Cyber Security 200860116002

2
Practical No: 01
Aim: Study Install Kali Linux. Examine the utilities and tools available in Kali
Linux and find out which tool is the best for finding cyber
attack/vulnerability.

Step 1: You have to first download the VirtualBox and then install it

LIT/IT/2022-23 PAGE | 1
Cyber Security 200860116002
2

LIT/IT/2022-23 PAGE | 2
Cyber Security 200860116002
2

LIT/IT/2022-23 PAGE | 3
Cyber Security 200860116002
2

Step 2: After words download Kali-linux for Virtualbox

Step 3:After download complete open VirtualBox and then click on Import

LIT/IT/2022-23 PAGE | 4
Cyber Security 200860116002
2
Step 4: Select the part of the kali OS file

LIT/IT/2022-23 PAGE | 5
Cyber Security 200860116002
2

Step 5: After it done click on start

LIT/IT/2022-23 PAGE | 6
Cyber Security 200860116002
2
Step 6: Done Installation of Kali Linux

LIT/IT/2022-23 PAGE | 7
Cyber Security 200860116002
2

Practical No: 02
Aim : Evaluate network defense tools for following
i. IP spoofing
ii. DOS attack

IP spoofing prevention
Most of the strategies used to avoid IP spoofing must be developed and deployed by IT specialists.
The options to protect against IP spoofing include:
• Monitoring networks for atypical activity.

• Deploying packet filtering to detect inconsistencies (such as outgoing packets with source
IP addresses that don't match those on the organization's network).

• Using robust verification methods (even among networked computers).

• Authenticating all IP addresses and using a network attack blocker.

• Placing at least a portion of computing resources behind a firewall. A firewall will help
protect your network by filtering traffic with spoofed IP addresses, verifying traffic, and
blocking access by unauthorized outsiders

DOS attack

• Work with your cloud and Internet service providers to implement service level agreements
that include DoS defence provisions. Your service providers may use multiple tools and
techniques to help your organization protect itself against DoS attacks.
• Ensure your system administrators are familiar with DoS protection services. Familiarity
with these services can help them effectively rate limit or whitelist.
• Monitor network and systems. Configure monitoring tools to alert you when there is an
increase in traffic (outside of your baseline) or any suspicious traffic overloading a site.
• Install and configure firewalls and intrusion prevention systems. You can use these tools to
monitor traffic and block known-malicious and illegitimate traffic.

LIT/IT/2022-23 PAGE | 8
Cyber Security 200860116002
2
• Install and maintain anti-virus and anti-malware software. Securely configure anti-virus and
anti-malware software on all connected devices. Enable anti-malware solutions that update
and scan automatically.
• Update and patch operating systems and applications. Update and patch systems and
applications, including your firewalls, to ensure that security issues are addressed and
prevent threat actors from taking advantage of vulnerabilities.
• Use a website hosting service that emphasizes security. Before you choose a service to host
your website, verify that the vendor has security measures in place its customers.
• Defend your network perimeter. To protect your network, use a layered approach to security
by implementing multiple controls and techniques.
• Plan for an attack. Have a recovery plan that prioritizes systems and processes based on
their tolerable downtime. You should also identify points of contact and an incident
response team.
• Back up your data. Create backups of your information and critical applications. Regularly
test restore of your backups.

LIT/IT/2022-23 PAGE | 9
Cyber Security 200860116002
2
Practical No: 03
Aim: - Explore the Nmap tool and list out how it can be used for Network
Defense

Nmap is Linux command-line tool for network exploration and security auditing. This tool is
generally used by hackers and cybersecurity enthusiasts and even by network and system
administrators. It is used for the following purposes:
• Real time information of a network
• Detailed information of all the IPs activated on your network
• Number of ports open in a network
• Provide the list of live hosts
• Port, OS and Host scanning

1. To scan a System with Hostname and IP address. First, Scan using Hostname
nmap www.google.com

Now let’s Scan using IP Address

nmap 119.18.58.248

LIT/IT/2022-23 PAGE | 10
Cyber Security 200860116002
2

The nmap command allows scanning a system in various ways. In this we are performing a scan
using the hostname as “goofy” and IP address “172.217.27.174”, to find all open ports, services,
and MAC addresses on the system.

LIT/IT/2022-23 PAGE | 11
Cyber Security 200860116002
2
2. To scan using “-v” option.

nmap -v 119.18.58.248

It is used to get more detailed information about the remote machines.

3. To scan whole subnet

nmap 119.18.58.248.*

We can scan a whole subnet or IP range with nmap by providing “*” with it. It will scan a whole
subnet and give the information about those hosts which are Up in the Network.

4. To scan to detect firewall settings.

sudo nmap -sA 119.18.58.248

Detecting firewall settings can be useful during penetration testing and vulnerability scans. To
detect it we use “-sA” option. This will provide you with information about firewall being active
on the host. It uses an ACK scan to receive the information.

5. To scan multiple hosts

nmap 119.18.58.248.198.35 172.217

LIT/IT/2022-23 PAGE | 12
Cyber Security 200860116002
2
Practical No: 04
Aim: Explore the Nmap tool and list how it can be used for network defense.

Netcat is a tool that two can use to chat. A connection between them must however be established
first. All this will be done on two different devices in this regard. we do this with two operating
systems: Elementary OS and fab Kali OS. What Is Netcat In Kali Linux? How Do I Get Netcat On
Linux? What Is Nc Command In Kali? Is Netcat On Kali Linux?

nc -v means verbose -n numeric-only IP addresses -z zero=I/O mode

LIT/IT/2022-23 PAGE | 13
Cyber Security 200860116002
2

For communication we use following command nc -nvz than host IP address the particular
Port number

LIT/IT/2022-23 PAGE | 14
Cyber Security 200860116002
2
Then we have to use following command for lisenning in host pc ncat -nvlp then port number

For file transfer we have to use following command ncat -nvlp 4000 > then location

LIT/IT/2022-23 PAGE | 15
 Cyber Security 200860116002

Practical No: 05
Aim: - Use Wireshark tool and explore the packet format and content at each
OSI layer.

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used by
network or system administrator to monitor and troubleshoot network traffic. Using the information
captured by the packet sniffer an administrator can identify erroneous packets and use the data to
pinpoint bottlenecks and help maintain efficient network data transmission.
In its simple form a packet sniffer simply captures all of the packets of data that pass through a
given network interface. By placing a packet sniffer on a networking promiscuous mode, a
Malicious intruder can capture and analyze all of the network traffic. This is basically a network
protocol analyzer –popular for providing the minutest details about your network protocols, packet
information, decryption etc.
It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems.
The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode T
Shark utility. You can get your own free version of the tool from here.
Download and install Wireshark network analyzer.
Steps to capture traffic:

LIT/IT/2022-23 16
Cyber Security 200860116002

1. Open Wireshark network analyzer

2.Select interface: Go to capture option in menu bar and select interface

LIT/IT/2022-23 17
Cyber Security 200860116002

3.Start Capturing

LIT/IT/2022-23 18
Cyber Security 200860116002

4.Analyzing the network traffic

LIT/IT/2022-23 19
Cyber Security 200860116002

LIT/IT/2022-23 20
 Cyber Security 200860116002

Practical No: 06
Aim: Examine SQL injection attack.

Consider a shopping application that displays products in different categories. When the user clicks
on the Gifts category, their browser requests the URL:

https://insecure-website.com/products?category=Gifts

This causes the application to make an SQL query to retrieve details of the relevant products from
the database:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

This SQL query asks the database to return:

• all details (*)

• from the products table
• where the category is Gifts
• and released is 1.

The restriction released = 1 is being used to hide products that are not released. For unreleased
products, presumably released = 0.

The application doesn't implement any defenses against SQL injection attacks, so an attacker can
construct an attack like:

https://insecure-website.com/products?category=Gifts'--

This results in the SQL query:

SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1

The key thing here is that the double-dash sequence -- is a comment indicator in SQL, and means
that the rest of the query is interpreted as a comment. This effectively removes the remainder of the
LIT/IT/2022-23 21
 Cyber Security 200860116002

query, so it no longer includes AND released = 1. This means that all products are displayed,
including unreleased products.

Going further, an attacker can cause the application to display all the products in any category,
including categories that they don't know about:

https://insecure-website.com/products?category=Gifts'+OR+1=1--

This results in the SQL query:

SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1

The modified query will return all items where either the category is Gifts, or 1 is equal to 1.
Since 1=1 is always true, the query will return all items.

LIT/IT/2022-23 22
Cyber Security 200860116002

LIT/IT/2022-23 23
Cyber Security 200860116002

Practical No: 07
Aim: Perform SQL Injection with SQLMap on Vulnerable website found using
google dorks.

Step 1: test.vulnweb is a website which is found using google dorks. Now, select the url link
found to be vulnerable.

LIT/IT/2022-23 24
 Cyber Security 200860116002

Step 2: Now run the command sqlmap -u http://testphp.vulnweb.com/ -dbs it will show all
the database related to the webpage

Step 3: It will show all the related database to the webpage.

Step 4: Now to select Table from obtained Database type command

Sqlmap -u http://testphp.vulnweb.com/ -D acuart –table

LIT/IT/2022-23 25
 Cyber Security 200860116002

Step 5: The related Tables according to database will be output as a result.

Step 6: Now, to obtain data of any column type command

Sqlmap -u http://testphp.vulnweb.com/ –D acurat --column user

LIT/IT/2022-23 26
 Cyber Security 200860116002

Step 7: Now the result obtained is a final result.

LIT/IT/2022-23 27
 Cyber Security 200860116002

Practical No: 08
Aim: Examine software keyloggers and hardware keyloggers
A keylogger is a piece of generally-malicious software or hardware installed on your computer that
logs what you type. While they may be legitimately used in rare circumstances, they can also be used
by cybercriminals to gather personal information and passwords. They can also cause your computer
to slow down. This wikiHow teaches you to detect and remove it keyloggers.
PART 1: -
Step 1: Update your operating system+: Outdated software may have exposed security holes that
can open your computer up to infection.
• Make sure that all users of the computer know not to click freely on the internet, especially
pop-ups, and avoiding freebies at all costs

Step 2: Configure your web browser's security settings. The process of configuring your web
browser is different from one web browser to another. Open the Settings menu on your web
browser and look for the Privacy and/or Security settings. Disable any unwanted plug-ins, block
malicious websites, and clear your browser history. Delete cookies that track personal information.

LIT/IT/2022-23 28
Cyber Security 200860116002

Step 3: Install reputable security software on your computer. Install both an on-demand anti-
malware and an always-on antivirus. Free options include Malwarebytes (for malware) and Avast
or Panda (for antivirus). Keep your security software updated.

PART 2 : -
Step 1: Open the Task Manager. Use the following steps to open the Task Manager:
• Right-click the taskbar at the bottom of the page.

LIT/IT/2022-23 29
 Cyber Security 200860116002

• Click Task Manager in the pop-up menu.

Step 2: Click More Details. It's in the lower-left corner of the Task Manager. This displays a list
of all processes running on your computer. This includes apps you have open as well as processes
running in the background.

Step 3: Check for suspicious processes. You'll most likely find suspicious processes running in the

LIT/IT/2022-23 30
 Cyber Security 200860116002

background. Check for apps that you don't recognize.

• If you are not sure what a process is, right-click it and click Search online. This will
do a Google search of the app or process.
• If you find a process you want to stop, click the process and then click End task in
the lower-right corner.

Step 4: Click the Startup tab. It's at the top of the Task Manager. This displays a list of programs
that startup with your computer.

LIT/IT/2022-23 31
Cyber Security 200860116002

Step 5: Check for any suspicious programs. Look through all the startup programs and see if
there is anything you don't recognize.
• If your are not sure what a program is, right-click it and click Search Online. This
does a Google Search of the program.
• If you find a program you want to disable. Click the program and click Disable in
the lower-right corner.

Step 6: Scan for viruses and malware. Many keyloggers hide themselves from both msconfig and
the Task Manager, or disguise themselves as legitimate programs. Use your reputable anti-malware
to scan for viruses and malware on your computer.

LIT/IT/2022-23 32
Cyber Security 200860116002

Step 7: Check on your desktop computer. If you have a desktop computer, it may also have a
hardware keylogger on it. Look at where your keyboard cable connects to your tower. If there is a
device plugged in between the keyboard cable and the tower, it might be a hardware keylogger.
• Please note that this may also be a legitimate converter or device. If you find an
unfamiliar device attached to your computer, find out who put it there and why.

PART 3: -
LIT/IT/2022-23 33
 Cyber Security 200860116002

Step 1: Determine if the keylogger is visible. If the keylogger detected is visible as an entry on
the list of programs in the Control Panel, then it might be a legitimate keylogger program with an
uninstaller. Uninstall the program, and use an anti-malware to remove any remnants.

Step 2: Try an uninstaller. With some keylogger programs, such as Logixoft's Revealer
Keylogger, the installer can be used to uninstall the keylogger. Download the installer, and use that
to uninstall the keylogger. You can also uninstall programs through the Settings menu. Remove
remnants of the keylogger using a reputable anti-malware scanner.
• If you are unable to uninstall the program, try restarting your computer in Safe
Mode and uninstalling it while in Safe Mode.

LIT/IT/2022-23 34
 Cyber Security 200860116002

Step 3: Run windows defender offline. After getting the latest updates for your antivirus, run a
rootkit detector such as Windows Defender Offline. In order for you to run it, you have to go deep
into settings or create offline media.

Step 4: Search for specific advice for the keylogger, by name. Do a Google search for the
specific keylogger program name. Some keylogger programs, such as Refog, actively prevent
uninstallation. Check on internet forums such as Bleeping Computer to see how you can remove
the program without breaking your computer.
LIT/IT/2022-23 35
Cyber Security 200860116002

• Hijack This is a good tool for removing programs that are buried deep within your
Windows Registry. However, you need to use Hijack This with caution. It can
also be used to inadvertently delete things Windows needs to function. Do a
Google search before deleting any registry items.

Step 5: Consider reinstalling your computer's operating system. Many keyloggers get buried
deep within your Windows Operating system, making them difficult to remove. In some cases, the
easiest solution may be to back up your files and reinstall Windows.[2]
• Reinstalling Windows will remove everything on your computer. Be sure to back
up your files before reinstalling your system. You can back up your files using an
external hard drive, or a cloud service such as Google Drive, Dropbox, or One
Drive.
• You should reinstall your operating system if you have detected a keylogger on a
computer that you plan to use for bank transactions or dealing with trade secrets,
because the keylogger might not have been completely removed.

LIT/IT/2022-23 36
Cyber Security 200860116002

LIT/IT/2022-23 37
 Cyber Security 200860116002

Practical No: 09
AIM: Perform online attacks and offline attacks of password cracking

A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web
page. Hackers work through all possible combinations hoping to guess correctly.

These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and
‘force’ their way into your private account(s).

This is an old attack method, but it's still effective and popular with hackers. Because depending on
the length and complexity of the password, cracking it can take anywhere from a few seconds to
many years.

For this I am using the tool call Hydra

LIT/IT/2022-23 38
Cyber Security 200860116002

And for brute force attack I am using DVWA

After that we type invalid password for login

It will show valid username and password

LIT/IT/2022-23 39
 Cyber Security 200860116002

PRACTICAL: 10
Aim : Consider a case study of cyber crime, where the attacker has performed
on line credit card fraud. Prepare a report and also list the laws that will be
implemented on attacker.

PHISHING

Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal
confidential personal and corporate information.

Victims are tricked into giving up personal information such as their credit card data, phone
number, mailing address, company information, etc. This information is then used by criminals to
steal the victim’s identity and commit further crimes using this stolen identity.

Criminals who use phishing tactics are successful because they carefully hide behind emails and
websites familiar to the intended victim. For example, the email address might be
administrator@paypal.org.com instead of administrator@paypal.com and urge the recipient to
update their account credentials to protect them from fraud.

EXAMPLE OF E-MAIL PHISHING:

The Daily Swig reported a phishing attack that occurred in December 2020 at US healthcare
provider Elara Caring that came after an unauthorized computer intrusion targeting two employees.

LIT/IT/2022-23 40
 Cyber Security 200860116002

The attacker gained access to the employees’ email accounts, resulting in the exposure of the
personal details of over 100,000 elderly patients, including names, birth dates, financial and bank
information, Social Security numbers, driver’s license numbers and insurance information. The
attacker maintained unauthorized access for an entire week before Elara Caring could fully contain
the data breach.

The company, which provides home-based health services, suffered an unauthorized computer
intrusion in December 2020 after a series of phishing attacks targeted employees.

The attack resulted in a potential 100,487 individuals having their data compromised, as reported to
the US Department of Health and Human Services by parent company BW Homecare Holdings.

“On December 9, 2020, a phishing email was sent from a known external entity to two Elara
employees.

“The intruder then gained access to a limited number of Elara employee email accounts and sent
additional phishing emails from two accounts.

“The period of unauthorized access extended from December 9-16. Elara learned of the
unauthorized access on December 9, and promptly mitigated the incident, changing passwords and
denying access to the intruder as accounts were identified.”

The incident was fully contained by December 16, reported Elara Caring. The FBI have been
informed.

The healthcare provider said it forced an company-wide password change and implemented
multifactor authentication for all users of its systems.

It also conducted “enhanced security training” for its personnel to “better detect and prevent
phishing scams”.

Elara is offering a free two-year membership of Experian services to all affected individuals.

INTENTION BEHIND PHISHING:

The purpose behind phishing is to divulge personal information and steal the user’s identity,
passwords, rob bank accounts & consequently take over the computer.
LIT/IT/2022-23 41
 Cyber Security 200860116002

RECGNONIZING PHISHING:

The following factors might help recognize phishing:

1)Financial loss occurs.

2)Data loss occurs.

3)Introduction of virus/ malware into the computer system occurs.

4)Illegal use of the user’s details occurs.

SAFEGUARD AGAINST PHISHING:

The following safeguards are to be implemented against phishing:

1)Use of anti-spam software.

2)One should not click hyperlinks in e-mail through unknown/ unverified sources.

3)Use of firewalls should be there.

4)Use of phishing filters.

5)Use of digital certificates should be emphasized upon.

6)E-mail protocols should be secured.

7)Reliability of the websites should be ensured.

8)Use a Web browser with anti-phishing detection.

9)Be aware of phishing phone calls.

10)Be aware of links in the mailbox.

LIT/IT/2022-23 42
 Cyber Security 200860116002

PHISHING - A CYBERCRIME, THE PROVISIONS OF INFORMATION TECHNOLOGY

ACT, 2000

Phishing fraud essentially is cybercrime and it attracts several penal provisions of the Information
Technology Act, 2000 as amended in 2008 adding some new provisions to deal with the phishing
activity. The following provisions of the Information Technology Act, 2000 apply to the Phishing
Activity:

Section 66: The account of the victim is compromised by the phisher which is not possible unless
& until the fraudster fraudulently affects some changes by way of deletion or alteration of
information/data electronically in the account of the victim residing in the bank server. Thus, this
act is squarely covered and punishable u/s 66 IT Act.

Section 66A: The disguised email containing the fake link of the bank or organization is used to
deceive or to mislead the recipient about the origin of such email and thus, it attracts the provisions
of Section 66A IT Act, 2000.

Section 66C: In a phishing email, the fraudster disguises himself as the real banker and uses the
unique identifying feature of the bank or organization say logo, trademark etc. and thus, clearly
attracts the provision of Section 66C IT Act, 2000.

section 66D: The fraudsters through the use of the phishing email containing the link to the fake
website of the bank or organizations personates the Bank or financial institutions to cheating upon
innocent persons, thus the offence under Section 66D too is attracted.

LIT/IT/2022-23 43