INDEX

RECORD NOTE BOOK

Sl no Date Exercises Marks Signature

1
Installation of kali linux on virtual box

2
Explore Kali Linux and Base Scripting

3 Install Linux Server On The Virtual Box

4 Installation of SSH on Virtual Box

5 Use Metasploit to Exploit Unpatched

Vulnerability

6 Brute Force Attack

7 Performance of Real Time Network Traffic

Analysis Using Snort
8 Installation of Metasploitable 2 on Virtual
Box and Searching
Unpatched Vulnerabilities
9 Fail2ban2 to Scan Log Files and Banning
IPS That Shows Malicious Sign
10 Install linux server on The Virtual Box
11

12

External Examiner
 DO’S DON’T’S
1. Be regular to the lab. 1. Do not take leave on lab days.
2. Follow proper dress code. 2. Don’ts 1. Do not eat or drink in
3. Know the location of the fire thelaboratory.
extinguisher and the first aid box and how 3. Avoid stepping on electrical
to use them in case of an emergency. wiresor any other computer
cables.
4. Read and understand how to carry out an
4. Do not open the system unit casing
activity thoroughly before coming to the
or monitor casing particularly
laboratory.
when the power is turned on.
5. Report fires or accidents to your Some internal components hold
lecturer/laboratory technician immediately. electric voltages of up to 30000
6. Report any broken plugs or exposed volts, which can be fatal.
electrical wires to your lecturer/laboratory 5. Do not insert metal objects such as
technician immediately. clips, pins and needles into the
7. Maintain Silence. computer casings. They may cause
fire.
6. Do not remove anything from the
computer laboratory without
permission.
7. Do not touch, connect or disconnect
any plug or cable without your
lecturer/laboratory technician’s
permission.
 Vision of the Institute
Empowering the rural and less
privilegedstudents with value based
technical knowledge, forming them as
responsible citizens.
Mission of the Institute
IM 1. To enlighten the rural
students.IM 2. To provide quality
technical education of societal
development andentrepreneurship
IM 3. To instill interpersonal skills and
shape the students to become good
leaders to serve the society.

Vision of the Department Mission of the Department

To be a reputed center producing M1: To build Computer Engineers
socially committed Computer with professional ethics and
Engineers with leadership qualities to entrepreneurship skills.
serve the rural society. M2: To inculcate problem solving and
. team building skills to promote
lifelong learning with the sense of
social responsibilities.
M3: To produce effective Computer
Engineers with exposure to current
industrial advancements through
higher education and serve the
common people
through their expertise.

Program Educational Objectives (PEOs)

1. PROFESSIONAL CAREER: The graduates will be able to pursue higher
education and research to have a successful career in Computer Science
industries or as entrepreneurs.
2. LEADERSHIP QUALITIES AND TEAM SPIRIT: The graduates will be able
to performefficiently while working in teams.
3. LIFE LONG LEARNING: The graduates will be empowered through emerging
technical
Knowledge and inspired with life-long learning to serve the society.
Program Outcomes (POs)
Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science,

engineering fundamentals and an engineering specialization to the solution of complex
engineering problems.
2. Problem analysis: Identify, formulate, review research literature, and analyze
complex engineering problems reaching substantiated conclusions using first
principles of mathematics, natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering
problems and design system components or processes that meet the specified
needswith appropriate consideration for the public health and safety, and the cultural,
societal, and environmental considerations.
4. Conduct investigations of complex problems: Use research-based knowledge
and research methods including design of experiments, analysis andinterpretation
of data, and synthesis of the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources,
and modern engineering and IT tools including prediction and modeling to complex
engineering activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual
knowledge to assess societal, health, safety, legal and cultural issues and the
consequent responsibilities relevant to the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional
engineering solutions in societal and environmental contexts, and demonstrate the
knowledge of, and need for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics
andresponsibilities and norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a
member or leader in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with
the engineering community and with society at large, such as, being able to
comprehend and write effective reports and design documentation, make effective
presentations, and give and receive clear instructions.
11. Project management and finance: Demonstrate knowledge and
understanding of the engineering and management principles and apply these to
one‘s own work, as a member and leader in a team, to manage projects andin
multidisciplinary environments.
 12. Life-long learning: Recognize the need for, and have the
preparation and ability to engage in independent and life-long learning in
the broadest context oftechnological change.

PROGRAM SPECIFIC OBJECTIVES (PSOs)

PSO 1: To analyze, design and develop computing solutions by

applyingfoundational concepts of Computer Science and Engineering.
PSO 2: To apply software engineering principles and practices for
developingquality software for scientific and business applications.
PSO 3: To adapt to emerging Information and
CommunicationTechnologies(ICT) to innovate ideas and solutions to
existing/novel problem
Ex.No:01 Installation of kali linux on virtual box

Aim:

To install kali linux on virtual box

Procedure:

1. Open Virtual Box and then press the new button.

2. Write the name of the virtual machine and select it to Debian based 64bit Linux

architecture.
3. Allot the size of RAM memory you want to allocate to the Virtual Machine of Kali Linux.
(2048 MB is recommended for normal usage)

4. Select the option to create a virtual hard disk now and then click on the create button.
5. Now, Select the Hard Disk File type for Virtual Hard Disk. ( VDI is recommended for
daily purposes)

6. Now select the type of Physical Hard Disk Storage. (Dynamically Allocated is
recommended for general purposes)

7. Select the size of your virtual hard disk and also the location where you want to save your
machine and its files.

8. As soon as the processing is completed click on the Virtual machine name on the left panel
and click on the start button from the top.

9. Now click on the Browse icon located just above the cancel button and select your
downloaded Kali Linux ISO file and then click on the start button.
10. This will boot our virtual machine from the chosen Kali Linux ISO file. Select the
Graphical Install button and hit enter.

11.The next option is to select a language, So select your desired language and hit enter.

12. The next step is to select a country, territory, or area, So select your respective one.

13. The next step is to configure your keymap. Confirm the keymap you want to use and
click Next.

14. In the next step it is asking for a hostname, Enter the same and press the continue button.
15. The next step is to enter the domain name of your choice you may leave it blank if you
don’t have any.

16. Enter a strong password for your Kali Linux OS and click continue.

17. The next step is to select a time zone of your choice which you want to use as a default
time zone for the Kali Linux machine.
18. Now click on the “Manual” option and press continue to confirm.

19. Now select the Free Space and create a new partition with that and click continue. Also,
it is recommended for new users to not use a separate partition for root, home, and swap
areas.
20. Now click on create a new partition.

21. Now enter the partition size to be created.

22. Now select the partition type as “Logical”.

23. Now if you are new to Linux then use the following settings for the partition or you may
also adjust them as per your need. And then click on “Done setting up the partition“

24. Now just click on finis

25. Now select the “no” option in order to continue.

26. Now in order to write changes to the disk select the “yes” option and then click on
continue.

27. Now, wait for a few minutes for the Kali system to be installed into your Virtual Machine.

28. The next option is to select whether to install the GRUB boot loader to the master boot
record or not. Click on yes to add the same.

29. Choose your respective hard disk to boot into, from the list of devices.
30. This will start installing the Kali Linux OS and will take a few minutes to completely
install the same and will reboot after the successful completion of the installation.
31. Once the complete process is finished successfully, It will automatically restart the virtual
machine and will boot the Kali Linux s
32. In order to close the Virtual Machine, Simply Shutdown the Kali Linux OS, this action
will automatically terminate the Virtual Machine.

Result:
Thus kali linux was istalled on virtual box successfully.

Ex.N0:02 Explore Kali Linux and Base Scripting

Aim:

To explore Kali Linux and bash scripting

Procedure

Bash scripts, also known as shell scripts, are powerful tools in the world of command-line
automation. They allow you to perform a series of tasks or execute commands by writing
scripts that can be run in a terminal or command-line interface.
The Shebang Line:

Before we delve into the methods of running Bash scripts, it’s important to understand the
shebang line. The shebang line, which is the first line in your script, indicates the interpreter
that should be used to execute the script. For Bash scripts, this line should typically look like
this:
#!/bin/bash
This line informs the system that the script should be interpreted using the Bash shell. Even
though some methods may work without this line, it’s a good practice to include it in your
script to ensure compatibility.

Using bash or sh to Run Bash Script in Linux

This is the most standard way of executing the bash script. You must have git bash installed
if you are using Windows. For Linux and macOS, bash is installed by default. In this method,
we type bash followed by the file name with extension i.e. sh in this case. In a terminal, run
the following code by replacing the filename with your bash script filename.
bash filename.sh

The script will simply get executed after “sourcing” the file. The source command will
execute the shell script as the default bash command provided you are in the bash shell. You
need to be in the bash shell to execute the script using the source command.

We can also use sh to run the script as it will direct to the default shell in the setup
environment.
sh filename.sh

Using Source to run a bash script

This method is quite easy to run a bash script, and all of them are quite simple. We just need

to type in “source” before the file/script name with an extension. In a terminal, run the

following code by replacing the filename with your bash script filename.

source filename.sh
The script will simply get executed after “sourcing” the file. The source command will
execute the shell script as the default bash command provided you are in the bash shell. You
need to be in the bash shell to execute the script using the source command.
I'm sorry for any confusion, but I can't upload or display screenshots. However, I can guide

you through the step-by-step process with commands. You can execute these commands on

your Kali Linux terminal.

Step 1: Install Kali Linux

1. Download the Kali Linux ISO from the official website.

2. Install Kali Linux on a virtual machine or dedicated system.

Step 2: Familiarize Yourself with Kali Linux

1. Open the terminal

2. Update and upgrade your system.

sudo apt update && sudo apt upgrade

Step 3: Basic Bash Commands

1. List files in the current directory. ls

2.Change directory.

cd /path/to/directory

3.Print the current working directory.

pwd

4. Copy a file.

cp source_file destination
5.Move or rename a file.

mv old_name new_name

6.Remove a file.

rm file_name

Step 4: Bash Scripting Basics

1.Create a simple Bash script.

nano myscript.sh

Add the following content:

#!/bin/bash

echo "Hello, World!"

Save and exit (`Ctrl + X`, then `Y` to confirm, and `Enter`).

2.Make the script executable.

chmod +x myscript.sh

3. Run the script.

./myscript.sh

Step 5: Text Editors

1. Open a file with Nano.

nano filename
 Edit the file, then save and exit (`Ctrl + X`, then `Y` to confirm, and `Enter`).

Step 6: Permissions and Execution

1. Make a script executable.

chmod +x script_name

Step 7: Explore Kali Linux Tools

1.Use Nmap to scan for open ports on a target.

sudo nmap target_ip

2.Use Wireshark for network traffic analysis.

sudo wireshark

Step 8: Networking

1.Check network interfaces.

ifconfig

2.Ping a website.

ping example.com

Result:
Thus the Kali Linux and Base Scripting was successfully explored.
.

Ex.no: 3 Install Linux Server On The Virtual Box

Aim:
To install linux server on the virtual box

Nmap is Linux command-line tool for network exploration and security auditing. This tool
is generally used by hackers and cybersecurity enthusiasts and even by network and system
administrators. It is used for the following purposes:
 Real time information of a network
 Detailed information of all the IPs activated on your network
 Number of ports open in a network
 Provide the list of live hosts
 Port, OS and Host scanning
Procedure
Installing Nmap Command
In case of Debian/Ubuntu
sudo apt-get install nmap

Working with Nmap Command

1. To scan a System with Hostname and IP address. First, Scan using Hostname
nmap www.geeksforgeeks.org

Now let’s Scan using IP Address

nmap 172.217.27.174

The nmap command allows scanning a system in various ways. In this we are performing a
scan using the hostname as “geeksforgeeks” and IP address “172.217.27.174”, to find all
open ports, services, and MAC addresses on the system.

2. To scan using “-v” option.

nmap -v www.geeksforgeeks.org
It is used to get more detailed information about the remote machines.

3. To scan multiple hosts

nmap 103.76.228.244 157.240.198.35 172.217.27.174

We can scan multiple hosts by writing IP addresses or hostnames with

nmap.

4. To scan whole subnet

nmap 103.76.228.*
We can scan a whole subnet or IP range with nmap by providing “*” with it. It will scan a
whole subnet and give the information about those hosts which are Up in the Network.
5. To scan specific range of IP address
nmap 192.168.29.1-20
We can specify the range of IP addresses. This command will scan IP address 192.168.29.1
to 192.168.29.20 .

6. To scan to detect firewall settings.

sudo nmap -sA 103.76.228.244

Detecting firewall settings can be useful during penetration testing and vulnerability scans.
To detect it we use “-sA” option. This will provide you with information about firewall being
active on the host. It uses an ACK scan to receive the information.

7. To identify Hostnames
sudo nmap -sL 103.76.228.244
We use “sL” option to find hostnames for the given host by completing a DNS query for each
one. In addition to this “-n” command can be used to skip DNS resolution, while the “-R”
command can be used to always resolveDNS.

8. To scan from a file

nmap -iL input.txt

If we have a long list of addresses that we need to scan, we can directly import a file through
the command line. It will produce a scan for the given IP addresses.
Functioning of D(decoys) command in nmap:
Create Decoys While Scanning

Nmap can also be used to create decoys, which are intended to fool firewalls. While decoys
can be used for nefarious purposes, it’s generally used to debug.

nmap -D 192.168.0.1,192.168.0.2,...

When using the -D command, you can follow the command with a list of decoy addresses.
These decoy addresses will also show as though they are scanning the network, to obfuscate
the scan that is actually being done.

Result:

Thus installiation of nmap and its commands d and scaning were used successfully.
Ex.No:04 Install linux server on The Virtual Box

VirtualBox on your server host

VirtualBox is “free as in beer” proprietary desktop virtualization software from Oracle that
runs on Linux, Mac, and Windows. You’ll use it to host your ‘server’ VMs — the targets of
your eventual “big software” deployment.

To install VirtualBox, just visit virtualbox.org, click the download link, and launch the
executable. When you first start VirtualBox, it should automatically offer to download its
Extensions Pack — do this, and install it.

Step 2: Download Ubuntu Desktop

Download a copy of Ubuntu Server 18.04.5 LTS, which is a recent version of Ubuntu Server
supported by Mirantis for all of its products.

Step 3: Create and configure a new VirtualBox virtual machine

Start VirtualBox, and click on the top menu: Machine>New (or press CTRL-N).

Using Source to run a bash script

From the screenshot of the script running, we can see that the source works exactly like the
bash or sh command. The above script is very basic, but that doesn’t matter as long as the
script is errorless and bug-free. Also, you need to add the relative path here as well if you are
not in the same directory as the bash script.

Select Linux and Ubuntu (64-bit) from the popdowns. Give your machine a generic name that
identifies it by operating system and version. You’ll use this initial VM image to create new
VMs as you need them (a process called “cloning”).

Click Next, and assign a reasonable amount of RAM to your VM. Since we’re building
servers for hosting (for example) Kubernetes manager or worker nodes, we usually want to
set RAM to be as large as practical — understanding that this needs to be a compromise
based on other resource demands on the host (including the presence of other running virtual
machines). For what it may be worth, on a 32GB Windows laptop, you have enough room to
run two virtual servers with 12GB RAM each (12GB = 12228MB, as shown below in the
context of VirtualBox's memory allocator), while also leaving enough room for Windows and
basic applications. These two servers are sufficiently resourced to host, for example, a
Mirantis Kubernetes Engine manager and worker node, which is enough for basic evaluation
and even laboratory use of this powerful Kubernetes/Swarm platform.

On the next screen, select the radio button to create a virtual hard disk file.
And select the radio button to use VDI format for the virtual disk.

On the next screen, determine if you want to create a dynamically-sized or fixed virtual hard
disk file. Dynamic disks grow as they get filled up, so consume less of your mass storage.
Fixed-size disks consume all their allocated space immediately, but run a little faster. If you
plan on building a lot of containers, you may find the extra speed useful and worth the mass
storage cost. Likewise, if you’re deploying infrastructure nodes (e.g., Kubernetes workers)
that will then run workloads of their own, the extra speed of a fixed-size disk may be
desirable, if you have the SSD space to spare.

Finally, pick the size of your virtual hard disk. 10GB — the default — is sufficient for most
projects. Kubernetes nodes may require 25GB or more.

Click Create to tell VirtualBox to create your virtual hard disk.

Next, click to highlight your new VM in the left-hand menu and select
Settings>System>Processor. A typical server VM will profit by being given two or more
virtual CPUs (vCPUs). A Kubernetes node can use more, if your physical CPU has sufficient
cores available.

Next, click the Network tab. VirtualBox offers many options for networking. VMs for cloudy
work, however, have some special requirements:

 They need to conveniently access other VMs running on your local host.

 They may need to conveniently access VMs running on other VirtualBox hosts on the
same wired or wireless LAN (for example, many people use old and spare laptops, all
attached to the same LAN, to build home labs).

 You may need to access this VM from your host or vice-versa.

 All these machines are somewhat protected behind a home router and NAT (unless
you’ve pinholed the router to enable access to a webserver VM — a popular
application).

 You don’t want to mess with networking any more than you need to.

For this reason, we recommend using VirtualBox “bridged” networking unless you know you
have reason not to do so. This networking mode gives each virtual machine you start a class
C LAN IP address (i.e., 192.168.x.x) assigned by your local DHCP server (usually that home
router), which is reachable from your host and any other machine (or similarly-configured
VM) on your local network. Most home routers will, by default, reserve assigned IP
addresses for long periods of time unless reset. So for all but the most long-term projects, this
setup gives you directly-accessible IPs for all your VMs (no need for local tunneling or other
shenanigans), and you can trust those IPs to stay the same, even when you power down VMs
for periods of time.

Note: Ubuntu Server classically requires a cabled Ethernet connection for installation,
because it doesn’t deploy by default with WiFi drivers enabled. This isn’t a worry when
configuring VMs, because the hypervisor fakes the cable connection. So your physical host
actually can be connected to network via WiFi. See the ‘Cable Connected’ field, which
VirtualBox normally checks by default.
Finally, click the Storage tab. Here, you’re going to click on the icon of the CD-ROM drive
(which is now empty) and use the popdown menu on the right (little CD icon) to ‘Choose a
disk file …’ to browse to your newly-downloaded Ubuntu Desktop .iso. The popdown will
also display links to install disk files you’ve used before.

Click ‘OK.’

Step 4: Install Ubuntu Server

Now you’re ready to install Ubuntu to the virtual drive of your VM. Double-click the VM’s
name in the left-hand menu to start it. It will work for a while, then display Ubuntu install
options. Pick the option that says “Install Ubuntu.”

Thereafter, Ubuntu Server will take you through a fairly quick group of setup screens. You’ll
need to confirm the kind of keyboard you’re using, determine the scope of the installation,
determine whether you want to apply all recent updates during installation, pick a username
and password, and confirm that you want to install Ubuntu to the VM’s hard disk, erasing its
current contents (of which there aren’t any). At a certain point, the installer may ask if you
want to install certain default applications: OpenSSH server is a good application to install.

Ubuntu Server usually installs without a hiccup. Your VM will automatically restart when
installation is complete. You’ll be prompted to remove the boot disk (the CD ROM in this
case), but you can just press any key to pass this prompt. Log in with your username and
password.

Step 5: Update your server

Unless updates were applied during installation, next step is to update your server with recent
patches and software improvements.

sudo apt-get update

 sudo apt-get upgrade

Step 6: Passwordless sudo

By default, Ubuntu Server sets up to insist that you enter a password before executing
commands in sudo mode. This can be annoying. If you’d like to enter sudo without being
asked for a password, here’s how to fix it. Note: on some cloud platforms, like Amazon Web
Services EC2, Ubuntu is preconfigured with passwordless sudo for the administrative user by
default.

Enter:

sudo visudo

This loads the sudo configuration file in the system default editor (nano). At the bottom of this
file, add the line:

$USER ALL=(ALL) NOPASSWD: ALL

… where $USER is a system-created shell variable that contains your username.

Save and exit. Then log out of the machine:

log out and back in. You should now be able to perform sudo actions as your administrative
user, without providing your password.

Step 7: Fix viThe vi editor is a very crude line editor that’s often used to make changes
in configuration files. The benefit of vi is that it’s preinstalled on pretty-much any Linux
server, so it’s always available. The nano editor — a little bit less crude — is usually also
preinstalled for making quick file changes.

vi has a little problem on standard Ubuntu installations, which is that it doesn’t, in its default
configuration, recognize the arrow keys on standard keyboards. This makes it impossible to
drive the cursor around to navigate within a file.

This is easy to fix. First, open a terminal (CTRL-ALT-T).

You should already be in your home directory. Now enter:

sudo vi /etc/hosts

… you should be able to move around with the arrow keys. Exit vi (without saving changes)
by pressing ESC, then entering :q! (colon, the letter q, and the exclamation point).

Step 8: Enable SSH

You’ll need OpenSSH server active in order to be able to log into your server remotely.
Various deployer software (e.g., Mirantis Launchpad) also requires SSH to connect with and
install software on servers.

Determine your VM’s local IP address by entering:

HTML pre Tag

ip addr

You’ll see the local IP in the list — if things on your LAN are set up conventionally and you
chose “bridged” networking, this will be a Class C address (e.g., 192.168.x.x). Write this

down. Then start OpenSSH server:

sudo systemctl start ssh

On new Ubuntu Server installs, the ssh service normally enables itself at installation, so if you
restart this VM, ssh accessibility will come back.

At this point, you can try logging into the server from your host or workstation VM:

ssh <username>@<ip_of_server>

You’ll need to provide your password.

Step 9: Upload a public key to your server for passwordless SSH

Many deployment systems (Mirantis Launchpad, Ansible, etc.) use SSH to remotely
configure servers. It’s usually preferable (and sometimes required) to enable SSH on target
machines to permit login with a private SSH key, instead of a password. The public key —
the other part of a ‘keypair’ — is stored on the server to authenticate.

This is easy to set up. Our tutorial How to Generate an SSH Keypair shows you how, and
how to upload the public key to your server. Once you’ve done this, you should be able to log
into your server from your desktop using your private key, which is stored in /home/user/.ssh,
as follows, where id_rsa is the name of the private key file:

ssh -i /home/user/.ssh/id_rsa <username>@<ip_of_server>

For test servers, it’s usually not necessary to further complicate the process by turning off
regular login with passwords. Having this still available means you can still SSH in with a
password if you don’t have your private key — handy, in some circumstances.

Step 10: Snapshot and clone your server VM

At this point, it makes sense to ensure that you can always return your VM to its current
known good state. To do this, first power down the VM (don’t restart), whose VirtualBox
window will close. Then select the VM in the left-hand menu, and click the green plus sign
(+, also marked “Take”) in the upper bar. In just a second or so, you’ll be able to name your
snapshot, and see it recorded in this VM’s list of available snapshots. Thereafter, if your VM
gets broken for some reason, you can return it to this known good state by powering it down,
right-clicking this snapshot, and selecting ‘Restore.’

You can also clone the snapshot to create new, clean servers for each new project you begin.
It’s preferable to use VirtualBox’s “Full Clone” option for this (vs. “Linked Clone,” which
creates a dependency between the original and cloned VMs’ virtual hard disks), and to
remember to create new network-card MAC IDs for clones, so they don’t fight over IP
addresses. You may also need to adjust hostnames so they’re distinct.

Step 11: Adjust VM hostnames

This is pretty simple. Three tasks are required to change the hostname of an Ubuntu

server: First, edit the file /etc@sol;hosts using sudo vi.

sudo vi /etc/hosts

Change the hostname as represented in the second line of this file.

127.0.1.1 old_hostname # change 'old_hostname' to the new hostname

Save the file (exit vi with ESC, followed by :wq — colon, ‘w’, ‘q’). Then edit the file
/etc/hostname the same way:

sudo vi /etc/hostname

and change the old hostname to the new hostname, there, saving the file once you’ve done so.

Finally, either issue a hostname command to update the hostname within the current shell
session:

sudo hostname my_new_hostname

or simply log out and back in.

Step 11: Install curl

Curl is a much-used and much-loved application for interacting with web services and
efficiently downloading binary and text content from websites. Curl is required on target
servers by some Mirantis deployment workflows (e.g., the one described in Download k0s –
Zero Friction Kubernetes). So it makes sense to install curl on your server (if it’s not already
there). To do this, enter:

sudo apt-get install curl

Result:

Thus the linux server was installed on virtual box successfully

Ex.No:05 Installation of SSH on Virtual Box

Aim:

To install SSH on virtual box

Procedure:

Step 1: Installing SSH on the Virtual Machine

SSH is one of the primary ways of administering and interacting with Linux servers that do
not come with a GUI. Of course, you can use SSH on full-blown desktop environments too.
To be able to SSH into another PC, the system must be running an SSH server and its service
should be enabled. Also, the PC you are initiating the SSH connection from needs to have an
SSH client.

This guide will demonstrate the process with Ubuntu Desktop as the host OS and Ubuntu
Server as the guest OS in VirtualBox, but the procedure is basically the same regardless of
the operating system you are using. In case you don't have a guest OS, here's how to install
Ubuntu as a guest operating system on VirtualBox.

Launch VirtualBox and then start your Ubuntu virtual machine from the GUI.

On the virtual machine, install SSH using the command:

sudo apt install openssh-server

Your SSH server will start up automatically. You can check its status using the following
command:

sudo systemctl status ssh

firewall, use the UFW tool to enable the SSH port If the SSH port is not enabled on your.

Step 2: Configuring the VirtualBox Network

By default, VirtualBox creates a Network Address Translation (NAT) adapter for your virtual
machines. This allows your virtual machine to access the internet but prevents other devices
from accessing it via SSH.

To configure the network, you need to use VirtualBox port forwarding and the default NAT
adapter your VM is attached to. Note that VirtualBox provides many other networking
configuration options such as a bridged adapter, which you can use to SSH into guest OSes,
but that's a topic for another day.

Right-click on the VM you want to SSH into and click the Setting cog to open the settings
window. Alternatively, you can also use the keyboard shortcut: Ctrl + S. Next, click on
the Network option.
Click on the Advanced option and select Port Forwarding. VirtualBox will present you
with a screen to configure your port forwarding rules.

Add a Port Forwarding Rule

Click on the Plus (+) icon under the Port Forwarding Rules page.

Give your rule a meaningful name (for example "SSH port forwarding"). Use the default
protocol i.e. TCP. The host IP will be 127.0.0.1 or simply localhost and use 2222 as the Host
Port.

Get the IP address of your Ubuntu server running inside VirtualBox and enter it in the Guest
IP input box. In this case, my guest OS IP address is 10.0.2.13. Use 22 as the guest port.

Finally, press the Ok button.

You might need to restart your virtual machine for the changes to take effect.

Step 3: Start Your SSH Session

From the terminal in your main operating system, run the SSH command in the following
format: ssh -p 2222 [email protected]. For example:

ssh -p 2222 [email protected]

Please note that mwizak, in this case, is the login username for the virtual machine. Finally,
enter the password for the guest OS user when prompted to initialize the connection.

Result: Thus SSH was successfully installed on virtual box

Ex.No:06 Use Metasploit to Exploit Unpatched Vulnerability

Aim: to use metaspolit fot expoloiting unpatched vulnerability

Metasploit is one of the most powerful tools used for penetration testing.

The hardware requirements to install Metasploit are −

 2 GHz + processor
 1 GB RAM available
 1 GB + available disk space

Matasploit can be used either with command prompt or with Web UI.

The recommended OS versions for Metasploit are −

 Kali Linux 2.0 or Upper Versions

 Backtrack 3 and Upper Versions
 Red Hat Enterprise Linux Server 5.10+
 Red Hat Enterprise Linux Server 6.5+
 Red Hat Enterprise Linux Server 7.1+
 Ubuntu Linux 10.04 LTS
 Ubuntu Linux 12.04 LTS
 Ubuntu Linux 14.04 LTS
 Windows Server 2008 R2
 Windows Server 2012 R2
 Windows 7
 Windows 8.1

Metasploit - Environment Setup

We will take the following actions to set up our test environment −

 We will download Virtual box and install it.

 Download and install Kali distribution.
 Download and install Metasploitable which will be our hacking machine.
 Download and install Windows XP which will be another hacking machine.

In total, we will have 3 machines which will be logically connected in the same network.
Install Virtual Box

After selecting the appropriate version of Virtual Box, the following screen will appear.
Click Next.

On the next screen, set the location where you want to install the application.

You will get a Warning message before proceeding with the installation.
Click Yes on the above screen which will display the following screen. Click Install to begin
the installation.

Once the installation is complete, you will get the following screen. Click Finish to exit the
Setup Wizard.

Now, you will be greeted with the opening screen of VirtualBox.

Now we are ready to install the rest of the hosts for this tutorial.

Install Kali Linux

Go to the official website and download prebuilt Kali Linux VirtualBox images.

Next, open VirtualBox Manager and go to Machine → New.

Go to the location where Kali Linux has been downloaded and choose a virtual hard disk file.

The next screen will prompt you to create a virtual machine. Click the Create button, as
shown in the following screenshot.

Now, you can start Kali OS. Your default username will be root and your password will
be toor.

Metasploit - Basic Commands

In this chapter, we will discuss some basic commands that are frequently used in Metasploit.

First of all, open the Metasploit console in Kali. You can do so by following the path:
Applications → Exploitation Tools → Metasploit.
Once you open the Metasploit console, you will get to see the following screen. Highlighted
in red underline is the version of Metasploit.

Help Command

If you type the help command on the console, it will show you a list of core commands in
Metasploit along with their description.

msfupdate Command

msfupdate is an important administration command. It is used to update Metasploit with the

latest vulnerability exploits. After running this command, you will have to wait several
minutes until the update completes.

Search Command
Search is a powerful command in Metasploit that you can use to find what you want to
locate. For example, if you want to find exploits related to Microsoft, then the command will
be −

msf >search name:Microsoft type:exploit

Here, search is the command, name is the name of the object that you are looking for,
and type is the kind of script you are searching.

Info Command

The info command provides information regarding a module or platform, such as where it is
used, who is the author, vulnerability reference, and its payload restriction.

Metasploit - Armitage GUI

In this chapter, we will see how to use the Armitage GUI for Metasploit. Armitage is a
complement tool for Metasploit. It visualizes targets, recommends exploits, and exposes the
advanced post-exploitation features. Armitage is incorporated with Kali distribution. If you
are required to do Penetration testing, then you will have to use both the tools together.

Let’s learn how to work with the Armitage GUI. At first, open the Metasploit console and go
to Applications → Exploit Tools → Armitage.
Enter the required details on the next screen and click Connect.

Next, you will get to see the following screen.

Armitage is very user friendly. Its GUI has three distinct areas: Targets, Console,
and Modules.

 The area Targets lists all the machines that you have discovered and those you are
working with. The hacked targets have red color with a thunderstorm on it. After you
have hacked a target, you can right-click on it and continue exploring with what you
need to do, like exploring (browsing) the folders.
 The area Console provides a view for the folders. Just by clicking on it, you can
directly navigate to the folders without using any Metasploit commands.
 The area Modules is the section that lists the module of vulnerabilities.

Metasploit - Pro Console

Pro Console is a commercial console version of Metasploit. It is available for Linux,

Microsoft OS, and OSX. Metasploit Pro can help penetration testers to −

 Leverage the Metasploit open source project and its leading exploit library
 Manage data in large assessments
 Control compromised machines and take over the network
 Automatically generate reports containing key findings
 Improve security by prioritizing exploitable vulnerabilities
 Prove effectiveness of remediation or compensating controls to auditors
 Get comprehensive visibility of user risks by integrating with Rapid7 UserInsight
 Test the effectiveness of security controls
 Simulate phishing campaigns for thousands of users

Metasploit Pro offers a command prompt and a WEB UI.

To use Metasploit Pro, you need to purchase it from Rapid7 and install it on your system. In
Windows environment, to launch Metasploit Pro, go to: Start → All Programs → Metasploit
→ Metasploit console.
If you are working in Linux environment, the open the command line terminal and type sudo
msfpro.

Metasploit - Vulnerable Target

A vulnerable target is a machine or device with an unpatched security hole. It makes the host
vulnerable, which is the target in this case.

For testing purpose, Rapid7 has created a VM machine with plenty of vulnerabilities. Keep in
mind that you are not allowed to penetrate any device without permission. Hence, you need
to download metasploitable which is a Linux machine.

Metasploitable can be downloaded from − www.information.rapid7.com/

Fill out the form to register yourself. Next, you will get the following screen with a direct link
to download Metasploitable.
Next, open the VirtualBox Manager and go to Machine → New.

Click “Use an existing virtual hard disk file" and browse to the location where you have
downloaded Metasploitable. Click Open.

On the next screen, click Create.

Now, you can login to Metasploitable using the default username: msfadmin and
password: msfadmin.
Metasploit - Discovery Scans

The first phase of penetration involves scanning a network or a host to gather information and
create an overview of the target machine.

Discovery Scan is basically creating an IP list in the target network, discovering services
running on the machines. To do this in Metasploit, we will use the command promp which
are NMAP commands incorporated in Metasploit. Now let’s see in practice how it exactly
works. We started the target machine (Metasploitable) and the Windows Server 2003
machine with the IP 192.168.1.101.

Next, we will start Metasploit. Here, we are using Kali Linux. Hence, the commands will
always start with nmap.

Let’s start to scan the network with range 192.168.0.0/24 and discover the machines.

As can be seen in the above screenshot, there are 5 hosts up in the network with details. Now
that we found the hosts that are alive, we will try to find the OS they are running on and their
background services.

We will try to attack the vulnerable machine with the IP 192.168.1.101. To do so, we will run
the following command −
Nmap –sV-O –T4 192.168.1.101
Here,
 –sV parameter will detect the services with their version details.
 –O is to detect the version of OS which in our case is Linux 2.6.X
 –T4 is the time that we let the scan to finish

You will get the following screen as an output of using the above command.

Metasploit - Vulnerability Scan

A vulnerability is a system hole that one can exploit to gain unauthorized access to sensitive
data or inject malicious code. Metasploit, like all the others security applications, has
a vulnerability scanner which is available in its commercial version.

With the help of a vulnerability scanner, you can do nearly all the jobs with one application.
This facility is not there in the free version of Metasploit. If you are using a free version of
Metasploit, then you will have to use Nessus Vulnerability Scanner and then import the
results from there. Metasploit uses Nexpose to do the scan.

Let’s see how to scan with Nexpose in the Pro version of Metasploit.

First, add Nexpose console to Metasploit WEB UI. To do this, go to: Administration →
Global Setting → Nexpose Console → Configure Nexpose Console.

Enter the IP of the server having Nexpose installed. Next, enter the port number, the
username and the password. Select enable.

Next, click the Netexpose button → add the IP address of the host or network to be scanned
→ select scan template. It will initiate the scanning process.
To view the scan result, go to Analysis → Host.

Metasploit - Vulnerability Validation

In this chapter, we will learn how to validate the vulnerabilities that we have found from
vulnerability scanners like Nexpose. This process is also known as vulnerability analysis.

As shown in the following screenshot, a vulnerability scanner can sometimes give you
hundreds of vulnerabilities. In such a case, it can be quite time-consuming to validate each
and every vulnerability.

Metasploit Pro has a feature called Vulnerability Validation to help you save time by
validating the vulnerabilities automatically and give you an overview of the most crucial
vulnerabilities that can be very harmful for your system. It also has an option to classify the
vulnerabilities according to their severity.

Let’s see how you can use this option. Open Metasploit Pro Web Console → Project →
Vulnerability Validation.

Next, enter the Project Name and provide an easy description about the project. Then, click
the Start button.
Click "Pull from Nexpose". Select "Import existing Nexpose vulnerability data" as shown in
the following screenshot.

Click Tag → Automatically Tag by OS. It will separate the vulnerabilities for you.

Next, go to Exploit → Sessions and check the option "Clean up sessions when done". It
means when the vulnerability will be checked, there will be interaction between the
Metasploit machine and the vulnerable machine.

Click Generate Report → Start.

Next, you will see a Validation Wizard. Here, you need to click the Push validations button.
You will get the following screen after you have all the list of the vulnerabilities tested.

To see the results of the tested vulnerabilities, go to Home → Project Name → Vulnerabilities.

Metasploit - Exploit

After vulnerability scanning and vulnerability validation, we have to run and test some scripts
(called exploits) in order to gain access to a machine and do what we are planning to do.

Exploit using Armitage GUI

We have several methods to use exploits. The first and foremost method is to use Armitage
GUI which will connect with Metasploit to perform automated exploit testing called HAIL
MARY. Let’s see how it works.

Open Kali distribution → Application → Exploit Tools → Armitage.

Next, go to Attacks → Hail Mary and click Yes.

You will see the following screen which would show all the exploits that are being tested.

Next, you will see the icon of the exploitable system (i.e., the system on which the exploit
worked) will turn red in color with a thunderstorm pattern over it. At the console, you will
see which exploit was successful, with its respective session ID.

Now you can interact with the machine.

Exploit using Command Prompt

The second way (and probably a little professional way) to use an Exploit is by the Command
Prompt.

From the Vulnerability Scanner, we found that the Linux machine that we have for test is
vulnerable to FTP service. Now we will use an exploit that can work for us. The command is
−

msf > use “exploit path”

Next, use the following command in order to see what parameters you have to set to make it
functional.

msf > show options

This exploit shows that we have to set RHOST “target IP”

Next, use the commands −

msf > set RHOST 192.168.1.101

msf > set RPORT 21

Next, use the command −

msf > run

If the exploit is successful, then you will see one session opened, as shown in the following
screenshot.

Now, you can interact with this system

Result: Thus metasploit was used to exploit unpatched vulnerability

Ex:No: 07 BRUTE FORCE ATTACK
Aim: To install hydra and lauching brute force attack using hydra.
Steps to Instal Hydra
Hydra comes pre-installed with Kali Linux and Parros OS. So if you are using one of them,
you can start working with Hydra right away.

On Ubuntu, you can use the apt package manager to install it:

$ apt install hydra

In Mac, you can find Hydra under Homebrew:

$ brew install hydra

If you are using Windows, I would recommend using a virtual box and installing Linux.
Personally, I don't recommend using Windows if you want to be a professional penetration
tester.

Working with Hydra

If you have installed Hydra, you can start with the help command like this:

$ hydra -h
This will give you the list of flags and options that you can use as a reference when working
with Hydra.

Hydra help command

Performing a Single Username/Password Attack with Hydra
If we have the username and password that we expect a system to have, we can use Hydra to
test it.

Here is the syntax:

$ hydra -l <username> -p <password> <server> <service>

Let’s assume we have a user named “molly” with a password of “butterfly” hosted at
10.10.137.76. Here is how we can use Hydra to test the credentials for SSH:

$ hydra -l molly -p butterfly 10.10.137.76 ssh

If it works, here is what the result will look like:
 Hydra single
username and password

Result: Thus hydra was launched and brute force attack was launched using hydra
EX NO:08 Performance of Real Time Network Traffic Analysis Using Snort

AIM: To Perform real time network traffic analysis using Snort

INSTALLATION PROCEDURE
1. Download SNORT from snort.org
2. Install snort with or without database support.
3. Select all the components and Click Next.
4. Install and Close.
5. Skip the WinPcap driver installation
6. Add the path variable in windows environment variable by selecting new classpath.
7. Create a path variable and point it at snort.exe variable name path and variable
value c:\snort\bin.
8. Click OK button and then close all dialog boxes.
9. Open command prompt and type the commands.

STEPS
SNORT can be configured to run in three modes:
1. Sniffer mode 2. Packet Logger mode 3. Network Intrusion Detection System mode
Sniffer mode
i. snort –v Print out the TCP/IP packets header on the screen
ii. snort –vd Show the TCP/IP ICMP header with application data in transit.
Packet Logger mode
i. snort –dev –l c:\log  snort will automatically know to go into packet logger mode, it
collects every packet it sees and places it in log directory.
ii. snort –dev –l c:\log –h ipaddress/24 This rule tells snort that you want to print out
the data link and TCP/IP headers as well as application data into the log directory.
iii. snort –l c:\log –b This is binary mode logs everything into a single file.
Network Intrusion Detection System mode
i. snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule
to each packet to decide it an action based upon the rule type in the file.
ii. snort –d –h ipaddress/24 –l c:\log –c snort.conf This will configure snort to run in
its most basic NIDS form, logging packets that trigger rules specifies in the snort.conf
C:\Snort\bin\snort –v
C:\Snort\bin\snort –vd

C:\Snort\bin\ snort –dev –l c:\log

C:\Snort\bin\snort –dev –l c:\log –h ipaddress/24

C:\Snort\bin\snort –l c:\log –b

snort –d –h ipaddress/24 –l c:\log –c snort.conf

Result:Thus the performance of real time network traffic analysis was done using Snort

EX NO: 09 Installation of Metasploitable 2 on Virtual Box and Searching Unpatched

Vulnerabilities
AIM: To install Metasploitable 2 on virtual box and searching unpatched vulnerabilities
Installation of Metasploitable 2 in VirtualBox
Metasploitable is a virtual machine intentionally vulnerable version of Ubuntu designed for
testing security tools and demonstrating common vulnerabilities.

To install this virtual machine in your virtual box, We assume that you have a virtual box
installed on your system.

Installation
Step 1: Download the Metasploitable 2 file.

Step 2: The file initially will be in zip format so we need to extract it, after extracting the file
open VirtualBox.

Step 3: Now as shown in the above image click on the new option in the Virtual box.

 now a window will pop up and you will be asked to provide some details like the
name of your machine, installation path, type, and version.
 fill in the details like:
 Name: as per your choice Path: leave as recommended Type: Linux
Version: other (64-bit)

Step 4: Select the RAM you want to provide to the virtual machine. recommended (512Mb).

Step 5: Now choose the option to use an existing virtual hard disk file.
  Now locate the file that we have extracted.

Step 6: Now save the file and you will see that the instance is created with the name you
have given.

 We are good to go with the machine just press the start button from the top and wait
for it to start and load the instance.
Step 7. once the instance is loaded you will be asked to provide a login name and password.
By default the credentials are :

Default login: msfadmin

Default password: msfadmin

 once you log in with credentials you will be directed to the machine and we are done
with the installation process.

Demo of penetration testing with Metasploitable 2

Step 1: open your both machines Metasploitable 2 and kali Linux side by side.

 First,
we need to run both instances at the same time side by side so that we will be
able to see the changes clearly. launch Vbox and start both Linux and
Metasploitable 2 side by side.

Step 2: let’s check the IP addresses of both machines to get an overview of the target machine.

 now let’s open the terminal and check for the IP address of Metasploitable 2 on which
we are going to perform the attack. use the following command:

msfadmin@metasploitable:~$ ifconfig

 from the above image, we can see that we have an IP address i.e. 192.168.10.5 of the
target machine.
Step 3: now we will be performing a network scan with the help of the Nmap tool to see
what services are running on target and which are way into the target.

 now the first step is to look for loops and vulnerabilities so that we can exploit the
machine, to do so we will use Nmap scan on a Linux terminal. use command:

root-user-#/ $ nmap -sV -O 192.168.10.5

 inthe above command -sV is used for getting the versions of services running on the
target machine and -O is used to detect the operating system on the target machine.
 now we can see that we have so many exploitations ways and vulnerabilities to
perform, we will be using the vsftpd_234_backdoor exploit, for exploitation and
gaining access to the machine.
 open Metasploit Framework with the command:

Step 4: Now that we have all the info related to the exploit that we need to use i.e.
vsftpd_backdoor so now we can use Metasploit to exploit the machine and get access to the
command shell. which will eventually give us access to the target machine.

 start the Metasploit Framework by the command mentioned below:

root-user-#/ $ msfconsole

 after following the commands, we are going to choose the exploit that is
vsftpd_backdoor and then set Rhost (targeted IP).

Step 5: Now all we need to do is deploy the exploit into the target machine with the help of
msfconsole, to do so we need to follow some basic steps that are:

 first, let’s select the exploit that we are going to use in this case it is vsftpd_backdoor,
so we will use the following command :

msf6~/ use exploit/unix/ftp/vsftpd_234_backdoor

 after selecting the above exploit let’s set up the target to which we are deploying the
exploit.

msf6~/ (unix/ftp/vsftpd_234_backdoor): show options

  now we can see that we have the option to set RHOST which is the receiver host. so
we will set it to the IP address of the target machine.

msf6~/ (unix/ftp/vsftpd_234_backdoor): set RHOST 192.168.10.5

Step 6: The final step is to run the exploit, by command exploit.

msf6~/ (unix/ftp/vsftpd_234_backdoor): exploit

 after setting RHOST just enter the exploit command and you will see the command
shell of the target machine is obtained.

 now we have successfully penetrated the target by obtaining a shell, you can try
commands and verify in both machines at the same time.

Step 7: Verify by using some command shell commands like print the working directory or ls
items in a folder.

pwd, ls -l, ls -a etc

 sowe have successfully taken look into how Metasploitable is useful for practicing
penetration testing skills.
 we can see that both sides of the files are the same and we have root access to the
machine.

Steps to use Metasploit and Nmap to Scan for Vulnerabilities

 Step 1: To begin, we launch Metasploit and activate the port scanner module.
 use auxiliary/scanner/portscan/tcp



 Step 2: Then we use show options to configure the settings for this module.
 show options

 Step 3: We configure RHOSTS with the IP/IP(s) of our machine(s), and if we want
we can modify the scan for certain ports by setting PORTS.
 set RHOSTS 192.168.56.103

 set PORTS 22,25,80,110,21




 Step 4: Following the scan, we will receive an output indicating the open ports on the
previously defined target machine.
 set THREADS 3

 run


  Step 5: Once we’ve established a clear picture of the available ports, we can begin
enumerating them in order to observe and locate the operating services, as well as
their versions.
 db_nmap -sV -p 25,80,22 192.168.56.103

 Step 6: Once we’ve identified the open ports and the services that operate on them,
we can continue our scan to check for detailed version numbers on each service
running on each port, so we may try different auxiliary modules in Metasploit to
uncover potential vulnerabilities.
 db_nmap -sV -A -p 25,80,22 192.168.56.103

 +

Result: Thus Metasploitable 2 was Installated on Virtual Box and Unpatched

Vulnerabilities were performed along with Nmap.
Ex.No: 10 Fail2ban2 to Scan Log Files and Banning IPS That Shows Malicious Sign

Aim: To install Fail2ban2 to scan log files and banning IPS that shows malicious sign

Procedure:

Fail2ban is an open-source software tool used for monitoring log files and banning IP

addresses that show malicious signs, such as too many failed login attempts. It is commonly

used as a security measure to protect servers against brute-force attacks and other types of

malicious activity.

Fail2ban works by monitoring log files generated by services such as SSH, Apache, and
others, and whenever it detects a pattern of unsuccessful login attempts or other malicious
activity, it will automatically ban the IP address responsible by adding it to the firewall rules.
The banned IP addresses are then un-banned after a certain amount of time has passed, or
when the log files show no further malicious activity.
Fail2ban is highly configurable, allowing administrators to specify the log files to be
monitored, the patterns to look for, the IP addresses to ban, and the length of time the ban
will remain in place. With its ease of use and high level of customization, it is a popular tool
for securing servers and protecting against malicious activity.

Installing Fail2ban

It operates by monitoring log files for certain types of entries and runs predetermined actions
based on its findings. You can install the software with the following

sudo apt-get install fail2ban

Once installed, copy the default jail.conf file to make a local configuration with this

command sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then open the new local configuration file for edit with your favourite text editor, for

example sudo nano /etc/fail2ban/jail.local

Scroll down to go through some of the settings available in the configuration file.

First up are the basic defaults for ignoreip, which allows you to exclude certain IP addresses
from being banned, for example, if your own computer has a fixed IP you can enter it here.
Next set the bantime which determines how long an offending host will remain blocked until
automatically unblocked. Lastly check the findtime and maxretry counts, of which the find
time sets the time window for the max retry attempts before the host IP attempting to connect
is blocked.

[DEFAULT]
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 3

If you have a sendmail service configured on your cloud server, you can enable the email
notifications from Fail2ban by entering your email address into the parameter destemail and
changing the action = %(action_)s to action = %(action_mw)s.

Once you’ve done the basic configurations, check the different jails available in the
configuration options. Jails are the rules which fail2ban applies to any given application or
log file. SSH jail settings, which you can find at the top of the jails list, are enabled by default
and not commented out.

[sshd]
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

You commands.

sudo fail2ban-client set <jail> banip/unbanip <ip address>

# For example
sudo fail2ban-client set sshd unbanip 83.136.253.43

Example for banning Tor

While Tor (The Onion Router) was designed with the goal of providing privacy and
anonymity for users on the internet, there are also some potential harmful aspects of using the
Tor network. Some individuals and organizations have used the network to distribute
malware, viruses, and other harmful software. This is particularly dangerous for users who
may be unwittingly downloading and installing malicious software while using the Tor
network.

1. Exploits and vulnerabilities: The Tor network and its associated software are not
immune to exploits and vulnerabilities. Attackers have been known to target
weaknesses in the network or in individual nodes, which can allow them to view
and potentially intercept user data.

2. Exit node eavesdropping: One potential weakness of the Tor network is that the
data being transmitted can be intercepted by malicious actors who are running
exit nodes. An exit node is the last node in the chain of nodes that a user’s data
passes through before it reaches its destination. If the operator of an exit node is
malicious, they could potentially view and even modify the data that is being
transmitted.

If your server has been targeted by hackers, you may find evidence of malicious software
associated with the Tor network. For example, you might discover instances of “kdevtmpfsi”
or “bitlz64” — these are mining software that can consume your entire CPU or cause a
high
volume of network outgoing traffic. If you are using a cloud provider, this malicious software
could result in unexpectedly high charges.

To remove tor process, you can do the following things:

Editing fail2ban config

/etc/fail2ban/jail.local

after you install

fail2ban,

pasting the follwing config:

[tor]
enabled = true
bantime = 25h
action = iptables-allports[name=fail2banTOR, protocol=all]

Then update(or create) a file in /etc/systemd/system/fail2ban.service.d/limits.conf

[Service]
LimitNOFILE=204
8

Then running

sudo systemctl daemon-reload, sudo service fail2ban restart

to make the changes be applied by fail2ban.

Finally, you need to import the known tor IPs provide by torbulkexitlist. Here has a script
created by this gist:

curl -fsSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do

sudo done fail2ban-client set "tor" banip "$IP"

You can finally use

fail2ban-client status tor

to check if the IPs are correctly import into ban list

If you want to protect your server from malicious activity coming from the Tor network, you
should create a filter that matches the relevant log entries and specify the appropriate actions
to be taken when a match is detected. You can create a new filter file in

/etc/fail2ban/filter.d/

with a

.conf extension,

and configure it according to your requirements. For example, you could create a filter file

/etc/fail2ban/filter.d/tor.conf

that matches log entries related to unauthorized access attempts and bans the offending IP
addresses.
It’s important to note that the filter file is just one part of the overall Fail2ban configuration,
and that you should also configure the relevant jail file to use the filter and specify the desired
actions to be taken.

The jail file is typically located in

/etc/fail2ban/jail.conf

or in a separate file in the

/etc/fail2ban/jail.d/

directory.
Result
Thus Fail2ban2 was installed to scan log files and banning IPS that shows malicious sign was
executed successfully.