LAB MANUAL

NAME: _____________________________________
USN: _______________________________________
SEMESTER: _________________________________
BRANCH: ___________________________________
SUBJECT NAME: _____________________________
SUBJECT CODE: _____________________________
BATCH: _____________________________________

“Jnana Prabha”
#147 Bidarahalli, Virgonagar Post
(Near K.R. Puram – Avalahalli) T: +91 80 284 72 999 E: [email protected]
Bangalore – 560049 F: +91 80 250 73 903 www.eastpoint.ac.in

1
 LAB PROGRAMS

Lab Page
EXPERIMENT NAME
No. No.
Lab 1 Install Virtual Box and Configure it. 03

Lab 2 Install Kali Linux in Virtual Box and Configure it. 06

Lab 3 Explore all the Basic Commands Used in Kali Linux. 09

Lab 4 Basic File Permissions and User Management. 12

Lab 5 Explore Kali Linux and bash scripting. 16

Apply Netcraft, who is Lookups, DNS Reconnaissance,

Lab 6 Harvester and Maltego to perform open-source intelligence 20
gathering.

Lab 7 Understand the Nmap command and scan targets using Nmap. 23

Lab 8 Packet Analysis using Wireshark. 26

Lab 9 Kali Linux-Social Engineering Tool Kit usage. 30

Lab 10 Kali Linux-Information Gathering Tools (NMAP and Zen MAP). 34

Lab 11 Using Netstat for Network Connection Monitoring. 38

Lab 12 Basic Packet Capture with Tcpdump. 42

2
 EXPERIMENT 01
Aim: Install Virtual Box and Configure it.
Objective:

To install a virtualization tool (VirtualBox or VMware) and configure it to run virtual

machines.

Requirements:

1. A computer with at least:

o 8 GB RAM

o 50 GB free disk space

o A multi-core processor with virtualization support (Intel VT-x or AMD-V)

2. VirtualBox or VMware installation file

3. An operating system ISO file (e.g., Ubuntu, Windows)

Steps:

Part 1: Installation

Step 1: Download the Virtualization Software

• For VirtualBox:

1. Visit the VirtualBox download page.

2. Select and download the version suitable for your operating system (Windows,
macOS, or Linux).

• For VMware:

1. Visit the VMware Workstation Player page.

2. Download the free version for personal use.

Step 2: Install the Software

• VirtualBox:

1. Locate the downloaded .exe file (Windows) or .dmg file (macOS).

2. Double-click to start the installation.

3. Follow the installation wizard:

▪ Accept the license agreement.

▪ Choose the installation path (default is recommended).

3
 ▪ Allow any permissions requested.

4. Click Install and wait for the process to complete.

5. Click Finish to exit.

• VMware Workstation Player:

1. Locate the downloaded installer.

2. Double-click to start the setup.

3. Follow the installation steps:

▪ Accept the license agreement.

▪ Choose installation preferences (e.g., desktop shortcuts).

4. Click Install and wait for the process to complete.

5. Launch VMware Player.

Part 2: Configuration

Step 1: Enable Virtualization in BIOS/UEFI (if not enabled)

1. Restart your computer and enter the BIOS/UEFI settings (typically by pressing Del,
F2, or F12 during boot).

2. Navigate to the CPU settings or Advanced tab.

3. Enable virtualization (Intel VT-x or AMD-V).

4. Save and exit.

Step 2: Create a Virtual Machine

• For VirtualBox:
1. Open VirtualBox and click New.

2. Provide a name for your VM (e.g., "Ubuntu 20.04").

3. Select the type of OS and version (e.g., Linux, Ubuntu 64-bit).

4. Allocate memory (RAM) — recommended is at least 2048 MB for Linux or

4096 MB for Windows.

5. Create a virtual hard disk:

▪ Select Create a virtual hard disk now.

▪ Choose the type (e.g., VDI) and allocate storage (e.g., 20 GB).

▪ Select Dynamically allocated.

4
 6. Click Create.

• For VMware:

1. Open VMware Workstation Player and click Create a New Virtual Machine.

2. Select the installation source:

▪ Use an ISO image file or install the OS later.

3. Provide the product key (for Windows) if required.

4. Name the VM and choose the location to save it.

5. Allocate memory and processors:

▪ Recommended: 2 cores and 2048–4096 MB RAM.

6. Create a virtual disk:

▪ Allocate at least 20 GB.

▪ Choose disk file type (e.g., vmdk).
7. Finish the setup.

Step 3: Load the Operating System

1. Start the virtual machine.

2. Attach the OS ISO file:

o VirtualBox: Go to Settings > Storage, select the empty optical drive, and add
the ISO.

o VMware: During the first boot, select the ISO file as the boot disk.

3. Follow the on-screen instructions to install the OS in the VM.

Verification

1. Verify that the virtual machine boots up successfully into the installed OS.

2. Test basic functionalities like:

o Internet connectivity.

o File transfer between the host and VM.

5
 EXPERIMENT 02
Aim: Install Kali Linux in VirtualBox and Configure it
Objective:

To install Kali Linux, a penetration testing operating system, on VirtualBox and configure it
for basic use.

Requirements:

1. A computer with:

o VirtualBox installed (refer to the first experiment for instructions)

o At least 8 GB RAM and 50 GB free storage

2. Kali Linux ISO file (download from Kali Linux Official Website)

3. Active internet connection for downloading updates.

Steps:

Part 1: Download and Prepare

Step 1: Download Kali Linux ISO

1. Visit the Kali Linux Download page.

2. Choose the appropriate version:

o Standard installer ISO for most use cases.

o Verify the checksum to ensure the file’s integrity.

Step 2: Open VirtualBox

1. Launch VirtualBox on your system.

2. Ensure VirtualBox is up-to-date (check for updates in the application).

Part 2: Create a Virtual Machine

Step 1: Set Up the Virtual Machine

1. Click New to create a new virtual machine.

2. Provide a name (e.g., "Kali Linux").

3. Set the Type to Linux and Version to Debian (64-bit).

4. Click Next.

6
Step 2: Configure Resources

1. Memory (RAM):

o Allocate at least 2048 MB (2 GB) or more (4 GB recommended for optimal

performance).

2. Hard Disk:

o Select Create a virtual hard disk now.

o Choose the format (e.g., VDI).

o Select Dynamically allocated or Fixed size (dynamic is preferred for
flexibility).
o Allocate at least 20 GB of storage.

Step 3: Attach the Kali Linux ISO

1. Go to Settings of the newly created VM.

2. Navigate to Storage.

3. Under the Controller: IDE, click the Empty disk.

4. Click the disk icon on the right and select Choose a disk file.

5. Browse and select the Kali Linux ISO you downloaded.

6. Click OK to save the settings.

Part 3: Install Kali Linux

Step 1: Start the Virtual Machine

1. Select the Kali Linux VM and click Start.

Step 2: Begin Installation

1. When prompted, choose Graphical Install.

2. Follow the on-screen instructions:

o Select language, region, and keyboard settings.

o Configure the network: Enter a hostname (e.g., "kali").

o Optionally set a domain name (leave blank for personal use).

Step 3: Configure User and Password

1. Set up a root password or create a new non-root user account.

2. Confirm the password.

7
Step 4: Partition the Disk

1. Choose Guided - Use Entire Disk for simplicity.

2. Select the virtual disk and follow the default partitioning scheme.

3. Confirm the changes and write them to the disk.

Step 5: Complete Installation

1. Allow the installation to proceed (this may take several minutes).

2. When prompted, install GRUB bootloader to the master boot record.

3. Reboot the system once installation completes.

8
 EXPERIMENT 03
Aim: Explore all the Basic Commands Used in Kali Linux.
Objective:

To understand and practice basic Linux commands essential for navigation, file management,
and system operations in Kali Linux

1. Check Current User:

whoami

o Displays the currently logged-in user.

2. Switch User:

su <username>

o Allows switching to another user account.

3. Display System Information:

uname -a

o Shows detailed system information.

4. Check Disk Usage:

df -h

o Displays disk usage in a human-readable format.

5. Check Memory Usage:

free -m

o Displays memory usage in MB.

Part 2: File and Directory Management

1. List Files and Directories:

ls

o Displays files in the current directory.

o Options:

ls -l # Long listing format

ls -a # Include hidden files

9
 2. Change Directory:

cd <directory_name>

o Moves to the specified directory.

o Examples:
cd /home # Go to the home directory

cd .. # Move up one directory

cd ~ # Go to the user's home directory

3. Create a Directory:

mkdir <directory_name>

o Creates a new directory.

4. Create an Empty File:

touch <file_name>
o Creates an empty file.

5. View File Content:

cat <file_name>

o Displays the content of a file.

o Alternatives:

less <file_name> # View file content one page at a time

head <file_name> # View the first 10 lines of a file

tail <file_name> # View the last 10 lines of a file

6. Copy Files or Directories:

cp <source> <destination>

o Example:

cp file1.txt /home/user/backup/

7. Move or Rename Files:

mv <source> <destination>
o Example:

mv file1.txt file2.txt # Rename file1 to file2

10
8. Delete Files or Directories:

rm <file_name>

o For directories:

rm -r <directory_name>

11
 EXPERIMENT 04
Aim: Basic File Permissions and User Management.
Objective:

To understand and practice file permission management and user management in Kali Linux.

Steps:

Part 1: File Permissions

Step 1: View File Permissions

1. Use the ls command to view file permissions:

2. ls -l
o Output example:

o -rw-r--r-- 1 user group 1024 Dec 26 10:00 example.txt

o Breakdown of permissions:

▪ -rw-r--r--: File type and permissions (read, write, execute).

▪ user: Owner of the file.

▪ group: Group associated with the file.

Step 2: Change File Permissions

1. Modify file permissions using chmod:

2. chmod <permissions> <file_name>

o Example:

o chmod 755 script.sh

o Numeric permission values:

▪ 7: Read, write, and execute (rwx).

▪ 6: Read and write (rw-).

▪ 5: Read and execute (r-x).

▪ 4: Read-only (r--).

o Example usage:

o chmod 644 example.txt # Owner can read and write, others can read only

o chmod +x script.sh # Add execute permission

o chmod -r example.txt # Remove read permission

12
Step 3: Change File Ownership

1. Change the owner of a file:

2. sudo chown <new_owner> <file_name>

o Example:
o sudo chown user2 example.txt

3. Change the group of a file:

4. sudo chown :<new_group> <file_name>

o Example:

o sudo chown :developers example.txt

5. Change both owner and group:

6. sudo chown <new_owner>:<new_group> <file_name>

o Example:
o sudo chown user2:developers example.txt

Part 2: User Management

Step 1: Add a New User

1. Create a new user:

2. sudo adduser <username>

o Example:

o sudo adduser john

o Follow the prompts to set a password and user details.

3. Verify the user:

4. cat /etc/passwd | grep <username>

o Example:

o cat /etc/passwd | grep john

Step 2: Delete a User

1. Remove a user:

2. sudo deluser <username>

o Example:

13
 o sudo deluser john

3. Remove a user along with their home directory:

4. sudo deluser --remove-home <username>

Step 3: Modify User Permissions

1. Add a user to a group:

2. sudo usermod -aG <group> <username>

o Example:

o sudo usermod -aG sudo john

3. Remove a user from a group:

4. sudo gpasswd -d <username> <group>

o Example:
o sudo gpasswd -d john sudo
Step 4: Manage User Passwords

1. Change the password for a user:

2. sudo passwd <username>

o Example:

o sudo passwd john

3. Expire a user’s password (force password reset):

4. sudo passwd -e <username>

Part 3: Group Management

Step 1: Add a New Group

1. Create a new group:

2. sudo groupadd <group_name>

o Example:

o sudo groupadd developers

Step 2: Assign a Group to a User

1. Assign a primary group:

2. sudo usermod -g <group_name> <username>

o Example:

14
 o sudo usermod -g developers john

3. Assign a secondary group:

4. sudo usermod -aG <group_name> <username>

o Example:
o sudo usermod -aG admin john

Step 3: Delete a Group

1. Remove a group:

2. sudo groupdel <group_name>

o Example:

o sudo groupdel developers

15
 EXPERIMENT 05
Aim: Explore Kali Linux and bash scripting.
Objective:
To familiarize with the Kali Linux environment and learn the basics of Bash scripting to
automate tasks.
Steps:

Part 1: Exploring Kali Linux

Step 1: Understanding the Environment

1. Open the Terminal.

2. Check the installed tools:

3. ls /usr/share

o Look for directories like nmap, metasploit-framework, and other tools.

4. Explore system resources:

o Check network interfaces:

o ifconfig

o View running processes:

o ps aux

5. Locate pre-installed tools:

o Examples:

o which nmap
o which msfconsole

6. Check the system version:

7. lsb_release -a

Step 2: Update Kali Linux

1. Update the package list and upgrade all installed tools:

2. sudo apt update && sudo apt upgrade -y

3. Verify updates:
4. uname -r

16
Part 2: Bash Scripting Basics

Step 1: Create a Bash Script

1. Open a terminal and create a new file:

2. nano script.sh
3. Add the following script to the file:

4. #!/bin/bash

5. echo "Welcome to Bash Scripting!"

6. echo "Current Date and Time: $(date)"

7. echo "Logged-in User: $(whoami)"

8. echo "Uptime: $(uptime)"

9. Save and exit (Ctrl + O, Enter, Ctrl + X).

10. Make the script executable:
11. chmod +x script.sh

12. Run the script:

13. ./script.sh

Step 2: Conditional Statements in Bash

1. Create a script to check if a file exists:

2. nano check_file.sh

3. Add the following code:

4. #!/bin/bash

5. echo "Enter the filename:"

6. read filename

7. if [ -f "$filename" ]; then

8. echo "File exists."

9. else

10. echo "File does not exist."

11. fi

12. Save, make it executable, and run the script:

13. chmod +x check_file.sh

17
 14. ./check_file.sh

Step 3: Loops in Bash

1. Create a script to print numbers from 1 to 10:

2. nano loop.sh
3. Add the following code:

4. #!/bin/bash

5. for i in {1..10}; do

6. echo "Number: $i"

7. done

8. Save, make it executable, and run the script:

9. chmod +x loop.sh
10. ./loop.sh
Step 4: Automate a Common Task

1. Create a script to update and upgrade the system:

2. nano update_system.sh

3. Add the following code:

4. #!/bin/bash

5. echo "Updating and upgrading the system..."

6. sudo apt update && sudo apt upgrade -y

7. echo "System updated successfully!"

8. Save, make it executable, and run the script:

9. chmod +x update_system.sh

10. ./update_system.sh

Part 3: Practice Examples

1. Script to Create and Compress Files:

2. #!/bin/bash
3. echo "Enter directory name:"

4. read dir_name

5. mkdir "$dir_name"

18
6. echo "Directory $dir_name created."

7. tar -czvf "${dir_name}.tar.gz" "$dir_name"

8. echo "Directory $dir_name compressed into ${dir_name}.tar.gz"

9. Script to Scan a Network:

10. #!/bin/bash

11. echo "Enter the IP range to scan:"

12. read ip_range

13. echo "Scanning network..."

14. nmap -sP $ip_range

19
 EXPERIMENT 06
Aim: Apply Netcraft, who is Lookups, DNS Reconnaissance, Harvester and
Maltego to perform open-source intelligence gathering.
Objective:

To utilize various OSINT tools for information gathering on a target domain or entity,
understanding how each tool contributes to reconnaissance.

Steps:

Part 1: Using Netcraft for Information Gathering

1. Open a web browser and navigate to Netcraft's Site Report.

2. Enter the target domain (e.g., example.com) in the search bar and analyze the results.

o Information obtained:

▪ Hosting details.

▪ Server technologies.

▪ SSL/TLS certificates.

▪ Subdomains and related sites.

3. Document the findings and take screenshots for reporting.

Part 2: Performing Whois Lookups

1. Open the terminal in Kali Linux.

2. Use the whois command to query the target domain:

3. whois example.com

o Key information retrieved:

▪ Domain registration details.

▪ Registrar information.

▪ Contact details (if public).

▪ Domain expiration date.

4. Analyze the output and identify useful intelligence for the investigation.

5. (Optional) Use online Whois lookup tools for cross-verification, e.g., ICANN Whois
Lookup.

Part 3: DNS Reconnaissance

1. Using nslookup:
20
 o Perform a basic DNS query:

o nslookup example.com

o Obtain the authoritative name server:

o nslookup -type=ns example.com

2. Using dig:

o Query DNS records:

o dig example.com

o dig example.com ANY

o dig example.com MX

o dig example.com TXT

3. Using dnsenum:
o Perform an in-depth DNS enumeration:
o dnsenum example.com

o Information retrieved:

▪ Subdomains.

▪ MX and NS records.

▪ Zone transfer testing.

Part 4: Using Harvester for Email and Subdomain Enumeration

1. Run theHarvester from the terminal:

2. theharvester -d example.com -l 500 -b all

o Options:

▪ -d: Target domain.

▪ -l: Limit for search results.

▪ -b: Source (e.g., google, bing, all).

3. Analyze the output:

o Emails.
o Subdomains.

o Associated IPs.

4. Save the results to a file:

21
 5. theharvester -d example.com -l 500 -b all -f report.txt

Part 5: Using Maltego for Advanced Visualization

1. Open Maltego in Kali Linux:

2. maltego
3. Create a new graph:

o Choose the "Standard Transforms" option.

4. Add an entity:

o Drag and drop a "Domain" entity onto the workspace.

o Enter the target domain (e.g., example.com).

5. Run transforms:

o Right-click the domain entity and select various transforms, such as:
▪ DNS to IP.
▪ Domain to email addresses.

▪ Domain to social media accounts.

6. Visualize relationships:

o Analyze the connections and identify key assets or entities.

7. Export the graph as a report or image.

Part 6: Documentation

1. Record all findings from the tools used.

2. Structure the information under categories such as:

o Hosting and server details.

o DNS records and subdomains.

o Contact information.

o Email addresses and associated domains.

3. Highlight critical insights, such as potential vulnerabilities or exposed assets.

22
 EXPERIMENT 07
Aim: Understand the Nmap command and scan targets using Nmap.
Objective:

To explore the functionality of the Nmap (Network Mapper) tool and perform various types
of network scans on target systems.

Steps:

Part 1: Introduction to Nmap

1. Check if Nmap is installed:

2. nmap --version

o Example output:

o Nmap version 7.93 ( https://nmap.org )

3. View Nmap help and available options:

4. nmap -h

Part 2: Basic Scans

1. Ping Scan:

o Discover live hosts in a network:

o nmap -sn <target_range>

o Example:
o nmap -sn 192.168.1.0/24

2. Port Scan:

o Scan for open ports on a target:

o nmap <target>

o Example:

o nmap 192.168.1.1

3. Scan Multiple Targets:

o Use a list of IPs or a range:

o nmap 192.168.1.1 192.168.1.2 192.168.1.3

o Scan a range:

o nmap 192.168.1.1-50

23
Part 3: Advanced Scans

1. Service and Version Detection:

o Identify running services and their versions:

o nmap -sV <target>

o Example:

o nmap -sV 192.168.1.1

2. Operating System Detection:

o Determine the operating system of the target:

o nmap -O <target>

o Example:

o nmap -O 192.168.1.1
3. Aggressive Scan:
o Combine version detection, OS detection, and script scanning:

o nmap -A <target>

o Example:

o nmap -A 192.168.1.1

4. Stealth Scan:

o Avoid detection by firewalls and IDS/IPS:

o nmap -sS <target>

o Example:

o nmap -sS 192.168.1.1

Part 4: Scanning Techniques

1. UDP Scan:

o Scan UDP ports:

o nmap -sU <target>

o Example:
o nmap -sU 192.168.1.1

24
 2. Scan Specific Ports:

o Target specific ports (e.g., 22 and 80):

o nmap -p 22,80 <target>

o Example:
o nmap -p 22,80 192.168.1.1

3. Detect Firewall Rules:

o Perform a FIN scan:

o nmap -sF <target>

o Example:

o nmap -sF 192.168.1.1

4. Scan Using Scripts:

o Use Nmap Scripting Engine (NSE) for vulnerability detection:
o nmap --script <script_name> <target>

o Example:

o nmap --script vuln 192.168.1.1

Part 5: Save Scan Results

1. Save output to a text file:

2. nmap -oN scan_results.txt <target>

3. Save in XML format:

4. nmap -oX scan_results.xml <target>

Part 6: Practice Scenarios

1. Scan your own system or a local virtual machine:

2. nmap localhost

3. Scan a network range for live hosts:

4. nmap -sn 192.168.1.0/24

5. Perform an aggressive scan on a specific host:

6. nmap -A 192.168.1.100

25
 EXPERIMENT 08
Aim: Understand the Nmap command and scan targets using Nmap.
Objective:

To learn the basics of packet analysis using Wireshark by capturing, filtering, and analyzing
network traffic.

Steps:

Part 1: Setting Up Wireshark

1. Install Wireshark (if not installed):

2. sudo apt update

3. sudo apt install wireshark -y

4. Run Wireshark:
o Launch Wireshark with root privileges:

o sudo wireshark

o Alternatively, open it via the application menu.

5. Select a Network Interface:

o In the main Wireshark window, choose the network interface to capture traffic
(e.g., eth0 for Ethernet or wlan0 for Wi-Fi).

o Click on "Start Capturing Packets" (the blue shark fin icon).

Part 2: Capturing Network Traffic

1. Capture All Traffic:

o Allow Wireshark to collect packets for a few minutes.

o Stop the capture by clicking the red square icon.

2. Save the Capture:

o Go to File → Save As → Save the capture as capture1.pcap.

3. Observe the Captured Packets:

o View the packet list pane for detailed information, such as:

▪ Protocols (TCP, UDP, HTTP, etc.).

▪ Source and destination IPs.

▪ Ports.

26
Part 3: Applying Filters

1. Basic Filters:

o Filter packets by protocol:

o tcp
o udp

o icmp

o Filter packets from a specific IP:

o ip.src == <source_IP>

o Example:

o ip.src == 192.168.1.1

o Filter packets to a specific IP:

o ip.dst == <destination_IP>
2. Advanced Filters:

o HTTP traffic only:

o http

o DNS queries:

o dns

o Filter by port (e.g., port 80):

o tcp.port == 80
3. Combine Filters:

o Example: Display HTTP traffic from a specific source:

o http && ip.src == 192.168.1.100

Part 4: Analyzing Packets

1. Inspect TCP Handshake:

o Search for packets using the filter:

o tcp.flags.syn == 1
o Analyze the SYN, SYN-ACK, and ACK sequence to understand the TCP
handshake.

27
 2. Analyze HTTP Requests:

o Filter for HTTP packets:

o http

o Follow an HTTP stream:

▪ Right-click a packet → "Follow" → "HTTP Stream."

o View the GET and POST requests.

3. Analyze DNS Queries:

o Filter for DNS traffic:

o dns

o Look for queries and responses to identify domain name resolutions.

4. Inspect Packet Details:

o Expand the packet layers in the middle pane to view:
▪ Ethernet header.

▪ IP header.

▪ TCP/UDP header.

▪ Application layer data (e.g., HTTP payload).

Part 5: Export and Reporting

1. Export Packet Data:

o Select packets of interest → Right-click → "Export Selected Packets" → Save

as selected_packets.pcap.

2. Generate a Summary:
o Go to Statistics → Summary.

o Export the summary for reporting.

Part 6: Practice Scenarios

1. Capture ICMP Traffic (Ping):

o Open a terminal and ping a server:

o ping <server_IP>

o Filter ICMP packets in Wireshark:

o Icmp

28
2. Capture HTTP Traffic:

o Access a website in a browser.

o Filter HTTP traffic in Wireshark:

o http

3. Capture FTP Traffic:

o Use an FTP client to connect to a server.

o Filter FTP traffic:

o ftp

29
 EXPERIMENT 09
Aim: Kali Linux-Social Engineering Tool Kit usage.
Objective:

To learn how to use the Social Engineering Toolkit (SET) in Kali Linux for simulating
social engineering attacks, including phishing and credential harvesting.

Steps:

Part 1: Introduction to the Social Engineering Toolkit (SET)

1. Open Kali Linux and ensure SET is installed. It is pre-installed in Kali by default, so
you can check if it's available:

2. setoolkit

3. Launching SET:

o To start SET, open the terminal and type:

o sudo setoolkit
4. Welcome Screen:

o The SET interface will appear with several options. You will be presented
with a menu that allows you to choose different types of social engineering
attacks.

Part 2: Using the Social Engineering Toolkit

1. Select the Type of Attack:
o After launching SET, you will see the following options:

▪ 1) Social-Engineering Attacks

▪ 2) Penetration Testing (exploits)

▪ 3) Third Party Modules

▪ 4) Payload and Listener

▪ 5) Update the Social Engineering Toolkit

▪ 6) Exit
o Select 1) Social-Engineering Attacks by typing 1 and pressing Enter.

2. Choose Attack Vector:

o You’ll now see various attack options such as:

▪ 1) Spear-Phishing Attack.

30
 ▪ 2) Website Attack Vectors.

▪ 3) Infectious Media Generator.

▪ 4) Create a Payload and Listener.

▪ 5) Arduino-based attacks.
▪ 6) Exit.

3. Phishing Attacks:

o Select 2) Website Attack Vectors to simulate a website-based attack. You’ll

then see multiple options:

▪ 1) Java Applet Attack Method

▪ 2) Metasploit Browser Exploit Method

▪ 3) Credential Harvester Attack Method

▪ 4) Tabnabbing Attack Method

▪ 5) Exit

o For this example, select 3) Credential Harvester Attack Method to simulate

phishing by harvesting credentials from a target.

4. Set Up the Phishing Site:

o After selecting the credential harvester, you’ll be asked to enter the IP
address to which you want to bind the attack. If you are in a local testing
environment, you can use the local IP of your Kali machine (you can find it
using ifconfig).

o Select the site to mimic, such as Facebook, Google, Twitter, etc., or you can
provide a custom URL.

5. Start the Attack:

o SET will generate the fake phishing site and start the credential harvesting
process.

o Share the phishing URL (generated by SET) with your target. When the target
enters their credentials, they will be captured by the SET and saved for review.

6. View Harvested Credentials:

o SET will show you the captured credentials on the terminal as they are entered
by the victim.

Part 3: Email Phishing Attack

1. Select Email Attack:

31
 o Go back to the main Social Engineering menu and select 1) Spear-Phishing
Attack.

o This option allows you to create a fake email that contains a malicious link or
attachment.

2. Configure the Attack:

o SET will prompt you to provide:

▪ The From email address.

▪ The To email address (target’s email).

▪ Subject of the email.

▪ Message body of the email.

▪ Attachments or links to the fake site.

o SET will create and send the email on your behalf, containing the malicious
link or attachment.

Part 4: Website Attack with Malicious JavaScript

1. Java Applet Attack:

o If you choose the Java Applet Attack Method, SET will generate a malicious
Java applet that, when executed by the target, allows you to gain remote
access to the target system or execute other payloads.

o This method works well when targeting vulnerabilities in older Java

installations or insecure environments.
2. Metasploit Browser Exploit:

o You can use the Metasploit Browser Exploit Method to exploit

vulnerabilities in web browsers by delivering an exploit payload through a
website.
o This is a more advanced attack option that requires Metasploit to be set up and
integrated with SET.
Part 5: Post-Attack Actions and Reporting

1. Analyzing the Results:

o After the attack is complete, you can review the captured data:

▪ View harvested credentials from the phishing attack.

▪ Check logs for details of the email phishing campaign.

32
 ▪ Examine any successful exploits triggered by malicious JavaScript or
the Metasploit integration.

2. Reporting:

o Document the attack vectors, tools used, and the results. This can include:

▪ Screenshots of the phishing page.

▪ Email sent to the target.

▪ Captured credentials or other data.

Part 6: Ethical Considerations and Best Practices

1. Use Ethical Hacking:

o Always ensure that your testing is done in a legal, controlled environment,

with permission from the target.

o Do not perform social engineering attacks on live targets without their

consent.

2. Avoid Misuse:

o Social Engineering Toolkit is a powerful tool and should only be used for
educational purposes or authorized penetration testing engagements.

33
 EXPERIMENT 10
Aim: Kali Linux-Information Gathering Tools (NMAP and Zen MAP).
Objective:

To learn how to use Nmap and Zenmap for network reconnaissance, scanning, and
information gathering to identify active hosts, open ports, and services running on a target
system.
Steps:

Part 1: Introduction to Nmap and Zenmap

1. What is Nmap?

o Nmap (Network Mapper) is an open-source tool for network discovery and

security auditing. It can be used to identify active devices on a network,
discover open ports, and gather information about the services running on
those ports.
2. What is Zenmap?

o Zenmap is the graphical user interface (GUI) for Nmap. It provides a user-
friendly interface to interact with Nmap and visualize the results in a more
accessible format.

3. Verify Installation:
o Nmap is pre-installed on Kali Linux, but if you are using another system,
install Nmap using:

o sudo apt update

o sudo apt install nmap -y

4. Launch Zenmap:

o To open Zenmap, type the following command:

o sudo zenmap

o Alternatively, you can launch it from the application menu.

Part 2: Basic Nmap Commands and Scanning

1. Check if Nmap is Installed:

o Open a terminal and type:

o nmap --version

2. Scan a Single Host:

34
 o To scan a target system, use the following command:

o nmap <target_ip>

o Example:

o nmap 192.168.1.1
3. Scan a Range of IPs:

o To scan a range of IP addresses:

o nmap 192.168.1.1-50

4. Scan a Subnet:

o To scan an entire subnet:

o nmap 192.168.1.0/24

5. Scan Specific Ports:

o To scan specific ports (e.g., ports 22 and 80):
o nmap -p 22,80 192.168.1.1

6. Service Version Detection:

o To detect versions of the services running on open ports:

o nmap -sV 192.168.1.1

7. Operating System Detection:

o To detect the operating system of the target:

o nmap -O 192.168.1.1
8. Aggressive Scan:

o Perform an aggressive scan that includes version detection, OS detection, and

script scanning:

o nmap -A 192.168.1.1

9. Scan for UDP Ports:

o To scan UDP ports, use the following command:

o nmap -sU 192.168.1.1

Part 3: Using Zenmap (GUI for Nmap)

1. Launching Zenmap:

o Open Zenmap by typing:

35
 o sudo zenmap

2. Setting Up a Scan in Zenmap:

o In the Target field, enter the IP address or range of IP addresses you want to
scan.

o In the Profile dropdown, you can select various scan types like:

▪ Quick Scan: Scan for the most common ports.

▪ Intense Scan: Detailed scan with version and OS detection.

▪ Ping Scan: Check for live hosts.

▪ Service Scan: Scan for services and their versions.

o For example, if you want to perform a basic scan on a target IP (192.168.1.1),

enter this in the Target field and select Quick Scan from the Profile
dropdown.
3. Running the Scan:

o Click Scan to begin the network scan. Zenmap will execute the Nmap scan in
the background and display the results in the interface.

4. Viewing the Results:

o Hosts tab: View the list of active hosts and their IPs.

o Ports/Hosts tab: Shows open ports for the scanned hosts.

o Topology tab: Visual representation of the network layout.

o Nmap Output tab: Raw Nmap scan results for detailed analysis.

5. Saving and Exporting Results:

o After the scan is complete, you can save the results:

▪ Go to File → Save As to save the scan results to a file.

▪ The results can be saved in multiple formats, such as .nmap, .xml, or

.gnmap.

Part 4: Advanced Nmap Features

1. Scan Multiple Targets:

o You can specify multiple targets either by IP range or by comma-separated

list:

o nmap 192.168.1.1,192.168.1.2,192.168.1.3

2. Scan Using Nmap Scripts (NSE):

36
 o Nmap has a powerful scripting engine that can be used to scan for specific
vulnerabilities and conduct more complex reconnaissance:

o nmap --script vuln 192.168.1.1

3. Scan with Timing Options:

o Use timing options to speed up or slow down the scan. For example, a faster
scan:

o nmap -T4 192.168.1.1

o Timing options range from T0 (slowest) to T5 (fastest).

4. Stealth Scan:
o Perform a stealth SYN scan to avoid detection by firewalls and intrusion
detection systems (IDS):

o nmap -sS 192.168.1.1

Part 5: Practice Scenarios

1. Scan for Open Ports:

o Use Nmap or Zenmap to scan for open ports on a local machine:

o nmap 192.168.1.100

2. Service Version Detection:

o Scan for service versions on a remote host to identify software and potential
vulnerabilities:

o nmap -sV 192.168.1.1

3. Operating System Detection:

o Use Nmap to determine the operating system of a remote host:

o nmap -O 192.168.1.1

4. Perform a Full Scan with Zenmap:

o Use the Intense Scan profile in Zenmap to scan a target for open ports,
services, and OS information.

37
 EXPERIMENT 11
Aim: Using Netstat for Network Connection Monitoring.
Objective:

To learn how to use the Netstat command in Kali Linux for monitoring network connections,
identifying open ports, and troubleshooting network issues.

Steps:

Part 1: Introduction to Netstat

1. What is Netstat?

o Netstat (Network Statistics) is a command-line tool used to display active

network connections, routing tables, and interface statistics. It helps monitor
network activity and diagnose network-related issues.

2. Verify Installation:

o On most Linux systems, Netstat is pre-installed. To check if it's available, run:

o netstat --version

o If it is not installed, you can install it with:

o sudo apt update

o sudo apt install net-tools -y

3. Understanding Netstat Output:

o Netstat provides a list of network connections, showing details like:

▪ Proto: The protocol being used (TCP or UDP).

▪ Recv-Q and Send-Q: The number of bytes in the receive and send
queues.

▪ Local Address: The local machine's IP address and port.

▪ Foreign Address: The remote machine’s IP address and port.

▪ State: The current state of the connection (e.g., LISTENING,

ESTABLISHED).

Part 2: Basic Netstat Commands

1. Display All Active Connections:

o To see all active network connections, including listening and established
ones:

o netstat -a

38
 2. Show Listening Ports:

o To list only the ports that are in the "LISTEN" state (waiting for incoming
connections):

o netstat -l

3. Display Network Connections with Process Information:

o To display active connections along with the corresponding process IDs (PID)
and the name of the programs involved:

o sudo netstat -tulnp

▪ -t: Show TCP connections.

▪ -u: Show UDP connections.

▪ -l: Show listening ports.

▪ -n: Display addresses and port numbers in numeric form.

▪ -p: Show the PID and program name.

4. Show Connections by Protocol:

o To display TCP connections only:

o netstat -t
o To display UDP connections only:

o netstat -u

5. Show Routing Table:

o To view the system’s routing table (which networks are reachable through
which interfaces):

o netstat -r

6. Display Network Statistics:

o To view network statistics for different protocols:

o netstat -s

Part 3: Monitoring Network Connections

1. Continuous Monitoring of Active Connections:

o To monitor network connections in real-time, you can use the watch command
to run netstat periodically:
o watch -n 1 'netstat -tulnp'

39
This will update the network connections every second.

2. Monitor a Specific Port:

o To monitor a specific port for any incoming or outgoing traffic, you can use
grep to filter results. For example, to check connections on port 80 (HTTP):

o netstat -tulnp | grep :80

3. Check Established Connections:

o To check only the connections that are established (active communication):

o netstat -tulnp | grep ESTABLISHED

Part 4: Example Use Cases

1. Identify Open Ports on Your System:

o To see which ports are open and listening for connections on your local
machine:

o sudo netstat -tulnp

o This will show which services are listening on ports like 80 (HTTP), 443
(HTTPS), 22 (SSH), etc.

2. Diagnosing Network Issues:

o Use Netstat to find issues with connections:

▪ Look for any connections in the TIME_WAIT or CLOSE_WAIT

state, which could indicate a stalled connection.

▪ Check for multiple connections from the same foreign IP, which could
indicate an attack or misuse.

3. Check for Unusual Connections:

o If you suspect suspicious activity, you can filter Netstat output by IP or port:
o netstat -tulnp | grep <IP_or_Port>
o This will help identify any unauthorized access or unexpected connections.

4. Monitor Outbound Connections:

o To check for connections made by your machine to external servers (helpful

for detecting malware or unexpected traffic):

o netstat -an | grep ESTABLISHED

40
Part 5: Advanced Netstat Usage

1. Display Connections with Multicast Information:

o To display connections along with multicast group information (helpful for

diagnosing multicast traffic):

o netstat -g

2. Check for IPv6 Connections:

o To show IPv6 connections:

o netstat -6

3. Filter Netstat Output with grep:

o For more specific searches, use grep to filter the results. For example, to check
all connections from a particular IP (e.g., 192.168.1.100):

o netstat -an | grep 192.168.1.100

Part 6: Practice Scenarios

1. Monitor Connections While Using a Web Browser:

o Open a web browser and browse different websites. Then, use Netstat to
observe the network connections:

o sudo netstat -tulnp

2. Check the State of SSH Connections:

o If you are connected to a remote machine via SSH, check the connection state:
o netstat -tulnp | grep ssh

3. Monitor UDP Traffic on Port 53 (DNS):

o Monitor UDP connections on port 53 (DNS):

o sudo netstat -anu | grep :53

41
 EXPERIMENT 12
Aim: Basic Packet Capture with Tcpdump.
Objective:

To learn how to use Tcpdump for capturing and analyzing network traffic, helping you
understand network communication, troubleshoot issues, and analyze suspicious activity.

Steps:

Part 1: Introduction to Tcpdump

1. What is Tcpdump?

o Tcpdump is a command-line packet analyzer that allows you to capture and

display network packets transmitted over a network interface. It’s widely used
for network troubleshooting, security analysis, and learning how protocols
function.
2. Verify Installation:

o Check if Tcpdump is installed on your system by running:

o tcpdump --version

o If Tcpdump is not installed, you can install it with:

o sudo apt update

o sudo apt install tcpdump -y

3. Understanding Tcpdump Output:
o Tcpdump captures raw packets and presents them with information such as:

▪ Timestamp

▪ Protocol (e.g., TCP, UDP, ICMP)

▪ Source and destination IP addresses and ports

▪ Packet length

▪ Additional protocol-specific details

Part 2: Basic Tcpdump Commands

1. Capture Packets on the Default Network Interface:

o To start capturing packets on the default network interface (typically eth0 or

wlan0), run the following command:

o sudo tcpdump

42
 o This will display captured packets in real-time. Press Ctrl + C to stop the
capture.

2. Capture Packets on a Specific Network Interface:

o To capture packets on a specific network interface, use the -i option followed

by the interface name:

o sudo tcpdump -i eth0

o Replace eth0 with the name of your network interface. You can list network
interfaces on your system using:

o tcpdump -D

3. Capture Only N Packets:

o To capture a specific number of packets, use the -c option:

o sudo tcpdump -c 10
o This will capture only the first 10 packets and then stop.

4. Save Captured Packets to a File:

o To save the captured packets to a file for later analysis, use the -w option:

o sudo tcpdump -w capture.pcap

o This will save the packets to the capture.pcap file, which you can open later in
tools like Wireshark for detailed analysis.

5. Read Captured Packets from a File:

o To read packets from a saved capture file, use the -r option:

o sudo tcpdump -r capture.pcap

Part 3: Filtering Packets in Tcpdump

1. Capture Packets from a Specific Host:

o To capture packets only from or to a specific host, use the host filter:

o sudo tcpdump host 192.168.1.1

o This will capture all packets to or from the IP address 192.168.1.1.

2. Capture Packets from a Specific Source or Destination IP:

o To capture packets from a specific source IP:

o sudo tcpdump src 192.168.1.1

o To capture packets to a specific destination IP:

43
 o sudo tcpdump dst 192.168.1.1

3. Capture Packets for a Specific Protocol:

o To capture only TCP packets:

o sudo tcpdump tcp

o To capture only UDP packets:

o sudo tcpdump udp

o To capture only ICMP (ping) packets:

o sudo tcpdump icmp

4. Capture Packets for a Specific Port:

o To capture packets for a specific port (e.g., port 80 for HTTP):

o sudo tcpdump port 80

5. Combine Multiple Filters:
o You can combine multiple filters using logical operators such as and, or, and
not. For example, to capture TCP packets from a specific host on port 80:
o sudo tcpdump tcp and host 192.168.1.1 and port 80

Part 4: Advanced Tcpdump Options

1. Capture Packets with Verbose Output:

o To display more detailed information about each captured packet, use the -v
option. Use multiple v options for more verbosity:

o sudo tcpdump -v

o sudo tcpdump -vv

o sudo tcpdump -vvv

2. Capture Packets with a Specific Packet Length:

o To limit the number of bytes of each packet captured (useful for analyzing
headers without capturing the entire payload), use the -s option:

o sudo tcpdump -s 64
3. Capture Packets with Timestamp:

o To add timestamps to each packet captured:

o sudo tcpdump -tttt

44
 4. Capture Only Packets with a Specific Size:

o To capture packets that are exactly 64 bytes long:

o sudo tcpdump 'len 64'

Part 5: Analyzing Captured Packets

1. View Packet Details:

o After capturing packets, use the tcpdump -r command to review the packets:

o sudo tcpdump -r capture.pcap

o This will display the raw packet data captured in the file.

2. Analyze Protocol Details:

o Tcpdump displays protocol information for each packet. You can look for:

▪ TCP handshakes: SYN, ACK, and FIN flags in TCP packets.

▪ DNS Queries: Requests made to resolve domain names.
▪ ICMP Echo Requests: Ping requests and replies.

Analyzing these protocols can help you troubleshoot network issues or detect suspicious
activity (e.g., denial of service attacks, unauthorized access attempts).

Part 6: Practice Scenarios

1. Capture HTTP Traffic:

o To capture HTTP traffic (port 80) and save the output to a file:

o sudo tcpdump port 80 -w http_traffic.pcap

2. Monitor DNS Queries:

o To capture DNS queries (port 53):

o sudo tcpdump port 53

3. Capture Ping (ICMP) Traffic:

o To capture ICMP (ping) traffic:

o sudo tcpdump icmp

4. Filter Traffic from a Specific Source IP:

o To capture traffic from a specific source IP address:

o sudo tcpdump src 192.168.1.100

45
5. Monitor Traffic on a Wireless Network Interface:

o If you're using a wireless interface (e.g., wlan0), you can monitor packets on
that interface:

o sudo tcpdump -i wlan0

46