Professional Documents
Culture Documents
EH Practicals (Hardeep)
EH Practicals (Hardeep)
BY
This is to certify that the work entered in this journal is the work of Shri NANRA
HARDEEPSINGH BALDEVSINGH of T.Y.B.Sc.CS division Computer Science Roll No.
Uni. Exam No has satisfactorily completed the required number of practical and worked for
the 2 nd term of the Year 2023-24 in the college laboratory as laid down by the university.
INDEX
Compiled by Prof. Pournima Rane and Students of N.B. Mehta College Page |1
T.Y.B.Sc.(Computer Science) ETHICAL HACKING
Step 2: Enter any site name who’s details you want to know, e.g dreamhost.com.
Aim(A): Use CrypTool to Encrypt and Decrypt passwords using RC4 algorithm.
Step 1: Start CrypTool and replace the written text with any other text like Password.
Step 5: Select Encrypt/Decrypt> Symmetric(modern)>RC4.. and select key length 24 bits and click on
Decrypt.
Aim (B): - Use Cain and Abel for cracking windows account password using
Dictionary attack and to decode wireless network passwords.
Step 1: Start Cain and select Cracker tab
Step 4: Enter text in Text to hash and click on Calculate button , copy the generated MD5 value. Then click
on cancel button.
Step 6: Paste the copied MD5 value in the text field. Then click on ok button.
• ifconfig
run man ifconfig command to see the manual
• ping
• netstat
• traceroute
run man traceroute command for manual.
Step 2: Click on the Configure tab on the top menu to select the Adapter. Select the valid adapter and click
on OK.
Step 4: IP Address will be listed ,now click on the Add to list plus button.
Step 9: Select the ip address of whom you want to sniff, then click on OK.
Step 10: Now click on Start/Stop ARP button for ARP Poisoning.
Step 2: Network can be flooded with nemesy as well as command prompt to perform DoS attack.
Open cmd and type ping ‘target ip’ -t -l 65500 eg. ping 192.168.1.11 -t -l 65500
Step 3: Check the network stats in task manager of target pc, the following result appears
Step 4: Open nemesy tool to perform the DoS attack. Enter target ip and size of packets to be send and add
Delay time, then click send to launch DoS attack.
Practical no 06.
Aim: Simulate persistent cross-site scripting attack.
Step 3: Type localhost/DVWA in the address bar of any browser if have set your port to 80
else type localhost:8080/DVWA if you have set your port to 8080. The following page appears. Then
click on the Create/Reset Database button.
Step 5: Click on the login hyperlink present bottom of the page to go login page else again re-enter the url
of step 3 it will redirect you to login page. Enter the credentials as Username-admin and Password-
password then click login button.
Step 10: Following output appears. Click on OK button to go back to previous page.
Step 2: Click on the gear button then click Install Add-on From File. Or you can simply drag and drop the
file to begin install in the browser.
Step 11: Click Alt button from keyboard and Tools>Temper Data.
Step 14:Window is been prompt , uncheck the Continue Tampering? And click on Tamper button.
Step 2: Create new database or keep the previous dvwa database. Rewrite the config.inc.php file as you
change database name.
Step 3: Type localhost/DVWA in the address bar of any browser if have set your port to 80
else type localhost:8080/DVWA if you have set your port to 8080. Login page appears, enter the
credentials as Username-admin and Password-password then click login button.
Step 6: To Display Database Version type “%' or 0=0 union select null,version() #” without “” in User ID
field, then click submit.
Step 7: To Display Database User type “%' or 0=0 union select null,user() # “ without “”, then click Submit.
Output:
Type anything..
Practical no :10
Aim: Using Metasploit to exploit (Kali Linux). Step
1: Get the Ip address of target device.
Step 2: Start BadBlue Enterprise Edition on target device. Set port to 8000 and click on start
button.
Step 5: Type search badblue command to check whether badblue Module present in
Metasploit or not.
Step 7: Now set the remote host by typing set rhost <target ip>.
Step 10: Type help to list the command you want to use.
Step 11: Type sysinfo to get the system information of target device.