CS Lab Manual1

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 14

CCS340 CYBER SECURITY LABORATORY

COURSE OBJECTIVES:

 To understand the cyber attacks and tools for mitigating them.


 To understand information gathering.
 To learn how to detect a cyber attack.
 To learn how to prevent a cyber attack.

LIST OF EXPERIMENTS:

1. Install Kali Linux on Virtual box

2. Explore Kali Linux and bash scripting

3. Perform open source intelligence gathering using Netcraft, Whois Lookups, DNS
Reconnaissance, Harvester and Maltego

4. Understand the nmap command d and scan a target using nmap

5. Install metasploitable2 on the virtual box and search for unpatched vulnerabilities

6. Use Metasploit to exploit an unpatched vulnerability

7. Install Linus server on the virtual box and install ssh

8. Use Fail2banto scan log files and ban Ips that show the malicious signs

9. Launch brute-force attacks on the Linux server using Hydra.

10. Perform real-time network traffic analysis and data pocket logging using Snor

Lab Requirements: for a batch of 30 students


Operating Systems: Kali Linux in virtual box

TOTAL: 35 PERIODS

COURSE OUTCOMES:

On successful completion of this course, the student will be able to

CO1: Classify various types of attacks and learn the tools to launch the attacks (K2)
CO2 Apply various tools to perform information gathering (K3)
CO3: Apply intrusion techniques to detect intrusion (K3)
CO4: Apply intrusion prevention techniques to prevent intrusion (K3)
Ex.No:1
Install Kali Linux on Virtual box
Date:

Aim:
To install Kali Linux on Virtual box.
Procedure:
Kali Linux is a Debian-derived Linux distribution designed for penetration testing.
With over 600 preinstalled penetration-testing programs, it earned a reputation as one of the best-
operating systems used for security testing. As a security-testing platform, it is best to install Kali
as a VM on VirtualBox.
Prerequisites
At least 20 GB of disk space
At least 1 GB of RAM (preferably 2) for i386 and amd64 architectures
VirtualBox (or alternative virtualization software)

Step 1: Download Kali Linux ISO Image

On the official Kali Linux website downloads section, you can find Kali Linux .iso images. These
images are uploaded every few months, providing the latest official releases.

Navigate to the Kali Linux Downloads page and find the packages available for download.
Depending on the system you have, download the 64-Bit or 32-Bit version.

Step 2: Create Kali Linux VirtualBox Container

After downloading the .iso image, create a new virtual machine and import Kali as its OS.

1. Launch VirtualBox Manager and click the New icon.


2. Name and operating system. A pop-up window for creating a new VM appears. Specify
a name and a destination folder. The Type and Version change automatically, based on the name
you provide. Make sure the information matches the package you downloaded and click Next.

3. Memory size. Choose how much memory to allocate to the virtual machine and click Next. The
default setting for Linux is 1024 MB. However, this varies depending on your individual needs.

4. Hard disk. The default option is to create a virtual hard disk for the new VM. Click Create to
continue. Alternatively, you can use an existing virtual hard disk file or decide not to add one at all.

5. Hard disk file type. Stick to the default file type for the new virtual hard disk, VDI (VirtualBox
Disk Image). Click Next to continue.

6. Storage on a physical hard disk. Decide between Dynamically allocated and Fixed size. The
first choice allows the new hard disk to grow and fill up space dedicated to it. The second, fixed
size, uses the maximum capacity from the start. Click Next.

7. File location and size. Specify the name and where you want to store the virtual hard disk.
Choose the amount of file data the VM is allowed to store on the hard disk. We advise giving it at
least 8 gigabytes. Click Create to finish.
Now you created a new VM. The VM appears on the list in the VirtualBox Manager.

Step 3: Configure Virtual Machine Settings

The next step is adjusting the default virtual machine settings.

1. Select a virtual machine and click the Settings icon. Make sure you marked the correct VM and
that the right-hand side is displaying details for Kali Linux.

2. In the Kali Linux – Settings window, navigate to General > Advanced tab. Change the Shared
Clipboard and Drag’n’Drop settings to Bidirectional. This feature allows you to copy and paste
between the host and guest machine.
3. Go to System > Motherboard. Set the boot order to start from Optical, followed by Hard Disk.
Uncheck Floppy as it is unnecessary.

4. Next, move to the Processor tab in the same window. Increase the number of processors to two
(2) to enhance performance.
5. Finally, navigate to Storage settings. Add the downloaded Kali image to a storage device
under Controller: IDE. Click the disk icon to search for the image. Once finished, close the
Settings window.

6. Click the Start icon to begin installing Kali.

Step 4: Installing and Setting Up Kali Linux

After you booted the installation menu by clicking Start, a new VM VirtualBox window appears
with the Kali welcome screen.

Select the Graphical install option and go through the following installation steps for setting up
Kali Linux in VirtualBox.

1. Select a language. Choose the default language for the system (which will also be the language
used during the installation process).
2. Select your location. Find and select your country from the list (or choose “other”).

3. Configure the keyboard. Decide which keymap to use. In most cases, the best option is to
select American English.

4. Configure the network. First, enter a hostname for the system and click Continue.

5. Next, create a domain name (the part of your internet address after your hostname). Domain
names usually end in .com, .net, .edu, etc. Make sure you use the same domain name on all your
machines.

6. Set up users and passwords. Create a strong root password for the system administrator
account.

7. Configure the clock. Select your time zone from the available options.

8. Partition disks. Select how you would like to partition the hard disk. Unless you have a good
reason to do it manually, go for the Guided –use entire disk option.

9. Then, select which disk you want to use for partitioning. As you created a single virtual hard
disk in Step 3: Adjust VM Settings, you do not have to worry about data loss. Select the only
available option – SCSI3 (0,0,0) (sda) – 68.7 GB ATA VBOK HARDDISK (the details after the
dash vary depending on your virtualization software).
10. Next, select the scheme for partitioning. If you are a new user, go for All files in one partition.

11. The wizard gives you an overview of the configured partitions. Continue by navigating
to Finish partitioning and write changes to disk. Click Continue and confirm with Yes.

12. The wizard starts installing Kali. While the installation bar loads, additional configuration
settings appear.

13. Configure the package manager. Select whether you want to use a network mirror and
click Continue. Enter the HTTP proxy information if you are using one. Otherwise, leave the field
blank and click Continue again.

14. Install the GRUB boot loader on a hard disk. Select Yes and Continue. Then, select a boot
loader device to ensure the newly installed system is bootable.

15. Once you receive the message Installation is complete, click Continue to reboot your VM.

With this, you have successfully installed Kali Linux on VirtualBox. After rebooting, the Kali login
screen appears. Type in a username (root) and password you entered in the previous steps.

Result:
The Kali Linux operating system is successfully installed on the virtual box.

Ex.No:2
Explore Kali Linux and bash scripting
Date:
Aim:
To Explore Kali Linux and bash scripting.
Procedure:
A Bash script is a plain-text file that contains a series of commands that are
executed as if they had been typed on terminal window. In general, Bash scripts have an optional
extension of .sh for identification (but it can be run without extension name), begin wit
#!/bin/bash and must have executable permission set before the script can be executed.

Main Objectives:

To create a Bashscript file and run the file in terminal.

Let's write a simple "Hello World" Bash script on a new file using any text editor, named it
hello-world.sh and write the following contains inside it:
#!/bin/bash
# Hello World on Bash Script.
echo "Hello World!"
Then save and close it.
Line 1: #! is known as shebang, and it is ignored by the Bash interpreter. The second part,
/bin/bash, is absolute path to the interpreter, which is used to run the script. For this we can
identify that, this a "Bash script". There are various types of shell scripts like "zsh" and "C Shell
script" etc.
Line 2: # is used to add a comment. Hashed (#) tests will be ignored by interpreter. This
comments will help us to take special notes for the scripts.
Line 3: echo "Hello World!" uses the echo Linux command utility to print a given string to the
terminal, which in this case is "Hello World!".
Now we need to make this script executable by running following command:
chmod +x hello-world.sh
Now we can run the script by using following command:
bash hello-world.sh
Output of the above command:
"Hello World!"

The chmod command, with +x flag is used to make the bash script executable and bash along with
scriptname.sh we can run it. We can ./scriptname.sh to run the script.
Variables

Variables are used for temporarily store data. We can declare a variable to assign a value
inside it, or read a variable, which will ""expand" or "resolve" it to its store value.
We can declare variable values in various ways. The easiest method is to set the value directly
with a simple name=value declaration. We should remember that there are no spaces between or
after the "=" sign.

name=Kali
surname=Linux

Variable declaring is pointless unless we can use/reference it. To do this, we precede the variable
with $ character. Whenever Bash see this ($) syntax in a command, it replaces the variable name
with it's value before executing the command.
For an example we can echo both this variable by using following command:

echo $name $surname

In the following screenshot we can the output shows the values of the variables:

Bash is case sensitive, so we must be consistent when declaring and expending variables. The
good practice to use descriptive variable names, which make our script much easier for others to
understand and maintain.
Bash interprets certain characters in specific ways. For example, the following declaration
demonstrates an improper multi-value variable declaration.

hello=Hello World
This was not necessarily what we expected. To fix this type of error we can use single quote (')
or double quote (") to enclose our text. Here we need to know that Bash treats single quotes and
double quotes differently. When Bash meets the single quotes, Bash interprets every enclosed
character literally. When enclosed in double quotes, all characters are viewed literally expect "$"
and "\" meaning variables will be expended in an initial substitution pass on the enclosed text.

hello='Hello World'

In the above example, we had used the single quote (') to use the variable. But when we use the
hello variable with something other than we need to use double quote ("), we can see following
for better understanding:

hello2="Hi, $hello"

Now we can see the print (echo) of new $hello2 variable on the following screenshot:

We can also set the value of the variable to the result of a command or script. This is also known
as command substitution, which allows us to take the output of a command (what would
normally be printed to the screen) and have it saved as the value of a variable.

To do this, place the variable name in parentheses "( )", preceded by a "$" character:
user=$(whoami)
echo $user

Here we assigned the output of the whoami command the user variable. We then displayed it's
value by echo. In the following screenshot we can see the output of the above command:

An alternative syntax for command substitution using backtick (`), as we can see in the following
commands:

user2=`whoami`
echo $user2

This backtick method is older and typically discouraged as there are differences in how the
two methods of command substitution behave. It is also important to note that command
substitution happens in a subshell and changes to variables in the subshell will not alter variables
from the master process.

Arguments

We have already executed Linux commands with arguments. For example, when we run
command ls -l /var/log, both -l and /var/log are arguments to the ls command.

Bash scripts are not different, we can supply command-line arguments and use them in our
scripts. For an example we can see following screenshot:
In the above screenshot, we have created a simple Bash script, set executable permissions on it,
and then ran it with two arguments. The $1 and $2 variables represents the first and second
arguments passed to the script.

Let's explore a few special Bash variables:

Variable Name Description


$0 The name of the Bash script
$1 - $9 The first 9 arguments to the Bash script
$# Number of arguments passed to the Bash script
$@ All arguments passed to the Bash script
$? The exit status of the most recently run process
$$ The process id of the current script
$USER The username of the user running the script
$HOSTNME The hostname of the machine
$RANDOM A random number
$LINENO The current line number in the script

Some of these special variable can be useful when debugging a script. For example, we might be
able to obtain the exit status of a command to determine whether it was successfully executed or
not.

Reading User Input

Command-line arguments are a form of user input, but we can also capture interactive user input
during a script is running with the read command. We are going to use read to capture user input
and assign it to a variable, as we did in the following screenshot:
We can alter the behavior of the read command with various command line options. Two of the
most commonly flags include -p, which allows us to specify a prompt, and -s, which makes the
user input silent/invisible (might be helpful for credentials). We can see an example in the
following screenshot:

Result:
The bash scripting was successfully executed in Kali Linux terminal.

You might also like