See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/350487421

Information Security "Practical Experiments "

Technical Report · December 2018

CITATIONS READS
0 2,366

2 authors, including:

Sheharyar Khan
Northwestern Polytechnical University
33 PUBLICATIONS 29 CITATIONS

SEE PROFILE

All content following this page was uploaded by Sheharyar Khan on 03 April 2022.

The user has requested enhancement of the downloaded file.

Final Report of Information Security Theory and Practice

“Practical Experiments “

Technical Report

By

Sheharyar Khan (沙亚)

Supervised by:
Professor Wei Yon
Email id # [email protected]

Student ID # 7420180062

29, December, 2018

Department of Computer Science
Southwest University of Science and Technology
Mianyang, Sichuan
 EXPERIMENTS

Experiment No 1: Sniffer & Scan

Requirements / Goal: In this experiment, we will try to capture packets from

unsecure websites and try to read information from data with help of different
tools mentioned bellow in Experiment content section.

Content:
Sniffer by Ethereal & Wireshark
Protocol analysis
Scan by Xsan & Fluxay

Procedure:
First of all we install any Sniffer tool Ethereal or wireshark. Purpose
of these tools is to scan and capture packets from network after we capture we will
try to read the data captured. There are two cases;

1. If the site is secure then data sent to server from that website will
be encrypted .Any information example , user login information
and other important bank information or important database
queries will be first encrypted and then sent to server and only
server can decrypted and understand .

2. If the site is not secure then we can capture data using any of
capturing tools and able to read data or communication data
between website and server.

For example user login information or other query sent to server

can be leaked by any hacker.

3. data capture from unsecure website and can we easily read

After we complete our experiment the result will in figure below.

Screen Shots:
Experiment No 2: How to Build a Secure Website

Requirements / Goal: In this experiment, we will build a secure website using

IIS in window. Secure websites are titled with HTTPS and communication
between website and server is always secure and encrypted.

Content:
Build a website by IIS in Windows
Configure IIS to provide SSL service
Sniffer and analysis the difference between HTTP & HTTPS.

Procedure:
1. Install the Certificate Service, select Add / Delete Windows
Components by adding / deleting programs in the control
panel. Find the certificate service in the windows
component wizard. Choose it and click next.
2. The system will pop up the prompt "after installing the
certificate service, the computer name and regional
membership will change, whether to continue" and we can
choose "yes".
3. Input the IP address of the local computer into the CA
public name, and leave the default information for other
settings.

Ⅲ. Certificate configuration: Next, we will configure the certificate files we

need through the IIS certificate wizard.

1. . Start the IIS manager in the management tool of system.

2. Click the right mouse button on the default web site to
select "properties”.
3. . Click the Directory Security tab in the default Web site
properties window, and then click the Server Certificate
button.
 4. . The system automatically opens the WEB server
certificate wizard.
5. . Selects the "new certificate and then continues.
6. . Choose "prepare the certificate request now, but send it
later.
7. . Set the name of the certificate as default site, set the bit
length as 512.
8. Tip: Bit length is mainly used for secure encryption. The
longer the bit length is, the more secure, but the
transmission efficiency will be affected, site performance
will also be affected. Generally speaking, choosing 512 is
enough.
9. Input units and departments information.
10. . Enter local host in the public name window of the
website.
11. Input geographic information.
12. Set the filename of the certificate request, save it to the
desktop for easy invocation of the following steps. The
filename is certreq.txt.
13. . Complete the IIS certificate wizard configuration and
save the corresponding certificate files to the desktop as
required.

Certificate request: After configuring the certificate file required by IIS, the
application will be made according to the content of the certificate.

1. Open the IE browser and input http://10.91.30.45/certsrv/

to get the certificate service interface. (Server IP address
is 10.91.30.45).
2. . Click on "apply for a certificate” and continue.
3. . Select the "Advanced Certificate Application” at the
application interface.
4. . Select "Submit a Certificate Application or Subscribe
Certificate Application Using Base64 Coded CMC or
PKCS # 10 File in the Advanced Certificate Application
Interface.
5. . Open the certreq.txt file on the desktop with a notepad
and copy all the contents.
 6. Paste the copied content into the "Submit a Certificate
Application or Renew Application, and then click the
"Submit button.
7. At this point, we have completed the application of the
certificate, and we have to pass the certificate that has just
been applied.

Validation certificate: After the certificate application, the administrator of the

server is required to manually issue the certificate to enable it to take effect.

1. Choose the start bar procedure management tool

certificate authority in taskbar.
2. Find the "suspended application" in the left option.
3. .Look at the list on the right. The certificate application
you just submitted is in there. Right-click on the
certificate, there is a "All Tasks" item, and then select the
sub-item "Issue". Then the suspended application will be
transferred to the "certificate issued".
4. .Find the certificate just under the "certificate issued"
double-click to open it. And select "copy to file" in the
details tab of the certificate property window.
5. In the Certificate Export Wizard, choose any CER format
to export, such as "DER encoded binary" and save it as a
file. This file will be used later.

Through the above five steps to operate our IIS certificate has passed the system
administrator's audit, the following certificate can be audited through the
establishment of SSL encryption site.

Configure IIS's SSL security encryption function: Once again, we come to the
IIS setup window to enable SSL security encryption.

1. Click the Directory Security tab in the default Web site

properties window, and then click the Server Certificate
button at the secure communication location.
2. . Select the "hang pending request and install the
certificate “option in the suspended certificate request
window.
 3. Click browse button to find the file in the DER encoding
format just saved by the certificate Export Wizard in
Step 5 of the certificate verification.
4. At this point we can set the SSL parameters, check the
"Require Secure Channel SSL"in the secure
communication properties, and enable SSL encryption at
IIS sites.
5. Once again to the site tag in the default site properties,
you can see that the SSL port has been configured with
port information - 443.
6. At this point we have completed the SSL encryption
site configuration, client access to the server IIS site
browsed by the information is encrypted, is very secure.

Browse SSL encryption sites: After the SSL encryption site function is set up on
the server, a "security alert" window pops up when we access the site through a
browser on the client. Only after you trust this certificate you can browse the
website information properly.

Screen Shots:
EXPERIMENT NO 3: Security Email – PGP

Requirements / Goal: In this experiment we will try to learn how to do file and
email encryption using Gpg4win software .This software uses GnuPG public-key
cryptography for data encryption and digital signatures.

Content:
gpg4win

Procedure: For this experiment we have to follow following steps;

1. Install gpg4win software

2. Gpg4win is an email and file encryption package for most versions.
3. After that, you have your certificate which is a key pair.
4. Then anyone else can import the received public key files. After this
step, everyone has a key pair of his own and the public keys of others.

Sign and Verify, Encrypt and Decrypt:

1. You can sign and encrypt email message by "Notepad". You can set
sign only or encrypt only or both, and choose the email receiver at the
"Recipients" item.
2. Click "Sign/Encrypt Notepad", enter your password. After that, you get
the PGP message for sending. You can send this message to your
friend.
3. When your friend receives this message, he can "Decrypt/Verify
4. Notepad". So he gets the plaintext and verify your signature.
5. You also can write your message in a txt file. When you want to send
this file or other types of file as an attachment, you can right-click the
file, sign and encrypt it, then you get .gpg file which can send to your
friend. Your friend can right-click the .gpg file, decrypt and verify it.
Screen Shots:
 EXPERIMENT NO 4: Malicious Code Trojan

Requirements / Goal: In this experiment, we will create a Trojan to get

backdoor access of target system and perform functions remotely to access
target machine for example delete ,update or add new data in target system and
also get fully access of system .

Content:
Controller: Windows server 2003 in Vmware
Target: Windows XP professional in Vmware
Software HUIGEZI

Procedure:
For this experiment we have to follow following steps;

1. Configure the Trojan in Controller

2. Send the Trojan to target
3. Trojan can be transferred by any medium by email , messenger or
any other .once we transferred we can install by clicking the Trojan
file .this will transfer this target system information to main system.
4. Target runs the Trojan

Controller gets remote control permission:

1. Double click the Trojan file in the target system, the trojan runs. You
can see the target host in the software in controller, as the picture
below. Then you have the permission of remote control, you can do
anything you like.
 2. Note: watch video in parent folder, controlling target machine and
screen sharing .
3. Clean the Trojan in target
End process IEXPLORE.EXE which is the Trojan process.
4. Run "regedit" in CMD window to open the registry, search
"GrayPigeon", and delete all the directories of search results. If you
can't delete it, right click the directory, choose "permissions", and
allow everyone's full control.
5. Then try to delete again
6. Search "com.cn.exe" in target to locate the Trojan file, and then
delete the Trojan file.
7. After all the steps, the Trojan has been cleaned. Reboot the target to
check whether there is Trojan process, service, registry; file exists,
and checks whether controller can see the target system. If not, you
have cleaned the Trojan; otherwise you have to clean again.

Screen Shots:
EXPERIMENT NO 5: Intrusion detection system – Snort

Requirements / Goal: In this experiment, we build a visualization intrusion

detection system by using some software’s, such as WinPcap, Snort, appserv,
acid, adodb, jpgraph.

Content:
WinPcap - network packets capture
Snort - intrusion detection system
appserv - Apache/PHP/MySQL environment
Acid - web display for alerts
Adodb - database connection
Jpgraph - graphic link library
WinPcap - network packets capture
Snort - intrusion detection system
Appserv - Apache/PHP/MySQL environment
acid - web display for alerts
adodb - database connection
jpgraph - graphic link library

Procedure: For this experiment we have to for install different software’s

mentions below;
1. WinPcap_3_0.exe
2. Snort_2_3_0_Installer.exe
a. appserv-win32-2.4.1.exe
b. acid-0.9.6b23.tar.gz
c. adodb461.zip
d. jpgraph-1.17.tar.gz
3. Purpose of this software’s mentioned above under “Experiment
content” section
4. Configure this information as username: mysql, password: 123456
5. Click "phpMyAdmin Database Manager Version 2.6.0-rc1", you can
see the database.
6. Test apache, open IE browser, input http://127.0.0.1
7. Install Snort for intrusion detection by using the default settings
8. Install WinPcap for packets capture by using the default settings.
 9. Snort Database

Experiment result and analysis: Purpose of this experiment is to capture

data from network through WinPcap and filter according to our rules and save in
database and also present in web graphical form through acid.

1. In Experiment we make an example rule using alert,

2. Create myrule.rule file in rules folder (C:\snort\rules)
3. Create bat file under C:\snort\bin with name runsnort.bat with
following content “snort -c "c:\snort\etc\snort.conf" –l "C:\snort\log" -
d -e – ”
4. Open cmd windows, change directory to c:/snort/bin, run" runsnort.bat
".
5. Please watch video in same directory with name “Projectdemo.wmv.”

Screen Shots:
Experiment No 6: Information hiding

Requirements / Goal: In this experiment, we will use LSB technique to hide

information in one image and can also retrieve information from that image.

Content:
Eclipse
Net-beans tools
JAVA

Procedure: In this experiment we use LSB technique to save information in

image, what is LSB steganography: Least Significant Bit algorithm for
image steganography. The LSB is the lowest significant bit in the byte value of the
image pixel. The LSB based image steganography embeds the secret in the least
significant bits of pixel values of the cover image (CVR).

1. First step to encode information, select encode button (fig 1) and

follow next screen.
2. Select original picture by clicking “OPEN” button then write text
message in Text field which you want to hide in picture, finally
press “Embed” button to perform action.
3. After clicking “Embed” button you will see result picture In next
column, see fig 4 .To save resulted picture press “Save into new
file” and save anywhere .Fig 5 is final picture have information
embedded.
4. To retrieve information from that picture click on “DECODE”
button shown in (Fig 1).Follow (Fig 6) and select picture from
where you want to retrieve information.
5. Finally click on “Decode” button to retrieve message from picture.
Screen Shots:
View publication stats