Cyber Security

Lab Manual
Department of Computer Science and Engineering
The NorthCap University, Gurugram
 CS Lab Manual (CSL 422) | i
2021-22

Cyber Security
Lab Manual
CSL 422

Dr. Mehak Khurana

Ms. Kanika Gupta

Department of Computer Science and Engineering

NorthCap University, Gurugram- 122001, India

Session 2021-22

Published by:

School of Engineering and Technology

Department of Computer Science & Engineering

The NorthCap University Gurugram

 CS Lab Manual (CSL 422) | ii
21-22

• Laboratory Manual is for Internal Circulation only

© Copyright Reserved

No part of this Practical Record Book may be

reproduced, used, stored without prior permission of The NorthCap University

Copying or facilitating copying of lab work comes under cheating and is considered as use
of unfair means. Students indulging in copying or facilitating copying shall be awarded zero
marks for that particular experiment. Frequent cases of copying may lead to disciplinary
action. Attendance in lab classes is mandatory.

Labs are open up to 7 PM upon request. Students are encouraged to make full use of labs
beyond normal lab hours.
 CS Lab Manual (CSL 422) | iii
21-22

PREFACE

Cyber Security Lab Manual is designed to meet the course and program requirements of
NCU curriculum for B. Tech II year students of CSE branch. The concept of the lab work is to
give brief practical experience for basic lab skills to students. It provides the space and
scope for self-study so that students can come up with new and creative ideas.

The Lab manual is written on the basis of “teach yourself pattern” and expected that
students who come with proper preparation should be able to perform the experiments
without any difficulty. Brief introduction to each experiment with information about self-
study material is provided. This course is focused on the practical side of penetration
testing whilst including necessary theoretical details. It will make students learn how to
protect users from cyber attackers by becoming an ethical hacker. It takes students from a
beginner to a more advanced level, by the time course finishes students will be able to
launch attacks and test the security of computers. It commences with different ways of
gathering information about the target and consequently discusses various ways to
discover and exploit large number of vulnerabilities to gain access. Thereafter, it includes
what you can do with the access you gained from exploiting the above vulnerabilities and
ways to maintain that access.

Students are expected to come thoroughly prepared for the lab. General disciplines, safety
guidelines and report writing are also discussed.

The lab manual is a part of curriculum for the TheNorthCap University, Gurugram.
Teacher’s copy of the experimental results and answer for the questions are available as
sample guidelines.

We hope that lab manual would be useful to students of CSE, IT and BSc branches and
author requests the readers to kindly forward their suggestions / constructive criticism for
further improvement of the work book.

Author expresses deep gratitude to Members, Governing Body-NCU for encouragement and
motivation.

Authors
 CS Lab Manual (CSL 422) | iv
21-22

The NorthCap University

Gurugram, India

CONTENTS
S.No. Details Page No.
Syllabus 6

1 Introduction 9

2 Lab Requirement 10

3 General Instructions 12

4 List of Experiments 14

5 List of Flip Assignment 16

6 Rubrics 17

7 Annexure 1 (Format of Lab Report) 18

 CS Lab Manual (CSL 422) | v
21-22

COURSE TEMPLATE

1. Department: Department of Computer Science and Engineering

2. Course Name: Cyber Security 3. Course Code 4. L-T-P 5. Credits

CSL422 3-0-2 4

6. Type of Course
(Check one): Programme Core  Programme Elective Open Elective

7. Pre-requisite(s), if any: Computer Networks

8. Frequency of offering (check one): Odd Even  Either semester Every semester

9. Brief Syllabus:

This course is focused on the practical side of penetration testing whilst including necessary theoretical details. It will
make students learn how to protect users from cyber attackers by becoming an ethical hacker. It takes students from a
beginner to a more advanced level, by the time course finishes students will be able to launch attacks and test the
security of computers. It commences with different ways of gathering information about the target and consequently
discusses various ways to discover and exploit large number of vulnerabilities to gain access. Thereafter, it includes
what you can do with the access you gained from exploiting the above vulnerabilities and ways to maintain that access.

Total lecture, Tutorial and Practical Hours for this course (Take 15 teaching weeks per semester): 75

Practice
Lectures: 45 hours
Tutorials: 5 hours Lab Work: 25 hours
10. Course Outcomes (COs)
Possible usefulness of this course after its completion i.e. how this course will be practically useful to him once it is
completed.
Conduct detailed reconnaissance using document metadata, search engines, and other publicly available
CO 1
information sources to build a technical and organizational understanding of the target environment.
Utilize scanning tools to conduct comprehensive network sweeps, port scans, OS fingerprinting, and
CO 2
version scanning to develop a map of target environments.
CO 3 Recognize security vulnerabilities, such as weak configurations, unpatched systems.
CO 4 Apply penetration testing tools to exploit and investigate vulnerable systems.
CO 5 Implementing on web application-based attacks

11. UNIT WISE DETAILS No. of Units: 5

Unit Number: 1 Title: Introduction No. of hours: 8

Content Summary:
 CS Lab Manual (CSL 422) | vi
21-22

What is Data, Information, places of data, Security Triangle, key terms, Types of Information, Cyber Terrorism,
Defacement, Cyber laws, Network Terminologies, Introduction to network, Network Protocols, IP address, IP subnet,
classes, NAT, DHCP Server, Types of network, Ports, Proxy Servers, Introduction to Malwares

Unit Number: 2 Title: Information Gathering/ Footprinting No. of hours: 10

Content Summary:
Introduction to Information gathering, Web VAPT, Network VAPT, IMSM, Information gathering Domain Name Services,
targeting email and Maltego, Recon-ng and google operators, digital footprinting, shared web servers, dedicated web
servers

Unit Number: 3 Title: Scanning and its Types No. of hours: 10

Content Summary:
Introduction, Nmap and Port Scanning, Vulnerability Scanner, OS Fingerprinting, Banner Grabbing, Enumeration Tools,
Vulnerabilities and levels of vulnerabilities, tools to generate report, Linux basics, Penetration testing OS, Wordlist
generator, Crunch tool

Unit Number: 4 Title: Gaining Access and Maintaining Access No. of hours: 12

Content Summary:
Direct Exploitation, Password Attacks-Online Offline, Exploitation-Client-side Attack, Social Engineering exploitation, OS
login bypass, online, offline method, Keyloggers (Ardamax), Malwares, Trojan, Dark comet, Remote Connections, tools to
generate report, Linux basics, Penetration testing OS, Wordlist generator, Crunch tool, exploitation using Metasploit on
Eternal blue, Eternal romance, Eternal Red, Pdf, Kimi, DCOM, Metasploitable 2. Exploitation using GUI tool Armitage

Unit Number: 5 Title: Post Exploitation and Covering Tracks No. of hours: 5

Content Summary:
Introduction to Post exploitation, Power-hub tool, File Transfer Without interactive Shell, Exploit Development,
Pivoting, setting up domain controller
12. Brief Description of Self-learning components by students (through books/resource material etc.):
 Metasploit Exploits
 5 exploits from exploit-db
13. Books Recommended:

Textbooks:
1. McClure S., Bray J.S. and Kurtz G., Hacking Exposed 7: Network Security Secrets and Solutions. 1st ed. Tata
McGraw Hill, 2012.

Reference Books:
1. Graham J., Howard R., Olson R., Cyber Security Essentials, 1st ed. CRC Taylor and Francis, 2010.

Reference websites: (nptel, swayam, coursera, edx, udemy, lms, official documentation weblink)
 https://www.cybrary.it/course/web-application-pen-testing/
 https://www.cybrary.it/course/advanced-penetration-testing/
 https://www.cybrary.it/course/ethical-hacking/

Practice (Tutorial/Case Studies/ Industry Visit/Field Work) Content

 CS Lab Manual (CSL 422) | vii
21-22

Sr. No. Topic Unit Covered

(i) Add proxy server as an
extension in google chrome
and check the IP address
before and after changing the
proxy.
1 (ii) Add Virtual Private Network as 1
an extension in google chrome
and check the IP address
before and after changing the
proxy.

2 Case study on VAPT 2

Study and analysis of various
3 2
Security tools
Case study on Linux command and
4 word generation for brute force 3
attack
Case study on enumeration and
5 3
enumeration tools
Case study on keylogger and anti-
6 4
key logger
Case study on tools for post
7 5
exploitation

Practical Content

Software
/ Unit
Sr. No. Title of the Experiment Time Required
Hardwar Covered
e Based
Perform reconnaissance to find all the relevant information on
Software
1 selected website 2 2 hours
Based
using 10 network information gathering tools.
Gather information using Social Networking sites and google Software
2 2 1 hour
Dorks Based
Perform Network Scanning using NMAP in windows and Software
3 2 2 hours
ZENMAP in kali Linux Based
(i) Install Wireshark and apply filters to gather different
Software
4 information 3 2 hours
Based
(ii) Find the link accessed by the victim using Wireshark
Perform Session hijacking/ find credentials of unsecure real Software
5 3 2 hours
time website using Wireshark Based
 CS Lab Manual (CSL 422) | viii
21-22

Use Nessus and NIKTO tool to find all the vulnerabilities with Software
6 3 2 hours
its level and generate a report for an organization Based
Perform windows Login Bypass using net user and John the Software
7 4 1 hour
ripper Based
Software
8 Perform Kali Linux Login Bypass in virtual machine 4 1 hour
Based
Create Trojan and Exploit victim’s machine by taking its Software
9 4 1 hours
complete access Based
(i) Execute basic commands of Linux
Software
10 (ii) Use CHMOD command to change the privileges and 3 1 hours
Based
permissions
Software
11 Generate Word list from using wordlist generator Crunch 3 2 hours
Based
Exploit windows to gain access of victim’s machine using Software
12 4 2 hours
Metasploit framework Based
Software
13 Exploit Windows XP using Metasploit 4 1 hours
Based
Software
14 Exploit Windows 7 using Metasploit 4 2 hours
Based

Value Added Experiments

Software
1 Perform steps to remove the tracks in windows and kali Linux 5 1 hour
Based

Project (To be done as individual/in group): No

1. INTRODUCTION
 CS Lab Manual (CSL 422) | ix
21-22

That ‘learning is a continuous process’ cannot be over emphasized. The theoretical

knowledge gained during lecture sessions need to be strengthened through practical
experimentation. Thus, practical makes an integral part of a learning process.

The purpose of conducting experiments can be stated as follows:

 To familiarize the students with fundamentals of writing Python scripts.

 Learning and understanding the different collections in python.
 Applying the Object-Oriented Programming concepts on real world examples.
 Applying the NumPy package for numerical calculations in Python.
 Applying the Pandas package for loading and pre-processing data in Python.
 Implementing various data visualization tools of Python on real world data.
 Write Python functions to facilitate code reuse
 Use Python to read and write files
 Make the code robust by handling errors and exceptions properly
 CS Lab Manual (CSL 422) | x
21-22

2. LAB REQUIREMENTS

Requirements Details
Software Requirements Virtual Machine, Trojan, Keylogger, Wireshark, Nmap,
ZenMap, Nessus
Operating System Kali Linux, Window XP (SP0, SP1), Windows 7,
windows 10
Hardware Windows and Linux: Intel 64/32 or AMD Athlon
Requirements 64/32, or AMD Opteron processor
16 GB RAM
256 GB hard disk space
Required Bandwidth NA
 CS Lab Manual (CSL 422) | xi
21-22

3. GENERAL INSTRUCTIONS

3.1 General discipline in the lab

 Students must turn up in time and contact concerned faculty for the experiment
they are supposed to perform.
 Students will not be allowed to enter late in the lab.
 Students will not leave the class till the period is over.
 Students should come prepared for their experiment.
 Experimental results should be entered in the lab report format and
certified/signed by concerned faculty/ lab Instructor.
 Students must get the connection of the hardware setup verified before
switching on the power supply.
 Students should maintain silence while performing the experiments. If any
necessity arises for discussion amongst them, they should discuss with a very
low pitch without disturbing the adjacent groups.
 Violating the above code of conduct may attract disciplinary action.
 Damaging lab equipment or removing any component from the lab may invite
penalties and strict disciplinary action.

3.2 Attendance
 Attendance in the lab class is compulsory.
 Students should not attend a different lab group/section other than the one
assigned at the beginning of the session.
 On account of illness or some family problems, if a student misses his/her lab
classes, he/she may be assigned a different group to make up the losses in
consultation with the concerned faculty / lab instructor. Or he/she may work
in the lab during spare/extra hours to complete the experiment. No attendance
will be granted for such case.
 CS Lab Manual (CSL 422) | xii
21-22

3.3 Preparation and Performance

 Students should come to the lab thoroughly prepared on the experiments they
are assigned to perform on that day. Brief introduction to each experiment
with information about self-study reference is provided on LMS.
 Students must bring the lab report during each practical class with written
records of the last experiments performed complete in all respect.
 Each student is required to write a complete report of the experiment he has
performed and bring to lab class for evaluation in the next working lab.
Sufficient space in work book is provided for independent writing of theory,
observation, calculation and conclusion.
 Students should follow the Zero tolerance policy for copying / plagiarism. Zero
marks will be awarded if found copied. If caught further, it will lead to
disciplinary action.
 Refer Annexure 1 for Lab Report Format.
 CS Lab Manual (CSL 422) | xiii
21-22

4. LIST OF EXPERIMENTS

Software
Time
/ Unit CO
Sr. No. Title of the Experiment Require
Hardwar Covered Covered
d
e Based
Perform reconnaissance to find all the relevant
Software
1 information on selected website using 10 2 CO2 2 hours
Based
network information gathering tools.
Gather information using Social Networking sites Software
2 2 CO2 1 hour
and google Dorks Based
(i) Perform active reconnaissance using
AngryIPScanner, Softperfect Network
Software
3 Scanner, Cain&Able 2 CO3 2 hours
Based
(ii) Perform Network Scanning using NMAP in
windows and ZENMAP in kali Linux
(iii)Install Wireshark and apply filters to gather
different information Software
4 3 CO3 2 hours
(iv) Find the link accessed by the victim using Based
Wireshark
Perform Session hijacking/ find credentials of Software
5 3 CO3 2 hours
unsecure real time website using Wireshark Based
Use Nessus tool to find all the vulnerabilities with Software
6 3 CO3 2 hours
its level and generate a report for an organization Based
(iii)Execute basic commands of Linux
Software
7 (iv) Use CHMOD command to change the 3 CO3 1 hours
Based
privileges and permissions
Generate Word list from using wordlist generator Software
8 3 CO3 2 hours
Crunch Based
Exploit windows to gain access of victim’s Software
9 4 CO4 2 hours
machine using Metasploit framework Based
(i) Install Hiren Boot in bootable pen drive
Software
10 (ii) Perform windows Login Bypass Hiren Boot 4 CO4 1 hour
Based
or active password changer
Perform Kali Linux Login Bypass in virtual
Software
11 machine 4 CO4 2 hours
Based
Perform MAC Login Bypass in virtual machine
Create Trojan and Exploit victim’s machine by Software
12 4 CO4 1 hour
taking its complete access Based
 CS Lab Manual (CSL 422) | xiv
21-22

Track keystrokes of victim machine using Software

13 4 CO4 1 hour
Ardamax Keylogger Based
Software
14 Exploit Windows XP using Metasploit 4 CO5 1 hour
Based
Software
15 Exploit Windows 7 using Metasploit 4 CO5 2 hours
Based

Value Added Experiments

Perform steps to remove the tracks in windows Software

1 5 CO5 1 hour
and kali Linux Based
 CS Lab Manual (CSL 422) | xv
21-22

5. LIST OF FLIP EXPERIMENTS

1. Generating KeyLogger

2. Exploitation of Windows 10 using Metasploit

3. Creating Trojan for windows 7

 CS Lab Manual (CSL 422) | xvi
21-22

6. RUBRICS

Marks Distribution
Continuous Evaluation (50 Marks) Project Evaluations (20 Marks)
Each experiment shall be evaluated for 10 End semester practical evaluation
marks and at the end of the semester including Mini project (if any) carries
proportional marks shall be awarded out 20 marks.
of 50.
Following is the breakup of 10 marks for
each
4 Marks: Observation & conduct of
experiment. Teacher may ask questions
about experiment.
3 Marks: For report writing
3 Marks: For the 15 minutes quiz to be
conducted in every lab.
 Annexure 1

Cyber Security
(CSL 422)

Lab Practical Report

Faculty name: Student name:

Roll No.:

Semester:

Group:

Department of Computer Science and Engineering

NorthCap University, Gurugram- 122001, India
Session 2020-21
 INDEX
S.No Experiment Page Date of Date of Marks CO Sign
No. Experiment Submission Covered
 CS Lab Manual (CSL 422) | 1
2020-21
EXPERIMENT NO. 1

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective(s):

To familiarize the students with the first phase of Penetration Testing.

Outcome:

The students will understand which type of passive information can be gathered to exploit the
target machine

Problem Statement:

Perform reconnaissance to find all the relevant information on selected website using 10
information gathering tools. (Including 4 Kali Linux Tools)

Background Study:

• OSINT gathering is an important first step in penetration testing.

• Gathering as much intelligence on your organization and the potential targets for exploit.
• Clear understanding of the client’s systems and operations before you begin exploiting.
• How a target works and its potential vulnerabilities.
 CS Lab Manual (CSL 422) | 2
2020-21

Reconnaissance
Domain
Search name Social Internet Internal Dumpst
Tailgati
engine searches/ Enginee Footprin Footprinti er
ng
queries WHOIS ring ting ng Diving
lookups
Ping
Personn Get email Get
sweeps,
el, subdom positions, addresses, physical
port
systems, ains, technolog usernames, access
scanning,
or people’s ies, email social or
reverse
technolo names addresses networks, pictures
DNS, packet
gies sniffing

Question Bank:

1. In which topology there is a central controller or hub?

2. Which topology covers security, robust and eliminating traffic factor?

3. Video streaming is done through which protocol??

4. Which command is used to find the IP address of your system?

5. Why are systems vulnerable?

 CS Lab Manual (CSL 422) | 3
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 4
2020-21
EXPERIMENT NO. 2

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students about the first phase of Penetration Testing.

Outcome:

The students will understand how to gather information available on google freely using google
dorks

Problem Statement:

Gather information using Social Networking sites and google Dorks

Background Study:

 D Google is an Attacker's Ally

 Lot of information freely available via Internet on public platform
 Personal information on company website or a social media site, that give hints to user
account password.
 Names can be entered in a search engine to reveal home addresses and telephone
numbers.
 Saves patches between sessions, writes them back to executable file and updates fixups
 Open architecture - many third-party plugins are available
 No installation - no trash in registry or system directories
 CS Lab Manual (CSL 422) | 5
2020-21

Linkedin
Networking Websites
Job Portals

Twitter
Human Specific -
Facebook
Social Networking Websites
Fake Surveys Dating Websites
Spy Services
Matrimonial Websites

Here, some google search syntax to crawl the password:

1. "Login: *" "password =*" filetype: xls (searching data command to the system files that are
stored in Microsoft Excel)

2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server).

3. filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This
command can change with admin.xls)

4. intitle: login password (get link to the login page with the login words on the title and password
words anywhere. If you want to the query index more pages, type allintitle)

5. intitle: "Index of" master.passwd (index the master password page)

6. index of / backup (will search the index backup file on server)

7. intitle: index.of people.lst (will find web pages that contain user list).

8. intitle: index.of passwd.bak ( will search the index backup password files)

Question Bank:

1. What is digital footprinting?

2. How to use information from GHDB and FSDB?
3. Google search: Is it possible to search sites by value of tag attribute?
4. What Data Can We Find Using Google Dorks?
5. What is the following command used for: filetype:txt inurl:"email.txt" ?
 CS Lab Manual (CSL 422) | 6
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 7
2020-21
EXPERIMENT NO. 3

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Second phase of penetration testing

Outcome:

 The students will understand difference between active and passive reconnaissance.
 The students will be able to gather the information of the target machine by interacting with it.
 The students will understand Nmap Tool.

Problem Statement:

 Perform active reconnaissance using AngryIPScanner, Softperfect Network Scanner,

Cain&Able
 Perform Network Scanning using NMAP in windows and ZENMAP in kali Linux

Background Study:

 Active reconnaissance is commonly referred to as scanning.

 Taking the information discovered during reconnaissance and using it to examine the
network.
 The process of scanning perimeter and internal network devices for weaknesses.
Looking for information that can help to perpetrate attack
 CS Lab Manual (CSL 422) | 8
2020-21

Open ports and Each piece of Find the network

network services LAN/WAN equipment topology

Vulnerable Network addresses of

Open services applications, including live hosts, firewalls,
operating systems routers, etc

Open FTP portals

List of potential
Open share drives (Weak protection of
vulnerabilities
data in transit)

Question Bank:

1. How to find the network addresses of live hosts, firewalls, routers, etc
2. In which phase where attacker will interact with the target with an aim to identify the
vulnerabilities.
3. Differentiate between static and dynamic analysis.
4. Explain the different types of scanning.
5. Differentiate between filtered and unfiltered ports.
 CS Lab Manual (CSL 422) | 9
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 10
2020-21
EXPERIMENT NO. 4

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Second phase of penetration testing

Outcome:

 The students will be able to gather the information of the network by analyzing the traffic
moving in and out from target machine
 The students will understand Wireshark inbuilt Tool of Kali Linux

Problem Statement:

 Install Wireshark on any network and apply filters to gather different information of the
target machine
 Find the link accessed by the victim using Wireshark

Background Study:

 World’s foremost and widely-used network protocol analyzer.

 Tells what’s happening on your network at a microscopic level
 Standard across many commercial and non-profit enterprises, government agencies, and
educational institutions. 
 got famous in black hat.
 observes the messages exchanged.
 Passive and Preinstalled in Kali Linux, for windows http://www.wireshark.org.

Question Bank:
 CS Lab Manual (CSL 422) | 11
2020-21

1. What information can be retrieved from TCP stream?

2. What is the size of checksum in TCP header?
3. Differentiate between RST and FIN flag.
4. What information can be retrieved from a sniffer?
5. List top 5 sniffing tools.
 CS Lab Manual (CSL 422) | 12
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 13
2020-21
EXPERIMENT NO. 5

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Second phase of penetration testing

Outcome:

 The students will be able to gather the information of the network by analyzing the traffic
moving in and out from target machine
 The students will understand Wireshark inbuilt Tool of Kali Linux

Problem Statement:

Perform Session hijacking/ find credentials of unsecure real time website using Wireshark

Background Study:

Packet sniffer:
 To monitor the data transmitted over a network
 used for diagnostic or troubleshooting purposes
 To steal data transmitted over the network.
 Applicable to both wired and wireless networks
 Can be passive or active
 CS Lab Manual (CSL 422) | 14
2020-21

If
Enter username insecure
and password usernam
credentials (e.g. Right e&
game site, erp, click and password
LMS) select are
Start E.g. Follow visible in
Wireshar http://www.addic TCP plaintext
k tinggames.com/ Stream form

Open a Apply Find If secure,

HTTP HTTP as usernam username &
login filter and e and password
website locate a password might be
POST there available in
packet encrypted
form

Question Bank:

1. Is Wireshark an active or passive network scanning tool and why?

2. What is a pcap file?
3. List the uses of Wireshark tool.
4. Which filter is used in Wireshark to specify a protocol.
5. How to combine filters in Wireshark to check the traffic from a particular IP and for http
then.
 CS Lab Manual (CSL 422) | 15
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 16
2020-21
EXPERIMENT NO. 6

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Second phase of penetration testing

Outcome:

 The students will be able to find all the vulnerabilites present in the target machine
 Will also understand the Nessus Vulnerability scanner tool

Problem Statement:

Use NIKTO & Nessus tool to find all the vulnerabilities with its level and generate a report for an
organization

Background Study:

Packet sniffer:
 It has a database of vulnerabilities based on which it performs the check on the remote
host.
 Its database contains all the information required (service, port, packet type, a potential
path to exploit, etc.) to check the security issue.
 They can scan the network and websites against thousands of vulnerabilities, provide the
list of issues based on the risk and suggest the remediation as well.
 CS Lab Manual (CSL 422) | 17
2020-21

Nessus scan vulnerabilities

That allow a
Misconfiguratio Default Denials of Agentless
remote hacker Finding malware
n passwords, service auditing
to control

Common
(missing passwords, against the TCP/IP stack To make sure
or access
patches, etc.). and by using malformed no host on
sensitive data
blank/absent packets your network
on a system. is missing
passwords
security
patches
Nessus can also call
Hydra (an external
tool) to launch a
dictionary attack.

Question Bank:

1. What are the features of popular Vulnerability scanning tools?

2. Differentiate between NESSUS and NMAP.
3. List the top Vulnerability scanner tools.
4. List 4 applications of NESSUS tool.
5. What is a Plugin?
 CS Lab Manual (CSL 422) | 18
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 19
2020-21
EXPERIMENT NO. 7

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Linux to extract information

Outcome:

 The students will be able to learn commands of Linux required for exploitation
 Student will be able to change permissions of the Files and Folders

Problem Statement:

 Execute basic commands of Linux

 Use CHMOD command to change the privileges and permissions

Background Study:

 Linux word derived and evolved from UNIX.

 Unix was the first operating system came to existence with CLI environment and mainly
used for server side working as per today's requirements.
 It is the most flexible and customizable OS used by skilled individuals.
 It is an open source
 CS Lab Manual (CSL 422) | 20
2020-21

Question Bank:

1. Which command is used to make a directory in LINUX?

2. What is the use of grep command?
3. Which command is used to find out all the information about the OS?
4. Explain the following syntax: "chmod 754 filename".
5. Elaborate on the different privileges and permissions in LINUX.
 CS Lab Manual (CSL 422) | 21
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 22
2020-21
EXPERIMENT NO. 8

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Linux Commands

Outcome:

 The students will understand Crunch Word generator for password generation inbuilt Tool of
Kali Linux

Problem Statement:

Generate Word list from using wordlist generator Crunch

Background Study:

Usage Syntax -

Crunch Min.Value Max.Value Characters

 Example –

crunch 4 4 0123456789
 CS Lab Manual (CSL 422) | 23
2020-21
Question Bank:

Use –b option for wordlist fragmentation that split a single wordlist into multi wordlist
1. crunch 5 7 raj@123 -b 3mb -o START
Crunch let you generate compress wordlist with option –z and other parameters are gzip,
bzip2, lzma, and 7z
2. crunch 5 7 raj@123 –z gzip -o START
-p option is used for generating wordlist with help of permutation, here can ignore min and
max length of the character string
3. crunch 3 6 -p raj chandel hackingarticles
4. crunch 5 5 IGNITE -c 25 -o /root/Desktop/8.txt
use –d option to set the filter for repetition.
5. crunch 6 6 -t raj%%% -d 2% -o /root/Desktop/6.1.txt
 CS Lab Manual (CSL 422) | 24
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 25
2020-21
EXPERIMENT NO. 9

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Third and Fourth phase of penetration testing

Outcome:

 The students will be able to gain and maintain access of the target machine using pdf file

Problem Statement:

Exploit windows to gain access of victim’s machine using Metasploit framework

Background Study:

Exploitation by Creating a payload in pdf File using Metasploit

 Infected PDFs have always been a privileged way to infect users because this document
format is very common and used by almost everyone.
 It exists many ways to exploit Acrobat Reader vulnerabilities and it’s very stealth and elegant
way to launch a malware.
 How easy it is to craft a malicious PDF with custom shellcode and trigger a vulnerability to
execute a payload. 
 Analyse the malicious PDF to learn how the payload is stored, and how to extract it.

Question Bank:

1. What are the different methods to gain access of a system?

2. Explain the functionality of Auxiliary modules in Metasploit.
3. What is the use of grep command in Metasploit?
 CS Lab Manual (CSL 422) | 26
2020-21
4. Which command is used to set global variables within msfconsole?
5. How is reverse shell different from bind shell?
 CS Lab Manual (CSL 422) | 27
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 28
2020-21
EXPERIMENT NO. 10

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Bypass the Login of Windows.

Outcome:

 The students will be able to Bypass the login details of target in active and passive mode on all
type of operating system

Problem Statement:

 Perform windows Login Bypass using active password changer

 Using John the Ripper Tool

Background Study:

 Login Bypass
o Online Method
 System Unlocked
o Offline Method
 System locked
Question Bank:

1. Which command is used to create new user after Windows Login bypass?
2. How to remove the password of a victim's Window machine?
3. How to change the password of a victim's Window machine?
4. What is the purpose of the following command: net user gg /delete
5. Write a short note on RainbowCrack tool.
 CS Lab Manual (CSL 422) | 29
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 30
2020-21
EXPERIMENT NO. 11

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Bypass the Login of Linux and MAC

Outcome:

 The students will be able to Bypass the login details of target in active and passive mode on all
type of operating system

Problem Statement:

 Perform Kali Linux Login Bypass in virtual machine

 Perform MAC Login Bypass in virtual machine

Background Study:

Bypassing Login of Kali Linux and MAC:

 CS Lab Manual (CSL 422) | 31
2020-21

Question Bank:

1. Write a short note on John the Ripper tool.

2. Can THC Hydra tool be used for cracking LINUX machine password?
3. Which file allows the hacker to see user information such as full name, phone number
etc. in LINUX?
4. Which permission value in LINUX allows to read and execute?
5. What is the UID of root user in LINUX?
 CS Lab Manual (CSL 422) | 32
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 33
2020-21
EXPERIMENT NO. 12

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of exploitation

Outcome:

The students will be able to gain access of target machine using Malware

Problem Statement:

Create Trojan and Exploit victim’s machine by taking its complete access

Background Study:

 Trojans are the malicious applications or programs which looks like a normal application but is
harmful in nature as it can give the whole remote access of the Target's Machine to the
Attacker's Machine.
 E.g. Poke and take remote control of your machine
 ways of remote connection
o Forward Connection
o Reverse connection

Question Bank:

1. What are the different types of Exploitation.

2. Write a short note on RAT.
3. Differentiate between socket and stub.
4. Which folder is created when the victim click on a dark comet?
5. Find an application which can see the "Established" and "Listening" connection of a machine
just like "netstat".
 CS Lab Manual (CSL 422) | 34
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 35
2020-21
EXPERIMENT NO. 13

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Third phase of penetration testing

Outcome:

 The students will be able to gather the keystrokes of target machine

Problem Statement:

 Track keystrokes of victim machine using Ardamax Keylogger

Background Study:

 Installed on a Victims computer.

 records these keystrokes and stores them in the logs.
 Starts operating in the background (stealth mode) and captures every keystroke of the target
computer.
 silent, does not show up in the start-menu, windows startup, program files, add/remove
programs or the task manager.

Ardamax Keylogger
 https://www.ardamax.com/keylogger
 Username: ardamax
 Password: ardamax
 After install you can delete but it is working (can check in task manager or triangle yellow icon
on taskbar)
 Open and view logs
 It works on everything notepad, start, online accounts etc
 Hidden mode: attacker can hide also (right click)- ctrl + H
 CS Lab Manual (CSL 422) | 36
2020-21
 Invisibility option: from task manager. It auto starts
Question Bank:

1. Differentiate between software and hardware keyloggers.

2. What are the different methods of installing a keylogger?
3. List 5 open source keyloggers.
4. Can Ardamax keylogger record audio of a victim's machine?
5. What is the use of Crypter software?
 CS Lab Manual (CSL 422) | 37
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 38
2020-21
EXPERIMENT NO. 14

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Third and Fourth phase of penetration testing

Outcome:

 The students will be able to gain and maintain access of the target machine

Problem Statement:

 Exploit Windows XP using Metasploit

Background Study:

 Number of ways that you can bind your shell to a port

 There are two popular types of shells:

o Bind Shell and
o Reverse Shell

 A bind shell is the kind that opens up a new service on the victim machine and requires the
attacker to connect to it in order to get a session.
 CS Lab Manual (CSL 422) | 39
2020-21

Question Bank:

1. Write a short note on reverse shell.

2. In bind shell the listener port 4444, is at the victim's or the attacker's end.
3. What is the functionality of SMB protocol?
4. What is Msfvenom?
5. What is the use of the following module in Metasploit framework - Exploit/multi/handler.
 CS Lab Manual (CSL 422) | 40
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 41
2020-21
EXPERIMENT NO. 15

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Third and Fourth phase of penetration testing

Outcome:

 The students will be able to gain and maintain access of the target machine

Problem Statement:

Exploit Windows7 using Metasploit

Background Study:
 Exploit/multi/handler

o This module provides all of the features of the Metasploit payload system on different
platforms and architectures.

Question Bank:

1. What is a meterpreter?
2. Explain the Msfvenom commands required to generate payload.
3. Write the command to start key scanner on victim’s machine.
4. What is the output of following command - keyscan_dump.
5. Write the command to upload a file in window’s F drive after getting meterpreter access.
 CS Lab Manual (CSL 422) | 42
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs
 CS Lab Manual (CSL 422) | 43
2020-21
EXPERIMENT NO. 16 (VALUE ADDED EXPERIMENT)

Student Name and Roll Number:

Semester /Section:

Link to Code:

Date:

Faculty Signature:

Marks:

Objective:

To familiarize the students with the concept of Fifth phase of penetration testing

Outcome:

 The students will be able to Cover tracks and post exploit the target machine

Problem Statement:

Perform steps to remove the tracks in windows and Kali Linux

Background Study:
 In the phases previous to this one the pen tester successfully managed to avoid detection by
firewalls and intrusion detection systems,
 The purpose of this phase is to cover up all the little clues that would give away the nature of
his deeds.

 There are few ways that we can cover our tracks, making it VERY difficult to track our
malicious activities.

o Clear the File, events logs or clear history

o Hide the Files

Question Bank:

1. What is pivoting?
2. What is the use of getsystem command in Meterpreter script.
3. Write the command for taking screenshots of victim's machine after getting meterpreter
 CS Lab Manual (CSL 422) | 44
2020-21
access.
4. Write the command to clear event logs for clearing hacker's tracks.
5. What is the outcome of the follwoing command: shred -zu root/.bash_history
 CS Lab Manual (CSL 422) | 45
2020-21
Student Work Area
Algorithm/Flowchart/Code/Sample Outputs