EXPERIMENT--1A

AIM : Installation of Kali Linux

THEORY:
* Exploring Kali Linux involves delving into the realm of ethical
hacking and cybersecurity.
* By installing Kali Linux, individuals gain access to a wide range of
powerful tools and utilities tailored for identifying security weaknesses
and testing defences

PROCEDURE:1.Download Kali Linux ISO:

2.Create Bootable Media:
3.Virtualization Software:
4.Create VM:
5.Mount ISO:
6.Install Kali Linux:
7.Login:
8.Update: Open Terminal in Kali Linux, run sudo ap

CONCLUSION: Setting up Kali Linux in a virtual machine not only provides

a secure and isolated environment for various cybersecurity tasks but
also serves as a crucial step in familiarising

EXPERIMENT--1B
Aim: Familiarise participants with basic cyber security and basic
terminal commands.

Theory :
Graphical user interfaces (GUIs) excel in providing a user-friendly
experience, simplifying complex tasks through intuitive visuals.

Procedure :
1.Use CVE DETAILS Website find out what is the vulnerability of a
particular website
2.Booting into basic terminal commands: Use basic terminal commands such
as ls, cd, mkdir, touch, rm, rmdir, mv, cat, whoami, cp, grep, ps,
ifconfig, ls, nmap,awk etc. Demonstrate how to navigate the file system
using the terminal.

EXPERIMENT--2
Aim: Perform basic network scanning using the Nmap tool (Zenmap on
Windows). Identify services, open ports, active hosts, operating systems,
and vulnerabilities.

Theory :
*Network scanning involves discovering devices (hosts) on a network, the
services they offer, and potential security vulnerabilities.
*Nmap is a powerful tool for network administrators and security
professionals, but it's crucial to use it ethically and with permission
on authorised networks.
*Nmap, your network's digital stethoscope, scans to identify active
devices, open ports, running services, operating systems, and potential
weaknesses.

Procedure:
1.Type ifconfig and press Enter..
2.Download the appropriate Nmap installer from the official website .
3.The basic Nmap command structure is: nmap target_IP
4.Identifying Your Network Range and Open a terminal window.
5.Run the command in your terminal window. Nmap will initiate the scan
and display the results.

COMMANDS:
HTTP proxy port target IP
nmap -p 8080,80,8008 ip
HTTPS proxy port target IP
nmap -p 443 ip
SOCK proxy port target IP
nmap -p 1080.1081 ip
Squid proxy port
nmap -p 3128 ip
nmap -sS ip
nmap -sV ip
nmap -A ip
namp -sn

Conclusions:
This basic network scan using Nmap successfully identified active hosts
on the target network, along with the open ports they offer and the
services likely running on those ports. Nmap also provided an attempt at
identifying the operating systems running on these devices.

Experiment: 4
AIM : Packet analysis using Wireshark.

THEORY:
*Wireshark is an open-source network protocol analysis software program,
widely considered the industry standard.
*network specialists and software developers supports Wireshark and
continues to make updates for new network technologies and encryption
methods.
*Government agencies, corporations, non-profits, and educational
institutions use Wireshark for troubleshooting and teaching purposes.

PROCEDURE:
1. Capturing data packets on Wireshark
When you open Wireshark, you see a screen showing you a list of
all the network connections you can monitor.
When you open Wireshark, you see a screen showing you a list of
all the network connections you can monitor.
 >>Click the first button on the toolbar, titled “Start capturing
packets.”
>>You can select the menu item Capture -> Start.
2. Wireshark filters
Some of the best features of Wireshark are the capture filters
and display filters. Filters allow you to view the capture the way you
need to see it to troubleshoot the issues at hand.
Filters allow you to view the capture the way you need to see
it to troubleshoot the issues at hand. Below are several filters to get
you started.

Experiment 7
AIM: 1] Installation of Wire shark, tcpdump, etc

1.Add the stable official PPA. To do this, go to terminal by pressing

Ctrl+Alt+T and run:
sudo add-apt-repository ppa:wireshark-dev/stable

2.Update the repository:

sudo apt-get update

3.Install wireshark 2.0:

sudo apt-get install wireshark

4.Run wireshark:
sudo wireshark

If you get an error go to the terminal again and run:

sudo dpkg-reconfigure wireshark-common

Say YES to the message box. This adds a wireshark group. Then add user to
the group by typing
sudo adduser $USER wireshark
sudo chmod +x /usr/bin/dumpcap

2]Installation of tcpdump
1. tcpdump is builtin no need to install

2. Tcpdump data capturing

-i : Select interface that the capture is to take place on, this will
often be an ethernet card
$ sudo tcpdump -i eth0

-nn : A single (n) will not resolve hostnames. A double (nn) will not
resolve hostnames or ports.
-nn -s0 -v port 80
$ sudo tcpdump -nn

-s0 : Snap length, is the size of the packet to capture.

$ sudo tcpdump -s0

-v : Verbose, using (-v) or (-vv) increases the amount of detail shown in

the output, often showing more protocol specific information.
$ sudo tcpdump -v

Adding -A to the command line will have the output include the ascii
strings from the capture.
$ sudo tcpdump -A
$ sudo tcpdump -s0
$ sudo tcpdump port 80

Filter on UDP traffic:

$ sudo tcpdump -i eth0 udp
$ sudo tcpdump -i eth0 host 10.10.1.1
$ sudo tcpdump -i eth0 dst 10.10.1.20

Write a capture file

$ sudo tcpdump -i eth0 -s0 -w test.pcap

EXPERIMENT 8: Installation of rootkits

*A rootkit is a stealthy type of malicious software (malware) designed to
hide the existence of certain processes
*A rootkit is a collection of tools (programs) that enable administrator-
level access to a computer or computer network.
*A rootkit may consist of spyware and other programs that: monitor
traffic and keystrokes; create a "backdoor" into the system for the
hacker's use; alter log files; attack other machines on the network; and
alter existing system tools to escape detection.

How to Use rkhunter:

Installation: rkhunter is typically installed on Linux systems using

package management tools like apt (for Debian-based systems) or yum (for
Red Hat-based systems)
$sudo apt update
$sudo apt install rkhunter
$sudo rkhunter --check

Interpreting Results: Once the scan completes, review the output

generated by rkhunter.
$sudo rkhunter --check

EXPERIMENT 9: Perform an Experiment to Sniff Traffic using ARP Poisoning

*n this updated tutorial we will be using Kali Linux 2020
*You could also create a GPO which allows the ICMP protocol and other
functions.

Step #1 – Networking information

>>Start kali linux on virtual machine.
>>Choose the Bridge network from the settings of VM Settings > Network >
Bridge Adapter(Attached to)

Network
For Kali, open the terminal and type:
$sudo ifconfig
$ipconfig

>>You will need to copy the IPv4 addresses which will be in a 4 dotted
decimal format: e.g. 192.168.0.0
>>Included the subnet mask as you need to make sure that both IPs are in
the same subnet.

Step #2 – Launching Ettercap

In the Kali VM, pull up the terminal and type:
$sudo ettercap -G

Step #3 – Adding Hosts to Ettercap

>>Begin by looking at the top left of the application window and click on
the magnifying glass icon.
>>Below you will find 3 screenshots that show each step with the last
enabling you to view the current host list:

Step #4 – Adding Targets

>>Looking at your current Hosts list, select the default gateway address
which in this case is 192.168.58.2 and click Add to Target 1.
>>Next select the IP of your Windows 10 machine (in my case it’s
192.168.58.129) and click Add to Target 2.

Step #5 – Starting the Spoofing Attack

>>Now we have 2 targets added that we want to conduct the MitM attack on,
poisoning the ARP cache of our Windows 10 machine.
$sudo sysctl -w net.ipv4.ip_forward=1

Step #6 – Analyzing Traffic in Wireshark

Now, go to your Windows 10 machine and open a browser and go to an HTTP
website

I want to go over the tcpdump command that we need to enter in the

terminal to capture the traffic.
$sudo tcpdump -i eth0 -A -v port 80

Conclusion and next steps:

Ettercap is a great tool for understanding how this type of attack
happens. I think the developer team did an awesome job updating the
interface and its features.