Practical No 1: Setting up our own Ethical Hacking Test LAB.

First download virtual box and also Download Kali Linux ISO File

Chinni Diwakar 1
Have the two files ready before you begin

First install Virtual box by right clicking and selecting run as administrator

Click Next in the Below Image

Click Next

Chinni Diwakar 2
Click Next

Click YES

Click Install

Wait

Chinni Diwakar 3
Click Install Here

Click Finish

After the Above step installation of virtual box will be completed we will proceed installing Kali in it as
soon as it starts

Click New Button Here

Chinni Diwakar 4
Give some name in the name box
Select Linux as Type
Select Debian 32 or 64 as Version Click Next

Give the amount of ram you want to allocate to your VM (it has to be in green limit) (minimum 3 GB
recommended) and Click on Next

Select Create a virtual hard disk now option and click Create Button.

Chinni Diwakar 5
Select VDI as Hard disk Type and Click Next

Select Dynamically Allocated As Storage and Click Next

Change the file size to more than 20 GB for better performance and Click on Create Button.

Chinni Diwakar 6
So Finally the OS will be created and listed like below diagram. Click on start button to start or
double click the OS name to start.

When it asks the Startup disk please select your downloaded kali Linux ISO file

Chinni Diwakar 7
And Click On Start Button.

After few moments it will load like this

Select Graphical install with your keyboard down arrow keys and Press Enter.

Chinni Diwakar 8
When it asks the Language select the Language you want (English Would be Good) and click on
continue

In the country section select your country (India here) and click continue

Chinni Diwakar 9
Select American English if you are using QWERTY keyboard select others if you use any other and
Click continue

Chinni Diwakar 10
Enter the Host name you want and press enter, try to leave as it is if you don’t know.

Leave the Domain name blank and Click on Continue

Chinni Diwakar 11
Enter the Password you want to use two times and click on continue (you can change later)

Select Guided-use Entire disk and Click on Continue

Chinni Diwakar 12
Select the Hard disk available there and Click On Continue.

Select the First Option All Files in one partition and Click on continue.

Chinni Diwakar 13
Then you select finish partitioning and click Continue

Select yes when prompting and continue.

Wait till the process of copy completes.

When prompting for Network mirror make sure you have working internet connection and Select
YES and Continue

Chinni Diwakar 14
Keep Blank the HTTP proxy and Click Continue

Chinni Diwakar 15
When Prompting for Grub Boot loader Select Yes and Click Continue

Select the Device from the list and Click Continue

Chinni Diwakar 16
After sometime you will get Installation Complete message click continue to start your OS.

Practical No 2: IP address spoofing in kali Linux.

Requirements:
Good internet connection
Kali Linux installed (either host or guest)
Step 1: Go to vpnbook.com and click on free VPN account.

Chinni Diwakar 17
Chinni Diwakar 18
On the next screen under free openvpn account credentials will be there just note down them in a
separate place.

Chinni Diwakar 19
Step 2: download any one of the file (the file will be downloaded to /root/Downloads by default)

Chinni Diwakar 20
Step 3: go to the download location with the command
cd /root/Downloads

Step 4: extract the file contents with the following command

Syntax: unzip filename

Step 5: after extraction execute the following command to change your IP

Syntax: openvpn <extracted file name>

Chinni Diwakar 21
Example: openvpn vpnbook-euro1-tcp80.ovpn

It will ask you enter your name just enter the username you seen from the vpnbook website

After entering username hit enter so it will ask you to input password enter the password also

Chinni Diwakar 22
After that hit enter it will do some processing.

After you see “Initialization Sequence Completed” Message you can check your ip by typing
“ifconfig” in your terminal you can observe a new ip, and also you can google for “what is my ip” you
can see the new spoofed ip.

Chinni Diwakar 23
Chinni Diwakar 24
Chinni Diwakar 25
Practical No 3: Spoofing IP address any operating system.
Step 1: Go to torproject.org and download the TOR browser

Step 2: After downloading run the Tor bundle to extract the browser package.

Step 3: After installing double click on the Start TOR link to start TOR browser,

Chinni Diwakar 26
If asking click on connect to continue. That’s it you are spoofed your browser automatically.

(TOR Spoofs only the TOR browser, anything you do outside of TOR browser cannot be spoofed.)

Practical No 4: Spoofing IP address in any machine completely

Step 1: Go to cyberghostvpn.com

Chinni Diwakar 27
Step 2: click on free download, and download the cyberghostvpn setup and install it on your
computer (this will also install a virtual adapter if it asking a prompt to install select “YES”)
Step 3: after installing cyberghostvpn

Just click on the power button on the interface to spoof your IP address completely.

Chinni Diwakar 28
This process will show some countdown numbers

Once countdown completes your IP will be spoofed, you have to wait till then.

If you want you can select some other countries also and some other IPs also from the left and right
menus.

Chinni Diwakar 29
If you want to disconnect from the spoofed ip just click on the same button again.

Practical No 5: MAC Address Spoofing in Windows Machines:

First of all check out your real mac address in the command prompt by executing getmac command

In the above list iam going to spoof my 3rd MAC address for this practical, you have to choose which
ever one you want to spoof while you are spoofing.
Then open computer management console by executing the below command in run dialog box.

This is how the computer management windows will look like

Chinni Diwakar 30
In this computer management window Please select device manager so that you can see right
side a list of devices which you have in your machine

From the list you need to find out network adaptors section and expand the section so you can
see whatever NIC cards you have in your machine will be listed out there

Chinni Diwakar 31
To spoof MAC address to spoof MAC address first you need to disable the NIC card to do that
all you have to do is simply right click on it so you can see a Button called Disable select that
disable option.

So that your NIC card will be disabled.

Chinni Diwakar 32
Once its disabled right click on the NIC card and select properties so that you can see a
dialogue box

In that dialogue box go to advanced section in the advanced section

Chinni Diwakar 33
so please find out an option with the name network address Select that once you find it So you
can see right side two options with the name not present and value

here the not present represents the default MAC address whereas the value represents your
custom MAC address by default it will select the not present what you have to do is Select the
value and give whatever MAC address you want to use.

Chinni Diwakar 34
Once you are custom MAC address is given click on Ok so that the settings will be saved.
Now all you have to do is enable the NIC card which you have disabled earlier.

Right click on the NIC card and select enable option.

Chinni Diwakar 35
As soon as you enable check out your MAC address with the get MAC command, you can
observe the changed MAC address in the command prompt window. Now any connections you
made with this spoofed NIC card will show your custom given MAC address

Once your work is finished if you want to get back your original MAC address all you have to do
is disable the NIC card again and open the properties and switch back to not present if you
check out your MAC address again it will be your original MAC Address just like the picture
shown below.

Chinni Diwakar 36
Chinni Diwakar 37
Practical 6: MAC Spoofing in Linux
Just like in Windows even in Linux also the processes disable the NIC card change the Mac
address and enable the NIC card.

So to first disabled NIC card we will proceed with a command in the console
You can check out the previous MAC and IP of the machine now in the below image.

The command given above will disable the NIC card

As you can see after execution of the command ifconfig command will only show lo, where eth0
is disappeared

now in Kali Linux we have a tool called Mac changer which will be helpful in spoofing Mac
addresses We have a wide range of options in Mac changer so that we can use in specific
scenarios now I am going to show you different usages of those options so that you can decide
while you are using which one will be suitable for you.

Chinni Diwakar 38
Option ‘-e’ will be used to change the ending octets of a Mac address which will look like the

below image

Option “-r” will give me the complete random MAC address which will not come in any of the
mac ranges, which results unknown kind of mac

While the option “–r” giving complete random mac “–b –r” combo will try to give some
burned-in-address, you can search for the “burned-in-address” in wiki to get more info

Option “-a” will be used to have a random address of the same kind here same kind refers to if
you have a LAN NIC card whatever spoofed Mac you will get also will be a LAN one, If you have
a Wi-Fi NSC card whatever spoof MAC address you will get will also will be a Wi-Fi one.

Option “-A” will be used to have a random NIC card of the any kind. Which means you may
have a LAN NIC card but you may not get a LAN NIC MAC, you may have a Wi-Fi NIC card you
may get any other kind of NIC card MAC address Instead.

Option l will be used to list out different MAC address ranges of different companies, so that you
can choose any of the starting bits as your custom MAC address

Chinni Diwakar 39
Option “–m” or “--mac=” using this option we can choose our own custom MAC address you can
use the help of “-l” option, I have chosen 00:00:00 which belongs to Xerox.

Once you choose any of the above options you have to enable your NIC card so that your NIC card
will work.
The command to enable your NIC is

You can see the result like this below image. Where MAC changed and ip assigned to the new MAC.

Chinni Diwakar 40
If you want to get your real MAC.
Disable the NIC, (Command is right up in the starting of the practical)

Option “-p” will be used to Restore our original MAC address back

Enable the NIC, (Command is right up in the ending of the practical)

Practical No 7: Installing Vulnerable Machine to Practice:

Download and Install Virtual Machine In Your PC. (Steps are provided in the first practical)
Go to http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ and download the
metasploitable Virtual image file and save it to your machine and extract it.

After extracting you can see a VMDK file like this

Now start you Virtual Box

Chinni Diwakar 41
Click On New Button

Give a name

Select Type as Linux

Select Version as Ubuntu 32 Bit.

Chinni Diwakar 42
Click On Next

Give RAM(you can choose upto Green Area In The BAR) then Click on next

In this screen

Chinni Diwakar 43
Select third option that is “Use an existing virtual harddisk file”

Click on the folder icon to select a file

Locate the file in PC and select and click on “Open”

Finally Click on create button to create a machine.

Chinni Diwakar 44
You can find your new VM in VMS list.

Default username and password for this metasploitable in

Username:msfadmin

Password:msfadmin

Practical No 8 Network Settings in VMs:

By default in any new VM you will have ip address that is 10.0.2.15
The above kind of IP can get internet but will not be able to communicate in the LAN as it has
some class A series of IP.

Chinni Diwakar 45
But as Your HOST and other machines in your LAN may have some class C series of IP, so it
would be difficult to perform practicals in the LAN.

At the point you can change your network settings of VM to make it available in the regular LAN.
Follow the below given steps
Select the VM you want to change the settings

Then click on settings button on the TOP

Chinni Diwakar 46
Then you should see the following box on screen.

Click on network tab to switch towards network related settings.

There by default “attached to” is selected as NAT, which results your VM getting Class A IP change it to
“Bridged adapter” from the Drop-Down Menu.

Then if you are using a wifi like this

Select WIFI adapter from the “Name” Drop-Down Menu. (Adapter Name will not be same as
mine)

Chinni Diwakar 47
Or if you are using LAN like this

Select Ethernet adapter from the “Name” Drop-Down Menu. (Adapter Name will not be same as
mine)

Next click on “Advanced” to expand advanced options.

In the “Advanced” under “Promicuous Mode” change that “Deny” to “Allow All” to make the VM
available to all machines in the network. And make sure “cable connected” check box is CHECKED.

Chinni Diwakar 48
Finally Click on OK button

Restart your network if you know how to, if you don’t know, try restarting your PC(HOST and VM Both)
to avoid issues.

After a while you can see your VM also having IP that belongs to your host network(if your network is
good enough )

Chinni Diwakar 49