PANIMALAR ENGINEERING COLLEGE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

REG NO:
EX.NO: 06 Demonstrate how to provide secure data storage, secure data transmission and
for creating digital signatures (GnuPG).

Aim:
To write a program to demonstrate how to provide secure data storage, secure data
transmission and how to create digital signatures.
GnuPG Description:
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880
GnuPG allows to encrypt and sign our data and communication, features a versatile key
management system as well as access modules for all kinds of public key directories. GnuPG,
also known as GPG, is a command line tool with features for easy integration with other
applications.

Procedure:
i) Generate the Key
1. Open GPA (GNU Privacy Assistant) from StartGPA.
2. Open Key Manager, by selecting WindowKeyring Manager.
3. Select New Key, by selecting KeysNew key.
4. Generate key by Selecting Algorithm, Key Size and specify Name, Email also check
Expires if you want to specify key expiry date and Click Ok.
5. Enter ‘passphrase’ a secret key to protect your keys. (ex: cnslab)
6. Re-enter ‘passphrase’ to confirm.
7. If the ‘passphrase’ is not strength, a dialog will be shown.Click “Take this one anyway”
if you do not want to change phrase key. Otherwise if you want to change the
“passphrase”, click “Enter new passphrase”.
8. Repeat steps 1 to 8 to create keys for another user. (Ex:[email protected])
ii) Encrypt and Sign Text
1. Open GPA (GNU Privacy Assistant) from StartGPA.
2. Type the message to encrypt and sign in Clipboard.
3. Click Encrypt, in the tool bar,
4. Select the public key of the receiver to Encrypt and for sign select the sender private key.
And click Ok.
5. Enter the ‘passphrase’ keyword of the sender.
6. The Encrypted and signed message will be shown,
7. Copy and save the encrypted message in text file.(message.txt)
iii) Decrypt and verify Message received.
1. Open GPA (GNU Privacy Assistant) from StartGPA.
2. Under Clipboard paste the content of the message.txt.
3. Click Encrypt menu in tool bar,
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
4. Enter the receivers “passphrase” to decrypt the message.
5. The Decrypted message will be shown in, GNU Privacy assistant – Clipboard.
iv) Encrypt and Sign a File
1. Create a folder SEND and copy the file to be encrypted in it(Ex:Input.txt)
2. Open GPA (GNU Privacy Assistant) from StartGPA.
3. Open the file manager by selecting, menu “Files” in toolbar,
4. Open the file “Input.txt” by clicking “Open” menu in Tool bar,
5. The select the file will be loaded in file Manager.
6. Select the file in File manager window and click Encrypt.
7. Select the Public Key of the receiver and select the sign key.
8. Enter the “passpharse” of the sender to Sign.
9. The new encrypted file(Input.txt.gpg) will be generated in the same folder contains the
extension .gpg.
10. The file Input.txt.gpg is the Encrypted and digitally signed.
v)Decrypt and Verify Encrypted Signed File
1. Copy the Encrypted file Input.txt.gpg in new folder “Receive”.
2. Open File manager, and select the file Input.txt.gpg in folder “Receive”.
3. Select the File, Input.txt.gpg in the file manager, and click Decrypt.
4. Enter the “passphrase” of the receiver, and click Ok.
5. The sender Signature will be verified, and the status is shown as valid.
6. The Decrypted file “Input.txt” will be in the folder “Receive”.
Sample Output:
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
Generation of Keys:

Encryption:
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Decryption:

EX.NO: 07
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
INSTALL ROOTKITS AND STUDY VARIETY OF OPTIONS

Rootkit is a stealth type of malicious software designed to hide the existence of certain process
from normal methods of detection and enables continued privileged access to a computer.
 Download Rootkit Tool.
 This displays the Processes, Modules, Services, Files, Registry,
RootKit/Malwares, Autostart, CMD of local host.
 Select Processes menu and kill any unwanted process if any. Modules menu
displays the various system files like .sys, .dll
 Services menu displays the complete services running with Autostart, Enable,
Disable, System, and Boot.
 Files menu displays full files on Hard-Disk volumes.
 Registry displays Hkey_Current_user and Hkey_Local_Machine.
Rootkits/Malawares scans the local drives selected.
 Autostart displays the registry base Autostart applications.
 CMD allows the user to interact with command line utilities or Registry.
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

EX.NO: 08
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
SETUP A HONEY POT AND MONITOR THE HONEYPOT ON NETWORK

Honey Pot is a device placed on Computer Network specifically designed to capture malicious
network traffic.
KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a siren icon in the
windows system tray in the bottom right of the screen. If there are no alerts then green icon is
displayed.
 Download KF Sensor Evaluation Set File. Install with License Agreement and
appropriate directory path. Reboot the Computer now.
 The KF Sensor automatically starts during windows boot Click Next to setup
wizard. Select all port classes to include and Click Next.
 Send the email and Send from email enter the ID and Click Next.
 Select the options such as Denial of Service [DOS], Port Activity, Proxy
Emulsion, Network Port Analyzer, Click Next.
 Select Install as System service and Click Next.
 Click finish.
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

EX.NO: 09

PERFORM WIRELESS AUDIT ON AN ACCESS POINT OR A ROUTER AND

DECRYPT WEP AND WPA (NET STUMBLER)

NetStumbler (also known as Network Stumbler) is a tool for windows that facilitates detection
of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It is one of the Wi-
Fi hacking tool which only compatible with windows; this tool also a freeware. With this
program, we can search for wireless network which open and infiltrate the network. It’s having
some compatibility and network adapter issues.

Steps to be followed:

1. Download and install Netstumbler from http://www.netstumbler.com/downloads/

2. It is highly recommended that your PC should have wireless network card in order to access
wireless router

Fig. Net Stumbler (Home Page)

3. Now Run Netstumbler in record mode and configure wireless card.

4. There are several indicators regarding the strength of the signal, such as GREEN indicates
Strong, YELLOW and other color indicates a Weaker signal, RED indicates a Very Weak and
GREY indicates a Signal Loss.
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
5. Lock symbol with GREEN bubble indicates the Access point has encryption enabled.

6. MAC assigned to Wireless Access Point is displayed on right hand pane.

7. The next column displays the Access Points Service Set Identifier [SSID] which is useful to
crack the password.

8. To decrypt use Wireshark tool by selecting Edit Preferences IEEE 802.11

9. Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5

Fig. List of Wireless Network

 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
Fig. Key in IEEE 802.11

Adding Keys: Wireless Toolbar

In using the Windows version of Wireshark and you have an AirPcap adapter you can add
decryption keys using the wireless toolbar. If the toolbar isn’t visible, you can show it by
selecting View Wireless Toolbar. Click on Decryption keys button on the toolbar.

Fig. Decryption Keys tab in Wireshark Tool

This will open the decryption key management window. As shown in the window you can
select between three decryption modes: None, Wireshark and Driver.
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. Decryption Key Management

 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
EX.NO: 10

DEMONSTRATE INTRUSION DETECTION SYSTEM (IDs) USING ANY TOOL

(SNORT OR ANY OTHER S/W)

Snort is an open source network intrusion detection system (NIDS) has the ability to perform
real-time traffic analysis and packet logging on internet protocol (IP) networks. Snort performs
protocol analysis, content searching and matching.

Snort can be configured in three main modes: sniffer, packet logger, and network intrusion
detection.

SNIFFER MODE

In sniffer mode, the program will read network packets and display them on the console.

snort –v Show the TCP/IP packets header on the screen

snort –vd Show the TCP/IP ICMP header with application data in transmit

PACKET LOGGER MODE

In packet logger mode, the program will log packets to the disk.

[create this directory in the C drive] and snort will

snort –dev –l c:\snort\log automatically know to go into packet logger mode, it collects
every packet it sees and places it in log directory
snort –dev –l c:\snort\log –h This rule informs snort that you want to print out the data link
ipaddress/24 and TCP/IP headers as well as application data into the log
directory
snort –l c:\snort\log –b This is binary mode logs everything into a single file

NETWORK INTRUSION DETECTION SYSTEM MODE

In intrusion detection mode, the program will monitor network traffic and analyze it against a
rule set defined by the user. The program will then perform a specific action based on what has
been identified.

This is a configuration file applies rule to each

snort –d c:\snort\log –h ipaddress/24 –c
snort.conf
snort –d –h ipaddress/24 –l c:\snort\log –c
snort.conf
packet to decide it an action based upon the
rule type in the file
This will configure snort to run in its most
basic NIDS (Network Intrusion Detection
System) form, logging packets that trigger
rules specified in the snort.conf
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Steps to be followed

1. Download SNORT from snort.org

2. Get Started [Download the latest version] from the windows tab at this point the lastest
version is snort_2_9_8_2_installer.exe

3. Rules [Download the latest version] based on version downloaded snortrules-snapshot-

2982.tat.gz

4. Download WinPcap from WinPcap.org [version 4.1.3]

5. Place the installer, rules, winPcap in snort folder

6. Download zenmap from nmap.org nmap-7.12-setup.exe

a. How to Configure snort?

Move to c drive snort etc folder snort.conf [open with wordpad]

Step 1: Change the path

# setup the network addresses you are protecting

ipvar HOME_NET any

change this to your current system ip address using

ipvar HOME_NET 192.168.1.2/24 [you could get the ip of the system using ipconfig command]
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. IPConfig Command

#setup the external network address

ipvar EXTERNAL_NET $HOME_NET

Rule Path

var RULE_PATH …/rules

var PREPROC_RULE_PATH …/preproc_rules
Change the path as

var RULE_PATH C:\Snort\rules

# var SO_RULE_PATH ../so_rules
var PREPROC_RULE_PATH C:\Snort\preproc_rules
# If you are using reputation preprocessor set these
var WHITE_LIST_PATH C:\Snort\rules
var BLACK_LIST_PATH C:\Snort\rules

Step 2: Configure the decoder

In the last line config logdir: add config logdir: C:\Snort\log [remove # symbol]

Step 3: Set path for Dynamic Preprocessor and Dynamic Engine

# path to dynamic preprocessor libraries

dynamicpreprocessor directory C:\Snort\lib\snort_dynamicpreprocessor

# path to base preprocessor engine

 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

# path to dynamic rules libraries [Assign # symbol to dynamic detection directory]

# dynamicdetection directory /usr/local/lib/snort_dynamicrules

Step 4: Configure Preprocessors

Assign # symbol in following lines

# Inline packet normalization. For more information, see README.normalize

# Does nothing in IDS mode
# preprocessor normalize_ip4
# preprocessor normalize_tcp: block, rsv, pad, urp, req_urg,
# req_pay, req_urp, ips, ecn stream
# preprocessor normalize_icmp4
# preprocessor normalize_ip6
# preprocessor normalize_icmp6

In the last line add

# Reputation preprocessor. For more information see README.reputation

preprocessor reputation: \
memcap 500, \
priority whitelist, \
nested_ip inner, \
whitelist $WHITE_LIST_PATH/white.list, \
blacklist $BLACK_LIST_PATH/black.list

Step 5: Customizing Rule Sheet

Change backward slash to forward slash in the following codes

# site specific rules

include $RULE_PATH\local.rules

include $RULE_PATH\app-detect.rules
include $RULE_PATH\attack-responses.rules
.
.
.
include $RULE_PATH\x11.rules

Step 6: Customizing Preprocessor

Change backward slash to forward slash in the following codes [also remove # symbol in the
below three lines]
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:
# decoder and preprocessor event rules
include $PREPROC_RULE_PATH\preprocessor.rules
include $PREPROC_RULE_PATH\decoder.rules
include $PREPROC_RULE_PATH\sensitive-data.rules

Check whether you have the line threshold.conf in the last line of snort.conf

b. How to use Snort to detect Ping?

Step 1: In snort folder in c drive go to rules folder

open icmp.rules file using wordpad then type

alert icmp any any -> any any (msg:"PING PING PING"; sid:1000000001;)

Step 2 : Open Command Prompt Run as Administrator

In command prompt type the following command

wait until you get the line commencing packet processing

 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Step 3 : Open another Command Prompt Run as Administrator

Type ping www.google.com

Now you will get the reply from google to your system ip

Fig. Snort Detecting Ping

c. How to use Snort to log portscan?

Step 1: Move to log folder in snort create a blank text file name it as say sample.txt
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. Sample.txt in log folder

Step 2: Open snort.conf using [ctrl+F] find stream5_global

check whether it as the same line

# Target-Based stateful inspection/stream reassembly. For more inforation, see

README.stream5
preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp no, \
max_tcp 262144, \
max_udp 131072, \
max_active_responses 4, \
min_response_seconds 2

Next find for portscan

# Portscan detection. For more information, see README.sfportscan
preprocessor stream5_global: track_udp yes track_tcp yes
preprocessor sfportscan: proto { all } scan_type { all } sense_level { medium } logfile {
sample.txt }
//the file name should be same as created in log folder

Step 3: Open zenmap type the google ip obained from ping command in target
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. Zenmap Home Page

Step 4: Before commecning scan open the command prompt [run as administrator] type the
following command
snort –i l –A console –c C:\Snort\etc\snort.conf

Fig. Commencing Snort

Wait for the packet processing window as shown

 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. Packet Processing Window

Step 5: Click the scan check whether the profile is intense scan in Zenmap GUI
The list of scan runs in the Zenmap GUI as shown.

Fig. Zenmap GUI in SCAN

Step 6: The snort runs as shown
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

To stop snort type ctrl+c in snort window it shows the result as snort exiting as shown in fig

Fig. Snort Exiting

Step 7: To check the log go to log folder in snort and check sample.txt you could see the time
and packets transferred
 PANIMALAR ENGINEERING COLLEGE
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
REG NO:

Fig. Packets Transferred