Ex.

No : 1a
Implementation of symmetric key algorithm
Date :
using DES Algorithm

AIM:
To use Data Encryption Standard (DES) Algorithm for a practical
application like User Message Encryption.

ALGORITHM:
1. Create a DES Key.
2. Create a Cipher instance from Cipher class, specify thefollowing
information and separated by a slash(/).
a. Algorithm name
b. Mode(optional)
c. Padding scheme(optional)
3. Convert String into Byte[] arrayformat.
4. Make Cipher in encrypt mode, and encrypt it with [Link]()method.
5. Make Cipher in decrypt mode, and decrypt it with [Link]()method.

PROGRAM:

[Link]
import [Link].*;
import [Link];
import [Link];
import [Link];
import [Link];
import [Link];
import [Link] ;
class DES1 {
byte[] skey = new byte[1000];
String skeyString;
static byte[] raw;
String inputMessage,encryptedData,decryptedMessage;

public DES1() {
try {
generateSymmetricKey();

inputMessage=[Link](null,"Enter message
to encrypt");
byte[] ibyte = [Link]();
byte[] ebyte=encrypt(raw, ibyte);
 String encryptedData = new String(ebyte);
[Link]("Encrypted message "+encryptedData);
[Link](null,"Encrypted Data
"+"\n"+encryptedData);

byte[] dbyte= decrypt(raw,ebyte);

String decryptedMessage = new String(dbyte);
[Link]("Decrypted message "+decryptedMessage);

[Link](null,"Decrypted Data
"+"\n"+decryptedMessage);
}
catch(Exception e) {
[Link](e);
}

}
void generateSymmetricKey() {
try {
Random r = new Random();
int num = [Link](10000);
String knum = [Link](num);
byte[] knumb = [Link]();
skey=getRawKey(knumb);
skeyString = new String(skey);
[Link]("DES Symmetric key = "+skeyString);
}
catch(Exception e) {
[Link](e);
}
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = [Link]("DES");
SecureRandom sr = [Link]("SHA1PRNG");
[Link](seed);
[Link](56, sr);
SecretKey skey = [Link]();
raw = [Link]();
return raw;
}
private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "DES");
 Cipher cipher = [Link]("DES");
[Link](Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = [Link](clear);
return encrypted;
}

private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {

SecretKeySpec skeySpec = new SecretKeySpec(raw, "DES");
Cipher cipher = [Link]("DES");
[Link](Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = [Link](encrypted);
return decrypted;
}
public static void main(String args[]) {
DES1 des = new DES1();
}
}

OUTPUT:
DES Symmetric key = R�]Q�TC1
Encrypted message �0�=�)��������
Decrypted message SECURITYLAB
RESULT:
Thus the java program for DES Algorithm has been implemented and the
output verified successfully.
 Apply AES algorithm for practical applications

[Link].b Date:

AIM:
To use Advanced Encryption Standard (AES) Algorithm for a practical
application like URL Encryption.

ALGORITHM:
1. AES is based on a design principle known as asubstitution–permutation.
2. AES does not use a Feistel network like DES, it uses variant ofRijndael.
3. It has a fixed block size of 128 bits, and a key size of 128, 192, or 256bits.
4. AES operates on a 4 × 4 column-major order array of bytes, termed thestate

PROGRAM:
[Link]

import [Link];
import [Link];
import [Link];
import [Link];
import [Link].Base64;
import [Link];
import [Link];
public class AES {
private static SecretKeySpec secretKey;
private static byte[] key;
public static void setKey(String myKey)
{
MessageDigest sha = null;
try {
key = [Link]("UTF-8");
sha = [Link]("SHA-1");
key = [Link](key);
key = [Link](key, 16);
secretKey = new SecretKeySpec(key, "AES");
}
catch (NoSuchAlgorithmException e)
{
[Link]();
} catch (UnsupportedEncodingException e)
{
[Link]();
}
}
public static String encrypt(String strToEncrypt, String secret)
{
try {
setKey(secret);
Cipher cipher = [Link]("AES/ECB/PKCS5Padding");
[Link](Cipher.ENCRYPT_MODE, secretKey);
Return
[Link]().encodeToString([Link]([Link]("UTF -
8")));
} catch (Exception e)
{
[Link]("Error while encrypting: " + [Link]());
}
return null; }
public static String decrypt(String strToDecrypt, String secret)
{
try {
setKey(secret);
Cipher cipher = [Link]("AES/ECB/PKCS5PADDING");
[Link](Cipher.DECRYPT_MODE, secretKey);
return new String([Link]([Link]().decode(strToDecrypt))); }
catch (Exception e) {
[Link]("Error while decrypting: " + [Link]());
}
return null;
}
public static void main(String[] args)
{
final String secretKey = "annaUniversity";
String originalString = "[Link]";
String encryptedString = [Link](originalString, secretKey);
String decryptedString = [Link](encryptedString, secretKey);
[Link]("URL Encryption Using AES Algorithm\n------------");
[Link]("Original URL : " + originalString);
 [Link]("Encrypted URL : " + encryptedString);
[Link]("Decrypted URL : " + decryptedString);
}
}

OUTPUT:

C:\jdk1.7\bin>javac [Link]

C:\jdk1.7\bin>java AESEncryption

Original Text:Hello World

AES Key (Hex Form):6051628F246D19C49C1E813990459FA3

Encrypted Text (Hex Form):27D5CF9E6AD4E13A92B4D9C9EFF83A08

Descrypted Text:Hello World

RESULT:
Thus the java program for AES Algorithm has been implemented for URL
Encryption and the output verified successfully.
Ex. No : 2a
Implementation of Asymmetric Encryption
Date :
algorithm using RSA Techniques

AIM:
To implement RSA (Rivest–Shamir–Adleman) algorithm by using HTML
and Javascript.

ALGORITHM:
1. Choose two prime number p andq
2. Compute the value of n andp
3. Find the value of e (publickey)
4. Compute the value of d (private key) usinggcd()
5. Do the encryption and decryption
a. Encryption is givenas,
c = te mod n
b. Decryption is givenas,
t = cd mod n

PROGRAM:
[Link]
<html>

<head>
<title>RSA Encryption</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>

<body>
<center>
<h1>RSA Algorithm</h1>
<h2>Implemented Using HTML & Javascript</h2>
<hr>
<table>
<tr>
<td>Enter First Prime Number:</td>
<td><input type="number" value="53" id="p"></td>
</tr>
<tr>
<td>Enter Second Prime Number:</td>
<td><input type="number" value="59" id="q"></p>
</td>
</tr>
 <tr>
<td>Enter the Message(cipher text):<br>[A=1, B=2,...]</td>
<td><input type="number" value="89" id="msg"></p>
</td>
</tr>
<tr>
<td>Public Key:</td>
<td>
<p id="publickey"></p>
</td>
</tr>
<tr>
<td>Exponent:</td>
<td>
<p id="exponent"></p>
</td>
</tr>
<tr>
<td>Private Key:</td>
<td>
<p id="privatekey"></p>
</td>
</tr>
<tr>
<td>Cipher Text:</td>
<td>
<p id="ciphertext"></p>
</td>
</tr>
<tr>
<td><button onclick="RSA();">Apply RSA</button></td>
</tr>
</table>
</center>
</body>
<script type="text/javascript">
function RSA() {
 var gcd, p, q, no, n, t, e, i, x;
gcd = function (a, b) { return (!b) ? a : gcd(b, a % b);};
p =[Link]('p').value;
q =[Link]('q').value;
no = [Link]('msg').value;
n = p * q;
t = (p - 1) * (q - 1);

for (e = 2; e < t; e++) {

if (gcd(e, t) == 1) {
break;
}
}

for (i = 0; i < 10; i++) {

x=1+i*t
if (x % e == 0) {
d = x / e;
break;
}
}

ctt = [Link](no,e).toFixed(0);
ct = ctt % n;

dtt = [Link](ct,d).toFixed(0);
dt = dtt % n;

[Link]('publickey').innerHTML = n;
[Link]('exponent').innerHTML = e;
[Link]('privatekey').innerHTML = d;
[Link]('ciphertext').innerHTML = ct;
}
</script>
</html>
OUTPUT:

RESULT:
Thus the RSA algorithm has been implemented using HTML & CSS and the
output has been verified successfully.
Ex. No : 2b
AsymmetricAgorithm- Diffie Hellamn key
Date :
exchange algorithm

AIM:
To implement the Diffie-Hellman Key Exchange algorithm for a given
problem .

ALGORITHM:

1. Alice and Bob publicly agree to use a modulus p = 23 and base g = 5(which is a
primitive root modulo23).
2. Alice chooses a secret integer a = 4, then sends Bob A = ga modp
o A = 54mod 23 =4
3. Bob chooses a secret integer b = 3, then sends Alice B = gb modp
o B = 53mod 23 =10
4. Alice computes s = Ba modp
o s = 104mod 23 =18
5. Bob computes s = Ab mod p
o s = 43mod 23 =18
6. Alice and Bob now share a secret (the number18).

PROGRAM:
[Link]

class DiffieHellman {
public static void main(String args[]) {
int p = 23; /* publicly known (prime number) */ int
g = 5; /* publicly known (primitive root) */ int x =
4; /* only Alice knows this secret*/
int y = 3; /* only Bob knows this secret */
double aliceSends = ([Link](g, x)) %p;
double bobComputes = ([Link](aliceSends, y)) % p; double
bobSends = ([Link](g, y)) % p;
double aliceComputes = ([Link](bobSends, x)) % p; double
sharedSecret = ([Link](g, (x * y))) % p

[Link]("simulation of Diffie-Hellman key exchange algorithm\n--

");
[Link]("Alice Sends : " + aliceSends);
 [Link]("Bob Computes : " + bobComputes);
[Link]("Bob Sends : " + bobSends);
[Link]("Alice Computes : " + aliceComputes);
[Link]("Shared Secret : " + sharedSecret);
/* shared secrets should match and equality is transitive */
if ((aliceComputes == sharedSecret) && (aliceComputes == bobComputes))
[Link]("Success: Shared Secrets Matches! " + sharedSecret);
else
[Link]("Error: Shared Secrets does not Match");
}
}

OUTPUT:
RESULT:
Thus the Diffie-Hellman key exchange algorithm has been implemented using
Java Program and the output has been verified successfully.
Ex. No : 3 Implement the SIGNATURE SCHEME - Digital Signature
Date : Standard
AIM:
To implement the SIGNATURE SCHEME - Digital Signature Standard.

ALGORITHM:
1. Create a KeyPairGeneratorobject.
2. Initialize the KeyPairGeneratorobject.
3. Generate the KeyPairGenerator....
4. Get the private key from thepair.
5. Create a signatureobject.
6. Initialize the Signatureobject.
7. Add data to the Signatureobject
8. Calculate theSignature

PROGRAM:

import [Link].*;
import [Link];
class dsaAlg {
final static BigInteger one = new BigInteger("1"); final static
BigInteger zero = new BigInteger("0");
public static BigInteger getNextPrime(String ans)
{
BigInteger test = new BigInteger(ans); while
() e:
{
test = [Link](one);
}
return test;
}
public static BigInteger findQ(BigInteger n)
{
BigInteger start = new BigInteger("2"); while
() {
while (!(([Link](start)).equals(zero)))
{
start = [Link](one);
}
n = [Link](start);
}
 return n;
}
public static BigInteger getGen(BigInteger p, BigInteger q,
Random r)

{
BigInteger h = new BigInteger([Link](), r); h = [Link](p);
return [Link](([Link](one)).divide(q), p);
}
public static void main (String[] args) throws
[Link]
{
Random randObj = new Random();
BigInteger p = getNextPrime("10600");
BigInteger q = findQ([Link](one));
BigInteger g = getGen(p,q,randObj);

[Link](" \n simulation of Digital Signature Algorithm \n");

[Link](" \n global public key components are:\n");

[Link]("\np is: " + p);

[Link]("\nq is: " + q);
[Link]("\ng is: " + g);

BigInteger x = new BigInteger([Link](), randObj); x = [Link](q);

BigInteger y = [Link](x,p);

BigInteger k = new BigInteger([Link](), randObj); k = [Link](q);

BigInteger r = ([Link](k,p)).mod(q);

BigInteger hashVal = new BigInteger([Link](), randObj);

BigInteger kInv = [Link](q);
BigInteger s = [Link]([Link]([Link](r)));
s = [Link](q);
[Link]("\nsecret information are:\n");
[Link]("x (private) is:" + x);
[Link]("k (secret) is: " + k);
[Link]("y (public) is: " + y);
[Link]("h (rndhash) is: " + hashVal);

[Link]("\n generating digital signature:\n");

[Link]("r is : " + r);
[Link]("s is : " + s);
 BigInteger w = [Link](q);
BigInteger u1 = ([Link](w)).mod(q);
BigInteger u2 = ([Link](w)).mod(q);
BigInteger v = ([Link](u1,p)).multiply([Link](u2,p));
v = ([Link](p)).mod(q);

[Link]("\nverifying digital signature

(checkpoints)\n:");
[Link]("w is : " + w);
[Link]("u1 is : " + u1);
[Link]("u2 is : " + u2);
[Link]("v is : " + v);

if ([Link](r))
{
[Link]("\nsuccess: digital signature is verified!\n " + r);
}
else
{
[Link]("\n error: incorrect digital signature\n ");
}
}
}

OUTPUT:
simulation of Digital Signature Algorithm

global public key components are:

p is: 10601

q is: 53

g is: 1992
 secret information are:

x (private) is:48
k (secret) is: 26
y (public) is: 9106
h (rndhash) is: 1717

generating digital signature:

r is : 31
s is : 3

verifying digital signature (checkpoints):

w is : 18
u1 is : 7
u2 is : 28
v is : 31

success: digital signature is verified!

31
BUILD SUCCESSFUL (total time: 0 seconds)

RESULT:
Thus the Digital Signature Standard Signature Scheme has been
implemented and the output has been verified successfully.
Ex. No : 4 a
Installation of Wire shark using TCP/UDP
Date :

AIM:

To installation of wire shark tools for capturing packets using TCP/UDP.

PROCEDURE:

1. Double-click on an interface in the welcome screen.

2. Select an interface in the welcome screen, then select Capture › Start or
click the first 57 toolbar button.
3. Get more detailed information about available interfaces using The
“Capture Options” Dialog Box (Capture › Options…).
4. Capture interface you can start Wireshark from the command line:
5. $ wireshark -i eth0 -k
6. This will start Wireshark capturing on interface eth0.
\
RESULT:

Thus the installation of wire shark for capturing packets using TCP/UDP
was installed successfully.
 Ex. No : 4 b
Installation of tcp dump and observe data transferred
Date :
in client-server communication using UDP/TCP and
identify the UDP/TCP datagram.

AIM:

Installation of tcp dumps and observes data transferred in client-server

communication using UDP/TCP and identify the UDP/TCP datagram.

PROCEDURE:

1. To print all packets arriving at or departing from sundown:

 tcpdump host sundown
2. To print traffic between helios and either hot or ace:
 tcpdump host helios and \( hot or ace \)
3. To print all IP packets between ace and any host except helios:
 tcpdump ip host ace and not helios
4. To print all traffic between local hosts and hosts at Berkeley:
● tcpdump net ucb-ether
5. To print all ftp traffic through internet gateway snup: (note that the
expression is quoted to prevent the shell from (mis-)interpreting the
parentheses):
● tcpdump 'gateway snup and (port ftp or ftp-data)'
6. To print traffic neither sourced from nor destined for local hosts (if you
gateway to one other net, this stuff should never make it onto your local
net).
● tcpdump ip and not net localnet
7. To print the start and end packets (the SYN and FIN packets) of each TCP
conversation that involves a non-local host.
● tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst
net localnet'
8. To print the TCP packets with flags RST and ACK both set. (i.e. select
only the RST and ACK flags in the flags field, and if the result is "RST and
ACK both set", match)
 OUTPUT

TCPDump man page

o tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ]
[ -c count ] [ --count ] [ -C file_size ]
[ -E spi@ipaddr algo:secret,... ]
[ -F file ] [ -G rotate_seconds ] [ -i interface ]
[ --immediate-mode ] [ -j tstamp_type ] [ -m module ]
[ -M secret ] [ --number ] [ --print ] [ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ --version ]
[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]
[ -z postrotate-command ] [ -Z user ]
[ --time-stamp-precision=tstamp_precision ]
[ --micro ] [ --nano ]
[ expression]

RESULT

Thus the installation of Tcp dump for capturing packets using TCP/UDP
was installed and studied successfully.
 Ex. No : 5
Date : Check message integrity and confidentiality using SSL

AIM

To write a program to check message integrity and confidentiality using SSL

PROCEDURE:

1. Generate a private key.

 openssl genrsa -des3 -out [Link] 2048
2. Generate a public key matching the private key (if that was not already done in step).
 openssl genrsa -out [Link] 2048
3. Generate a certificate signing request.
 openssl req -new -key [Link] -out certificate-signing-
[Link]
4. Send the certificate signing request to a certificate authority (CA).
 openssl req -new -x509 -key [Link] -out self-signed-
[Link] -days 1095
5. Receive certificate from certificate authority.
6. Install private key and certificate in your web server software.
OUTPUT:

RESULT:

Thus the integrity and confidentiality of the given message was verified successfully.
 Ex. No : 6 Experiment Eavesdropping, Dictionary attacks, MITM attacks
Date :

AIM

To perform the eavesdropping dictionary attacks and MITM attacks using Kali
Linux.

PROCEDURE

1. Use Kali Linux in a virtual machine environment.

2. power up Kali Linux in a virtual machine. Then, open the Hydra help menu
with the following command as “root” user:

sudo hydra
3. To access the GUI version of hydra using the following command as “root”
user:
sudo xhydra
4. Type “hydra -h” to get the help menu and see what kind of attacks can run
using Hydra.

5. The site will be targeting the following:

[Link]
 6. Open target site with web browser in Kali. Then, press ctrl + shift + I to open
the browser developer tools panel.

 Navigate to the tab called “Network”. reload the page by pressing ctrl +
F5. several GET requests will appear.

7. Now enter a random username and password into the login page and click
login.

 A new POST request pop up in the Network tab. This is our machine
sending the data to the server.

8. Right click on the POST request and select “Edit and Resend”.

9. A page will open to the right of the Network header, with information regarding
the POST request. Scroll down to the Request Body section and copy the tfUName and
tfUPass Parameters. Hydra will need this information.
 10. for this attack, It will be attempting to login as admin. It will need to choose a
wordlist to guess passwords to login as this account. Open the terminal and type:
“locate wordlists” to see all the different wordlists Kali has installed. We will use the
[Link] wordlist for this attack. Type “locate [Link]” to see the path to this
wordlist.

11. To do this, change directory to the wordlist directory using the following
command:
cd /usr/share/wordlists
Then use the following command to extract the file:

gunzip [Link]
Type ls into the terminal after this and you will see that the [Link] file is now
available.

12. Let’s begin the attack by submitting the following command to hydra:

hydra -l admin -P /usr/share/wordlists/[Link] [Link] http-post-form

“/[Link]?RetURL=/[Link]?:tfUName=^USER^&tfUPass=^PASS^:S=logout”
-vV –f

Once you press enter, the attack will begin and Hydra will start guessing a lot of
passwords for the username admin in an attempt to login.

let’s break it down with ctrl + C.

 -l is the username we will be logging in as
 -P is the wordlist we will be using to guess the password for this user
 http-post-form is the type of request hydra will be sending to the server inorder for us
to login
 “/[Link]?RetURL=/[Link]?:tfUName=^USER^&tfUPass=^PASS
^:S=logout” – This is the actual request hydra is sending to the server, it will replace
USER and PASS with the -l and -P values we specified earlier
 -vV will show us each of the username and password login attempts
 -f will finish that attack when the correct username and password
combination is entered
RESULT:

Thus the eavesdropping dictionary attacks and MITM attacks using Kali Linux was
performed and verified successfully.
 Ex. No : 7 Experiment with Sniff Traffic using ARP Poisoning
Date :

AIM

To perform the experiments sniff traffic using ARP Poisoning attack.

PROCEDURE

1. Install the VMware workstation and install the Kali Linux operating system.
2. Login into the Kali Linux using username pass “root, toor”.
3. Make sure you are connected to local LAN and check the IP address by typing the
command ifconfig in the terminal.

4. Open up the terminal and type “Ettercap –G” to start the graphical version of
Ettercap.

5. Now click the tab “sniff” in the menu bar and select “unified sniffing” and click
OK to select the interface. To use “eth0” this means Ethernet connection.
 6. Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will
start scanning the whole network for the alive hosts.

7. Next, click the “hosts” tab and select “hosts list” to see the number of hosts
available in the network. This list also includes the default gateway address. We have
to be careful when we select the targets.

8. In MITM, the target is the host machine, and the route will be the router address
to forward the traffic. In an MITM attack, the attacker intercepts the network and sniffs
the packets. So, it will add the victim as “target 1” and the router address as “target 2.”

In VMware environment, the default gateway will always end with “2” because “1” is
assigned to the physical machine.

9. In this scenario, the target is “[Link]” and the router is “[Link]”.

So it will add target 1 as victim IP and target 2 as router IP.
 10. Now click on “MITM” and click “ARP poisoning”. Thereafter, check the
option “Sniff remote connections” and click OK.

11. Click “start” and select “start sniffing”. This will start ARP poisoning in the
network which means we have enabled the network card in “promiscuous
mode” and now the local traffic can be sniffed.

Note – It will allowed only HTTP sniffing with Ettercap, so don’t expect
HTTPS packets to be sniffed with this process.

12. Now it’s time to see the results; if our victim logged into some websites. You
can see the results in the toolbar of Ettercap.

13. This is how sniffing works

Result:

Thus the sniff traffic using ARP Poisoning attack was performed successfully.
Ex. No : 8
Demonstration of Intrusion Detection System(IDS)
Date :

AIM:
To demonstrate Intrusion Detection System (IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the [Link] website.([Link]

downloads)
2. Download Rules([Link] You must register to getthe
rules. (You should download theseoften)
3. Double click on the .exe to install snort. This will install snort in the “C:\Snort”
[Link] is important to have WinPcap ([Link]
4. Extract the Rules file. You will need WinRAR for the .gzfile.
5. Copy all files from the “rules” folder of the extracted folder. Now paste the
rules into “C:\Snort\rules”folder.
6. Copy “[Link]” file from the “etc” folder of the extracted folder. You must
paste it into “C:\Snort\etc” [Link] existing file. Remember if
you modify your [Link] file and download a new file, you must modify it for
Snort towork.
7. Open a command prompt ([Link]) and navigate to folder“C:\Snort\bin”
folder. ( at the Prompt, typecd\snort\bin)
8. To start (execute) snort in sniffer mode use followingcommand:
snort -dev -i3
-i indicates the interface number. You must pick the correct interface number. In
my case, it is 3.
-dev is used to run snort to capture packets on your network.

To check the interface list, use following command:

snort -W
Finding an interface

You can tell which interface to use by looking at the Index number and finding
Microsoft. As you can see in the above example, the other interfaces are for
VMWare. My interface is 3.

9. To run snort in IDS mode, you will need to configure the file“[Link]”
according to your networkenvironment.
10. To specify the network address that you want to protect in [Link] file,look
for the followingline.
var HOME_NET [Link]/24 (You will normally see any here)
11. You may also want to set the addresses ofDNS_SERVERS, if you have some
on yournetwork.

Example:

example snort
12. Change the RULE_PATH variable to the path of rulesfolder.
var RULE_PATHc:\snort\rules

path to rules
13. Change the path of all library files with the name and path on your [Link]
you must changethepath of snort_dynamicpreprocessorvariable.
C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path
might be: “/usr/local/lib/…”. you willneedto replace that path with yoursystem
path. Using C:\Snort\lib
14. Change the path of the “dynamicengine” variable value in the“[Link]”
file..
Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

15 Add the paths for “include [Link]” and “include [Link]”

files.
include c:\snort\etc\[Link]
include c:\snort\etc\[Link]
16. Remove the comment (#) on the line to allow ICMP rules, if it iscommented
with a#.
include $RULE_PATH/[Link]
17. You can also remove the comment of ICMP-info rules comment, if it is
commented.
include$RULE_PATH/[Link]
18. To add log files to store alerts generated by snort, search for the “output log”
test in [Link] and add the followingline:
output alert_fast: [Link]
19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and
theblacklist

Change the nested_ip inner , \ to nested_ip inner #, \

20. Comment out (#) following lines:
#preprocessornormalize_ip4
#preprocessor normalize_tcp: ips ecnstream
#preprocessor normalize_icmp4
#preprocessornormalize_ip6
#preprocessor normalize_icmp6
21. Save the “[Link]”file.
22. To start snort in IDS mode, run the followingcommand:

snort -c c:\snort\etc\[Link] -l c:\snort\log -i 3

(Note: 3 is used for my interface card)

If a log is created, select the appropriate program to open it. You can use
WordPard or NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while
running snort in IDS mode:
snort -A console -i3 -c c:\Snort\etc\[Link] -l c:\Snort\log -K ascii

23. Scan the computer that is running snort from another computer by usingPING
or NMap (ZenMap).

After scanning or during the scan you can check the [Link] file in the log
folder to insure it is logging properly. You will see IP address folders appear.

Snort monitoring traffic –

RESULT:
Thus the Intrusion Detection System(IDS) has been demonstrated by using the
Open Source Snort Intrusion Detection Tool.
 Ex. No : 09
Monitoring the Malwares Using
Date :
Rootkit hunter

AIM:
To install a rootkit hunter and find the malwares in a computer.

ROOTKIT HUNTER:
 rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits,
backdoors and possible localexploits.
 It does this by comparing SHA-1 hashes of important files with knowngood
ones in online databases, searching for default directories (of rootkits),
wrong permissions, hidden files, suspicious strings in kernel modules, and
special tests for Linux andFreeBSD.
 rkhunter is notable due to its inclusion in popular operating systems (Fedora,
Debian,etc.)
 The tool has been written in Bourne shell, to allow for portability. It canrun
on almost all UNIX-derivedsystems.

GMER ROOTKIT TOOL:

 GMER is a software tool written by a Polish researcherPrzemysław
Gmerek, for detecting and removingrootkits.
 It runs on Microsoft Windows and has support for Windows NT, 2000, XP,
Vista, 7, 8 and 10. With version 2.0.18327 full support for Windows x64 is
added.
Step 1
Visit GMER's website (see Resources) and download the GMER executable.

Click the "Download EXE" button to download the program with a random file
name, as some rootkits will close “[Link]” before you can open it.

Step 2

Double-click the icon for the program.

Click the "Scan" button in the lower-right corner of the dialog box. Allow the
program to scan your entire hard drive.
Step 3

When the program completes its scan, select any program or file listed in red.
Right-click it and select "Delete."

If the red item is a service, it may be protected. Right-click the service and select
"Disable." Reboot your computer and run the scan again, this time selecting "Delete"
when that service is detected.

When your computer is free of Rootkits, close the program and restart your PC.

RESULT:
In this experiment a rootkit hunter software tool has been installed and the rootkits
have been detected.
Ex. No : 10 Study to configure Firewall, VPN
Date :

AIM:

To study and configure firewall and VPN.

PROCEDURE FOR CONFIGURING FIREWALL AND VPN:

Working with Windows Firewall in Windows 7

Firewall in Windows 7
Windows 7 comes with two firewalls that work together. One is the Windows
Firewall, and the other is Windows Firewall with Advanced Security (WFAS). The
main difference between them is the complexity of the rules configuration. Windows
Firewall uses simple rules that directly relate to a program or a service. The rules in
WFAS can be configured based on protocols, ports, addresses and authentication. By
default, both firewalls come with predefined set of rules that allow us to utilize
network resources. This includes things like browsing the web, receiving e-mails, etc.
Other standard firewall exceptions are File and Printer Sharing, Network Discovery,
Performance Logs and Alerts, Remote Administration, Windows Remote
Management, Remote Assistance, Remote Desktop, Windows Media Player,
Windows Media Player Network Sharing Service.

With firewall in Windows 7 we can configure inbound and outbound rules. By

default, all outbound traffic is allowed, and inbound responses to that traffic are also
allowed. Inbound traffic initiated from external sources is automatically blocked.
Configuring Windows Firewall
To open Windows Firewall we can go to Start > Control Panel > Windows
Firewall.

it is also configured to block all connections to programs that are not on the list of
allowed [Link] configure exceptions we can go to the menu on the left and
select "Allow a program or feature trough Windows Firewall" option.

To change settings in this window we have to click the "Change settings" [Link]
Core Networking feature is allowed on both private and public networks, while the
File and Printer Sharing is only allowed on private networks.
If we have a program on our computer that is not in this list, we can manually add it by
clicking on the "Allow another program" button.

Program will be allowed to communicate by clicking on the "Network location types"

button.

Windows Firewall can be turned off completely. To do that selects the "Turn Windows
Firewall on or off" option from the menu on the left.
Windows Firewall is actually a Windows service. As you know, services can be
stopped and started. If the Windows Firewall service is stopped, the Windows Firewall
will not work.

RESULT

Thus the firewall configuration and VPN installations are studied

successfully.
 Exploring N-Stalker, a Vulnerability Assessment Tool

[Link]: 11 Date:

AIM:
To download the N-Stalker Vulnerability Assessment Tool and exploring the
features.

EXPLORING N-STALKER:

 N-Stalker Web Application Security Scanner is a Web security assessmenttool.

 It incorporates with a well-known N-Stealth HTTP Security Scanner and35,000
Web attack signaturedatabase.
 This tool also comes in both free and paidversion.
 Before scanning the target, go to “License Manager” tab, perform theupdate.
 Once update, you will note the status as up todate.
 You need to download and install N-Stalker [Link].

1. Start N-Stalker from a Windows computer. The program is installed under

Start➪Programs➪N-Stalker ➪N-StalkerFreeEdition.
2. Enter a host address or a range of addresses toscan.
3. Click StartScan.
4. After the scan completes, the N-Stalker Report Manager willprompt
5. you to select a format for the resulting report as choose GenerateHTML.
6. Review the HTML report forvulnerabilities
 7

Chono Seen P%r

1 L‹mdt&e*›etm

may iaaa scan seaaps from peviousiy salad sunsessicx\sy

' *• Realrlcted b'edory Noi conflgured.

Once done, start the session and start the scan.

The scanner will crawl the whole website and will show the scripts, broken pages,
hidden fields, information leakage, web forms related information which helps to
analyze further.

Once the scan is completed, the NStalker scanner will show details like severity
level, vulnerability class, why is it an issue, the fix for the issue and the URL
which is vulnerable to the particular vulnerability?
RESULT:
Thus the N-Stalker Vulnerability Assessment tool has been downloaded, installed
and the features has been explored by using a vulnerable website.