Professional Documents
Culture Documents
Cyber Security Practical Record Answers
Cyber Security Practical Record Answers
2. Write the steps for disk partitioning and perform operations like shrinking, Extending, deleting
and formatting.
Ans: After installing Windows 10, we need to partition hard drive in Disk Management to distribute more
free space for Windows 10 future use. If you have unallocated space on your hard drive, it's ok to create
partition with it without data loss, but if you have no such space available, you have to split exist partition
into partitions, in Windows 10 Disk Management, Delete Volume is the function you shall use, which
will not keep data when operating.
1. Press Windows bottom and type disk management in search box to open Disk Management.
2. Right-click on unallocated space and select New Simple Volume; follow New Simple Volume
Wizard.
3. Confirm Simple Volume size, assign drive letter, format volume with file system, allocate unit
size (cluster size), Volume label, and perform a quick format, Finish.
When a new window pops up, it means you succeed; this window is file explorer of the volume you
created.
2. Merge partitions
Windows 10 Disk Management has no function called Merge Partitions, but we simulate it in Disk
Management, without the help of any third-party partition software, the thoery is to maunally copy
everything from one partition to another, delete one partition, merge the free space to another
Delete Volume
Extend Volume
1. Press Windows + E to open File Explorer, or in Disk Management right-click on the target
partition and click Explore
2. Press Ctrl+A to select all files and navigate into another Drive you’d like to merge, right-click on
an empty (blank) area and choose New and choose Folder, name it as “Merged Drive” or any
other name you prefer
3. Double-click to go into that folder and Ctrl+V to paste everything there, time spend on this
progress may vary according to the file size
4. Then in Disk Management, right-click on the we copied data from and choose Delete
Volume and confirm when prompted with the warning message to make this area unallocated
5. Then right-click on the other partition and choose Extend Volume to evoke to Extend Volume
Wizard
European electronics retailer MediaMarkt suffered a massive ransomware attack in early November 2021.
The attack affected as many as 3,100 servers, rendering cash registers across numerous stores incapable
of accepting credit cards or printing receipts. Hive—the ransomware group behind the attack—initially
demanded $240 million, though it reduced the ransom shortly afterward.
MediaMarkt didn’t suspend operations after discovering the attack, but the company did limit in-store
services and shut down some IT resources to contain it. After negotiating with Hive, MediaMarkt was
able to lower the ransom to $50 million, though it remains unclear whether the company restored the
compromised systems or paid the ransom.
What we learned:
The MediaMarkt attack is significant for its size and target. It highlights the growing trend of
cybercriminals targeting retailers, who often have valuable data but may lack cybersecurity resources.
The high initial demand also emphasizes attackers’ growing confidence and greed. Security professionals
in retail sectors must prepare for increasingly severe attacks.
4. Write the steps for installation of software from Open source Mode and Paid subscription mode
Acknowledge that Windows is not a friend of open-source software. This is also because it does not come
with the make build system, so compiling from source code is harder. You will need to install a
precompiled version.
Go to the project website.
Check for ports of the program. Find a port for either Windows or your version of
Windows.
Download and run the installer.
Once installed, shortcuts will likely be created.
5. Write the steps to make Microsoft Chrome as a default browser, Add Active X Controls and
Add–on to the Browser.
Step 1
Step 2
Click on the Google Chrome menu option (three horizontal or vertical lines/dots, depending on the
version that you have installed).
Step 3
Click on Settings.
Step 4
Step 5
Step 6
Select Open Proxy Settings and a new popup window will appear.
Step 7
Click on the Security tab and select Custom Level (located under the Security Level for This Zone
section).From there, you will be able to see all the security settings that you can change. Scroll down and
select the Prompt option for both “Download Signed ActiveX Controls” and “Download Unsigned
ActiveX Controls sections”. Also, make sure that Enable has been checked in the “Run ActiveX Control
and Plug-Ins” section.
6. Write the steps to establish peer to peer network connection using two systems in a LAN
Open command prompt and then use the command <cd Desktop> to change into the desktop directory.
This step is simply for convenience so that it is easier to find the folder you're going to be working with.
[1] You can open command prompt by clicking on the windows button at the bottom left and tying
<cmd>.
Use the command <md *folder name*>. Make sure that it is visible on your desktop.
[2] The command md allows you to create a new folder. After tying md press space and type the name of
the folder you want to create. If the folder has more than one word in the name, make sure to put the name
in quotation marks.
Open the file explorer and go under the Desktop section. Left-click then right-click on the folder. The
left-click highlights the folder, and the right-click opens a menu of options. Once the menu of options
pops up click on the properties. When you open the properties, window go to the sharing section.
Type <Everyone> and click add. Once you're done with that click share and then go to the advanced
sharing.
[3] The default setting for the folder is set to only read. This means that if a person accesses the folder,
they will only be able to view the files and not actually be able to write to the folder.
Press the box that lets you share the folder and then go into the permissions section.
Step 6: Permissions
Make sure to give full control to the people that have access to the shared folder. Click Apply then click
OK. Once you press OK, you'll be back at the advanced sharing page. Press Apply and OK on that page
too.
Navigate into the control panel and click on the Network and Internet section.
There are going to be many options, the ones you need for the sharing to work are common sense like
making sure that your device is allowed to be discovered. And turn off password protected sharing.
Go onto another computer and open the file explorer. Go into the Network section found on the left-hand
side at the bottom.
Find the original device that the file was shared from.
Once you click on the device you will find all the files that were shared from it. You can tell that the
folder is shared over the network because it has the green crossroads looking thing under its name.
7. What is WiFi? How do you configure the Wifi on Windows operating system
Ans: Wifi:Wi-Fi is the wireless technology used to connect computers, tablets, smartphones and other
devices to the internet.Wi-Fi is the radio signal sent from a wireless router to a nearby device, which
translates the signal into data you can see and use. The device transmits a radio signal back to the router,
which connects to the internet by wire or cable.
Before you can set up your wireless network, here’s what you’ll need:
Broadband Internet connection and modem. A broadband Internet connection is a high-speed Internet
connection. Digital Subscriber Line (DSL) and cable are two of the most common broadband
connections. You can get a broadband connection by contacting an Internet service provider (ISP).
Wireless router. A router sends info between your network and the Internet. With a wireless router, you
can connect PCs to your network using radio signals instead of wires. There are several different kinds of
wireless network technologies, which include 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and
802.11ax.
Wireless network adapter. A wireless network adapter is a device that connects your PC to a wireless
network. To connect your portable or desktop PC to your wireless network, the PC must have a wireless
network adapter.
Select Start , type device manager in the search box, and then select Device Manager.
Security is always important; with a wireless network, it's even more important because your network's
signal could be broadcast outside your home. If you don't help secure your network, people with PCs
nearby could access info stored on your network PCs and use your Internet connection.To help make your
network more secure.
Change the default user name and password. This helps protect your router. Most router manufacturers
have a default user name and password on the router and a default network name (also known as the
SSID). Someone could use this info to access your router without you knowing it. To help avoid that,
change the default user name and password for your router.
Set up a security key (password) for your network. Wireless networks have a network security key to
help protect them from unauthorized access. We recommend using Wi-Fi Protected Access 3
(WPA3) security if your router and PC support it. See the documentation for your router for more detailed
info, including what type of security is supported and how to set it up.
Some routers support Wi-Fi Protected Setup (WPS). If your router supports WPS and it’s connected to
the network, follow these steps to set up a network security key:
In Windows 10, select Start , then select Settings > Network & Internet > Status > Network and
Sharing Center.
2. In the list of networks, choose the network that you want to connect to, and then select Connect.
If you have problems with your Wi-Fi network when using Windows 10, see Fix Wi-Fi problems in
Windows for advanced troubleshooting info.
8. Write the steps to Install and configure Network Components like switches, Hub and Modem and
how do you connect to Dial-Up networking
9. What are the features of firewall? Write the steps in providing network security and to set Firewall
Security in windows.
10.Write the steps for installation of System Software, Application software and Antivirus.
11.What do you mean by Spooling printers? Write the steps for spooling printer.
A printer spooler is a simple program that manages all print jobs that are submitted to the print server or a
computer printer. It allows the users to store multiple print jobs within a print queue or a buffer without
affecting the application or the underlying system performance, and it also allows to delete a print job
being processed. It enables a user to manage the print jobs currently waiting to be printed.
1. Click the Windows "Start" button, right-click "Computer" and choose "Manage" from the
context menu.
2. Double-click "Services and Applications" and double-click "Services" to view all the services.
3. Scroll down and double-click the "Print Spooler" service to open its Properties window.
4. Select "Automatic" in the Startup Type drop-down menu and click the "Start" button to enable
printer spooling on your computer.
5. Click "OK" to close the Properties window, and close the Computer Management window.
#include <stdio.h>
#include <string.h>
void extractIpAddress(unsigned char *sourceString,short *ipAddress)
{
unsigned short len=0;
unsigned char oct[4]={0},cnt=0,cnt1=0,i,buf[5];
len=strlen(sourceString);
for(i=0;i<len;i++)
{
if(sourceString[i]!='.'){
buf[cnt++] =sourceString[i];
}
if(sourceString[i]=='.' || i==len-1){
buf[cnt]='\0';
cnt=0;
oct[cnt1++]=atoi(buf);
}
}
ipAddress[0]=oct[0];
ipAddress[1]=oct[1];
ipAddress[2]=oct[2];
ipAddress[3]=oct[3];
}
int main()
{
unsigned char ip[20]={0};
short ipAddress[4];
printf("Enter IP Address (xxx.xxx.xxx.xxx format): ");
scanf("%s",ip);
extractIpAddress(ip,&ipAddress[0]);
return 0;
}
Output
#include<stdio.h>
#include <stdlib.h>
int main()
{
char c;
int symbol=0,dig=0,upper=0,lower=0,leng=0,count=0;
while(scanf(“%c―,&c)>0)
{
if(c==’#’||c==’!’||c==’$’||c==’@’||c==’_’)
symbol++;
else if(isdigit(c))
dig++;
else if(c>=65&&c<=90)
upper++;
else if(c>=97&&c<=122)
lower++;
count++;
}
if(count>=8&&count<=25)
leng++;
if(symbol>=1&&dig>=2&&upper>=1&&lower>=1&&leng>0)
printf(“VALID―);
else
printf(“INVALID―);
14. Write the steps to transfer files between Wireless communication using Blue Tooth and FTP
Consequence of attack:
The malware attack was done on the critical communication systems between the various payment
gateways after which an amount estimated to be INR 78 crore was withdrawn “physically” through
12,000 ATM transactions outside India, while another 2,800 transactions were made in different corners
of the country, worth an estimated INR 2.5 crore. It was observed that unusual repeated transactions were
taking place through Visa and Rupay cards used at various ATMs for nearly two hours. On August 13,
INR 13.5 crore was transferred by the hackers to the Hong Kong-based Hanseng bank, using the Society
for Worldwide Interbank Financial Telecommunication (SWIFT) facility. As per the payment settlement
system, Visa and Rupay had raised demands for payment for all of the fraudulent transactions and as per
the agreement the bank had to pay a total amount of INR 80.5 Cr to them.Regarding the transaction of
transfer of money (INR 13.92 Cr) to a Hong Kong based bank.
Reasons of the attack:Investigations showed that the cyber-criminals had made enough and extremely
through background surveillance of the cosmos banking infrastructure first.. The researchers concluded
that the heist would be very visible from the bank audit report generated by the system itself.Also a few
days prior to the attack, the American FBI had warned banks of a major hacking threat to ATMs
worldwide and despite increased awareness and spend, organizations have proven themselves largely
unprepared for a more organized, strategic and persistent threat.
Technical Loopholes:It has been stated that the bank may have failed to adequately invest in its SOC
(Security Operation Center), which should have analyzed the traffic coming in. An analysis was made
that the bank’s fraud detection mechanism was non- existent as there should’ve been red alerts when so
many overseas transactions were taking place at such a short span of time.
However, in its statement the bank contended it had adequate IT security in place.
Results/Pending investigation:The Special Investigating Team (SIT) had recovered INR 10.25 Cr that
was lost in the heist as was revealed on August 2018.The Hong Kong based bank ‘Hang Seng bank’ also
returned INR 5.72 Cr in the first installment to Cosmos bank. The police also recovered INR 4 Lakh from
genuine Cosmos cardholders, who had visited ATMs when the malware was active and withdrew more
money than their account balance.
Impact on the business of the bank:The bank was neither penalized for its weak cyber-security nor has
anyone been held accountable. This highlights the need for RBI to enforce its cyber guidelines for
cooperative banks as strictly as it has for commercial banks. Extensive audit reports had been called
for.The bank's annual report reported total amount involved in the attack to be INR 100. 22 crore,
including exchange loss on payment settlement. That was not the only impact. The bank says that “the
cyber-attack and restoration of payment systems back to normalcy caused an impact on the customers and
their transactions.
Timeline of refund by Pune police:
January 2020 Rs 8.37 lakh
February 2020 Rs 5.98 crore
March 2020 Rs 27.25 lakh
April 2020 Rs 50.52 lakh
#include <stdio.h>
#include <string.h>
int main (){
char txt[] = "tutorialsPointisthebestplatformforprogrammers";
char pat[] = "a";
int M = strlen (pat);
int N = strlen (txt);
for (int i = 0; i <= N - M; i++){
int j;
for (j = 0; j < M; j++)
if (txt[i + j] != pat[j])
break;
if (j == M)
printf ("Pattern matches at index %d \n", i);
}
return 0;
}
17.Prepare a case study on Social Media Crime that occurred in Pune 2021.
The number of cybercrime complaints reported based on misuse of social networking sites doubled in
2021 compared to 2020. The overall number of complaints have seen an exponential increase since 2018.
The city cybercrime cell received 19,023 total complaints in 2021 that belong to various categories, such
as monetary frauds, sending vulgar messages on phones, email hacking, stealing online data and defaming
people by posting morphed pictures in social media and many more. According to Pune cybercrime police
data, 14,950 such complaints were reported in 2020 and 7,795 in 2019.
The methods of defrauding people have become innovative, according to BhagyashreeNavatake, deputy
commissioner of police, cybercrime, and Economic offence wing of Pune police. “There were innovative
ways of defrauding people every 8-10 days. When Covid began, the number of cases of calling up
positive patients and duping them increased. This happened in addition to the casual approach of people
who click on links and share OTP. The use of e-commerce and various kinds of software also increased.
These factors contributed to the rise in cases,” said DCP Navatake.
Among social media-related cybercrime, the cases from popular platforms Facebook and Instagram are
the highest. The city police introduced a new section for its records for “sextortion” and “friendship
fraud”, on Facebook and Instagram, which consist of cases of using sexual images or videos for extortion.
The highest number of cases were of defamation and posts by making fake profiles or making vulgar
comments on posts or through messages. The number of cases doubled from 791 in 2020, to 1,518 in
2021.
On other platforms including Twitter, the new section added for record was of posting vulgar comments
on Zoom meetings and uploading of videos on social media sites other than Facebook and Instagram. The
trend has seen a worrying rise among minor victims and adults equally. Children were exposed to added
screentime owing to the online schooling necessitated by the lockdown, said officials.
In the London case, where the criminals attempted to transfer $420 from a London branch of Japanese
bank, the technique applied was password cracking. Using Key loggers, the criminals were in a position
to get access to some of the key passwords to the bank system. The information that was obtained from
the key logger programs was used to access some of the most important and restricted data areas,
including access codes that were private the banking top managerial staff. This gave the criminals directs
access to the bank information that led to the attempted crime.
It is also possible that the criminals also used session hijacking through the internet to enable them to get
into important accounts of the bank. A combination of these two techniques must have led to successful
log in to the private accounts of the bank. These are some of the topmost methods that the criminals
always use in accessing private information from the banks. Recent crimes related to the same have been
witnesses in various regions of the world. It has still been realized that password cracking is still the main
method that is usually employed.
There are numerous measures that exist to control cybercrimes. One of these is the use of strong
passwords or user ID. This should be frequently reviewed and changed to limit the extent to which the
key logger programs can access the passwords. It may be able to detect the password, but in changing this
password again and again, successful hacking may be limited.
1. Organize a DDoS Attack Response Plan. Don’t be caught blindsided by DDoS attacks; have a
response plan ready in case of a security breach so your organization can respond as promptly as possible.
Your plan should document how to maintain business operations if a DDoS attack is successful, any
technical competencies and expertise that will be necessary, and a systems checklist to ensure that your
assets have advanced threat detection.
2. Secure your Infrastructure with DDoS Attack Prevention Solutions.
Equip your network, applications, and infrastructure with multi-level protection strategies. This may
include prevention management systems that combine firewalls, VPN, anti-spam, content filtering and
other security layers to monitor activities and identity traffic inconsistencies that may be symptoms of
DDoS attacks.
Identify weakness in your networks before a malicious user does. A vulnerability assessment involves
identifying security exposures so you can patch up your infrastructure to be better prepared for a DDoS
attack, or for any cybersecurity risks in general.
If you can identify the symptoms of a DDoS attack as early as possible, you can act and hopefully
mitigate damage. Spotty connectivity, slow performance, and intermittent web crashes are all signs that
your business may be coming under attack from a DDoS criminal. Educate your team on signs of DDoS
attacks so everyone can be alert for warning signs.
21. What is Malware? Write the steps to remove the malware from your PC.
Disconnecting from the internet will prevent more of your data from being sent to a malware server or the
malware from spreading further.
Step 2: Enter safe mode
If malware is set to load automatically, this will prevent the malware from loading, making it easier to
remove. To enter safe mode:
If you know that you’ve installed a suspicious update or application, close the application if it’s running.
Your activity monitor shows the processes that are running on your computer, so you can see how they
affect your computer’s activity and performance.
In Type to search type → Resource Monitor → Find End Task → Right Click → End Process
Luckily, malware scanners can remove many standard infections. But remember that if you already have
an antivirus program active on your computer, you should use a different scanner for this malware check
since your current antivirus software may not detect the malware initially.
Malware is likely to modify your web browser’s homepage to re-infect your PC. Check your homepage
and connection settings using the steps below for common browsers.
To verify your homepage on Chrome:
5. In the top right corner of your Chrome browser, click More → Settings.
5. Select the dropdown menu in the “Search engine” section.
6. Verify your default homepage.
6. Step 6: Clear your cache
After you’ve verified your homepage setting, it’s imperative to clear your browser’s cache. Follow these
steps below to learn how to clear your cache for Chrome and Internet Explorer.
To clear your cache on Chrome:
History → Clear Browsing Data → Time Range → All Time → Clear Data.
22.What are the various types of Vulnerabilities for hacking the web applications.
• SQL Injections.
• Security Misconfiguration.
23.Write steps for sharing files and printer remotely between two system
24. List out the various Mobile security apps . Write the steps to install and use ,one of the mobile
security app
25.Write the algorithm for encoding and decoding the Hash-Based Message Authentication
Code(HMAC)
HMAC algorithm stands for Hashed or Hash-based Message Authentication Code. It is a result of work
done on developing a MAC derived from cryptographic hash functions. HMAC is a great resistance
towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of
Hashing and MAC and thus is more secure than any other authentication code. RFC 2104 has issued
HMAC, and HMAC has been made compulsory to implement in IP security. The FIPS 198 NIST
standard has also issued HMAC.
Objectives –
As the Hash Function, HMAC is also aimed to be one way, i.e, easy to generate output from input but
complex the other way round.
It aims at being less affected by collisions than the hash functions.
HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the embedded hash functions
with more secure hash functions, in case found.
HMAC tries to handle the Keys in a simpler manner.
Police learnt Nigerian handlers operating from India were tasked to open bank accounts through locals in
banks. Phishing mails were sent by an unidentified hacker to 200 staff of Mahesh bank and two of
them clicked on links in mails, allowing remote access Trojan malware to be installed.
Facebook has suffered yet another data breach , only this time, private information from 533
million accounts have been leaked online. Even the company’s founder and CEO Mark
Zuckerberg’s private credentials are part of the larger leaked data set from 2019.
Private information of users was primarily obtained by exploiting Facebook’s contact importer
feature that allows users to find friends on social media using their phone’s contact list.
Malicious actors exploited a weakness in the feature to gain access to user ID, address, phone
number, email address, names of workplaces, date of birth, date of account creation, and other
personal identifiable information. They then leaked this data in the dark web. Information on
users’ finance and password were not divulged.
This means that if you have a Facebook account, it is extremely likely the phone number used
for the account was leaked.
Facebook claims hackers obtained user data through data scraping — a process used by people
to import data from a website onto a local file that is saved in a computer. The social networking
giant also noted in a blog post that “the specific issue that allowed them [hackers] to scrape this
data in 2019 no longer exists.”
“A lot of companies like Facebook, Google and others provide their APIs to developers for
several reasons. Hacker groups essentially use them to scrape data from these sites,” said
Rajshekhar Rajaharia, a Rajasthan-based entrepreneur and cyber security researcher, in an email
to The Hindu.
“They can procure the name and email of a particular user from one website through their API,
A second website’s API might provide them with their phone number and address, a third might
open the doors to more sensitive information on the same user. Hackers are essentially
combining these details and creating a complete data set which is then being sold online.”
Uniqueness of this leak, and similarity with others
The latest instance stands out for the sheer number of accounts compromised. According to a
report published by Business Insider , personal information of over half a billion Facebook
users in 106 countries was leaked online. This includes over 32 million records on users in the
U.S., 11.5 million in the U.K., and 6 million in India.
Earlier, data of 500 million LinkedIn users were being sold online by an unknown hacker who
had dumped two million users’ data as sample. Separately, online stock trading company
Upstox’s data was stolen due to compromised Amazon Web Service (AWS) keys.
This hack includes users’ Aadhaar and PAN credentials, passport soft copy, bank account
numbers, and photos of signatures, Rajaharia noted.
“In the case of LinkedIn, it was asserted that data was scraped, in other words, someone violated
the terms of service to cull out data from the public profile, combined with data from other
sites,” Raj Samani, Chief Scientist at cybersecurity firm McAfee told The Hindu .
The information leaked is in many ways similar to Facebook’s leak, but it contains other
professional information that might add another layer of sensitivity.
The stolen information can be used to send spam emails, make calls, mount phishing campaigns
and target advertising. It can be used to plot and execute various nefarious online fraud schemes.
Hackers can impersonate users and transfer cash on their behalf, without their knowledge.
The database of private information is available on dark web for anyone to sift through. CTO of
cyber intelligence firm Hudson Rock in early January confirmed that this data was now being
sold on various groups on the cloud-based messaging app Telegram. Recently the data set seems
to be popping up on various hacker forums all across the internet.
How can one check whether their data has been compromised?
Internet users seeking to know whether their data has been leaked or compromised, can
visit HaveiBeenPawned.com . All they have to do is to key in their email id and check.
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <string.h>
printf("%s\n",ptr);
printf("status=%d\n",status);
printf("End Response ..\n");
return (bytes_received>0)?status:0;
if(
(ptr[-3]=='\r') && (ptr[-2]=='\n' ) &&
(ptr[-1]=='\r') && (*ptr=='\n' )
) break;
ptr++;
}
*ptr=0;
ptr=buff+4;
//printf("%s",ptr);
if(bytes_received){
ptr=strstr(ptr,"Content-Length:");
if(ptr){
sscanf(ptr,"%*s %d",&bytes_received);
}else
bytes_received=-1; //unknown size
printf("Content-Length: %d\n",bytes_received);
}
printf("End HEADER ..\n");
return bytes_received ;
int main(void){
he = gethostbyname(domain);
if (he == NULL){
herror("gethostbyname");
exit(1);
}
printf("Connecting ...\n");
if (connect(sock, (struct sockaddr *)&server_addr,sizeof(struct sockaddr)) == -1){
perror("Connect");
exit(1);
}
int contentlengh;
int bytes=0;
FILE* fd=fopen("test.png","wb");
printf("Saving data...\n\n");
fwrite(recv_data,1,bytes_received,fd);
bytes+=bytes_received;
printf("Bytes recieved: %d from %d\n",bytes,contentlengh);
if(bytes==contentlengh)
break;
}
fclose(fd);
}
close(sock);
printf("\n\nDone.\n\n");
return 0;
}
31.Write the steps to detect the number of devices connected to wifi and block unauthorized devices
32.Prepare a case study on Crypto currency Cyber attack. (Ex: Grim Finance)
33.Write an algorithm and Program for encrypting a plain text and decrypting a cipher text using
Caesar Cipher.
#include<stdio.h>
int main()
{
char message[100], ch;
int i, key;
printf("Enter a message to encrypt: ");
gets(message);
printf("Enter key: ");
scanf("%d", &key);
for(i = 0; message[i] != '\0'; ++i){
ch = message[i];
if(ch >= 'a' && ch <= 'z'){
ch = ch + key;
if(ch > 'z'){
ch = ch - 'z' + 'a' - 1;
}
message[i] = ch;
}
else if(ch >= 'A' && ch <= 'Z'){
ch = ch + key;
if(ch > 'Z'){
ch = ch - 'Z' + 'A' - 1;
}
message[i] = ch;
}
}
printf("Encrypted message: %s", message);
return 0;
}
Output
#Encryption
#Decryption
34.Write an algorithm and Program to implement Data Encryption Standard (DES) for encryption
and decryption
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <math.h>
#include <time.h>
int IP[] =
{
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7
};
int E[] =
{
32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13,
12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21,
20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29,
28, 29, 30, 31, 32, 1
};
int P[] =
{
16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25
};
int FP[] =
{
40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25
};
int S1[4][16] =
{
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
};
int S2[4][16] =
{
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
};
int S3[4][16] =
{
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
};
int S4[4][16] =
{
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
};
int S5[4][16] =
{
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
};
int S6[4][16] =
{
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
};
int S7[4][16]=
{
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
};
int S8[4][16]=
{
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
};
int PC1[] =
{
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4
};
int PC2[] =
{
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32
};
int SHIFTS[] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 };
FILE* out;
int LEFT[17][32], RIGHT[17][32];
int IPtext[64];
int EXPtext[48];
int XORtext[48];
int X[8][6];
int X2[32];
int R[32];
int key56bit[56];
int key48bit[17][48];
int CIPHER[64];
int ENCRYPTED[64];
int F1(int i)
{
int r, c, b[6];
r = b[0] * 2 + b[5];
c = 8 * b[1] + 4 * b[2] + 2 * b[3] + b[4];
if (i == 0) {
return S1[r][c];
}
else if (i == 1) {
return S2[r][c];
}
else if (i == 2) {
return S3[r][c];
}
else if (i == 3) {
return S4[r][c];
}
else if (i == 4) {
return S5[r][c];
}
else if (i == 5) {
return S6[r][c];
}
else if (i == 6) {
return S7[r][c];
}
else if (i == 7) {
return S8[r][c];
}
}
if (i % 32 == 0) {
i = 0;
}
i = i + 4;
}
int value;
for (int i = 0; i < 8; i++)
{
value = F1(i);
ToBits(value);
}
}
SBox(XORtext);
void convertToBinary(int n)
{
int k, m;
for (int i = 7; i >= 0; i--)
{
m = 1 << i;
k = n & m;
if (k == 0) {
fprintf(out, "0");
}
else {
fprintf(out, "1");
}
}
}
while (i)
{
ch = fgetc(inp);
if (ch == -1) {
break;
}
i--;
convertToBinary(ch);
}
fclose(out);
fclose(inp);
}
fclose(out);
}
int bittochar()
{
out = fopen("result.txt", "ab+");
for (int i = 0; i < 64; i = i + 8) {
convertToBits(&ENCRYPTED[i]);
}
fclose(out);
}
k = 0;
for (int i = 28 – shift; i < 28; i++) {
C[x][i] = backup[x – 1][k++];
}
k = 0;
for (int i = 28 – shift; i < 28; i++) {
D[x][i] = backup[x – 1][k++];
}
}
while (!feof(in))
{
ch = getc(in);
plain[++i] = ch – 48;
}
fclose(in);
}
while (!feof(in))
{
ch = getc(in);
plain[++i] = ch – 48;
}
fclose(in);
}
void create16Keys()
{
FILE* pt = fopen("key.txt", "rb");
unsigned int key[64];
int i = 0, ch;
while (!feof(pt))
{
ch = getc(pt);
key[i++] = ch – 48;
}
key64to48(key);
fclose(pt);
}
return size;
}
int main()
{
// destroy contents of these files (from previous runs, if any)
out = fopen("result.txt", "wb+");
fclose(out);
create16Keys();
encrypt(n);
decrypt(n);
return 0;
}
35.Write RSA algorithm and Program to implement RSA Standard for encryption and decryption
Email is the dream delivery platform for any and all types of cyberattacks; it provides a mechanism
capable of placing almost any kind of threat in front of almost any target.
Attackers use email to send malicious software attacks to an end user. Even when filters are able to find
potentially unwanted programs, attackers can still fall back to time-tested social engineering tactics to
convince victims to take actions against their own interests.
For decades, email has been the predominant end-user network application, so it should be no surprise
that attackers have focused their attention on exploiting email security threats. While the attack
techniques have become much more sophisticated over the years, security teams have long understood the
fundamentals of email security threats.
While the forms and intentions of email security threats have morphed many times, from sowing chaos
and denial of service via spam campaigns to today's dominant threats of ransomware and email fraud, the
email security threats themselves still generally fall into three categories:
Malware delivery
Phishing
Domain spoofing
Malware delivery
Ever since email applications began to include attachments, file attachments have been used to deliver
malware. Once email applications began to support executable content using the same types of content
that are offered on the web, attackers quickly learned to subvert that content with malicious code.
Phishing
Phishing, in all its forms, is the practice of using email or other types of messaging applications to carry
out social engineering campaigns in an effort to convince the victim to perform some action. Ordinary
phishing campaigns spread generic phishing emails to a broad spectrum of potential targets in order to
harvest user credentials or infect users' systems with ransomware by prompting them to click on
malicious links.
Domain spoofing
Spoofing domains is a common tactic attackers use against email users. The domain being spoofed may
be in the headers of a message to try to fool the recipient into believing that the email originated from a
known domain. For example, an attacker may send a phishing message that appears to have originated
from the recipient's employer, bank or other trusted source.
37.What is SQL Injection? Write steps for SQL Injection attack on Insert, Update and Delete.
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an
application makes to its database. It generally allows an attacker to view data that they are not normally
able to retrieve. This might include data belonging to other users, or any other data that the application
itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent
changes to the application's content or behavior.
Retrieving hidden data, where you can modify an SQL query to return additional results.
Subverting application logic, where you can change a query to interfere with the application's logic.
UNION attacks, where you can retrieve data from different database tables.
Examining the database, where you can extract information about the version and structure of the
database.
Blind SQL injection, where the results of a query you control are not returned in the application's
responses.
But SQL injection vulnerabilities can in principle occur at any location within the query, and within
different query types. The most common other locations where SQL injection arises are:
#include <stdio.h>
// Function to compute `a^m mod n`
int compute(int a, int m, int n)
{
int r;
int y = 1;
while (m > 0)
{
r = m % 2;
// fast exponention
if (r == 1) {
y = (y*a) % n;
}
a = a*a % n;
m = m / 2;
}
return y;
}
int a, b; // `a` – Alice's secret key, `b` – Bob's secret key.
int A, B; // `A` – Alice's public key, `B` – Bob's public key
// choose a secret integer for Alice's private key (only known to Alice)
a = 6; // or, use `rand()`
// Calculate Alice's public key (Alice will send `A` to Bob)
A = compute(g, a, p);
// choose a secret integer for Bob's private key (only known to Bob)
b = 15; // or, use `rand()`
// Alice and Bob Exchange their public key `A` and `B` with each other
return 0;
}
// Message to be encrypted
double msg = 20;
// Encryption c = (msg ^ e) % n
double c = pow(msg, e);
c = fmod(c, n);
printf("\nEncrypted data = %lf", c);
// Decryption m = (c ^ d) % n
double m = pow(c, d);
m = fmod(m, n);
printf("\nOriginal Message Sent = %lf", m);
return 0;
}
40. Write an algorithm and Program to generate Pseudo Random numbers in a range
#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
int main()
{
int n, max, num, c;
printf("Enter the number of random numbers you want\n");
scanf("%d", &n);
printf("Enter the maximum value of random number\n");
scanf("%d", &max);
printf("%d random numbers from 0 to %d are:\n", n, max);
randomize();
for (c = 1; c <= n; c++)
{
num = random(max);
printf("%d\n",num);
}
getch();
return 0;
}
47. Write the steps to check the devices connected to your internet and about data usage
49.Create a Presentation on “State and Private sectors in Cyber Space” with at least 10 slides
50.Write the steps to read Email Headers and identify them as SPAM