17EGICS065 - Cyber Security Lab File
17EGICS065 - Cyber Security Lab File
(Approved by AICTE, New Delhi and Affiliated to Rajasthan Technical University Kota (Raj.))
Submitted By:
MILIND D JAIN
17EGICS065
VISION & MISSION OF DEPARTMENT
VISION
To nurture the students to become employable graduates who can provide solutions to the societal
issues through ICT.
MISSION
• To focus on practical approach towards learning and exposing the students on the latest ICT
technologies.
• To foster logical thinking among the students to solve real-time problems using innovative
approaches.
• To provide state-of-the-art resources that contributes to inculcate ethical & life-long
learning environment.
Students will be able to solve and relate mathematic concepts behind the
CO1
cryptographic algorithms.
Students will be able to describe various private and public key security
CO3
algorithms used for network security along with its encryption and decryption.
Students will be able to evaluate various scenarios and apply the required type of
CO4
algorithm for ensuring security.
Students will be able analyze protocols for various security objectives with
CO5
cryptographic tools.
RECOMMENDED SYSTEM/SOFTWARE REQUIREMNTS
1. Intel based desktop PC with minimum, of 2.6 GHz or faster processor with at least 256 MB
RAM and 40 GB free disk drive.
2. Operation system: Any windows version
3. Software: Java JDK / Turbo C++ IDE (TurboC3), any cryptography tool.
LABORATORY OUTCOMES
a) Caesar Cipher
PROGRAM:
#include<stdio.h>
#include<string.h>
#include<conio.h>
#include <ctype.h>
void main()
{
char plain [10],ciphe[10];
int key, i, length;
int result; clrscr ();
printf ("\n Enter the plain text:");
scanf ("%s", plain);
printf ("\n Enter the key value:");
scanf ("%d", &key);
printf ("\n \n \t PLAIN TEXt: %s”, plain);
printf ("\n \n \t ENCRYPTED TEXT: ");
for(i = 0, length = strlen(plain); i < length; i++)
{
cipher[i]=plain[i] + key;
if (isupper(plain[i]) && (cipher[i] > 'Z')) cipher[i]cipher[i] - 26;
SAMPLE INPUT-OUTPUT:
RESULT: Thus, the implementation of Caesar cipher had been executed successfully
2
7CS4-22 CYBER SECURITY LAB 17EGICS065
AIM: Implement the following Substitution & Transposition Techniques concepts:
PROGRAM:
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main ()
{
int i, j, k ,l;
char a [20], c [20], d [20];
clrscr();
printf ("\n\t\t RAIL FENCE TECHNIQUE");
printf ("\n\nEnter the input string: ");
gets(a);
l=strlen(a);
/*Ciphering*/ for(i=0,j=0;i<l;i++)
{
if(i%2==0)
c[j++]=a[i];
}
for(i=0;i<l;i++)
{
if(i%2==1)
c[j++]=a[i];
}
c[j]='\0';
printf ("\nCipher text after applying rail fence :");
printf("\n%s",c);
/*Deciphering*/
if(l%2==0)
k=l/2;
else
k=(l/2)+1;
for(i=0,j=0;i<k;i++)
{
d[j]=c[i]; j=j+2;
3
7CS4-22 CYBER SECURITY LAB 17EGICS065
}
for(i=k,j=1;i<l;i++)
{
d[j]=c[i]; j=j+2;
}
d[l]='\0';
printf ("\nText after decryption: ");
printf ("%s”, d);
getch ();
}
4
7CS4-22 CYBER SECURITY LAB 17EGICS065
SAMPLE INPUT-OUTPUT:
RESULT: Thus, the rail fence algorithm had been executed successfully.
5
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 2
AIM: Implement the Diffie-Hellman Key Exchange mechanism Consider the end user as one of the
parties (Alice) and the other party (bob).
PROGRAM:
#include<stdio.h>
#include<conio.h>
long long int power (int a, int b, int mod)
{
long long int t;
if(b==1)
return a; t=power(a,b/2,mod);
if(b%2==0)
return (t*t)%mod;
else
return (((t*t)%mod)*a)%mod;
}
long int calculate Key (int a, int x, int n)
{
return power (a ,x ,n);
}
void main ()
{
int n,g,x,a,y,b;
clrscr();
printf ("Enter the value of n and g: ");
scanf ("%d%d", &n, &g);
printf ("Enter the value of x for the first person: ");
scanf ("%d", &x);
a=power(g,x,n);
printf ("Enter the value of y for the second person: ");
scanf ("%d", &y);
b=power(g,y,n);
6
7CS4-22 CYBER SECURITY LAB 17EGICS065
printf ("key for the first person is :%lld\n",power(b,x,n));
printf ("key for the second person is :%lld\n",power(a,y,n));
getch ();
}
SAMPLE INPUT-OUTPUT:
RESULT:
Thus, the Diffie-Hellman key exchange algorithm had been successfully implemented
using C.
7
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 3
AIM: Implement the following Attack: Brute Force Attack Using MD5 hashing technique
PROGRAM:
#include<stdlib.h>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include<conio.h>
typedef union uwb
{
unsigned w; unsigned
char b[4];
} MD5union;
typedef unsigned DigestArray[4];
unsigned func0( unsigned abcd[] ){
return ( abcd[1] & abcd[2]) | (~abcd[1] & abcd[3]);}
unsigned func1 ( unsigned abcd[] ){
return ( abcd[3] & abcd[1]) | (~abcd[3] & abcd[2]);}
unsigned func2 ( unsigned abcd[] ){
return abcd[1] ^ abcd[2] ^ abcd[3];}
unsigned func3( unsigned abcd[] ){ return
abcd[2] ^ (abcd[1] |~ abcd[3]);}
typedef unsigned (*DgstFctn)(unsigned a[]);
unsigned *calctable( unsigned *k)
{
double s, pwr;
int i;
pwr = pow( 2, 32);
for (i=0; i<64; i++)
{
s = fabs(sin(1+i));
k[i] = (unsigned)( s * pwr );
8
7CS4-22 CYBER SECURITY LAB 17EGICS065
}
return k;
}
unsigned rol ( unsigned r, short N )
{
unsigned mask1 = (1<<N) -1;
return ((r>>(32-N)) & mask1) | ((r<<N) & ~mask1);
}
}mm;
int os = 0;
int grp, grps, q, p; unsigned char *msg2;
if (k==NULL) k= calctable(kspace);
9
7CS4-22 CYBER SECURITY LAB 17EGICS065
msg2[mlen] = (unsigned char)0x80; q = mlen + 1;
while (q < 64*grps){ msg2[q] = 0; q++ ; }
{
MD5union u;
u.w = 8*mlen; q -= 8;
memcpy(msg2+q, &u.w, 4 );
}
}
for (grp=0; grp<grps; grp++)
{
memcpy( mm.b, msg2+os, 64);
10
7CS4-22 CYBER SECURITY LAB 17EGICS065
printf ("\t MD5 ENCRYPTION ALGORITHM IN C \n\n");
printf ("Input String to be Encrypted using MD5 :\n\t%s",msg);
printf ("\n\nThe MD5 code for input string is: \n");
printf ("\t= 0x");
for (j=0;j<4; j++)
{
u.w = d[j];
for (k=0;k<4;k++) printf("%02x",u.b[k]);
}
Printf ("\n");
Printf ("\n\t MD5 Encryption Successfully Completed!!!\n\n");
getch ();
system("pause");
getch ();
}
11
7CS4-22 CYBER SECURITY LAB 17EGICS065
SAMPLE INPUT-OUTPUT:
RESULT:
Thus, the implementation of MD5 hashing algorithm had been implemented successfully
using C.
12
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 4
AIM: Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.
INTRODUCTION:
Wireshark is an open-source packet analyser, which is used for education, analysis, software
development, communication protocol development, and network troubleshooting.
It is used to track the packets so that each one is filtered to meet our specific needs. It is
commonly called as a sniffer, network protocol analyser, and network analyser. It is also used by
network security engineers to examine security problems.
Below are the steps to install the Wireshark software on the computer:
On the network and Internet settings option, we can check the interface connected to our
computer.
13
7CS4-22 CYBER SECURITY LAB 17EGICS065
If you are Linux users, then you will find Wireshark in its package repositories.
By selecting the current interface, we can get the traffic traversing through that interface. The
version used here is 3.0.3. This version will open as:
SCREENSHOTS:
14
7CS4-22 CYBER SECURITY LAB 17EGICS065
There will be detailed information on HTTP packets, TCP packets, etc. The red button is shown
below:
You can also select the connection to which your computer is connected. For example, in this PC,
we have chosen the current network, i.e., the ETHERNET.
15
7CS4-22 CYBER SECURITY LAB 17EGICS065
After connecting, you can watch the traffic below:
There is a filter block below the menu bar, from where a large amount of data can be filtered. For
example, if we apply a filter for HTTP, only the interfaces with the HTTP will be listed.
16
7CS4-22 CYBER SECURITY LAB 17EGICS065
Steps for the permanent colorization are: click on the 'View' option on the menu bar and select
'Coloring Rules.' The table will appear like the image shown below:
17
7CS4-22 CYBER SECURITY LAB 17EGICS065
Adding Keys: Wireless Toolbar
18
7CS4-22 CYBER SECURITY LAB 17EGICS065
➢ This will open the decryption key management window. As shown in the
window you can select between three decryption modes: None, Wireshark
and Driver:
RESULT: Thus, Installation of Wire shark, tcpdump, etc and observe data transferred in client
server communication using UDP/TCP and identify the UDP/TCP datagram was done successfully.
19
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 5
INTRODUCTION:
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it.
Root is a UNIX/Linux term that's the equivalent of Administrator in Windows. The word kit
denotes programs that allow someone to obtain root/admin-level access to the computer by
executing the programs in the kit — all of which is done without end-user consent or knowledge.
A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits
are difficult to detect because they are activated before your system's Operating System has
completely booted up. A rootkit often allows the installation of hidden files, processes, hidden
user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,
network connections, and the keyboard.
Rootkits have two primary functions: remote command/control (back door) and software
eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a
computer. This means executing files, accessing logs, monitoring user activity, and even changing
the computer's configuration. Therefore, in the strictest sense, even versions of VNC are
rootkits. This surprises most people, as they consider rootkits to be solely malware, but in of
themselves they aren't malicious at all.
The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun
and Linux operating systems were the primary targets for a hacker looking to install a rootkit.
Today, rootkits are available for a number of operating systems, including Windows, and are
increasingly difficult to detect on any network.
PROCEDURE:
STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit /
Malwares, Autostart, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart,
20
7CS4-22 CYBER SECURITY LAB 17EGICS065
Enable, Disable, System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Autostart displays the registry base Autostart applications.
STEP-10:CMD allows the user to interact with command line utilities or Registry
SCREENSHOTS:
21
7CS4-22 CYBER SECURITY LAB 17EGICS065
22
7CS4-22 CYBER SECURITY LAB 17EGICS065
RESULT: Thus, the study of installation of Rootkit software and its variety of options were
developed successfully.
23
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 6
INTRODUCTION:
Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to
machine MAC addresses. All network devices that need to communicate on the network
broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is
also known as ARP Spoofing.
In this exercise, we have used Better CAP to perform ARP poisoning in LAN environment using
VMware workstation in which we have installed Kali Linux and Ettercap tool to sniff the local
traffic in LAN.
For this exercise, you would need the following tools –
• VMware workstation
• Kali Linux or Linux Operating system
• Ettercap Tool
• LAN connection
Step 1 − Install the VMware workstation and install the Kali Linux operating system.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 − Make sure you are connected to local LAN and check the IP address by typing the
command ifconfig in the terminal.
24
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.
Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select
the interface. We are going to use “eth0” which means Ethernet connection.
25
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning
the whole network for the alive hosts.
Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in
the network. This list also includes the default gateway address. We have to be careful when we
select the targets.
Step 8 − Now we have to choose the targets. In MITM, our target is the host machine, and the
route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts
the network and sniffs the packets. So, we will add the victim as “target 1” and the router address
as “target 2.”
In VMware environment, the default gateway will always end with “2” because “1” is assigned to
the physical machine.
Step 9 − In this scenario, our target is “192.168.121.129” and the router is “192.168.121.2”. So we
will add target 1 as victim IP and target 2 as router IP.
Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff
remote connections” and click OK.
26
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in the network which
means we have enabled our network card in “promiscuous mode” and now the local traffic can be
sniffed.
Step 12 − Now it’s time to see the results; if our victim logged into some websites. You can see the
results in the toolbar of Ettercap.
RESULT: Thus, Perform an Experiment to Sniff Traffic using ARP Poisoning were Implemented
successfully.
27
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 7
AIM: Demonstrate intrusion detection system using any tool (snort or any other s/w).
INTRODUCTION:
Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocol analysis and content searching and matching, Snort
detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port
scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert
to syslog, a separate 'alerts' file, or to a pop-up window.
Snort is currently the most popular free network intrusion detection software. The advantages
28
7CS4-22 CYBER SECURITY LAB 17EGICS065
of Snort are numerous. According to the snort web site, “It can perform protocol
analysis, content searching/matching, and can be used to detect a variety of attacks and
probes, such as buffer overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more” (Caswell).
One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily
written, and easily inserted into the rule base. If a new exploit or attack is found a rule for the
attack can be added to the rule base in a matter of seconds. Another advantage of snort is
that it allows for raw packet data analysis.
PROCEDURE:
STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.
STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and
snort will automatically know to go into packet logger mode, it collects every packet it sees
and places it in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out
the data link and TCP/IP headers as well as application data into the log directory.
STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c
snort.conf € This is a configuration file that applies rule to each packet to decide it an
action based upon the rule type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in
29
7CS4-22 CYBER SECURITY LAB 17EGICS065
its most basic NIDS form, logging packets that trigger rules specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the Win cap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting new class
path.
STEP-12: Create a path variable and point it at snort.exe variable name € path and
variable value € c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type
the following commands:
INSTALLATION PROCESS:
30
7CS4-22 CYBER SECURITY LAB 17EGICS065
31
7CS4-22 CYBER SECURITY LAB 17EGICS065
RESULT: Thus, the demonstration of the instruction detection using Snort tool was done
successfully.
32
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 8
AIM: Demonstrate how to provide secure data storage, secure data transmission and for creating
digital signatures.
INTRODUCTION:
➢ Here’s the final guide in my PGP basics series, this time focusing on Windows
➢ The OS in question will be Windows 7, but it should work for Win8 and
Win8.1 as well
➢ Obviously, it’s not recommended to be using Windows to access the DNM,
but I won’t go into the reasons here.
➢ The tool well be using is GPG4Win
33
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. On the following screen, click the “Download Gpg4win” button.
34
7CS4-22 CYBER SECURITY LAB 17EGICS065
4. When the “License Agreement” page is displayed, click the “Next” button
5. Set the check box values as specified below, then click the “Next” button
35
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. Set the location where you want the software to be installed. The default
7. Specify where you want shortcuts to the software placed, then click the
“Next” button.
36
7CS4-22 CYBER SECURITY LAB 17EGICS065
8. If you selected to have a GPG shortcut in your Start Menu, specify the folder
in which it will be placed. The default “Gpg4win” is OK. Click the “Install”
button to continue
37
7CS4-22 CYBER SECURITY LAB 17EGICS065
10. The installation process will tell you when it is complete.Click the
“Next” button
11. Once the Gpg4win setup wizard is complete, the following screen will be
12. If you do not uncheck the “Show the README file” check box, the
README file will be displayed. The window can be closed after you’ve
reviewed it.
38
7CS4-22 CYBER SECURITY LAB 17EGICS065
CREATING YOUR PUBLIC AND PRIVATE KEYS
GPG encryption and decryption is based upon the keys of the person who will be
receiving the encrypted file or message. Any individual who wants to send the person
an encrypted file or message must possess the recipient’s public key certificate to
encrypt the message. The recipient must have the associated private key, which is
different than the public key, to be able to decrypt the file. The public and private
key pair for an individual is usually generated by the individual on his or her computer
using the installed GPG program, called “Kleopatra” and the following procedure:
1. From your start bar, select the “Kleopatra” icon to start the Kleopatra
39
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. The following screen will be displayed
40
7CS4-22 CYBER SECURITY LAB 17EGICS065
3. From the “File” dropdown, click on the “New Certificate” option
5. The Certificate Creation Wizard will start and display the following:
41
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. Enter your name and e-mail address. You may also enter an optional
7. Review your entered values. If OK, click the “Create Key” button
42
7CS4-22 CYBER SECURITY LAB 17EGICS065
9. The passphrase should follow strong password standards. After you’ve
entered your passphrase, click the “OK” button.
11. Re-enter the passphrase value. Then click the “OK” button. If the passphrases
match, the certificate will be created.
43
7CS4-22 CYBER SECURITY LAB 17EGICS065
12. Once the certificate is created, the following screen will be displayed. You can
save a backup of your public and private keys by clicking the “Make a backup
Of Your Key Pair” button. This backup can be used to copy certificates onto
other authorized computers.
13. If you choose to backup your key pair, you will be presented with the
following screen:
44
7CS4-22 CYBER SECURITY LAB 17EGICS065
14. Specify the folder and name the file. Then click the “OK” button.
15. After the key is exported, the following will be displayed. Click the “OK” button
45
7CS4-22 CYBER SECURITY LAB 17EGICS065
16. You will be returned to the “Key Pair Successfully Created” screen. Click the
“Finish” button.
17. Before the program closes, you will need to confirm that you want to close the
program by clicking on the “Quit Kleopatra” button
46
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. Select the GpgOL tab
47
7CS4-22 CYBER SECURITY LAB 17EGICS065
4. A command window will open along with a window that asks for the
Passphrase to your private key that will be used to decrypt the incoming
message.
48
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. The results window will tell you if the decryption succeeded. Click the “Finish”
button top close the window
7. When you close the e-mail you will be asked if you want to save the e-mail
message in its unencrypted form. For maximum security, click the “No” button.
This will keep the message encrypted within the e-mail system and will require
you to enter your passphrase each time you reopen the e-mail message
RESULT:
Thus, the secure data storage, secure data transmission and for creating digital signatures
(GnuPG) was developed successfully.
49
7CS4-22 CYBER SECURITY LAB 17EGICS065