PROCEDURE (9)

SNORT can be configured to run in three modes:

1. Sniffer mode
2. Packet Logger mode
3. Network Intrusion Detection System mode

Sniffer modesnort –v Print out the TCP/IP packets header on the screen
Snort –vd show the TCP/IP ICMP header with application data in transit.

Packet Logger modesnort –dev –l c:\log [create this directory in the C drive] and snort
will automatically know to go into packet logger mode, it collects every packet it sees and
places it in log directory. snort –dev –l c:\log –h ipaddress/24 This rule tells snort that you
want to print out the data link and TCP/IP headers as well as application data into the log
directory. snort –l c:\log –b This is binary mode logs everything into a single file.

Network Intrusion Detection System modesnort –d c:\log –h ipaddress/24 –c

snort.conf - This is a configuration file applies rule to each packet to decide it an action
based upon the rule type in the file. Snort –d –h ipaddress/24 –l c:\log –c snort.conf - This
will configure snort to run in its most basic NIDS form, logging packets that trigger rules
specifies in the snort.conf.

Step 1: Download SNORT from snort.org

Step 2: Install snort with or without database support.

Step 3: Select all the components and Click Next.

Step 4: Install and Close.
Step 5: Skip the WinPcap driver installation
Step 6: Add the path variable in windows environment variable by selecting new
classpath.
Step 7: Create a path variable and point it at snort.exe variable name path and
variable value c:\snort\bin.

1
Step 8: Click OK button and then close all dialog boxes.
Step 9: Open command prompt and type the following commands:

2
EXPLORING N-STALKER (10):
 N-Stalker Web Application Security Scanner is a Web security assessment
tool.
 It incorporates with a well-known N-Stealth HTTP Security Scanner and
39,000 Web attack signature database.
 This tool also comes in both free and paid version.
 Before scanning the target, go to “License Manager” tab, perform the
update.
 Once update, you will note the status as up to date.
 You need to download and install N-Stalker from www.nstalker.com.

1. Start N-Stalker from a Windows computer. The program is installed under

Start ➪ Programs ➪ N-Stalker ➪ N-Stalker Free Edition.
2. Enter a host address or a range of addresses to scan.
3. Click Start Scan.
4. After the scan completes, the N-Stalker Report Manager will prompt
5. you to select a format for the resulting report as choose Generate HTML.
6. Review the HTML report for vulnerabilities.

Now goto “Scan Session”, enter the target URL.

In scan policy, you can select from the four options,
 Manual test which will crawl the website and will be waiting for manual

3
 attacks.
 Full Cross Site Scripting (XSS) assessment
 Open Web Application Security Project (OWASP) policy
 Web server infrastructure analysis.
Once, the option has been selected, next step is “Optimize settings” which will
crawl the whole website for further analysis.

In review option, you can get all the information like host information, technologies
used, policy name, etc.

Once done, start the session and start the scan.

The scanner will crawl the whole website and will show the scripts, broken pages,
hidden fields, information leakage, web forms related information which helps to
analyze further.

4
Once the scan is completed, the N-Stalker scanner will show details like severity
level, vulnerability class, why is it an issue, the fix for the issue and the URL which
is vulnerable to the particular vulnerability?

5
TROJAN (11):
 In computing, a Trojan horse, or Trojan, is any malware which misleads
users of its true intent.
 Trojans are generally spread by some form of social engineering, for
example where a user is duped into executing an email attachment
disguised to appear not suspicious, (e.g., a routine form to be filled in), or by
clicking on some fake advertisement on social media or anywhere else.
 Although their payload can be anything, many modern forms act as a
backdoor, contacting a controller which can then have unauthorized access
to the affected computer.
 Trojans may allow an attacker to access users' personal information such as
banking information, passwords, or personal identity.
 Example: Ransomware attacks are often carried out using a trojan.

CODE:
Trojan.bat
@echo off
:x
start mspaint
start notepad
start cmd
start explorer
start control
start calc
goto x

6
PROCEDURE (12)
Rootkit is a stealth type of malicious software designed to hide the existence of
certain process from normal methods of detection and enables continued privileged access
to a computer.
Step 1: Download Rootkit Tool from GMER website. www.gmer.net
Step 2: This displays the Processes, Modules, Services, Files, Registry,
RootKit/Malwares, Autostart, CMD of local host.
Step 3: Select Processes menu and kill any unwanted process if any.
Step 4: Modules menu displays the various system files like .sys, .dll
Step 5: Services menu displays the complete services running with Autostart,
Enable,
Disable, System, Boot.
Step 6: Files menu displays full files on Hard-Disk volumes.
Step 7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
Step 8: Rootkits/Malawares scans the local drives selected.
Step 9: Autostart displays the registry base Autostart applications.
Step 10: CMD allows the user to interact with command line utilities or Registry.

7
8
9
10
 .

PROCEDURE (13)
NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which only
compatible with windows, this tool also a freeware. With this program, we can search for
wireless network which open and infiltrate the network. Its having some compatibility and
network adapter issues.

Step 1: Download and install Netstumbler

Step 2: It is highly recommended that your PC should have wireless network card
in order to access wireless router.
Step 3: Now Run Netstumbler in record mode and configure wireless card.
Step 4: There are several indicators regarding the strength of the signal, such as
GREEN indicates Strong, YELLOW and other color indicates a weaker
signal, RED indicates a very weak and GREY indicates a signal loss.
Step 5: Lock symbol with GREEN bubble indicates the Access point has
encryption enabled.
Step 6: MAC assigned to Wireless Access Point is displayed on right hand pane.
Step 7: The next coloumn displays the Access points Service Set Identifier[SSID]
which is useful to crack the password.
Step 8: To decrypt use WireShark tool by selecting Edit preferences IEEE
802.11.
Step 9: Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5.
Step 10: Stop the tool.

11
Adding Keys: Wireless Toolbar
If you are using the Windows version of Wireshark and you have an AirPcap
adapter you can add decryption keys using the wireless toolbar. If the toolbar isn't visible,
you can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys...
button on the toolbar:

This will open the decryption key managment window. As shown in the window you can select
between three decryption modes: None, Wireshark, and Driver:

12
13
PROCEDURE(14)

GENERATING KEYPAIR
Step 1:Open up Kleopatra.
Step 2: Go to ‘File’, then ‘New Certificate…’

Step 3: The Certificate Creation Wizard should pop up, click on ‘Create a personal
OpenPGP key pair’

Step 4: Now you’ll enter your details. Use your marketplace username as ‘Name’,
and fill out the rest with whatever you want. You don’t need to use a real email.
Check the picture for an example on how it should look.

14
Step 5: Click ‘Advanced Settings…’, and another window should appear. Under
‘Key Material’, make sure ‘RSA’ is checked. In the drop down menu beside it, and
select ‘4,096 bits’. Check the picture to confirm you have everything set correctly,
then click ‘Ok’

Step 6: Confirm you filled out all of your info correctly, then click ‘Create Key’

15
Step 7: Another window will pop up asking to enter a passphrase. Do so, then click
‘Ok’

Step 8: It will now generate your key. It will need you to do random things to
create entropy. Mash keys, wiggle the mouse, watch porn, download torrents,
whatever

16
 Step 9: Your key is now created. Go ahead and click ‘Finish’

OBTAINING YOUR PUBLIC KEY

Step 1: Right click on your key, then click ‘Export Certificates…’

17
 Step 2: Browse where you want to save, give it a name, then click ‘Save’

Step 3: Open your favourite text editor, browse to where the file is saved. You may
have to select ‘All files’ from the dropdown menu. Click the file you saved, then open

18
OBTAINING PRIVATE KEY

Step 1: Right click on your key, select ‘Export Secret Keys…’

19
Step 2: Select where you want it saved, give it a name, check ‘ASCII armor’, and click
‘Ok’

Step 3: You now have your private key

IMPORTING A PUBLIC KEY

Step 1: Find a public key you want to import.
Step 2: Copy everything from ‘—–BEGIN PGP PUBLIC KEY BLOCK—–‘ to ‘—– END
PGP PUBLIC KEY BLOCK—‘

20
Step 3: In your task bar, right click on the Kleopatra icon, go to ‘Clipboard’, then click
‘Certificate Import’
Step 4: If it worked, you should see a window pop up, click ‘Ok’.

21
IMPORTING YOUR PRIVATE KEY
Step 1: Go to ‘File’, then click ‘Import Certificates…’

Step 2: Browse to where your private key is, select it, then click ‘Open’

Step 3: It will import your private key, and pop up a window to confirm. Click ‘Ok’

22
 Step 4: You should now see your key information under the ‘My Certificates’ tab

ENCRYPTING A MESSAGE
Step 1: Open up your text editor of choice.
Step 2: Type out your message, select it all, and copy it.

23
 Step 3: In your task bar, right click on the Kleopatra icon, go to ‘Clipboard’, then
click ‘Encrypt…’

Step 4: window will open. Click ‘Add Recipient…’

24
 Step 5: Another window will appear. Click the ‘Other Certificates’ tab, then select
who you want to send your message to, then click ‘Ok’.

Step 6: You should be back at the previous window with the recipient listed. Click
‘Next’

25
 Step 7: If all went well, you should see this window. Click ‘Ok’

Step 8: Your encrypted message will be in your clipboard, all you need to do is
paste it into the message box and send

26
DECRYPTING A MESSAGE
Step 1: Copy everything that was sent.

Step 2: In your task bar, right click on the Kleopatra icon, go to ‘Clipboard’, then
click ‘Decrypt/Verify…’

27
 Step 3: A window will pop up asking for your passphrase, enter that then click
‘Ok’.

28
PROCEDURE(15)

Honey Pot is a device placed on Computer Network specifically designed to capture

malicious network traffic.
KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a
siren icon in the windows system tray in the bottom right of the screen. If there are no alerts
then green icon is displayed.

29
.

30