College of

Department of SɅRɅSWɅTI Engineering

Computer Engineering

Expt. Page
Name of the Experiment
No. No.

Implementation of Extended Euclidean algorithm for finding

1 multiplicative inverse of any number in Zn. Also ind the gcd and t
values. Show the output of each step.

2 Implementation of Euler’s Totient Function.

3 Implementation of Caeser cipher (Encryption and Decryption)

Implementation of RSA Cryptosystem, which includes:
4
a. Implementation of RSA Key Generation Algorithm.
Encryption and decryption using RSA algorithm.
For varying message sizes, generate message digest usingMD5
5
algorithm and check the integrity of message
For varying message sizes, generate message digest using SHA-1
6 algorithm and check the integrity of message.
Implementation of Diffie Hellman Algorithm in python.Also,
7 perform Diffie Hellman Practical (Virtual lab Experiment).

Study of packet sniffer tool “wireshark”. Download and install

wireshark and capture icmp, tcp, and http packets in romiscuous
8
mode. Explore how the packets can be traced based on different
filters.

Study the use of network reconnaissance tools like WHOIS, dig,

9
tracert, nslookup.
Simulate buffer overflow attack using Ollydbg, Splint, Cpp check
10
etc

11 Simulate DOS attack using Hping3 and Wireshark

Case Study on analysing the Security Vulnerabilities of E-

12 commerce websites (Content Beyond Syllabus)

1
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

EXPERIMENT NO- 1

AIM: Find the multiplicative inverse of any number using Extended Euclidean algorithm.
Also find the GCD and t values. Show the output of each step.

RESOURCE REQUIRED: Python, P IV and above, Printer, Pages

THEORY: The GCD of two integers can be found by repeated application of the division
algorithm, this is known as the Euclidean Algorithm. You repeatedly divide the divisor by the
remainder until the remainder is 0. The gcd is the last non-zero remainder in this algorithm. The
Extended Euclidean Algorithm finds the multiplicative inverse of b in Zn when n and b are
given and gcd(n,b)=1.The multiplicative inverse of b is the value of t after being mapped to Zn.
The following example shows the algorithm.

e.g: Find the gcd of 81 and 57 by the Euclidean Algorithm:

81 = 1(57) + 24
57 = 2(24) + 9
24 = 2(9) + 6
9 = 1(6) + 3
6 = 2(3) + 0
The Extended Euclidean Algorithm uses the same number of steps as the Euclidean
Algorithm. The Algorithm of Extended Euclidean Algorithm is given below:

2
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

3
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Example:
Given a =161 and b=28 find gcd(a,b) and value of s and t.
Solution:

q r1 r2 r s1 s2 s t1 t2 t

5 161 28 21 1 0 1 0 1 -5

1 28 21 7 0 1 -1 1 -5 6

3 21 7 0 1 -1 4 -5 6 -23

7 0 -1 4 6 -23
We get gcd(161,28)=7 s=-1 and t=6.
The answer can be tested,(-1) x 161 + 6 x 28 = 7
PROGRAM WITH OUTPUT

4
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION:

Thus, we have learnt how to find multiplicative inverse using Extended Euclidean Theorem.

5
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

EXPERIMENT NO-2

AIM: Implementation of Euler’s Totient Function.

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages

THEORY:

Euler’s Totient function Φ (n) for an input n is the count of numbers in {1, 2, 3, …, n} that are
relatively prime to n, i.e., the numbers whose GCD (Greatest Common Divisor) with nis 1. All
positive integers less than n are relatively prime to it.

For Example:

1. If n=4 find Φ (n)=?

Soln:

Φ (n) = Φ (4) = 1 and 3 are relatively prime to 4 because their gcd is 1. (The number issaid
to relatively prime if their gcd is always 1)

In this case 4 and 2 are not relatively prime, because gcd(4,2)=2

∴ Φ (4) = 2 (i.e. 1 and 3)

2. find Φ (5) = ?

Soln: Φ (5) = 1, 2, 3, 4 are relatively prime to 5.

∴ Φ (5) = 4

6
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

This implies that Φ (n) will be easy to calculate if n has exactly two different prime factors
say p and q

∴ Φ (n) = p x q

i.e. Φ (n) = Φ (p) * Φ (q)

According to definition of Euler Totient function,

∴ Φ (p * q) = (p – 1) * (q – 1) if p and q are primeThe following helps to find the value

of φ(n):

1. Φ (1) = 0.

2. φ(n) = n-1 if n is a prime number.

3. Φ (m*n) = Φ (m)* Φ (n) if m and n are coprime.

4. Φ(pe) = pe - pe-1 if p is a prime.

The general formula to compute φ(n) is the following:

If the prime factorisation of n is given by n = p1e1 *...* pnen, then φ(n) = n *(1 - 1/p1)* ...(1
- 1/pn).

For example:

• 9 = 32, φ(9) = 9* (1-1/3) = 6

7
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

• 4 =22, φ(4) = 4* (1-1/2) = 2

• 15 = 3*5, φ(15) = 15* (1-1/3)*(1-1/5) = 15*(2/3)*(4/5) =8

PROGRAM

CONCLUSION: Hence, we have implemented Euler’s Totient Function.

8
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

EXPERIMENT NO - 3

AIM: To implement Caeser Cipher (Encryption and Decryption).

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages

THEORY:
The Caesar Cipher technique is one of the earliest and simplest method of encryption
technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is
replaced by a letter some fixed number of positions down the alphabet. For example with
a shift of 1, A would be replaced by B, B would become C, and so on. The method is
apparently named after Julius Caesar, who apparently used it to communicate with his
officials.
Thus to cipher a given text we need an integer value, known as shift which indicates the
number of position each letter of the text has been moved down.
The encryption can be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a
letter by a shift n can be described mathematically as.

(Encryption Phase with shift n)

(Decryption Phase with shift n)

Examples :

9
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Encryption

Plaintext: H → 07 En: (07 + 15) mod 26 Ciphertext: 22 → W

Plaintext: E → 04 En: (04 + 15) mod 26 Ciphertext: 19 → T

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: L → 11 En: (11 + 15) mod 26 Ciphertext: 00 → A

Plaintext: O → 14 En: (14 + 15) mod 26 Ciphertext: 03 → D

Decryption

Ciphertext: W→ 22 Dn: (22 - 15) mod 26 Plaintext: 07 → H

Ciphertext: T → 19 Dn: (19 - 15) mod 26 Plaintext: 04 → L

Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L

Ciphertext: A → 00 Dn: (00 - 15) mod 26 Plaintext: 11 → L

Ciphertext: D → 03 Dn: (03 - 15) mod 26 Plaintext: 14 → O

If any case (Dn) value becomes negative (-ve), in this case, we will add 26 in the negative
value. E.g: -15+26=11

PROGRAM

10
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

OUTPUT

CONCLUSION: Hence, we have learnt the concept of encryption and decryption. We have
implemented ceaser cipher in python and have created cipher text and then decipher it.

11
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 04

AIM: Implementation of RSA Cryptosystem. i)Implementation of RSA Key Generation

Algorithm. ii)Encryption and decryption using RSA algorithm.

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages

THEORY:
RSA encryption algorithm is a type of public-key encryption algorithm. Public Key encryption
algorithm is also called the Asymmetric algorithm. Asymmetric algorithms are those
algorithms in which sender and receiver use different keys for encryption and decryption.
Each sender is assigned a pair of keys:

o Public key

o Private key

The Public key is used for encryption, and the Private Key is used for decryption. Decryption
cannot be done using a public key. The two keys are linked, but the private key cannot be
derived from the public key. The public key is well known, but the private key is secret and
it is known only to the user who owns the key. It means that everybody cansend a
message to the user using user's public key. But only the user can decrypt the message
using his private key.

Example:

• Choose p = 3 and q = 11
• Compute n = p * q = 3 * 11 = 33
• Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20

12
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

• Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
• Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) %
20 = 1]
• Public key is (e, n) => (7, 33)
• Private key is (d, n) => (3, 33)

• The encryption of m = 2 is c = 27 % 33 = 29
• The decryption of c = 29 is m = 293 % 33 = 2

PROGRAM

13
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

OUTPUT

14
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION: Hence, we have implemented RSA Key Generation Algorithm. And performed
Encryption and decryption using RSA algorithm.

15
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 05

AIM: For varying message sizes, generate message digest using MD5 algorithm and check
the integrity of message

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages

THEORY:
MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function that results
in a 128-bit hash value. The 128-bit (16-byte) MD5 hashes (also termed message digests)
typically are represented as 32-digit hexadecimal numbers (for example,
ec55d3e698d289f2afd663725127bace).
EAP-MD-5 typically is not recommended for wireless LAN implementations because it may
expose the user’s password, and because several collision-based weaknesses have been
demonstrated. It provides for only one way authentication – there is no mutual
authentication of wireless client and the network.And very importantly it does not provide
a means to derive dynamic, per-session wired equivalent privacy (WEP) keys.

PROGRAM

16
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

OUTPUT

CONCLUSION: Thus, for varying message sizes, we have generated message digests using MD5
algorithm and checked the integrity of message. We observed that the size of message digest
remains same for varying message sizes.

17
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 06

AIM: For varying message sizes, generate message digest using SHA-1 algorithm and check
the integrity of message.

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages

THEORY:
SHA-1 produces a 160-bit hash value or message digests from the inputted data (data that
requires encryption), which resembles the hash value of the MD5 algorithm. It uses 80
rounds of cryptographic operations to encrypt and secure a data object. Some of the
protocols that use SHA-1 include:

⚫ Transport Layer Security (TLS)

⚫ Secure Sockets Layer (SSL)

⚫ Pretty Good Privacy (PGP)

⚫ Secure Shell (SSH)

⚫ Secure/Multipurpose Internet Mail Extensions (S/MIME)

⚫ Internet Protocol Security (IPSec)

SHA-1 is commonly used in cryptographic applications and environments where the need
for data integrity is high. It is also used to index hash functions and identify data corruption

18
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

and checksum errors.

SHA-1 or Secure Hash Algorithm 1 is a cryptographic hash function which takes an input and
produces a 160-bit (20-byte) hash value. This hash value is known as a message digest. This
message digest is usually then rendered as a hexadecimal number which is 40 digits long.

PROGRAM

OUTPUT

19
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION: Thus, for varying message sizes, we have generated message digests using SHA-
1 algorithm and checked the integrity of message. We observed that the size of message digest
remains same for varying message sizes.

20
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 07

AIM: Implementation of Diffie Hellman Algorithm in Python. Also, perform Diffie Hellman
Practical using Cryptographic Lab of Virtual Labs of IIT Bombay.

RESOURCE REQUIREMENTS: Python, P IV and above, Printer, Pages, Virtual Lab IIT
Bombay

THEORY:
Diffie-Hellman algorithm is one of the most important algorithms used for establishing a
shared secret. At the time of exchanging data over a public network, we can use the shared
secret for secret communication. We use an elliptic curve for generating points and getting
a secret key using the parameters.

1. We will take four variables, i.e., P (prime), G (the primitive root of P), and a and b
(private values).

2. The variables P and G both are publicly available. The sender selects a private value,
either a or b, for generating a key to exchange publicly. The receiver receives the key,
and that generates a secret key, after which the sender and receiver both have the same
secret key to encrypt.

21
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Diffie Hellman Practical using Cryptographic Lab of Virtual Labs of IITBombay:

Steps for Implementation:-

STEP 1 : Firslty,choose a large prime number p and a generator g for that prime.

STEP 2 : Secondly,both Alice and Bob generate their respective keys A and B. And (ga,gb)for
their keys respectively.

STEP 3 : Both Alice and bob send exchange their ga,gb.

STEP 4 : Finally,both calculate their public keys gab and gba repectively.

STEP 5 : If both gab and gba are equal then Deffie-Hellman key exchange is verified.

Output:

22
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

PROGRAM

Output

23
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION: Hence we have successfully implemented Diffie Hellman Algorithm using

Symmetric keyAgreement in Python and on Virtual Lab for symmetric key agreement.

24
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 08

AIM: Study of packet sniffer tool “wireshark”:

a. Download and install Wireshark and capture ICMP,TCP and HTTP packets inpromiscuous
mode.
b. Explore how the packets can be traced based on different filters.
RESOURCE REQUIREMENTS: Wireshark, P IV and above, Printer, Pages
THEORY:
WIRESHARK:
Wireshark is a free and open-source packet analyser. It is used for network troubleshooting,
analysis, software and communications protocol development, and education. A network
packet analyzer will try to capture network packets and tries to display that packet data as
detailed as possible. You could think of a network packet analyzer as a measuring device for
examining what’s happening inside a network cable.

Applications of Wireshark:
Here are some reasons people use Wireshark:
⚫ Network administrators use it to troubleshoot network problems.
⚫ Network security engineers use it to examine security problems.
⚫ QA engineers use it to verify network applications.
⚫ Developers use it to debug protocol implementations.
⚫ Student use it to learn network protocol internals.
Features:
⚫ Available for UNIX and Windows.
⚫ Capture live packet data from a network interface.
⚫ Display packets with very detailed protocol information.

25
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

⚫ Save packet data captured.

⚫ Filter packets on many criteria.
⚫ Search for packets on many criteria.
⚫ Colorize packet display based on filters.
⚫ Create various statistics.
⚫ Packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it
will also typically store and/or display the contents of the various protocol fields in these
captured messages.
⚫ A packet sniffer itself is passive. It observes messages being sent and received by
applications and protocols running on your computer, but never sends packets itself.

⚫ Similarly, received packets are never explicitly addressed to the packet sniffer.
⚫ Instead, a packet sniffer receives a copy of packets that are sent / received from/by
application and protocols executing on your machine.

Packet Sniffer Structure:

26
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

How To turn Promicious mode:

⚫ To turn on promiscuous mode, click on the CAPTURE OPTIONS dialog box andselect it from
the options.

⚫ If everything goes according to plan, you’ll now see all the network traffic in your network.

⚫ However, many network interfaces aren’t receptive to promiscuous mode, so don’t be

alarmed if it doesn’t work for you.

⚫ 'Promiscuous' is a mode which some NICs can assume that would allow them to receive
any packet that comes their way regardless of that packet's destination address. By
default, NICs are supposed to discard all packets not addressed to them.

⚫ If you have promiscuous mode enabled—it’s enabled by default—you’ll also see all the
other packets on the network instead of only packets addressed to your network adapter.

ScreenShot:

27
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

28
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

29
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

30
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

31
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

32
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION: Hence we have successfully implemented packet sniffer tools using Wireshark.
And also implemented icmp, tcp and http packets in promiscuous mode as well as explored how
the packets can be traced based on different filters.

33
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 9

AIM: Simulate buffer overflow attack using Ollydbg, Splint, Cppcheck etc
RESOURCES REQUIRED: Unix/Linux/Windows, Ollydbg, Splint, cppcheck
THEORY:
1. Cppcheck : Cppcheck is a tool for static C/C++ code analysis (CLI). Cppcheck is a command-line
tool that tries to detect bugs that your C/C++ compiler doesn't see. It is versatile, and can check
non-standard code including various compiler extensions, inline assembly code, etc. Its internal
preprocessor can handle includes, macros, and several pre-processor commands. While Cppcheck
is highly configurable, you can start using it just by giving it a path to the source code.

It includes checks for:

* pointers to out-of-scope auto variables;
* assignment of auto variables to an effective parameter of a function;
* out-of-bounds errors in arrays and STL;
* missing class constructors;
* variables not initialized by a constructor;
* use of memset, memcpy, etcetera on a class;
* non-virtual destructors for base classes;
* operator= not returning a constant reference to itself;
* use of deprecated functions (mktemp, gets, scanf);
* exceptions thrown in destructors;

Step 1: Installation of cppcheck

$sudo apt-get install cppcheck

Step 2: Checking Vulnerability

34
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

$ cppcheck sample2.c

Splint : Splint is a tool for statically checking C programs for security vulnerabilities and
programming mistakes. Splint does many of the traditional lint checks including unused
declarations, type inconsistencies, use before definition, unreachable code, ignored return values,
execution paths with no return, likely infinite loops, and fall through cases. More powerful checks
are made possible by additional information given in source code annotations. Annotations are
stylized comments that document assumptions about functions, variables, parameters and types.
In addition to the checks specifically enabled by annotations, many of the traditional lint checks are
improved by exploiting this additional information.
Splint is designed to be flexible and allow programmers to select appropriate points on the effort-
benefit curve for particular projects. As different checks are turned on and more information is
given in code annotations the number of bugs that can be detected increases dramatically.
Problems detected by Splint include:

35
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

• Dereferencing a possibly null pointer

• Using possibly undefined storage or returning storage that is not properly defined
• Type mismatches, with greater precision and flexibility than provided by C compilers
• Violations of information hiding
• Problematic control flow such as likely infinite loops, fall through cases or incomplete switches
and suspicious statements
• Buffer overflow vulnerabilities
• Dangerous macro implementations or invocations
• Violations of customized naming conventions
Examples1 :
$ splint sample2.c

Example 2:

36
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

$splint sample3.c

37
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

3. Ollydbg: OllyDbg is a 32-bit assembler level analysing debugger for Windows. It emphasizes
binary code analysis, which is useful when source code is not available. It traces registers,
recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines
from object files and libraries. It has a user friendly interface, and its functionality can be extended
by third-party plugins.
Installation: Download Ollydbg from ollydbg.org and install it on windows. Make executable of
following C program rtrace.c and open it in ollydbg for debugging.

38
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

39
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

40
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Conclusion:
Software vulnerabilities causing buffer overflow are studied and detected using Ollydbg, Splint and
cppcheck.

41
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Experiment No: 10

AIM: Study the use of network reconnaissance tools like WHOIS, dig, tracert, nslookup.

RESOURCE REQUIREMENTS: Command Prompt, P IV and above, Printer, Pages

THEORY:
Tools for active reconnaissance are designed to interact directly with machines on the
target network in order to collect data that may not be available by other means. Active
reconnaissance can provide a hacker with much more detailed information about the
targetbut also runs the risk of detection.

Whois

Whois servers are databases that are maintained by domain name authorities around the
world. A whois database can contain a plethora of information, but typically it contains
such information as location, contact information, and IP address ranges for every domain
name under its authority.

Traceroute

If you are curious as to what path your requests are taking, as well as how long it takes to
get from point A to point B (as well as intermediary stops), you can usethe
Traceroute tool. This can help you with things like:

⚫ Determining if there’s a specific server (or node) that is slow or unreachable

⚫ Figuring out who hosts a specific resource and where the host is located
⚫ Checking the reachability of your site

42
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

NsLookup

The NsLookup tool allows you to provide a hostname and request one or more types of
DNS records (e.g., A, NS, CNAME records).

dig

dig (Domain Information Groper) is a powerful command-line tool for querying DNS name
servers. The dig command, allows you to query information about various DNS records,
including host addresses, mail exchanges, and name servers. It is the most commonly
used tool among system administrators for troubleshooting DNS problemsbecause of its
flexibility and ease of use.

43
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

OUTPUT
Whois

Tracert

44
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

DIG

45
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

Nslookup

46
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

CONCLUSION: Hence we have successfully implemented the use of network Reconnaissance

47
SɅRɅSWɅTI
 College of
Department of SɅRɅSWɅTI Engineering
Computer Engineering

tools likeWHOIS, dig, tracert, nslookup.

48
SɅRɅSWɅTI
 Experiment No: 11

Aim: Simulate DOS attack using Hping3 and Wireshark

RESOURCE REQUIREMENTS: Unix/Linux, Hping3, wireshark

Theory:
Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to
its intended users, such as to temporarily or indefinitely interrupt or suspend services. A distributed
denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP
addresses. It is analogous to a group of people crowding the entry door or gate to a shop or business,
and not letting legitimate parties enter into the shop or business, disrupting normal operations.
A DoS attack tries to make a web resource unavailable to its users by flooding the target URL with
more requests than the server can handle. That means that during the attack period, regular traffic on
the website will be either slowed down or completely interrupted.
A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source
at the same time. A DDoS attack is typically generated using thousands (potentially hundreds of
thousands) of unsuspecting zombie machines. The machines used in such attacks are collectively
known as “botnets” and will have previously been infected with malicious software, so they can be
remotely controlled by the attacker. According to research, tens of millions of computers are likely
to be infected with botnet programs worldwide.
Cybercriminals use DoS attacks to extort money from companies that rely on their websites being
accessible. But there have also been examples of legitimate businesses having paid underground
elements of the Internet to help them cripple rival websites. In addition, cybercriminals combine DoS
attacks and phishing to target online bank customers. They use a DoS attack to take down the bank's
website and then send out phishing e-mails to direct customers to a fake emergency site instead.

Installation Steps:

1. Install Hping3 and wireshark

2. Flood the victim with TCP/ICMP/UDP packet using Hping3 (-- flood option)
3. Observe the Dos attack and DDos attack using Wireshark

Output

49
50
51
Conclusion:
DoS attacks affects availability of resources. DoS attack is simulated using Hping3 and resources are
monitored using wireshark.

52
 Experiment No: 12

AIM: Case Study on analysing the Security Vulnerabilities of E-commerce websites (Content
beyond syllabus).

RESOURCE REQUIREMENTS: Internet , P IV and above, Printer, Pages

THEORY:
1. Security Vulnerabilities of E-commerce services
Vulnerability is a weakness which allows an attacker to reduce a system's information
assurance. Vulnerability is the intersection of three elements: a
system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit
the flaw. To exploit vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness
1.1 Software life cycle not secure.
Over the years, efforts to enhance software development life cycle (SDLC) practices have
been shown to improve software quality, reliability, and fault-tolerance. Now-a-days
strategies to improve the security of software in organizations such as Microsoft, Oracle, and
Motorola have resulted in software products with less vulnerabilities and greater
dependability, trustworthiness, and robustness.
As per the SANS Institute’s Top 20 list of security vulnerabilities, the MITRE Common
Vulnerabilities and Exposures (CVE) site, the US-CERT Technical Cyber Security Alerts site,
and the Microsoft Security Advisory site show that common software defects are the leading
cause of security vulnerabilities (buffer overflows have been the most common software
defect leading to security vulnerabilities).
Some of the things that can be incorporated in SDLC are:
1. Software should be installed using security defaults
2. A software patch management process should be there.

1.2 Vulnerabilities due to input validations

53
Buffer Overflow: A buffer overflow condition occurs when a program attempts to copy more
data in a buffer than it can hold. Buffer overflow is probably the best known form of software
security vulnerability. At the code level, buffer overflow vulnerabilities usually involve the
violation of a programmer's assumptions. Hackers use buffer overflows to corrupt the
execution stack of a web application. Buffer overflow flaws can be present in both the web
server or application server products that serve the static and dynamic aspects of the site.
Buffer overflows generally resulted in to crashes. Other type of attacks will create the
situation like lack of availability are possible, including putting the program into an infinite
loop.

1.3 Log Forging

Writing invalidated user input to log files can give access to attacker for forging log entries or
injecting malicious content into the logs. Log forging vulnerabilities occur in following
conditions:
i. Data copied to an application from an unreliable source.
ii. The data is copied to an application or system log file.
Applications uses log file to store a history of events for later review and record, statistics
gathering, or debugging. Analysis of the log files may be misdirected if an attacker can supply
inappropriate data to the application. In the most common case, an attacker may be able to
insert false entries into the log file by providing the application with input that includes
appropriate characters. If the log file is processed automatically, the attacker can render the file
unusable by corrupting the format of the file or injecting unexpected characters. A more
dangerous attack might involve changing the log file statistics.

1.4 Missing XML Validation: Failure to implement validation when parsing XML gives an attacker
the way to supply malicious input. By accepting an XML document without validating it against a
DTD or XML schema, the programme gives chance to attackers to copy unexpected,
unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a
document's content; a parser cannot understand the complete semantics of the data. However,
a parser can do a complete and thorough job of checking the document's structure and therefore
guarantee to the code that processes the document that the content is well-formed.

54
1.5 Validation checks in client: Performing validation check in client side code, mostly
JavaScript, provides no protection for server-side code. An attacker can simply disable
JavaScript, use telnet, or use a security testing proxy to bypass the client side validation. Client-
side validation is widely used, but is not security relevant.

1.6 Vulnerabilities in database servers: There are various techniques to attack a database.
External attacks may exploit configuration weaknesses that expose the database server. Also
weak and insecure Web application can be used to exploit the database. An application with
excess privilege in the database can put database at risk. The main threats to a database server
are:
Fig 1: Main threats to a database server

i. SQL injection: Technique used to attack database through website entry fields.
ii. Network eavesdropping: It is a network level attack consisting of capturing packets from
the networked computers.
iii. Unauthorized server access: Attacked made unauthorised access through various
loopholes in the system such as O/S, non availability of firewall etc.
iv. Password cracking: Technique of recovering password from data stored in computer.

1.7 Vulnerabilities in TCP/IP Protocols used for communications

TCP/IP is very popular and known to everyone, IP – (Internet Protocol) that handles routing
packets of data from one computer to another or from one router to another. TCP,

55
(Transmission Control Protocol), deals with ensuring that the data packets are delivered in a
reliable manner from one computer to another.

2 Major causes of vulnerabilities

i. Dependency on IP source address for authentication
ii. Minimal/no authentication in network control mechanisms, e.g. routing protocol,
congestion control, flow control, ICMP messages, etc.

2.1 Vulnerabilities in firewall

Firewall vulnerability is defined as an error made during firewall design, implementation, or
configuration that can be exploited to attack the trusted network that the firewall is supposed
to protect. For example, common firewall vulnerabilities and improper configurations include:
i. ICMP allowed, e.g., the firewall can be ping-ed;
ii. Provides the attacker with additional information, or improves the speed of the
attacker’s port scan by doing Denial rather than drop of traffic to ports by the firewall
suppose to block;
iii. Misconfiguration that allows a TCP ping of internal hosts with Internet-routable IP
addresses (e.g., in-bound TCP 80 is not restricted to the web server);
iv. Trust or unrestricted access to certain IP addresses;
v. Availability of extra/ non required services on the firewall;
vi. Unnecessarily open TCP and UDP ports;

2.2 Vulnerability in IPS: The main function of intrusion prevention systems is to identify
malicious activity, log information about malicious activity, attempt to block/stop activity, and
report activity. Some of the IPS Vulnerabilities are as follows:
i. Under estimation of security capabilities, including information gathering, logging,
detection, and prevention.
ii. Focus on Performance rather than security, including maximum capacity and
performance features.

56
 iii. Non-defined Management policies, including design and implementation (e.g.,
reliability, interoperability, scalability, product security), operation and maintenance
(including software updates), and training, documentation, and technical support.

2.3 Vulnerability loopholes of the users

i. Tolerating weak passwords: weak passwords are arguably the most nonsensical, yet
simplest security flaws to fix.
ii. Connecting to unsecured Wi-Fi hotspots: Many people don’t think twice about logging
onto a random (and unprotected) wireless network just to get some work done. That’s
all it takes for someone with ill intent to capture a user’s login credentials and work his
way onto your wireless network.
iii. Ignorance in encrypting hard drives and USB storage disks: Simply encrypting computer
hard drives can eliminate a huge portion of information risks.
iv. Assuming that patches are under control: There are typically hundreds of missing
patches on both workstations and servers. In many situations, admins are unaware of
specific patches to be installed.
v. Not balancing security with convenience: Unintended acts, security controls often get in
the way of users, who then find ways around it. General habit of writing passwords on
sticky notes is just the beginning.

CONCLUSION: Thus, we have studied the Security Vulnerabilities of E-commerce websites through
a case study.

REFERENCES :
1. https://community.broadcom.com/symantecenterprise/viewdocument/common-security-
vulnerabilities-in?CommunityKey=1ecf5f55-9545-44d6-b0f4-
4e4a7f5f5e68&tab=librarydocuments
2. https://www.n-ix.com/6-types-security-vulnerabilities-ecommerce-solve-them/

57