-noscript.conf freeswitch.conf openwebmail.conf squid.conf apache-
overflows.conf froxlor-auth.conf oracleims.conf squirrelmail.conf
apache-pass.conf gitlab.conf pam-generic.conf sshd.conf
apache-shellshock.conf grafana.conf perdition.conf stunnel.conf assp.conf
groupoffice.conf phpmyadmin-syslog.conf suhosin.conf
asterisk.conf gssftpd.conf php-url-fopen.conf tine20.conf
bitwarden.conf guacamole.conf portsentry.conf traefik-auth.conf
botsearch-common.conf haproxy-http-auth.conf postfix.conf uwimap-auth.conf
centreon.conf horde.conf proftpd.conf vsftpd.conf
common.conf ignorecommands pure-ftpd.conf webmin-auth.conf
counter-strike.conf kerio.conf qmail.conf wuftpd.conf
courier-auth.conf lighttpd-auth.conf recidive.conf xinetd-fail.conf
courier-smtp.conf mongodb-auth.conf roundcube-auth.conf znc-adminlog.conf cyrus-
imap.conf monit.conf screensharingd.conf zoneminder.conf
directadmin.conf murmur.conf selinux-common.conf

Actions
Fail2ban actions are defined in the /etc/fail2ban/action.d directory. Actions
are named after the software used to enforce the ban. Let’s see an example. UFW

67
 (Uncomplicated Firewall) is a firewall manager designed to be easy to use; this is the
content of the /etc/fail2ban/action.d/ufw.conf file:
# Fail2Ban action configuration file for ufw #
# You are required to run "ufw enable" before this will have any effect
#

# The insert position should be appropriate to block the required traffic. # A

number after an allow rule to the application won't be of much use.

[Definition]

actionstart =

actionstop =

actioncheck =

actionban = [ -n "<application>" ] && app="app <application>" ufw

insert from to $app

actionunban = [ -n "<application>" ] && app="app <application>" ufw

delete from to $app

[Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule insertpos
=1

68
# Option: blocktype
# Notes.: reject or deny blocktype
= reject

# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any

# Option: application
# Notes.: application from sudo ufw app list
application =
An action is composed of two main sections: “Definition” and “Init”. Commands specified in the
former are executed in different situations: as a preliminary step (actioncheck), when a jail starts
(actionstart), when it stops (actionstop), to ban (actionban) and to unban (actionunban) an IP
address.
The “Init” section contains action-specific configurations. In the ufw action we reported above, for
example, you can see it contains instructions about the firewall rule position in the rules list
(insertpos = 1) and the blocktype to use (reject vs deny).

Jails
Finally, we have jails. A jail basically associates a filter and one or more actions.
Fail2ban main configuration file for jails is /etc/fail2ban/jail.conf; drop-in configuration files can be
placed in the /etc/fail2ban/jail.d directory.
Jails are named after the filter they use: if a jail is named “sshd”, for example, it is associated with
the /etc/fail2ban/filter.d/sshd.conf filter, unless one is explicitly specified via the “filter” option.
The name of the jail is specified between square brackets. Debian provides an override for the sshd
jail by default. It is defined in the /etc/fail2ban/jail.d/defaults- debian.conf file:
[sshd] enabled =
true
Defaults parameters for the “sshd” jail are in the main jail configuration file. Debian provides this
override with the “enabled” parameter set to “true” just to ensure the jail is active. Here are some
parameters which can be used when defining a jail, or in the “default” section (effective for all

69
existing jails):

Option Role Default value

The filter corresponding to the

filter Filter used by the jail jail name under
/etc/fail2ban/filter.d

Specifies the path(s) of the logfiles to be

logpath service-dependent
monitored

Option Role Default value

Actions(s) to be used by the jail. Actions

action are named after the file in which they are %(action)s – see below
defined, without the extension

ignoreip List of IP addresses to ignore None

The ban duration expressed in seconds or

bantime 10m
with explicitly time suffixes

The interval of time during which the

findtime specified number of failed authentication 10m
attempts must occur for an IP to be banned

The number of failures which must occur

maxretry 5
in the specified findtime to trigger a ban

How the default action is defined

If you take a look at the main jail configuration file (/etc/fail2ban/jail.conf), in the
“default” section, you can see the action is defined the following way (line 268):
action = %(action_)s
In the definition above the _action variable is “expanded” and its value is assigned to the “action”
parameter. The _action variable itself is defined a few lines above (line 212 on Debian):

70
action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] In
this expression some other variables are used:
• banaction: this is the “core” ban action, set to iptables-multiport by default
• port: the ports to be banned – set to 0:65535 by default, to be overridden in specific jails
• protocol: the protocol used in the firewall rule to enforce the ban – tcp by default
• chain: the chain in which the jumps should be added in ban-actions which expect this
parameter
The port, protocol and chain variables are used between square brackets, separated by commas.
With this syntax, they are passed as “arguments” and substitute the respective
placeholders contained in the action definition. Here, “action_” is one of the available macros,
which just enforces a ban. Other ones are defined below it. Some examples are:
• action_mw – Enforces the ban and send an email containing a whois report to the
specified mail
• action_mwl – Same as above, but includes relevant log lines

Banning:
Let’s verify fail2ban works correctly and let it trigger a ban. As we saw before, the default
findtime is 10 minutes, and the default maxretry value is 5: this means that if we fail 5
authentication attempts in 10 minutes, our IP (192.168.122.1 for the sake of this example) will be
banned.
Try to connect via SSH to the host with IP 192.168.122.93 providing a wrong
password on purpose. This triggers the ban on the remote host. We can verify this by taking
a look at the fail2ban log:
$ sudo tail /var/log/fail2ban.log The
relevant lines is:
2023-09-27 15:54:47,028 fail2ban.actions

[2829]: NOTICE [sshd] Ban 192.168.122.1

As you can see, the 192.168.122.1 IP has been banned. A more convenient way to check all the
active bans, is by using the fail2ban-client utility. To obtain a list of banned IPs, we use it with the
“banned” subcommand:
$ fail2ban-client banned [{'sshd':

71
['192.168.122.1']}]
To unban an IP (from all jails), instead, we pass it as argument to the unban subcommand:
$ sudo fail2ban-client unban 192.168.122.1
The fail2ban-client utility can also be used to control the server (start, stop, reload it) and
perform some runtime configurations.

RESULT:
Thus Fail2banto has been used to scan log files and ban Ips that show the malicious signs
successfully.

72
EX NO:9 LAUNCH BRUTE-FORCE ATTACKS ON THE LINUX SERVER
USING HYDRA
DATE:

AIM:
To launch brute-force attacks on the Linux server using Hydra.

PROCEDURE/OUTPUT:

Installation:
Execute the below command in the terminal to install the hydra tool using the apt package
manager.
sudo apt install hydra

Bruteforcing Both Usernames And Passwords

Type the below command on the terminal and hit Enter. hydra -L
user.txt -P pass.txt 192.168.29.135 ssh -t 4
• -l specifies a username during a brute force attack.

• -L specifies a username wordlist to be used during a brute force attack.

• -p specifies a password during a brute force attack.
• -P specifies a password wordlist to use during a brute force attack.
• -t set to 4, which sets the number of parallel tasks (threads) to run.

73
From the above screenshot we that the username and password were found. But in the real world,
you need thousands, millions and even billions of trials to crack the password.

Bruteforcing Passwords
Type the below command on the terminal and hit Enter.
hydra -l msfadmin -P pass.txt 192.168.29.135 ssh -t 4
Here, we are only brute-forcing passwords on the target server.

Bruteforcing Username
Type the below command on the terminal and hit Enter.
hydra -L user.txt -p msfadmin 192.168.29.135 ssh -t 4
In the above example, we were a brute-forcing only passwords, so in this example, we are brute-
forcing only usernames on the target server.

74
Some Special Flags:
Change The Number Of Threads
Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
Here we are changing the Thread Number to 5 and finding the correct username and password. The
default thread of Hydra use is 16. We can change the value with the tag -t.

75
Change The Port Number
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
Here we are adding the port number of the ssh server as 22 and we have also got the correct
password ‘msfadmin’ and username ‘msfadmin’.

Brute Forcing A List Of IPs

Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt -M ip.txt ssh -t 4
Here, along with brute-forcing usernames and passwords, we are also a brute-forcing list of IP
addresses that contain more than one target server address.

76
Miscellaneous
Type the below command on the terminal and hit Enter.
hydra -l msfadmin -P pass.txt 192.168.29.229 -V -e nsr ssh
For Enable Verbose Mode in Hydra, We can use -V. But user/system admins leave some
passwords that need to be accounted for beyond the scope of our wordlists which can be included
with the -e flag. Here you can see a command ‘nsr‘ where ‘n’ stands for null,‘s‘ stands for same,
‘r’ tries the reversed username as a potential password

-V (Verbose Mode)
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -V
The verbose mode in hydra is used for checking in-depth and getting the output results in a more
detailed manner. So for this detailed output retrieval, the -V flag is used.

77
-e nsr flag example
Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt 192.168.29.229 -e nsr ssh
Sometimes user/system admins leave some passwords that need to be accounted for beyond the
scope of our wordlists which can be included with the -e flag. Here you can see a

command ‘nsr‘ where ‘n’ stands for null, ‘s‘ stands for same, and ‘r’ tries the reversed username as
a potential password. We got the output msfadmin username and password is msfadmin.

-s flag example
Note: Example of Changing port number command is the same for this example
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
With flag -s we specify the port number here is port number is 22 and we are using it and got the
output is a username is msfadmin and password is msfadmin.

78
-h flag (To know more usage of Hydra )
Type This Command And Hit Enter:
hydra -h
-h flag is used to display the help menu of the hydra tool for a better understanding of the tool.

Hydra can be a pretty powerful tool when you want to brute-force ssh connections and can be
coupled with several other flags to customize your attack. However, this must not be exploited to
poke around with stuff you are not meant to and the users alone are accountable for their actions.

RESULT:
Thus the brute-force in the linux server has been launched successfully using hydra.

79
EX NO:10 PERFORM REAL-TIME NETWORK TRAFFIC ANALYSIS AND DATA
DATE: POCKET LOGGING USING SNORT

AIM:
To perform real-time network traffic analysis and data pocket logging using Snort.

PROCEDURE/OUTPUT:

Steps to install snort on Kali

• Backup kali's sources.list
mv /etc/apt/sources.list /etc/apt/sources.list.bak
• Remove updates
find /var/lib/apt/lists -type f -exec rm {} \;
• Change sources.list content sudo
nano /etc/apt/sources.list
• Paste content given below

deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports focal main restricted universe

multiverse<br>
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports focal-updates main restricted universe
multiverse<br>
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports focal-security main restricted universe
multiverse<br>
deb [arch=i386,amd64] http://us.archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse<br>
deb [arch=i386,amd64] http://us.archive.ubuntu.com/ubuntu/ focal-updates main restricted universe
multiverse<br>
deb [arch=i386,amd64] http://security.ubuntu.com/ubuntu focal-security main restricted universe
multiverse<br>
• Add the specified public keys
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 sudo apt-

80
 key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C
• Update sudo
apt update
• Now install snort
• sudo apt install snort
•
•

• Traffic analysis using snort

• In Sniffer mode, it behaves like a network sniffer and captures packets passing through the network
interface.
• The tool displays the captured packets on the console or in a log file, allowing the user to analyze
the network traffic.
• This mode can be useful for network troubleshooting and monitoring, but it does not provide any
intrusion detection or prevention capabilities.
• sudo snort –v : Prints out the TCP/IP packets header on the screen

81
• sudo snort –vd : shows the TCP/IP ICMP header with application data in transmit
• sudo snort -X : Displays the full packet details in HEX.
•

• In Packet Logger mode, the tool logs each packet that it captures to a file for later analysis. This
mode can be useful for forensic analysis or for capturing packets for offline analysis.
• However, like Sniffer mode, it does not provide any intrusion detection or prevention capabilities.

• Parameter “-l” – It enables the logger mode, target log and alert output directory. Default output
folder is /var/log/snort. The default action is to dump as tcpdump format

• in /var/log/snort.
•
•
• Starting SNORT in packet Logger Mode sudo

snort -dev -l .
• //The "-l ."part of the command creates the logs in the current directory.
•

82
• –> Log file is created of the captured traffic.
•

• –> Next step is to read the log file generated using the command:

• sudo snort -r <your_log_file_name>

• // Here "-r" is Reading option to read the dumped logs in Snort.

It can read and handle the binary like output.However, if we create logs with the “-K
ASCII” parameter, or in laymen terms, in ASCII format, Snort will not read them.
Thus to open such log files tcpdump or wireshark is needed.

Opening Log file with tcpdump sudo

tcpdump -r <log_file_name>

83
RESULT:
Thus the real-time network traffic analysis and data pocket logging using Snort in kali linux
has been performed successfully.

84