Professional Documents
Culture Documents
css full manual
css full manual
List of Experiments
Course Name : Cryptography and System Security
Datta Meghe College of Engineering
Course Code : CSC602 , CSL602
Airoli, Navi Mumbai
Practical Incharge
DATTA MEGHE COLLEGE OF ENGINEERING,
AIROLI, NAVI MUMBAI
Institute Vision : To create value - based technocrats to fit in the world of work and
research
Institute Mission : To adapt the best practices for creating competent human beings
to work in the world of technology and research.
PSO3: To develop an approach for lifelong learning and utilize multi-disciplinary knowledge required for
satisfying industry or global requirements.
Program Outcomes as defined by NBA (PO)
Course Outcomes
CSC602.1 Understand system security goals and concepts, classical encryption techniques and
acquire fundamental knowledge on the concepts of modular arithmetic and number
theory.
CSC602.2 Understand, compare and apply different encryption and decryption techniques to
solve problems related to confidentiality and authentication
CSC602.3 Apply the knowledge of cryptographic checksums and evaluate the performance of
different message digest algorithms for verifying the integrity of varying message
sizes.
CSC602.4 Apply different digital signature algorithms to achieve authentication and design
secure applications
CSC602.5 Understand network security basics, analyze different attacks on networks and
evaluate the performance of firewalls and security protocols like SSL, IPSec, and
PGP.
CSC602.6 Analyze and apply system security concept to recognize malicious code.
DATTA MEGHE COLLEGE OF ENGINEERING
SEM: VI
R1 Punctuality, On-time 3
Completion Time Delayed by not more than a Week 2
/ Timeline Delayed more than a Week 1
R2 Knowledge & Clear understanding 4
Concept Partially understood 3
Weak understanding 2
Poor understanding 1
R3 Result & Correct implementation with Results 4
Implementation Implementation with some errors 3
Partial implementation 2
Not implemented 1
R4 Demonstrate the Thorough understanding of applicability 4
applicability of Partial understanding of applicability 3
concept in real 2
time scenario Less understanding of applicability
EXPERIMENT NO: 1
Date of Performance :
Date of Submission :
AIM : Design and Implementation of a Product cipher using Substitution and Transposition
THEORY: Substitution cipher is a method of encryption by which units of plaintext are replaced
with cipher text according to a regular system; the "units" may be single letters (the most common),
pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by
performing an inverse substitution. Transposition cipher is a method of encryption by which the
positions held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
That is, the order of the units is changed. Substitution ciphers can be compared with Transposition
ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually
quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher,
the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves
are altered.
1. Caesar Cipher: In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher,
Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques.
It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed
number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B
would become E, and so on. The method is named after Julius Caesar, who used it to communicate
Example:
The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain
alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using
1
a left rotation of three places (the shift parameter, here 3, is used as the key):
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
2. Columnar Transposition: In a columnar transposition, the message is written out in rows of a fixed
length, and then read out again column by column, and the columns are chosen in some scrambled
order. Both the width of the rows and the permutation of the columns are usually defined by a
keyword.
In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an irregular
columnar transposition cipher, the spaces are left blank. Finally, the message is read off in columns,
Algorithm/Procedure:
• Substitution
2
l. Accept key from user.
m. Take k = 0.
n. Extract kthcharacter from string.
o. Subtract key from it and get new value.
p. If new value > 26
New value = New value % 26.
q. Add as kthcharacter of plaintext.
r. Increment k.
s. If(k < length(ciphertext)) goto step ‗d‘.
t. Display ciphertext and plaintext(output).
5. Ask user want to continue or not
6. If yes , go to step 2;else stop.
Transposition
1. Count how many letters are in your ciphertext (for example, 75) and factor that number (75
=5*5*3).
2. Create all of the possible matrices to fit this ciphertext (in our case, 3x25, 5x15, 15x5, 25x3).
3. Write the ciphertext into these matrices down the columns.
4. For each of your matrices, consider all of the possible permutations of the columns (for n
columns, there are n! possible rearrangements). In our case, we hope that the message was
enciphered using one of the last two matrices (the 15x5 and the 25x3), since in those cases,
we have only 6 and 120 possibilities to check (3! = 6, 5! = 120, 15! ~ 1.31x10^12, 25! ~
1.55x10^25).
5. Rearrange each matrix to see if you get anything intelligible. Read the message off row-by-
row. Note that this is much more easily done by a computer than by hand, but it is doable (for
small matrices).
3
Source Code:
import java.util.*;
class ProductCipher {
public static void main(String args[]) {
System.out.println("Enter the input to be encrypted:");
String substitutionInput = new Scanner(System.in).nextLine();
System.out.println("Enter a number:");
int n = new Scanner(System.in).nextInt();
// Substitution encryption
StringBuffer substitutionOutput = new
StringBuffer(); for(int i=0 ;
i<substitutionInput.length() ; i++) {
char c = substitutionInput.charAt(i);
substitutionOutput.append((char) (c+5));
}
System.out.println("\nSubstituted text:");
System.out.println(substitutionOutput);
// Transposition encryption
String transpositionInput =
substitutionOutput.toString(); int modulus;
if((modulus =
transpositionInput.length()%n) != 0) {
modulus = n-modulus;
// ‗modulus‘ is now the number of blanks/padding (X) to
be appended for( ; modulus!=0 ; modulus--) {
transpositionInput += "/";
}
}
StringBuffer transpositionOutput = new
StringBuffer();
System.out.println("\nTransposition
Matrix:");
for(int i=0 ; i<n ; i++) {
for(int j=0 ; j<transpositionInput.length()/n ; j++) {
char c = transpositionInput.charAt(i+(j*n));
System.out.print(c);
transpositionOutput.append(c);
}
System.out.println();
}
System.out.println("\nFinal encrypted text:");
System.out.println(transpositionOutput);
// Transposition decryption
4
n = transpositionOutput.length()/n;
StringBuffer transpositionPlaintext = new
StringBuffer(); for(int i=0 ; i<n ; i++) {
for(int j=0 ;
j<transpositionOutput.length()/n ; j++) {
char c =
transpositionOutput.charAt(i+(j*n));
transpositionPlaintext.append(c);
}
}
// Substitution decryption
StringBuffer plaintext = new StringBuffer();
for(int i=0 ; i<transpositionPlaintext.length() ; i++) {
char c = transpositionPlaintext.charAt(i);
plaintext.append((char) (c-5));
}
System.out.println("\nPlaintext:");
System.out.println(plaintext);
}
}
Output:
Enter the input to be encrypted:
sangita
Enter a number:
3
Substituted text:
xfslnyf
Transposition Matrix:
xlf
fn/
sy/
Final encrypted text:
xlffn/sy/
Plaintext:
sangita
CONCLUSION: A product cipher is a composite of two or more elementary ciphers with the goal of
producing a cipher which is more secure that any of the individual components. In product cipher
5
substitution and transposition are applied to create confusion and diffusion in the text message.
R1 R2 R3 R4 Total Signature
6
EXPERIMENT NO: 2
Date of Performance :
Date of Submission :
cryptosystem. We will see two aspects of the RSA cryptosystem, firstly generation of key pair and
secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to
generate a pair of keys, namely public key and private key. The process followed in the generation of
keys is described below −
● Generate the RSA modulus (n)
○ Select two large primes, p and q.
○ Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of
512 bits.
● Find Derived Number (e)
○ Number e must be greater than 1 and less than (p − 1)(q − 1).
○ There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e
and (p – 1)(q – 1) are coprime.
● Form the public key
○ The pair of numbers (n, e) form the RSA public key and is made public.
○ Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures
that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.
● Generate the private key
○ Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
○ Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q
- 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q- 1).
○ This relationship is written mathematically as follows −
7
ed = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
○ The pair of numbers (n, e) form the RSA public key and is made public.
○ Interestingly, though n is part of the public key, difficulty in factorizing a large prime number
ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength
of RSA.
● Generate the private key
○ Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
○ Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p -
1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q- 1).
○ This relationship is written mathematically as follows − ed = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
Example
An example of generating RSA Key pair is given below. (For ease of understanding, the primes p &
q taken here are small values. Practically, these values are very high).
● Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
● Select e = 5, which is a valid choice since there is no number that is common factor of 5 and
(p − 1)(q − 1) = 6 × 12 = 72, except for 1.
● The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone
whom we wish to be able to send us encrypted messages.
● Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d = 29.
● Check that the d calculated is correct by computing −
de = 29 × 5 = 145 = 1 mod 72
● Hence, public key is (91, 5) and private keys is (91, 29).
Encryption and Decryption
Once the key pair has been generated, the process of encryption and decryption are relatively
straightforward and computationally easy.
RSA Encryption
● Suppose the sender wish to send some text message to someone whose public key is (n, e).
● The sender then represents the plaintext as a series of numbers less than n.
● To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple
mathematical step as − C = Pe mod n
● In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then
8
reduced modulo n. This means that C is also a number less than n.
● Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −
C = 105 mod 91
RSA Decryption
● The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key
pair (n, e) has received a ciphertext C.
● Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P.
Plaintext = Cd mod n
● Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10
using private key 29 −
Plaintext = 8229 mod 91 = 10
Source Code:
import java.util.*;
class Test
{
public static void main(String args[])
{
Scanner sc=new Scanner(System.in);
int d=0;
System.out.println("Enter two prime numbers");
int p=sc.nextInt();
int q=sc.nextInt();
int n=p*q;
System.out.println("n="+n);
int e=0;
int pn=(p-1)*(q-1);
search:
{
for(int i=2;i<=pn;i++)
{
int r;
int j=i;
9
int k=pn;
while(k != j)
{
if(k > j)
k = k-j;
else
j = j-k;
}
if(k==1)
{
e=i;
break search;
}
}
}
System.out.println("e="+e);
go:{
for(int i=1;i<=pn;i++)
{
int x=(e*i)%pn;
if(x==1)
{
System.out.println("d="+i);
System.out.println("The private
key is (d) "+i); d=i;
break go;
}
}
}
System.out.println("The public key is (n,e)
"+n+", "+e); String t;
int c;
System.out.println("Enter plaintext");
t=sc.next();
10
int m = 0;
for (int i = 0; i < t.length(); i++){
m += (int)t.charAt(i);
}
c=((m)^e)%n;
System.out.println("The Encryted
message is "+m); m=(c^d)%n;
System.out.println("The decrypted
message is "+t); }
}
Output:
Enter two prime numbers
7
11
n=77
e=7
d=43
The private key is (d) 43
The public key is (n,e) 77, 7
Enter plaintext
hello123
The Encrypted message is 682
The decrypted message is hello123
11
R1 R2 R3 R4 Total Signature
12
Experiment no: 3
Date of performance :
Date of submission :
AIM : Write a program to implement diffie-hellman algorithm.
THEORY: Diffie-Hellman key exchange is a cryptographic protocol that allows two parties that
have no prior Knowledge of each other to jointly establish a shared secret key over an insecure
communications Channel. This key can then be used to encrypt subsequent communications using a
symmetric key Cipher.
The diffie–hellman key exchange algorithm solves the following dilemma. Alice and bob want to Share
a secret key for use in a symmetric cipher, but their only means of communication is insecure. Every
piece of information that they exchange is observed by their adversary eve. How is it possible For alice
and bob to share a key without making it available to eve? At first glance it appears that Alice and bob
face an impossible task. It was a brilliant insight of diffie and hellman that the Difficulty of the discrete
logarithm problem for f*p provides a possible solution.
The simplest, and original, implementation of the protocol uses the multiplicative group of integers
Modulo p, where p is prime and g is primitive root mod p. Here is an example of the protocol:
1. Alice and bob agree to use a prime number p=23 and base g=5.
2. Alice chooses a secret integer xa=6, then sends bob (g^xa) mod p.
56 mod 23 = 8.
3. Bob chooses a secret integer xb=15, then sends alice (g^xb) mod p.
515 mod 3 = 19.
4. Alice computes ya = (g^xa) mod p.
196 mod 23 = 2.
5. Bob computes yb = (g^xb) mod p.
815 mod 23 = 2
13
In the original description, the diffie-hellman exchange by itself does not provide authentication of The
communicating parties and is thus vulnerable to a man-in-the-middle attack. A person in the Middle may
establish two distinct diffie-hellman key exchanges, one with alice and the other with Bob, effectively
masquerading as alice to bob, and vice versa, allowing the attacker to decrypt (and Read or store) then
re-encrypt the messages passed between them. A method to authenticate the Communicating parties to
each other is generally needed to prevent this type of attack.
Algorithm:
Alice and bob, two users who wish to establish secure communications. We can assume that alice
And bob know nothing about each other but are in contact.
1. Communicating in the clear, alice and bob agree on two large positive integers, p and g,
Where p is a prime number and g is a primitive root mod p.
2. Alice randomly chooses another large positive integer, xa, which is smaller than p. Xa will
Serve as alice's private key.
3. Bob similarly chooses his own private key, xb.
4. Alice computes her public key, ya, using the formula ya = (g^xa) mod p.
5. Bob similarly computes his public key, yb, using the formula yb = (g^xb) mod p.
6. Alice and bob exchange public keys over the insecure circuit.
7. Alice computes the shared secret key, k, using the formula k = (yb ^xa) mod p.
8. Bob computes the same shared secret key, k, using the formula k = (ya ^xb) mod p.
9. Alice and bob communicate using the symmetric algorithm of their choice and the shared
Secret key, k, which was never transmitted over the insecure circuit.
Source Code:
import java.util.*;
import java.math.BigInteger;
public class DiffieHellman {
final static BigInteger one = new BigInteger("1");
public static void main(String args[]) {
Scanner stdin = new Scanner(System.in);
BigInteger n;
// Get a start spot to pick a prime from the user.
System.out.println("Enter the first prime no:");
String ans = stdin.next();
n = getNextPrime(ans);
System.out.println("First prime is: " + n + ".");
// Get the base for exponentiation from the user.
14
System.out.println("Enter the second prime no(between 2
and n-1):"); BigInteger g = new BigInteger(stdin.next());
// Get A‘s secret number.
System.out.println("Person A: enter your secret number now.i.e any
random no(x)"); BigInteger a = new BigInteger(stdin.next());
// Make A‘s calculation.
BigInteger resulta = g.modPow(a, n);
// This is the value that will get sent from A to B.
// This value does NOT compromise the value of a easily.
System.out.println("Person A sends" + resulta + "to person B.");
// Get B‘s secret number.
System.out.println("Person B: enter your secret number now.i.e any
random no(y)"); BigInteger b = new BigInteger(stdin.next());
// Make B‘s calculation.
BigInteger resultb = g.modPow(b, n);
// This is the value that will get sent from B to A.
// This value does NOT compromise the value of b easily.
System.out.println("Person B sends" + resultb + "to person A.");
// Once A and B receive their values, they make their new
calculations. // This involved getting their new numbers
and raising them to the // same power as before, their
secret number.
BigInteger KeyACalculates = resultb.modPow(a, n);
BigInteger KeyBCalculates = resulta.modPow(b, n);
// Print out the Key A calculates.
System.out.println("A takes" + resultb + "raises it to the power" + a +
"mod" + n); System.out.println("The Key A calculates is" +
KeyACalculates + ".");
// Print out the Key B calculates.
System.out.println("B takes" + resulta + "raises it to the power" + b + "mod" + n);
System.out.println("The Key B calculates is" + KeyBCalculates + ".");
}
public static BigInteger getNextPrime(String ans) {
BigInteger test = new BigInteger(ans);
while (!test.isProbablePrime(99))
test = test.add(one);
return test;
}
}
Output:
Enter the first prime no:
7
First prime is: 7.
Enter the second prime no(between 2 and n-1):
3
Person A: enter your secret number now.i.e any random no(x)
15
10
Person A sends4to person B.
Person B: enter your secret number now.i.e any random no(y)
6
Person B sends1to person A.
A takes1raises it to the power10mod7
The Key A calculates is 1.
B takes4raises it to the power6mod7
The Key B calculates is 1.
Conclusion: The Diffie-Hellman key exchange algorithm is used to make secure channel to
share secret key between sender and receiver.
R1 R2 R3 R4 Total Signature
16
EXPERIMENT NO: 4
Date of Performance :
Date of Submission :
AIM : For varying message sizes, test integrity of message using MD-5, SHA-1, and analyse the
performance of the two protocols. Use crypt APIs
17
Figure 1: One MD5 operation. MD5 consists of 64 of these operations, grouped in four rounds of 16
operations. F is a nonlinear function; one function is used in each round. Mi denotes a 32bit block of
the message input, and Ki denotes a 32bit constant, different for each operation.
The main MD5 algorithm operates on a 128bit state, divided into four 32bit words, denoted A, B, C
and D. These are initialized to certain fixed constants. The main algorithm then operates on each
512bit message block in turn, each block modifying the state. The processing of a message block
consists of four similar stages, termed rounds; each round is composed of 16 similar operations based
on a nonlinear function F, modular addition, and left rotation.
Figure 1 illustrates one operation within a round. There are four possible functions F; a different one is
used in each round:
Algorithm:
1. Append Padding Bits
The message is "padded" (extended) so that its length (in bits) is congruent to 448, modulo 512. That
is, the message is extended so that it is just 64 bits shy of being a multiple of 512 bits long. Padding is
always performed, even if the length of the message is already congruent to 448, modulo 512. Padding
is performed as follows: a single "1" bit is appended to the message, and then "0" bits are appended so
that the length in bits of the padded message becomes congruent to 448, modulo 512. In all, at least
one bit and at most 512 bits are appended.
2. Append Length
A 64 bit representation of b (the length of the message before the padding bits were added) is
appended to the result of the previous step. In the unlikely event that b is greater than 2^64, then only
the low order 64 bits of b are used. (These bits are appended as two 32bit words and appended low-
order word first in accordance with the previous conventions.) At this point the resulting message
(after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this
message has a length that is an exact multiple of 16 (32 bit) words. Let M[0 ... N1] denote the words of
the resulting message, where N is a multiple of 16.
3. Initialize MD Buffer
A fourword buffer (A,B,C,D) is used to compute the message digest. Here each of A, B, C, D is a
32bit register. These registers are initialized to the following values in hexadecimal, loworder bytes
first):
18
4. Process Message in 16Word Blocks
We first define four auxiliary functions that each take as input three 32bit words and produce as output
one 32bit word.
5. Output
The message digest produced as output is A, B, C, D. That is, we begin with the low order byte of A,
and end with the highorder byte of D.
Output:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class SimpleMD5Example
{
public static void main(String[] args)
{
String passwordToHash = "password";
String generatedPassword = null;
try {
// Create MessageDigest instance for MD5
// for hashing using MD5 can be replaced by SHA1 in following line
MessageDigest md = MessageDigest.getInstance("MD5");
//Add password bytes to digest
md.update(passwordToHash.getBytes());
//Get the hash's bytes
byte[] bytes = md.digest();
//This bytes[] has bytes in decimal format;
//Convert it to hexadecimal format
StringBuilder sb = new StringBuilder();
for(int i=0; i< bytes.length ;i++)
{
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
//Get complete hashed password in hex format
generatedPassword = sb.toString();
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
System.out.println(generatedPassword);
}
}
19
Output:
5f4dcc3b5aa765d61d8327deb882cf99
R1 R2 R3 R4 Total Signature
20
EXPERIMENT NO: 5
Date of Performance :
Date of Submission :
AIM : Study the use of network reconnaissance tools like WHOIS, dig, traceroute,
NSlookup to gather information about networks and domain registrars.
1. WHOIS : WHOIS is the Linux utility for searching an object in a WHOIS database. The WHOIS
database of a domain is the publicly displayed information about a domains ownership, billing,
technical, administrative, and nameserver information. Running a WHOIS on your domain will look
the domain up at the registrar for the domain information. All domains have WHOIS information.
WHOIS database can be queried to obtain the following information via WHOIS:
• Administrative contact details, including names, email addresses, and telephone numbers
Example
Querying Facebook.com
21
FACEBOOK.COM.DISABLE.YOUR.TIMELINE.NOW.WITH.THE.ORIGINAL.TIMELINE-
REMOVE.NET
IP Address: 8.8.8.8
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
IP Address: 209.126.190.70
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Server Name: FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM
IP Address: 46.4.210.254
Registrar: ONLINENIC, INC.
Whois Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com
Server Name: FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: INSTRA CORPORATION PTY, LTD.
Whois Server: whois.instra.net
Referral URL: http://www.instra.com
Server Name:
FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.229
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://www.tucowsdomains.com
Domain Name: FACEBOOK.COM
Registrar: MARKMONITOR INC.
Sponsoring Registrar IANA ID: 292
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: A.NS.FACEBOOK.COM
Name Server: B.NS.FACEBOOK.COM
Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Status:clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Status:clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Status:serverDeleteProhibited
http://www.icann.org/epp#serverDeleteProhibited
Status:serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited
Status:serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited
Updated Date: 28-sep-2012
Creation Date: 29-mar-1997
Expiration Date: 30-mar-2020
>>> Last update of whois database: Fri, 17 Jul 2015 04:12:12 GMT <<<
22
The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
2. Dig - Dig is a networking tool that can query DNS servers for information. It can be very helpful for
diagnosing problems with domain pointing and is a good way to verify that your configuration is
working. The most basic way to use dig is to specify the domain we wish to query:
24
Example
$ dig duckduckgo.com
; <<>> DiG 9.8.1-P1 <<>> duckduckgo.com
;; global options: +cmd
;; Got answer:
LAB MANUAL [SSL]
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64399
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;duckduckgo.com. IN A
;; ANSWER SECTION:
duckduckgo.com. 99 IN A 107.21.1.61
duckduckgo.com. 99 IN A 184.72.106.253
duckduckgo.com. 99 IN A 184.72.106.52
duckduckgo.com. 99 IN A 184.72.115.86
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 23 14:26:17 2013
;; MSG SIZE rcvd: 96
The lines above act as a header for the query performed. It is possible to run dig in batch mode,
so proper labeling of the output is essential to allow for correct analysis.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64399
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
The next section gives us a technical summary of our query results. We can see that the query
was successful, certain flags were used, and that 4 "answers" were received.
;; QUESTION SECTION:
;duckduckgo.com. IN A
;; ANSWER SECTION:
duckduckgo.com. 99 IN A 107.21.1.61
duckduckgo.com. 99 IN A 184.72.106.253
duckduckgo.com. 99 IN A 184.72.106.52
duckduckgo.com. 99 IN A 184.72.115.86
LAB MANUAL [SSL]
The above section of the output contains the actual results we were looking for. It restates the
query and then returns the matching DNS records for that domain name.
Here, we can see that there are four "A" records for "duckduckgo.com". By default, "A" records
are returned. This gives us the IP addresses that the domain name resolves to.
The "99" is the TTL (time to live) before the DNS server rechecks the association between the
domain name and the IP address. The "IN" means the class of the record is a standard internet
class.
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 23 14:26:17 2013
;; MSG SIZE rcvd: 96
These lines simply provide some statistics about the actual query results. The query time can be
indicative of problems with the DNS servers.
25
3. Traceroute - traceroute prints the route that packets take to a network host. Traceroute utility uses
the TTL field in the IP header to achieve its operation. For users who are new to TTL field, this field
describes how much hops a particular packet will take while traveling on network. So, this effectively
outlines the lifetime of the packet on network. This field is usually set to 32 or 64. Each time the
packet is held on an intermediate router, it decreases the TTL value by 1. When a router finds the TTL
value of 1 in a received packet then that packet is not forwarded but instead discarded. After discarding
the packet, router sends an ICMP error message of ―Time exceeded‖ back to the source from where
packet generated. The ICMP packet that is sent back contains the IP address of the router. So now it
can be easily understood that traceroute operates by sending packets with TTL value starting from 1
and then incrementing by one each time. Each time a router receives the packet, it checks the TTL
field, if TTL field is 1 then it discards the packet and sends the ICMP error packet containing its IP
address and this is what traceroute requires. So traceroute incrementally fetches the IP of all the routers
between the source and the destination.
Example:
$traceroute example.com
traceroute to example.com (64.13.192.208), 64 hops max, 40 byte packets
1 72.10.62.1 (72.10.62.1) 1.000 ms 0.739 ms 0.702 ms
2 10.101.248.1 (10.101.248.1) 0.683 ms 0.385 ms 0.315 ms
LAB MANUAL [SSL] Page 30
3 10.104.65.161 (10.104.65.161) 0.791 ms 0.703 ms 0.686 ms
4 10.104.65.161 (10.104.65.161) 0.791 ms 0.703 ms 0.686 ms
5 10.0.10.33 (10.0.10.33) 2.652 ms 2.260 ms 5.353 ms
6 acmkokeaig.gs01.gridserver.com (64.13.192.208) 3.384 ms 8.001 ms 2.439 ms
4. Nslookup - The nslookup command is used to query internet name servers interactively for
information. nslookup, which stands for "name server lookup", is a useful tool for finding out
information about a named domain. By default, nslookup will translate a domain name to an IP address
(or vice versa). For instance, to find out what the IP address of microsoft.com is, you could run the
command:
Example:
$nslookup microsoft.com
Server: 8.8.8.8
Address: 8.8.8.8#53
26
Non-authoritative answer:
Name:
microsoft.com
Address: 134.170.185.46
Name:
microsoft.com
Address: 134.170.188.221
Here, 8.8.8.8 is the address of our system's Domain Name Server. This is the server our system is
configured to use to translate domain names into IP addresses. "#53" indicates that we are
communicating with it on port 53, which is the standard port number domain name servers use to
accept queries. Below this, we have our lookup information for microsoft.com. Our name server
returned two entries, 134.170.185.46 and 134.170.188.221. This indicates that microsoft.com uses
a round robin setup to distribute server load. When you accessmicrsoft.com, you may be directed
to either of these servers and your packets will be routed to the correct destination. You can see
that we have received a "Non-authoritative answer" to our query. An answer is "authoritative" only
if our DNS has the complete zone file information for the domain in question. More often, our
DNS will have a cache of information representing the last authoritative answer it received when
it made a similar query, this information is passed on to you, but the server qualifies it as "non-
authoritative":the information was recently received from an authoritative source, but the DNS
server is not itself that authority.
CONCLUSION: Various reconnaissance tools are studied and used to gather primary
network information.
DATE
R1 R2 R3 R4 Total Signature
27
EXPERIMENT NO: 6
Date of Performance :
Date of Submission :
THEORY:
Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and
display them in human-readable format. Wireshark includes filters, color-coding and other features
that let you dig deep into network traffic and inspect individual packets.
Features of Wireshark :
• Available for UNIX and Windows.
• Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of
other packet capture programs.
• Import packets from text files containing hex dumps of packet data.
28
Capturing Packets
After downloading and installing wireshark, you can launch it and click the name of an interface under
Interface List to start capturing packets on that interface. For example, if you want to capture traffic on
the wireless network, click your wireless interface. You can configure advanced features by clicking
Capture Options.
Filtering Packets
If you‗re trying to inspect something specific, such as the traffic a program sends when phoning home,
it helps to close down all other applications using the network so you can narrow down the traffic.
Still, you‗ll likely have a large amount of packets to sift through. That‗s where Wireshark‗s filters
come in.
The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking
Apply (or pressing Enter). For example, type ―dns‖ and you‗ll see only DNS packets. When you start
typing, Wireshark will help you autocomplete your filter.
Outputs:
1) Home screen:
2) Main screen:
29
3) Packets and filter:
http:
http.request:
tcp.port==443:
30
!(arp or icmp or dns):
CONCLUSION: Wireshark installation and network traffic analysis using packet sniffing is
done. Detailed information about packets are explored by applying filters.
R1 R2 R3 R4 Total Signature
31
EXPERIMENT NO: 7
Date of Performance :
Date of Submission :
AIM : Download and install NMAP. Use it with different options to scan open ports, perform OS
fingerprinting, do a ping scan, TCP port scan, UDP port scan.
Host Discovery – Identifying hosts on a network. For example, listing the hosts which respond
to pings or have a particular port open.
Port Scanning – Enumerating the open ports on one or more target hosts.
Version Detection – Interrogating listening network services listening on remote devices to
determine the application name and version number.
OS Detection – Remotely determining the operating system and some hardware characteristics
of network devices.
32
Basic commands working in Nmap:
For target specifications: nmap <target‗s URL or IP with spaces between them>
For OS detection: nmap -O <target-host's URL or IP>
For version detection: nmap -sV <target-host's URL or IP>
SYN scan is the default and most popular scan option for good reasons. It can be performed quickly,
scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is
also relatively unobtrusive and stealthy since it never completes TCP connections
OUTPUT:
33
Host Details :
34
Port scan : nmap -F -n -Pn 192.168.21.1/24
35
Quick Traceroute : TOPOLOGY
CONCLUSION: NMAP is studied and different types of nmap scans are used to gather host
and network related information.
R1 R2 R3 R4 Total Signature
36
EXPERIMENT NO: 8
Date of Performance :
Date of Submission :
AIM : To implement a program in Java for password cracking using Brute Force.
A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any
encrypted data (except for data encrypted in an information-theoretically secure manner. Such an attack
might be used when it is not possible to take advantage of other weaknesses in an encryption system (if
any exist) that would make the task easier.
We assume the input to be a password to be of length 4 and having only lowercase letters. We try all
possible combinations of lower-case letters to try and decode the password.
Input:
1. Enter password of length 4
2. Convert it into string
3. Find length of the string
4. Starting at each iteration: Guess the string
5. If it matches then print the string and no. of iterations
Code:
import java.util.Scanner;
import java.util.concurrent.TimeUnit;
37
boolean decideSymb = true;
boolean again = true;
while (again == true) {
if (choose.equalsIgnoreCase("y")) {
again = false;
} else if (choose.equalsIgnoreCase("n")) {
again = false;
decideSymb = false;
} else {
System.out.println("Try again! \nIs using symbols an option? if so type in [Y] if not type
in [N]");
choose = userIn.nextLine();
}
}
long start = System.currentTimeMillis();
crack(password, decideSymb);
long end = System.currentTimeMillis();
long milliSecs = TimeUnit.MILLISECONDS.toSeconds(end - start);
;
long secs = milliSecs / 1000;
long mins = secs / 60;
long hours = mins / 60;
long days = hours / 24;
long years = days / 365;
days -= (years * 365);
hours -= (days * 24);
mins -= (hours * 60);
secs -= (mins * 60);
milliSecs -= (secs * 1000);
System.out.println("The password is: " + newPass);
if (years > 0) {
if (years == 1) {
System.out.println("it took\n" + years + "year\n" + days + " days\n" + hours + " hours\n" +
mins
+ " mins\n" + secs + " secs\n" + milliSecs + " milliseconds\nto find the password");
} else {
System.out.println("it took\n" + years + "years\n" + days + " days\n" + hours + " hours\n"
+ mins
+ " mins\n" + secs + " secs\n" + milliSecs + " milliseconds\nto find the password");
}
} else if (days > 0) {
if (days == 1) {
System.out.println("it took\n" + days + " day\n" + hours + " hours\n" + mins + " mins\n" +
secs
+ " secs\n" + milliSecs + " milliseconds\nto find the password");
} else {
System.out.println("it took\n" + days + " days\n" + hours + " hours\n" + mins + " mins\n"
+ secs
+ " secs\n" + milliSecs + " milliseconds\nto find the password");
38
}
} else if (hours > 0) {
if (hours == 1) {
System.out.println("it took\n" + hours + " hour\n" + mins + " mins\n" + secs + " secs\n" +
milliSecs
+ " milliseconds\nto find the password");
} else {
System.out.println("it took\n" + hours + " hours\n" + mins + " mins\n" + secs + " secs\n" +
milliSecs
+ " milliseconds\nto find the password");
}
} else if (mins > 0) {
if (mins == 1) {
System.out.println("it took\n" + mins + " min\n" + secs + " secs\n" + milliSecs
+ " milliseconds\nto find the password");
} else {
System.out.println("it took\n" + mins + " mins\n" + secs + " secs\n" + milliSecs
+ " milliseconds\nto find the password");
}
} else if (secs > 0) {
if (secs == 1) {
System.out.println("it took\n" + secs + " sec\n" + milliSecs + " milliseconds\nto find the
password");
} else {
System.out.println("it took\n" + secs + " secs\n" + milliSecs + " milliseconds\nto find the
password");
}
} else {
System.out.println("it took\n" + milliSecs + " milliseconds\nto find the password");
}
System.exit(0);
}
39
}
if (newPass.equals(end)) {
break;
}
int indInChars = chars.indexOf(newPass.charAt(lastInd));
if (indInChars < chars.length() && indInChars >= 0) {
boolean t = true;
int howManyZs = 0;
while (t == true) {
if (newPass.charAt(newPass.length() - 1 - howManyZs) == 'Z') {
howManyZs++;
} else {
t = false;
}
}
String reset0s = "";
for (int l = 0; l < howManyZs; l++) {
reset0s += "0";
}
if (lastInd < newPass.length() - 1 && lastInd > 0) {
lastInd--;
indInChars = chars.indexOf(newPass.charAt(lastInd)) + 1;
newPass = newPass.substring(0, lastInd) + chars.charAt(indInChars)
+ newPass.substring(lastInd + 1);
} else if (newPass.length() - howManyZs == 1) {
newPass = chars.substring(chars.indexOf(newPass.charAt(0)) + 1,
chars.indexOf(newPass.charAt(0)) + 2) + reset0s;
} else if (newPass.length() - howManyZs > 1 && howManyZs != 0) {
newPass = newPass.substring(0, newPass.length() - 1 - howManyZs)
+ chars.substring(chars.indexOf(newPass.charAt(newPass.length() - 1 -
howManyZs)) + 1,
chars.indexOf(newPass.charAt(newPass.length() - 1 - howManyZs)) + 2)
+ reset0s;
} else {
indInChars = chars.indexOf(newPass.charAt(lastInd)) + 1;
newPass = newPass.substring(0, lastInd) + chars.charAt(indInChars);
}
System.out.println(newPass);
}
}
if (newPass.equals(password)) {
break;
}
}
}
}
40
Output:
1. Print the password
2. Print the iteration number in which the password was cracked successfully
R1 R2 R3 R4 Total Signature
41
EXPERIMENT NO: 9
Date of Performance :
Date of Submission :
SOFTWARE REQUIREMENT:
THEORY: A SQL injection attack consists of insertion or ―injection‖ of a SQL query via the input
data from the client to the application. A successful SQL injection exploit can read sensitive data from
the database, modify database data (Insert/Update/Delete), execute administration operations on the
database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file
system and in some cases issue commands to the operating system. SQL injection attacks are a type of
injection attack, in which SQL commands are injected into data-plane input in order to affect the
execution of predefined SQL commands. SQL INJECTION ATTACK OCCURS WHEN:
1. An unintended data enters a program from an untrusted source.
2.The data is used to dynamically construct a SQL query
In order to run malicious SQL queries against a database server, an attacker must first find an input
within the web application that is included inside of an SQL query.
In order for an SQL injection attack to take place, the vulnerable website needs to directly include
user input within an SQL statement. An attacker can then insert a payload that will be included as
part of the SQL query and run against the database server.
The following server-side pseudo-code is used to authenticate users to the web application.
# Define POST variables
uname = request.POST['username']
passwd = request.POST['password']
# SQL query vulnerable to SQLi
sql = ―SELECT id FROM users WHERE username=‘‖ + uname + ―‘ AND password=‘‖ + passwd
+ ―‘‖
# Execute the SQL statement
database.execute(sql)
The above script is a simple example of authenticating a user with a username and a password against
a database with a table named users, and a username and password column.
The above script is vulnerable to SQL injection because an attacker could submit malicious input in
such a way that would alter the SQL statement being executed by the database server.
A simple example of an SQL injection payload could be something as simple as setting the password
field to password‘ OR 1=1.
This would result in the following SQL query being run against the database server.
SELECT id FROM users WHERE username=‘username‘ AND password=‘password‘ OR 1=1‘
An attacker can also comment out the rest of the SQL statement to control the execution of the SQL
query further.
-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite
42
' OR '1'='1' --
' OR '1'='1' /*
-- MySQL
' OR '1'='1' #
-- Access (using null characters)
' OR '1'='1' %00
' OR '1'='1' %16
Once the query executes, the result is returned to the application to be processed, resulting in an
authentication bypass. In the event of authentication bypass being possible, the application will most
likely log the attacker in with the first account from the query result — the first account in a database
is usually of an administrative user.
To check whether website is vulnerable, replace the value in the get request parameter with an
asterisk (*)
Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a
frequent problem with SQL Injection vulnerabilities.
Authentication: If poor SQL commands are used to check user names and passwords, it may
be possible to connect to a system as another user with no previous knowledge of the password.
Authorization: If authorization information is held in a SQL database, it may be possible to
change this information through the successful exploitation of a SQL Injection vulnerability.
Integrity: Just as it may be possible to read sensitive information, it is also possible to make
changes or even delete this information with a SQL Injection attack.
Output:
43
CONCLUSION: Thus we have successfully performed SQL injection and used SQL map
tool to find vulnerabilities in website.
R1 R2 R3 R4 Total Signature
44
EXPERIMENT NO: 10
Date of Performance :
Date of Submission :
45
* passing parameters by value;
* misuse of signed char variables;
* unusual pointer arithmetic (such as "abc" + 'd');
* dereferenced null pointers;
* incomplete statements;
* misuse of iterators when iterating through a container;
* dereferencing of erased iterators;
* use of invalidated vector iterators/pointers;
Splint : Splint is a tool for statically checking C programs for security vulnerabilities and
programming mistakes. Splint does many of the traditional lint checks including unused
declarations, type inconsistencies, use before definition, unreachable code, ignored return values,
execution paths with no return, likely infinite loops, and fall through cases. More powerful checks
are made possible by additional information given in source code annotations. Annotations are
stylized comments that document assumptions about functions, variables, parameters and types. In
addition to the checks specifically enabled by annotations, many of the traditional lint checks are
improved by exploiting this additional information. Splint is designed to be flexible and allow
programmers to select appropriate points on the effortbenefit curve for particular projects. As
different checks are turned on and more information is given in code annotations the number of
bugs that can be detected increases dramatically. Problems detected by Splint include:
• Dereferencing a possibly null pointer
• Using possibly undefined storage or returning storage that is not properly defined
• Type mismatches, with greater precision and flexibility than provided by C compilers
• Violations of information hiding
• Memory management errors including uses of dangling references and memory leaks
• Dangerous aliasing
• Modifications and global variable uses that are inconsistent with specified interfaces
• Problematic control flow such as likely infinite loops, fall through cases or incomplete switches
and suspicious statements
• Buffer overflow vulnerabilities
• Dangerous macro implementations or invocations
• Violations of customized naming conventions
46
Code:
#include<stdio.h>
#include <string.h>
int main()
{
char bof1[16] = "secret";
char bof2[16];
printf("enter the vlue of bof2: ");
scanf("%s",&bof2); // vulnearble c function
Output:
47
CONCLUSION:
Software vulnerabilities causing buffer overflow are studied and detected using Ollydbg, Splint
and cppcheck.
R1 R2 R3 R4 Total Signature
48