Cns File HHH Cryptography and Network Security File 2

lOMoARcPSD|33022384
CNS File hhh - Cryptography and Network Security File
Cryptography and Network Security (Maharaja Surajmal Institute of Technology)
Studocu is not sponsored or endorsed by any college or university

Downloaded by HARDIK SHARMA
lOMoARcPSD|33022384
MAHARAJA SURAJMAL INSTITUTE OF

TECHNOLOGY
CRYPTOGRAPHY AND NETWORK SECURITY

LAB
ETIT-455
Submitted to:- NAME- Harsh

Sharma Mr. Surender Singh ROLL NO-08615003119
BRANCH- IT(Morning)

lOMoARcPSD|33022384
INDEX
Page
S.no Name of experiment Date Remarks Signature
no.
Test the program to implement
1. (a) Monoalphabetic substitution
1
1. (b) Polyalphabetic 4
substitution(Playfair algorithm)
1. (c) Polyalphabetic substitution 12
(VigenereCipher algorithm)
2. Double Transposition Cipher 15
cryptographic algorithm
To implement DES and AES
3. algorithm for encryption 21
and
decryption
To implement DES and AES
4. algorithm for encryption 26
and
decryption
Study of account and password
5. management PAM, Password 33
cracking
To configure common services
6. like IIS, Apache, 38
Open SSH, WU-FTP
Study of Security analysis
tools: Nessus,
7. 50
Microsoft baseline security
analyzer
Study of Security configuration
8. tools: Bastile, Microsoft IIS 53
lockdown tool
To identify an organization’s
9. 58
firewall IP address
To determine an organization's
10. 62
Firewall Access Control

lOMoARcPSD|33022384
EXPERIMENT-1(a)
AIM- Test the program to implement Monoalphabetic substitution.
Substitution ciphers are probably the most common form of cipher. They work by replacing each
letter of the plaintext (and sometimes puntuation marks and spaces) with another letter (or possibly
even a random symbol).
A monoalphabetic substitution cipher, also known as a simple substitution cipher, relies on a fixed
replacement structure. That is, the substitution is fixed for each letter of the alphabet. Thus, if "a" is
encrypted to "R", then every time we see the letter "a" in the plaintext, we replace it with the letter "R"
in the ciphertext.
A simple example is where each letter is encrypted as the next letter in the alphabet: "a simple
message" becomes "B TJNQMF NFTTBHF". In general, when performing a simple substitution
manually, it is easiest to generate the ciphertext alphabet first, and encrypt by comparing this to the
plaintext alphabet. The table below shows how one might choose to, and we will, lay them out for this
example.
The ciphertext alphabet for the cipher where you replace each letter by the next letter in the alphabet.
There are many different monoalphabetic substitution ciphers, in fact infinitely many, as each letter
can be encrypted to any symbol, not just another letter.
The history of simple substitution ciphers can be traced back to the very earliest civisilisations, and
for a long time they were more than adequate for the purposes for which they were needed. By today's
standards they are very weak, and incredibly easy to break, but they were a very important step in
developing cryptography.
CODE:
#include<iostream.h>
#include<conio.h>
#include<stdio.h>
#include<string.h>
1
lOMoARcPSD|33022384
void main(){
int key,i,n=0,ch;
char text[100];
//char sp=" ";
clrscr();
cout<<"\nMONOALPHABETIC SUBSTITUTION\n";
cout<<"\nEnter the key - ";
cin>>key;
cout<<"\nEnter the text - "; gets(text);
for(i=0;text[i]!='\0';i++)
++n;
cout<<"\n1. Encryption\n2. Decryption\n";
cout<<"\nEnter your choice - ";
cin>>ch;
switch(ch){
case 1:
for(i=0;i<n;i++){
if(text[i]==' ')
{ continue;
text[i]=text[i]+key;
cout<<"\nThe text after encryption is - ";
puts(text);
break;
case 2:
for(i=0;i<n;i++){
if(text[i]==' ')
{ continue;

lOMoARcPSD|33022384
text[i]=text[i]-key;
cout<<"\nThe text after decryption is - ";
puts(text);
break;
default: cout<<"Wrong choice!!";
getch();
OUTPUT:

lOMoARcPSD|33022384
EXPERIMENT-1(b)
AIM- Test the program to implement Polyalphabetic substitution (Playfair algorithm).
The development of Polyalphabetic Substitution Ciphers was the cryptographers answer to

Frequency Analysis. The first known polyalphabetic cipher was the Alberti Cipher invented by
Leon Battista Alberti in around 1467. He used a mixed alphabet to encrypt the plaintext, but at
random points he would change to a different mixed alphabet, indicating the change with an
uppercase letter in the ciphertext. In order to utilise this cipher, Alberti used a cipher disc to show how
plaintext letters are related to ciphertext letters
How this Cipher Works
1. Pick a keyword (for our example, the keyword will be "MEC").

2. Write your keyword across the top of the text you want to encipher, repeating it as many
times as necessary.
3. For each letter, look at the letter of the keyword above it (if it was 'M', then you would go to
the row that starts with an 'M'), and find that row in the Vigenere table.
4. Then find the column of your plaintext letter (for example, 'w', so the twenty-third column).
5. Finally, trace down that column until you reach the row you found before and write down the
letter in the cell where they intersect (in this case, you find an 'I' there).
Example:
Keyword M E C M E C M E C M E C M E C M E C
Plaintext: w e n e e d m o r e s u p p l i e s f a s t
Cipherte I I P Q I F Y S T Q W W B T N U I U R E U F
Thus, the urgent message "We need more supplies fast!" comes out:
IIPQIFYSTQWWBTNUIUREUF
So, as you can see, the letter 'e' is enciphered sometimes as an 'I' and sometimes as a 'Q'. Not only
that, but 'I' represents two different letters, sometimes a 'w' and sometimes an 'e'. This renders our
favorite tool, frequency analysis, nearly useless. Even though 'e' is used very often in the plaintext, the
letters
4
lOMoARcPSD|33022384
that replace it ('I' and 'Q') don't show up as frequently. Also, now if we check doubled letters in the
ciphertext (say 'II' or 'WW'), these are not doubled letters in the plaintext.
You may, then, ask yourself "is there any hope?" Fortunately, there is! Given a long enough piece of
ciphertext, certain words or parts of words (like "the") will line up with the keyword several times,
giving rise to a repeated string of letters in the ciphertext ("the" may be enciphered as "KPQ" more
than once). This can give us a clue as to the length of the keyword. After that, we can use frequency
analysis on each piece that was enciphered with the same letter to crack the code. Consequently,
cracking these ciphers hinges on finding repeated strings of letters in the ciphertext.
How to crack this cipher:
1. Search the ciphertext for repeated strings of letters; the longer strings you find the better (say
you find the string "KPQ" four times). Note where they are by circling them or highlighting
them in some manner.
2. For each occurrence of a repeated string, count how many letters are between the first letters
in the string and add one (for example, if our ciphertext contains KPQRE IIJKO KPQAE, we
count that there are nine letters between the first 'K' in the first "KPQ" and the first 'K' in the
second "KPQ"; adding one yields ten).
3. Factor the number you got in the above computation (2 and 5 are factors of 10)
4. Repeat this process with each repeated string you find and make a table of common factors.
The most common factor is probably the length of the keyword that was used to encipher the
ciphertext (in our case, assume it was five). Call this number 'n'.
5. Do a frequency count on the ciphertext, on every nth letter. You should end up with n
different frequency counts.
6. Compare these counts to standard frequency tables to figure out how much each letter was
shifted by.
7. Undo the shifts and read off the message!
CODE:
#include<conio.h>
#include<string.h>
#include<stdio.h> #include<stdlib.h> void main(){
char key[20],text[100],keysquare[5][5];
int i,j,k,n,xx=0;

lOMoARcPSD|33022384
char ch;
clrscr();
cout<<"\n\nPLAYFAIR ALGORITHM FOR ENCRYPTION\n\n";
cout<<"Enter the keyword(without spaces and repitition of letters) :"<<endl;
gets(key);
cout<<"Enter the string to encrypt(without punctuation marks) :"<<endl;
gets(text);
n=strlen(key);
n=n-1;
//for making keysquare
for(i=0;i<=(n/5);i++){
if(i<(n/5))
{ for(j=0;j<5;j++)
keysquare[i][j]=key[j];
else{
xx=(5*(n/5-1))+5;
for(j=0;j<=(n%5);j++)
keysquare[i][j]=key[xx+j];
}}
int r=(n/5);
int c=(n+1)%5;
if(c==0)
{ r=r+1;}
for(ch='a';ch<='z';ch++){
if(ch=='j'){
continue;
for(i=0;i<=n;i++){
if(key[i]==ch)
{ break; }

lOMoARcPSD|33022384
if(i==(n+1))
{ keysquare[r]
[c]=ch; c=(c+1)%5;
if(c==0){
r++; }
//end of making square
//adjusting text
int tn;
char ch1,extra[50];
tn=strlen(text);
j=0;
for(i=0;i<tn;i++){
if(i==0)
{ extra[j]=text[i];
++j;
else{ ch1=tex
t[i-1];
if(ch1==text[i]){
extra[j]='x';
j++;
else if(text[i]==' '){
continue;
else{ extra[j]=t
ext[i]; j++;

lOMoARcPSD|33022384
}} if(j%2!
=0){
extra[j]='x';
j++;
int el=j; //length of extra array
int ii,nn=0,b=0,jj,c1,c2,r1,r2,maxc,maxr,minc,minr;
char x1,x2,encrypted[50];
for(i=0;i<=(el-2);i+=2){
x1=extra[i];
x2=extra[i+1];
if(x1=='j') x1='i';
if(x2=='j') x2='i';
for(ii=0;ii<5;ii++)
{ for(jj=0;jj<5;jj++){
if(keysquare[ii][jj]==x1){
c1=jj; r1=ii;
else if(keysquare[ii][jj]==x2){
c2=jj; r2=ii;
if(r1==r2){ encrypted[nn]=keysquare[r1]
[(c1+1)%5];
++nn; encrypted[nn]=keysquare[r1]
[(c2+1)%5];
++nn; continue;

lOMoARcPSD|33022384
else if(c1==c2){
encrypted[nn]=keysquare[(r1+1)%5][c1];
++nn;
encrypted[nn]=keysquare[(r2+1)%5][c1];
++nn; continue;
else{ if(r1
>r2)
{ maxr=r1;
minr=r2; }
else{ maxr
=r2;
minr=r1; }
if(c1>c2)
{ maxc=c1
minc=c2; }
else{ maxc
=c2;
minc=c1;
if(maxr==r1&&maxc==c1)
{ encrypted[nn]=keysquare[maxr]
[minc];
++nn;
else if(minr==r1&&minc==c1)
{ encrypted[nn]=keysquare[minr]
[maxc];
++nn;
else if(maxr==r1&&minc==c1)

lOMoARcPSD|33022384
[maxc];
++nn;

lOMoARcPSD|33022384
else if(minr==r1&&maxc==c1)
[minc];
++nn;
if(maxr==r2&&maxc==c2)
[minc];
++nn;
else if(minr==r2&&minc==c2)
[maxc];
++nn;
else if(maxr==r2&&minc==c2)
[maxc];
++nn;
else if(minr==r2&&maxc==c2)
[minc];
++nn;
}}}
//end of encryption cout<<"\n\
nKEYSQUARE\n";
for(i=0;i<5;i++)
{ for(j=0;j<5;j++)
{ cout<<keysquare[i][j]<<" ";
} cout<<endl;

lOMoARcPSD|33022384
cout<<"\n\nPlaintext : ";
for(i=0;i<el;i++){ cout<<extra[i]; }
cout<<"\n\nCiphertext : ";
10

lOMoARcPSD|33022384
for(i=0;i<nn;i++){ cout<<encrypted[i];}
getch();
OUTPUT:
11

lOMoARcPSD|33022384
EXPERIMENT-1(c)
AIM- Write a program in NS 3 to create Wifi Simple Adhoc Mode
#include<conio.h>
#include<stdio.h>
#include<string.h>
void main(){
char matrix[26][26];
int i,jj[50],ll=0,j,k;
char cipher[50],key[50],text[150],extra[50],textn[50];
char gg='a',hh='a'; char zz='z';
clrscr();
for(i=0;i<26;i++){
gg=hh;
for(j=0;j<26;j++){
if(gg==(zz+1))
gg='a'; matrix[i]
[j]=gg; gg++; }
hh++;
intrr=0;
cout<<"\n\nVIGENERE CIPHER ENCODING\n\n";
cout<<"\nEnter the key - ";
gets(key);
cout<<"\nEnter the text - ";
gets(text);
12

lOMoARcPSD|33022384
int length=strlen(text);
for(i=0;i<length;i++){
if(text[i]==' '){
jj[ll] = i;
ll++;
continue;
extra[rr]=text[i];
++rr;
intkk=0;
intuu=strlen(key);
intyy=rr;
for(i=0;i<yy;i++){
if(kk==uu)
kk=0;
textn[i]=key[kk];
++kk; }
int pp,p1;
for(j=0;j<yy;j++){
char u=extra[j];
char q=textn[j];
pp=u; p1=q;
cipher[j]=matrix[pp-97][p1-97];
cout<<"\nCIPHER TEXT: ";
intee=0;
for(i=0;i<yy+ll;i++)
{ for(int g=0;g<ll;g+
+){ if(jj[g]==i){
cout<<" "; break; }
13

lOMoARcPSD|33022384
if(g==ll)
{ cout<<cipher[e
e];
++ee; }
getch();
OUTPUT:
14
lOMoARcPSD|33022384
EXPERIMENT-2
AIM- Test the program to implement Double Transposition Cipher cryptographic algorithm.
This was one of the most secure hand ciphers used in the Second World War. It was used by both the
Allies and the Axis, and served both well. Its main weakness was that if the attacker intercepted two
or more messages of the same length using the same key, they could be compared by a tedious
process known as "multiple anagramming," finding solutions to both. This weakness was not
important if only one message was sent using each key. It had an additional problem: Executing it
correctly requires considerable care, leading to difficulties in decryption if an error is made at a
sensitive point. In the United States, information about cryptanalysis of the cipher remained classified
until a few years ago.
Double Transposition consists of two applications of columnar transposition to a message. The two
applications may use the same key for each of the two steps, or they may use different keys.
Columnar transposition works like this: First pick a keyword, such as DESCRIBE, then write the
message under it in rows:
DESCRIBE
YOURMOTH
ERWASAHA
MSTERAND
YOURFATH
ERSMELTO
FELDERBE
RRIES
15
lOMoARcPSD|33022384
Now number the letters in the keyword in alphabetical order.
34827615
DESCRIBE
YOURMOTH
ERWASAHA
MSTERAND
YOURFATH
ERSMELTO
FELDERBE
RRIES
Then read the cipher off by columns, starting with the lowest-numbered column: Column 1 is
THNTTB, followed by RAERMDE YEMYEFR ORSORER HADHOE OAAALR MSRFEES
UWTUSLI. This completes the first columnar transposition. Next, select and number a second
keyword, and write this intermediate ciphertext under it in rows:
271895463
COASTLINE
THNTTBRAE
RMDEYEMYE
FRORSORER
HADHOEOAA
ALRMSRFEE
SUWTUSLI
Finally, take it off by columns again and put it into five-letter groups for transmission.
NDODR WTRFH ASEER AERMR OFLBE OERSA YEAEI HMRAL UTERH MTTYS OSU
16

lOMoARcPSD|33022384
To decrypt a double transposition, construct a block with the right number of rows under the keyword,
blocking off the short columns. Write the cipher in by columns, and read it out by rows. Lather, rinse,
repeat.
CODE:
#include<stdio.h>
#include<string.h>
void cipher(inti,int c);
int findMin();
void makeArray(int,int);
char arr[22][22],darr[22][22],emessage[111],retmessage[111],key[55];
char temp[55],temp2[55];
int k=0;
int main() {
char *message,*dmessage; inti,j,klen,emlen,flag=0;
intr,c,index,min,rows;
clrscr();
printf("Enetr the key\n");
fflush(stdin);
gets(key);
printf("\nEnter message to be ciphered\n");
fflush(stdin); gets(message);
strcpy(temp,key);
klen=strlen(key);
k=0;
for(i=0; ;i++)
if(flag==1) break;
for(j=0;key[j]!=NULL;j++) {
if(message[k]==NULL) {
17

lOMoARcPSD|33022384
flag=1;
arr[i]
[j]='-';
else { arr[i]
[j]=message[k++]; }
}}
r=i;
c=j;
for(i=0;i<r;i++)
for(j=0;j<c;j++)
{ printf("%c ",arr[i][j]);
} printf("\n");
k=0;
for(i=0;i<klen;i++) {
index=findMin();
cipher(index,r);
emessage[k]='\0'; printf("\
nEncrypted message is\n");
for(i=0; emessage[i]!=NULL;i++)
printf("%c", emessage[i]); printf("\
n\n");
//deciphering
emlen=strlen(emessage); //emlen is length of encrypted message
strcpy(temp,key);
rows=emlen/klen;
//rows is no of row of the array to made from ciphered message
rows;
j=0;
18
lOMoARcPSD|33022384
for(i=0,k=1;emessage[i]!=NULL;i++,k++) {
//printf("\nEmlen=%d",emlen);
temp2[j++]=emessage[i]; if((k
%rows)==0) {
temp2[j]='\0';
index=findMin();
makeArray(index,rows);
j=0;}
printf("\nArray Retrieved is\n");
k=0;
for(i=0;i<r;i++) {
for(j=0;j<c;j++) {
printf("%c ",darr[i][j]); //retrieving message
retmessage[k++]=darr[i][j];
printf("\n");
retmessage[k]='\0'; printf("\
nMessage retrieved is\n");
for(i=0;retmessage[i]!=NULL;i++)
printf("%c",retmessage[i]);
getch();
return(0);
void cipher(inti,int r) {
int j;
for(j=0;j<r;j++)
{ emessage[k++]=arr[j][i];
voidmakeArray(intcol,int row) {
19
lOMoARcPSD|33022384
inti,j;
for(i=0;i<row;i++)
{ darr[i]
[col]=temp2[i];
}}
intfindMin()
{ inti,j,min,inde
x;
min=temp[0];
index=0;
for(j=0;temp[j]!=NULL;j++) {
if(temp[j]<min)
{ min=temp[j];
index=j; }}
temp[index]=123;
return(index);
OUTPUT:

lOMoARcPSD|33022384
20

lOMoARcPSD|33022384
EXPERIMENT-3
AIM- Test the program to implement RSA cryptographic algorithm.
It is an asymmetric key cryptographic algorithm. It uses prime numbers to manipulate the cipher text.
It is based on a mathematical fact that it is easy to find multiply large prime numbers together but it is
extremely difficult to factor their product.
The private and public keys in RSA are based on very large prime numbers.
Procedure for algorithm:

1. Select two large prime numbers P and Q
2. Calculate
N=PxQ
3. Select the public key (i.e. Encryption key) E such that it is not the factor of
P-1 x Q-1.
4. Select the private key (i.e. Decryption key) D such that the following equation is true –
(D x E) mod (P-1) x (Q-1) = 1
5. For encryption calculate the cipher text CT from the plain text PT as follows
CT = PTE mod N
6. Send CT as the cipher text to the receiver.
7. For decryption calculate the plain text PT from the cipher text CT as follows –
PT = CTD mod N
CODE:
#include<stdio.h>
#include<conio.h>
#include<stdlib.h>
#include<math.h>
#include<string.h>
21

lOMoARcPSD|33022384
long int p,q,n,t,flag,e[100],d[100],temp[100],j,m[100],en[100],i;
char msg[100];
int prime(long int);
void ce();
long int cd(long int);
void encrypt();
void decrypt();
void main()
{ clrscr();
printf("\nENTER FIRST PRIME NUMBER\n");
scanf("%d",&p);
flag=prime(p);
if(flag==0) {
printf("\nWRONG INPUT\n");
getch();
exit(1);
printf("\nENTER ANOTHER PRIME NUMBER\n");
scanf("%d",&q);
flag=prime(q); if(flag==0||
p==q) { printf("\nWRONG
INPUT\n"); getch();
exit(1);
printf("\nENTER MESSAGE\n");
fflush(stdin);
scanf("%s",msg);
for (i=0;msg[i]!=NULL;i++)
m[i]=msg[i];
n=p*q;
22

lOMoARcPSD|33022384
t=(p-1)*(q-1);
ce();
printf("\nPOSSIBLE VALUES OF e AND d ARE\n");
for (i=0;i<j-1;i++)
printf("\n%ld\t%ld",e[i],d[i]);
encrypt();
decrypt();
getch();
int prime(long int pr) {
int i;
j=sqrt(pr);
for (i=2;i<=j;i++) {
if(pr%i==0)
return 0; }
return 1;
void ce()
{ int k; k=0;
for (i=2;i<t;i++) { if(t
%i==0) continue;
flag=prime(i);
if(flag==1&&i!=p&&i!=q) {
e[k]=i;
flag=cd(e[k]);
if(flag>0)
{ d[k]=flag;
k++; }
if(k==99) break;
}}}
23

lOMoARcPSD|33022384
long int cd(long int x) {
long int k=1;
while(1)
{ k=k+t;
if(k%x==0)
return(k/x);
}}
void encrypt()
{ longintpt,ct,key=e[0],k,le
n; i=0;
len=strlen(msg);
while(i!=len)
{ pt=m[i];
pt=pt-96;
k=1;
for (j=0;j<key;j++) {
k=k*pt;
k=k%n; }
temp[i]=k;
ct=k+96;
en[i]=ct;
i++; }
en[i]=-1;
printf("\nTHE ENCRYPTED MESSAGE IS\n");
for (i=0;en[i]!=-1;i++)
printf("%c",en[i]);
void decrypt() {
long int pt,ct,key=d[0],k;
i=0;
while(en[i]!=-1) {
24

lOMoARcPSD|33022384
ct=temp[i];
k=1;
for (j=0;j<key;j++) {
k=k*ct;
k=k%n; }
pt=k+96;
m[i]=pt;
i++; }
m[i]=-1;
printf("\nTHE DECRYPTED MESSAGE IS\n");
for (i=0;m[i]!=-1;i++)
printf("%c",m[i]);
OUTPUT:
25

lOMoARcPSD|33022384
EXPERIMENT-4
AIM- To implement DES and AES algorithms for encryption and decryption.
CODE FOR DES:

#include <stdio.h>
#include<conio.h>
int l[4],r[4],keys[2][8],ct[8];
void sbox(int sip[],int p[],int sbno,int i)
int sbox[2][4][4]={1,0,3,2,3,2,1,0,0,2,1,3,3,1,3,2,0,1,2,3,2,0,1,3,3,0,1,0,2,1,0,3};
int rw,c,sop;
rw = sip[3]+sip[0]*2;
c = sip[2]+sip[1]*2;
sop = sbox[sbno][rw][c]; //sop gives decimal value of S-Box Output
for(;sop!=0;sop/=2)
p[i--]=sop%2;
void cmp_fun(int round) {
int EP[]={4,1,2,3,2,3,4,1},i,epd[8];
int slip[4],srip[4];
int p[4]={0},p4[]={2,4,3,1},np[4];
for(i=0;i<8;i++) // E/P Permutation
epd[i]=r[EP[i]-1];
for(i=0;i<8;i++)//Performing XOR with Key
if(i<4)
slip[i] = epd[i]^keys[round][i]; // Using Key _ 1=>0
26

lOMoARcPSD|33022384
else
srip[i-4] = epd[i]^keys[round][i];
sbox(slip,p,0,1);//Calling SBox 1, 0->SBOX 1
sbox(srip,p,1,3);//Calling SBox 1, 1->SBOX 2
for(i=0;i<4;i++) //P4 permutation
np[i]=p[p4[i]-1];
for(i=0;i<4;i++)
l[i] = l[i]^np[i]; }
void left_shift(int keyip[],int nob) {
int t1,t2,i;
while(nob>0)
{ t1=keyip[0],t2=keyip[
5]; for(i=0;i<9;i++)
if(i<4)
keyip[i] =keyip[i+1];
else if(i>4)
keyip[i] = keyip[i+1];
keyip[4]=t1,keyip[9]=t2;
nob--;
}}
void gen_keys() {
int key[10],i,keyip[10];
int p10[]={3,5,2,7,4,10,1,9,8,6},p8[]={6,3,7,4,8,5,10,9};
printf("Enter Key :");
for(i=0;i<10;i++)
scanf("%d", &key[i]);
for(i=0;i<10;i++) // Permutation P10
keyip[i] = key[p10[i]-1];
left_shift(keyip,1); // Left Shifting (Array,No of bts)
printf("\nKey1 :");
27

lOMoARcPSD|33022384
for(i=0;i<8;i++){ //Permuting P8 on key1
keys[0][i] = keyip[p8[i]-1]; // Key1 Generated!!
printf("%d",keys[0][i]); }
left_shift(keyip,2); // Generating Key2 . .
printf("\nKey2 :");
for(i=0;i<8;i++){
keys[1][i] = keyip[p8[i]-1]; // Key2 Generated!!
printf("%d",keys[1][i]);
}}
void En_De(int pt[],int c) {
int ip[]={2,6,3,1,4,8,5,7},ipi[]={4,1,3,5,7,2,8,6},t[8],i;
for(i=0;i<8;i++) // Performing Permutation on input bits!!
if(i<4)
l[i]=pt[ip[i]-1];
else
r[i-4] = pt[ip[i]-1];
cmp_fun(c); //Round 0+1 using key
0+1 for(i=0;i<4;i++) //Swapping left &
right r[i]=l[i]+r[i];
l[i]=r[i]-l[i];
r[i]=r[i]-l[i];
printf("\n\n");
cmp_fun(!c); // Round 1+1 wid key1+1 wid swapped bits
for(i=0;i<8;i++)
if(i<4) t[i]=l[i];
else
t[i]=r[i-4];
for(i=0;i<8;i++)
ct[i] = t[ipi[i]-1]; }
void main() {
int pt[8]={0},i;
28

lOMoARcPSD|33022384
clrscr();
printf("Enter plain text binary bits:");
for(i=0;i<8;i++)
scanf("%d",&pt[i]);
gen_keys(); // Generating Keys key1 & key2 En_De(pt,0); printf("\
nCipher Text :");
for(i=0;i<8;i++)
printf("%d",ct[i]); //Decrypting - - -
En_De(ct,1);
printf("\nPlain Text (After Decrypting):");
for(i=0;i<8;i++)
printf("%d",ct[i]);
getch();
OUTPUT:
29

lOMoARcPSD|33022384
CODE FOR AES:

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
public class HelloWorld {
public static void main(String[] args) throws Exception
{ String key =
"E1BB465D57CAE7ACDBBE8091F9CE83DF";
String plaintext = "<xml><tpPago>C</tpPago><amount>3441.16 </amount><urlResponse>

www.catwebuat.com.mx/corpora/auto/resultadoMIT.asp?webpay=1</urlResponse><referencia>6453
31840000</referencia><moneda>MXN</moneda><date_hour>2013-07-10T14:49:2405:00
<date_hour>";
String crp = encrypt(plaintext, key);
String dec = decrypt(crp, key);
//String key = "605bd70efed2c6374823b54bbc560b58";
//String plaintext = "5454545454545454";
//String crp = encrypt(plaintext, key);
//String dec = decrypt(crp, key);
System.out.println("Encrypt:" + crp );
System.out.println("Decrypt:" + dec); }
private static final String ALGORITMO = "AES/CBC/PKCS5Padding";
private static final String CODIFICACION = "UTF-8";
30
lOMoARcPSD|33022384
public static String encrypt(String plaintext, String key)throws NoSuchAlgorithmException,

NoSuchPaddingException,InvalidKeyException,IllegalBlockSizeException,BadPaddingException,
IOException{
byte[] raw = DatatypeConverter.parseHexBinary(key);
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance(ALGORITMO);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] cipherText = cipher.doFinal(plaintext.getBytes(CODIFICACION));
byte[] iv = cipher.getIV();
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
outputStream.write(iv);
outputStream.write(cipherText);
byte[] finalData = outputStream.toByteArray();
String encodedFinalData = DatatypeConverter.printBase64Binary(finalData);
return encodedFinalData;
public static String decrypt(String encodedInitialData, String key)throws InvalidKeyException,

IllegalBlockSizeException,BadPaddingException, UnsupportedEncodingException, NoSuchAlgo
rithm Exception, NoSuchPaddingException,InvalidAlgorithmParameterException{
byte[] encryptedData =DatatypeConverter.parseBase64Binary(encodedInitialData);
byte[] raw = DatatypeConverter.parseHexBinary(key);
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance(ALGORITMO);
byte[] iv = Arrays.copyOfRange(encryptedData, 0, 16);
byte[] cipherText = Arrays.copyOfRange(encryptedData, 16, encryptedData.length);
IvParameterSpec iv_specs = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv_specs);
byte[] plainTextBytes = cipher.doFinal(cipherText);
String plainText = new String(plainTextBytes);
return plainText;
}}
31

lOMoARcPSD|33022384
OUTPUT:
32

lOMoARcPSD|33022384
EXPERIMENT-5
AIM- Study of account and password management PAM, Password cracking.
PAM
The key is to get the importance of the word “Privileged.”
A privileged user is someone who has administrative access to critical systems. For instance, the
individual who can set up and delete email accounts on Microsoft Exchange Server is a privileged
user. The word is not accidental. Like any privilege, it should only be extended to trusted people.
Only those seen as responsible can be trusted with “root” privileges like the ability to change system
configurations, install software, change user accounts or access secure data. Of course, from a security
perspective, it never makes sense to unconditionally trust anyone. That’s why even trusted access
needs to be controlled and monitored. And, of course, privileges can be revoked at any time. The
nomenclature for his category of software is still in flux. Privileged Access Management is also often
referred to as “Privileged Account Management” or “Privileged Session Management”. For this
reason, the acronym PAM is sometimes also known as PSM or PxM.
Need for Privileged Access Management
 PAM keeps your organization safe from accidental or deliberate misuse of privileged access.
This is particularly relevant if your organization is growing. The bigger and more complex
your organization’s IT systems get, the more privileged users you have. These include
employees, contractors, remote or even automated users. Many organizations have 2-3 times
as many privileged users as employees!
 Some of these admin users can override existing security protocols. That’s a big vulnerability.
If administrators can make unauthorized system changes, access forbidden data, and then hide
their actions, you’re in trouble. Insider threats aside, this is a huge opportunity if an outside
attacker can gain access using these admin credentials. PAM solves this problem.
33

lOMoARcPSD|33022384
A PAM solution offers a secure, streamlined way to authorize and monitor all privileged
users for all relevant systems. PAM lets you:
 Grant privileges to users only for systems on which they are authorized.
 Grant access only when it’s needed and revoke access when the need expires.
 Avoid the need for privileged users to have or need local/direct system passwords.
 Centrally and quickly manage access over a disparate set of heterogeneous systems.
 Create an unalterable audit trail for any privileged operation.
Components of a PAM Solution
Privileged Access Management solutions vary in their architectures, but most offer the following
components working in concert:
1. Access Manager – This PAM module governs access to privileged accounts. It is a single
point of policy definition and policy enforcement for privileged access management. A
privileged user requests access to a system through the Access Manager. The Access Manager
knows which systems the user can access and at what level of privilege. A super admin can
add/modify/delete privileged user accounts on the Access Manager. This approach reduces
the risk that a former employee will retain access to a critical system. (This situation is far
more common that most IT manager would like to admit!)
2. Password Vault – The best PAM systems prevent privileged users from knowing the actual
passwords to critical systems. This prevents a manual override on a physical device, for
example. Instead, the PAM system keeps these passwords in a secure vault and opens access
to a system for the privileged user once he has cleared the Access Manager.
3. Session Manager – Access control is not enough. You need to know what a privileged user
actually did during an administrative session. A Session Manager tracks actions taken during
a privileged account session.
Difference between PAM and Identity Management
1. PAM is sometimes confused with the broader category of Identity Management (IdM). There
is some overlap, but the two subjects are separate and quite different. PAM is focused on
privileged user access. Identity management concerns authenticating and authorizing any user
who needs access to a system. A bank teller who logs into a banking application is
authenticated by an IdM solution such as Microsoft Active Directory. Active Directory, which
is based on the Lightweight Directory Access Protocol (LDAP) standard, is not well suited to
PAM. It’s a
34
lOMoARcPSD|33022384
great product. It’s just not meant to control privileged users. Not all devices with privileged
user accounts integrate easily with Active Directory, for example.
2. IdM solutions are also often designed with openness in mind. PAM tends to be closed, on
purpose.For instance, the OAuth standard enables an enterprise application to authorize
access to a mobile app belonging to a third party. (E.g. a bank system uses OAuth to permit a
mobile user to see the balance on a stock trading account managed by a different entity.) Or,
IdM solutions leverage “security assertions” like SAML to “vouch” for a system user as he or
she requests access to data belonging to third parties. PAM does not use security assertions or
third party authorization standards. They are neither needed nor wanted in PAM.
PASSWORD CRACKING
Password cracking is the process of attempting to gain Unauthorized access to restricted systems
using common passwords or algorithms that guess passwords. In other words, it’s an art of obtaining
the correct password that gives access to a system protected by an authentication method.
Password cracking employs a number of techniques to achieve its goals. The cracking process can
involve either comparing stored passwords against word list or use algorithms to generate passwords
that match
Here are the ten most common password cracking techniques in use:
1. Dictionary attack
This uses a simple file containing words that can, surprise surprise, be found in a dictionary.
In other words, if you will excuse the pun, this attack uses exactly the kind of words that
many people use as their password.
Cleverly grouping words together such as ‘letmein’ or ‘superadministratorguy’ will not prevent
your password from being cracked this way - well, not for more than a few extra seconds.
2. Brute force attack
This method is similar to the dictionary attack but with the added bonus, for the hacker, of
being able to detect non-dictionary words by working through all possible alpha-numeric
combinations from aaa1 to zzz10.
It’s not quick, provided your password is over a handful of characters long, but it will uncover
your password eventually. Brute force attacks can be shortened by throwing additional
computing horsepower, in terms of both processing power - including harnessing the power
of
35
lOMoARcPSD|33022384
your video card GPU - and machine numbers, such as using distributed computing models
and zombie botnets.
3. Rainbow table attack
A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted

password, used by most systems today - and that’s the hashes of all possible password
combinations for any given hashing algorithm. The time it takes to crack a password using a
rainbow table is reduced to the time it takes to look it up in the list.
However, the table itself will be huge and require some serious computing horse power to
run, and it’s useless if the hash it is trying to find has been ‘salted’ by adding random
characters to the password before applying the hashing algorithm.
4. Phishing
There's an easy way to hack: ask the user for his or her password. A phishing email leads the
unsuspecting reader to a faked online banking, payment or other site in order to login and put
right some terrible problem with their security.
Why bother going to the trouble of cracking the password when the user will happily give it
you anyway?
5. Social engineering
Social engineering takes the whole ‘ask the user’ concept outside of the inbox that phishing
tends to stick with and into the real world.
A favourite of the social engineer is to telephone an office posing as an IT security tech guy
and simply ask for the network access password. You’d be amazed how often this works.
Some even have the necessary gonads to don a suit and name badge before walking into a
business to ask the receptionist the same question face to face.
6. Malware
A key logger or screen scraper can be installed by malware which records everything you
type or takes screen shots during a login process, and then forwards a copy of this file to
hacker central.
Some malware will look for the existence of a web browser client password file and copy this
which, unless properly encrypted, will contain easily accessible saved passwords from the
user's browsing history.
36

lOMoARcPSD|33022384
7. Offline cracking
It’s easy to imagine that passwords are safe when the systems they protect lock out users after
three or four wrong guesses, blocking automated guessing applications. Well, that would be
true if it were not for the fact that most password hacking takes place offline, using a set of
hashes in a password file that has been ‘obtained’ from a compromised system.
Often the target in question has been compromised via an hack on a third party, which then
provides access to the system servers and those all-important user password hash files.
8. Shoulder surfing
The most confident of hackers will take the guise of a parcel courier, aircon service technician
or anything else that gets them access to an office building.
Once they are in, the service personnel ‘uniform’ provides a kind of free pass to wander
around unhindered, and make note of passwords being entered by genuine members of staff.
It also provides an excellent opportunity to eyeball all those post-it notes stuck to the front of
LCD screens with logins scribbled upon them.
9. Spidering
Savvy hackers have realised that many corporate passwords are made up of words that are
connected to the business itself. Studying corporate literature, website sales material and even
the websites of competitors and listed customers can provide the ammunition to build a
custom word list to use in a brute force attack.
Really savvy hackers have automated the process and let a spidering application, similar to
those employed by leading search engines to identify keywords, collect and collate the lists
for them.
10. Guess
The password cracker's best friend, of course, is the predictability of the user. Unless a truly
random password has been created using software dedicated to the task, a user generated
‘random’ password is unlikely to be anything of the sort.
Instead, thanks to our brains' emotional attachment to things we like, the chances are those
random passwords are based upon our interests, hobbies, pets, family and so on. In fact,
passwords tend to be based on all the things we like to chat about on social networks and even
include in our profiles. Password crackers are very likely to look at this information and make
a few - often correct - educated guesses when attempting to crack a consumer-level password
without resorting to dictionary or brute force attacks.
37

lOMoARcPSD|33022384
EXPERIMENT-6
AIM- To configure common services like IIS, Apache, Open SSH, WU-FTP.
IIS
Installing IIS 7 on Windows Server 2008
Since the IIS web server is not installed by default, the first thing we have to do is install IIS as a
role for the server we are working on.
1. Click on Start -> Administrative Tools -> Server Manager
2. In Server Manager scroll down to Roles Summary, and click on Add Roles
38

lOMoARcPSD|33022384
3. The Add Roles Wizard starts at this point and warns you that if you are going to add a role to
make sure:
 The administrator account has a strong password
 Network settings, such as static IP, are configured
 The latest security updates from Windows Updates are installed
4. Click Next to go the Add Server Role page. Place a checkmark next to Web Server (IIS)
and then click on the button Next
39

lOMoARcPSD|33022384
5. The next page will give you some basic information on IIS Web Servers and a few links with
extra information if needed. Click on the button Next to continue
6. The next window is the Select Role Services. This very important screen will allow you to
add only the modules necessary for your planned installation of IIS. When you choose a
module in this screen in the upper right corner you will get more information about what the
module is for. For our example we are going to load the following modules:
 Static Content - Lets the Web server publish static Web file formats, such as HTML
pages and image files. Use Static Content to publish files on your Web server that
users can view using a Web browser.
40

lOMoARcPSD|33022384
 Default Document - Lets you configure a default file for the Web server to return
when users do not specify a file in a URL. Default Documents make it easier and
more convenient for users to reach your Web site.
 HTTP Errors - Allows you to customize the error messages returned to users'
browsers when the Web server detects a fault condition. Use HTTP Errors to provide
users with a better user experience when they run up against an error message.
Consider providing users with an e-mail address for staff who can help them resolve
the error.
 HTTP Redirection - Provides support to redirect user requests to a specific
destination. Use HTTP redirection whenever you want customers who are using one
URL to actually end up at another URL. This is helpful in many situations, from
simply renaming your Web site, to overcoming a domain name that is difficult to
spell, or forcing clients to use a secure channel.
 HTTP Logging - Provides logging of Web site activity for this server. When a
loggable event, usually an HTTP transaction, occurs, IIS calls the selected logging
module, which then writes to one of the logs stored in the files system of the Web
server. These logs are in addition to those provided by the operating system.
 Request Filtering - Screens all incoming requests to the server and filters these
requests based on rules set by the administrator. Many malicious attacks share
common characteristics, like extremely long requests, or requests for an unusual
action. By filtering requests, you can attempt to mitigate the impact of these types of
attacks.
 IIS Management Console - Provides infrastructure to manage IIS 7 by using a user
interface. You can use the IIS management console to manage a local or remote Web
server that runs IIS 7. To manage SMTP or FTP, you must install and use the IIS 6
Management Console.
41

lOMoARcPSD|33022384
7. Click Next to get to the Confirm Installation Selections screen to verify your chosen settings.
8. Click Install and installation will start
9. After installation you should see the Installation Results page. Click Close to finish the
process.
42

lOMoARcPSD|33022384
10. In the Server Manager window, under Roles Summary, you should now see Web Server
(IIS)
11. Let's go ahead and open IIS Manager by going to Start -> Administrative Tools ->
Internet Information Services (IIS) Manager
43

lOMoARcPSD|33022384
12. Once IIS Manager opens, expand out the web server and then expand the Sites folder. Right
click on sites and then click on Add Web Site
13. In the Add Web Site window we have some basic information to fill out for a static site:
 Site Name - Name of the site, this will be either domain.com or *.domain.com (Where
* would represent a sub domain name such as www or blog for example)
 Physical Path - The location on the local server that will hold the files for the
website. If you did not set this up beforehand you can create a folder through this
interface
 Type - choose either http or https depending on whether your site will use Secure
Socket Layer (SSL) certificate or not
44

lOMoARcPSD|33022384
 IP Address - From the dropdown you can specify what IP the website should answer
on or use the default switch of All Unassigned
 Host Name – If you would like this site to respond to other domain names you can
put these here
14. You have now installed IIS 7 and configured a static website. Just place your html files in the
directory you specified when creating the site and you are good to go.
45

lOMoARcPSD|33022384
Apache
Apache is a freely available Web server that is distributed under an "open source" license. Version
2.0 runs on most UNIX-based operating systems (such as Linux, Solaris, Digital UNIX, and AIX), on
other UNIX/POSIX-derived systems (such as Rhapsody, BeOS, and BS2000/OSD), on AmigaOS,
and on Windows 2000. According to a Netcraft (www.netcraft.com) Web server survey 60% of all
Web sites on the Internet are using Apache (62% including Apache derivatives), making Apache more
widely used than all other Web servers combined.
Apache is the most popular web server on the internet. It is used to serve more than half of all active
websites.
Although there are many viable web servers that will serve your content, it is helpful to understand
how Apache works because of its ubiquity.
In this article, we will examine some general configuration files and options that can be controlled
within them. This article will follow the Ubuntu/Debian layout of Apache files, which is different
from how other distributions build the configuration hierarchy.
How to Install Apache on Ubuntu and Debian
 If you do not already have Apache installed, you can do so now by issuing the following
commands:
sudo apt-get update sudo apt-get install apache2
 This is all that is necessary to have a working web server. If you visit your VPS's IP address in
a web browser, you will get the default Apache index page:
your_domain_name_or_ip_address It works!
 This is the default web page for this server.

 The web server software is running but no content has been added, yet.
The Apache File Hierarchy in Ubuntu and Debian
On Ubuntu and Debian, Apache keeps its main configuration files within the "/etc/apache2" folder:
cd /etc/apache2 ls -F apache2.conf envvars magic mods-enabled/sites-available/ conf.d/httpd.conf
mods-available/ ports.conf sites-enabled/
46

lOMoARcPSD|33022384
There are a number of plain text files and some sub-directories in this directory. These are some of
the more useful locations to be familiar with:
 apache2.conf: This is the main configuration file for the server. Almost all configuration can
be done from within this file, although it is recommended to use separate, designated files for
simplicity. This file will configure defaults and be the central point of access for the server to
read configuration details.
 ports.conf: This file is used to specify the ports that virtual hosts should listen on. Be sure to
check that this file is correct if you are configuring SSL.
 conf.d/: This directory is used for controlling specific aspects of the Apache configuration. For
example, it is often used to define SSL configuration and default security choices.
 sites-available/: This directory contains all of the virtual host files that define different web
sites. These will establish which content gets served for which requests. These are available
configurations, not active configurations.
 sites-enabled/: This directory establishes which virtual host definitions are actually being used.
Usually, this directory consists of symbolic links to files defined in the "sitesavailable"
directory.
 mods-[enabled,available]/: These directories are similar in function to the sites directories, but
they define modules that can be optionally loaded instead.
As you can see, Apache configuration does not take place in a single monolithic file, but instead
happens through a modular design where new files can be added and modified as needed.
Open SSH
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all
traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH
provides a large suite of secure tunneling capabilities, several authentication methods, and
sophisticated configuration options.
The OpenSSH suite consists of the following tools:
 Remote operations are done using ssh, scp, and sftp.

 Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
 The service side consists of sshd, sftp-server, and ssh-agent.
OpenSSH is developed by a few developers of the OpenBSDProject and made available under a
BSD-style license.OpenSSH is incorporated into many commercial products, but very few of those
companies assist OpenSSH with funding.
47
lOMoARcPSD|33022384
Steps to configure Open SSH in Linux are as follows:
 In order to run an OpenSSH server, you must have the openssh-server package installed.
 To start the sshd daemon in the current session, type the following at a shell prompt as root:
~]# systemctl start sshd.service
 To stop the running sshd daemon in the current session, use the following command as root:
~]# systemctl stopsshd.service
 If you want the daemon to start automatically at the boot time, type as root:
~]# systemctl enable sshd.service ln -s'/usr/lib/systemd/system/sshd.service'

'/etc/systemd/system/multi-user.target.wants/sshd.service'
WU-FTP
Wuarchive-ftpd, more affectionately known as WU-FTPD, is a replacement ftp daemon for Unix
systems developed at Washington University (*.wustl.edu) by Chris Myers and later by Bryan D.
O'Connor (who are no longer working on it or supporting it!). WU-FTPD is the most popular ftp
daemon on the Internet, used on many anonymous ftp sites all around the world.
There are three kinds of FTP logins that wu-ftpd provides:
 anonymous FTP
 real FTP
 guest FTP
Anonymous FTP is well known; one logs in with the username 'anonymous' and an email type
password.
Real FTP is when someone logs in with a real username and password and has access to the entire
disk structure. This form of access can be extremely dangerous to system security and should be
avoided unless absolutely necessary and well controlled.
Guest FTP is a form of real FTP; one logs in with a real user name and password, but the user is
chroot'ed to his home directory and cannot escape from it. This is much safer, and it is a useful way
for remote clients to maintain their Web accounts.
Steps to configure WU-FTP are as follows:
 Click on the Anonymous FTP icon on the module's main page.
48

lOMoARcPSD|33022384
 The Anonymous FTP root directories table allows you to specify different roots to be used for
different classes of client. Any existing directories (apart from the default of ~ftp) are listed in
the table for editing, and there will always be one empty row for adding a new one. As soon as
an entry is added it will replace the default, so be sure to explicitly add it if you want it to
continue working. If you want to add more than one directory, you will need to save and re-
open this page so that a new blank row appears. Each row has two fields, namely: Directory In
this field you must enter full path to a valid anonymous FTP directory (one that contains etc,
bin, lib and pub subdirectories and all the needed programs). For class from this menu you must
choose a client class to that the directory should be used for, assuming that clients in that class
login anonymously. If Any is selected it will be used for clients not in any other class in this
table. See the “Managing user classes” section for details on how to define your own classes.
 When a user logs in to your FTP server anonymously, they must still supply a password even
though it is not used for authentication. Typically this password is the user's email address,
which can be used to get a rough idea of what domain clients are coming from. However, for
privacy reasons many modern FTP clients and browsers do not send a real email address
anymore, instead logging in with a fake one like mozilla@example.com. You can configure
WU-FTPD to check the format of anonymous login passwords to make sure that they look like
email addresses using the Anonymous FTP password checkfield on this page. If Default is
selected, no checking will be done. However, if the second option is chosen the level of
checking depends on the choice that you make from its menu: Allow anything Any password is
allowed, even a blank one (this is the same as the default mode). Must contain @ The password
must contain the @ symbol. Must be an RFC882 email address The password must look like a
valid email address, with letters and numbers before and after an @. The second menu
determines whether the FTP server just warns clients that violate the check (if Warn only is
chosen), or blocks them altogether (if Deny login is selected).
 To block certain anonymous passwords altogether (even if they are valid), fill in the
Anonymous FTP passwords to deny field with a list of complete or partial email addresses.
This can be useful for blocking FTP clients that are configured by default to use a fake address.
However, I recommend against using this feature as it will block a lot of people, especially
those using web browsers.
 Hit the Save button at the bottom of the page to activate the new anonymous FTP settings.
49

lOMoARcPSD|33022384
EXPERIMENT-7
AIM- Study of Security analysis tools: Nessus, Microsoft baseline security analyzer
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is a software tool that helps determine the
security of your Windows computer based on Microsoft’s security recommendations. MBSA can be
used to improve your security management process by analyzing a computer or a group of computers
and detecting missing patches/updates and common security misconfigurations. After you run a
MBSA scan, the tool will provide you with specific suggestions for remediating security
vulnerabilities. An MBSA scan can reduce and eliminate possible threats caused by security
configuration problems and missing security updates. This document explains how to use MBSA
from the graphical user interface (GUI).
Getting Started
Before installing MBSA, make sure that your computer meets the following minimum requirements:
 In order to perform a scan, you MUST have administrator privileges.

 Software:
 Operating System: Visit Microsoft for a list of supported operating systems. o
Microsoft Office: Visit Microsoft for a list of supported versions of Microsoft Office.
 The latest Windows Update Agent (WUA) client; MBSA automatically updates
computers that need an updated WUA client if the option Configure computers for
Microsoft Update and scanning prerequisites is selected.
 IIS 5.0, 5.1 or 6.0 (required for IIS vulnerability checks).
 SQL Server 2000 or MSDE 2.0 (required for SQL vulnerability checks).
 MBSA performs the following actions during a scan:

 Checks for available updates to the operating system, Microsoft Data Access
Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL
Server.
50

lOMoARcPSD|33022384
 Scans a computer for insecure configuration settings. When MBSA checks for
Windows service packs and patches, it includes in its scan Windows components, such
as Internet Information Services (IIS) and COM+.
 Uses Microsoft Update and Windows Server Update Services (WSUS) technologies to
determine what updates are needed.
Tenable Network Security Nessus
Nessus is a well-known vulnerability scanner. It is easily deployed and has an extensive set of plug-
ins to detect thousands of operating system and application vulnerabilities. Each plug-in is well
documented and includes industry references to obtain more information.
Nessus is frequently used as a network vulnerability scanner to scan networks for active hosts,
discover listening services, and probe services for vulnerabilities. This is effective even without the
advantage of credentials. With SMB or Secure Shell (SSH) credentials it becomes an effective
vulnerability, configuration, and patch assessment tool for Windows and UNIX based systems. If
already using it for network vulnerability scanning it may not need any additional firewall allowances
to support the patch assessment capabilities. Nessus needs to be able to access the remote registry
service and can optionally start and stop this service if it is not already enabled on target hosts.
Creation of a Nessus scan job involves identifying target systems and choosing a scan policy. Nessus
has a policy wizard with a specific template geared toward patch audits. This template will assure that
any plug-in dependencies are satisfied to ensure reliable results. As plug-ins are executed against a
host, they create a knowledgebase of information that is used to execute additional dependent plug-
ins. When conducting Windows patch audits with Nessus, look for successful evaluation of the
Microsoft Patch Bulletin Feasibility Check plug-in. This plug-in confirms that the credentials are
valid and the configuration of the target systems is such that a patch audit is feasible and results will
be accurate. The patch audit plug-ins utput identifies the file version information for missing patches.
Nessus can export scan results in various levels of detail and in multiple formats.
Microsoft has released an updated version of Internet Information Services (IIS) Lockdown Tool 2.1,
which provides templates for the major IIS-dependent Microsoft products. The IIS Lockdown Tool
functions by turning off unnecessary features. This reduces the attack surface available to an attacker.
To provide in-depth defense or multiple layers of protection against an attacker, URLscan, with
customized templates for each supported server role, has been integrated into the IIS Lockdown Tool.
However, to help keep your server secure and to stay protected against known security vulnerabilities,
you must install all critical updates.
51

lOMoARcPSD|33022384
All the default security-related configuration settings in IIS versions 6.0 and 7.0 meet or exceed the
security configuration settings made by the IIS Lockdown tool. Therefore, you do not have to run this
tool on Web servers that are running IIS version 6.0 or 7.0. However, if you are upgrading from an
earlier version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the
security of your Web server.
Here is a list of the new features in IIS Lockdown Tool 2.1
 Server roles: Version 2.1 is driven by supplied templates for the major IIS-dependent
microsoft products. These include Microsoft Exchange Server 5.5 and Exchange 2000 Server,
Microsoft Commerce Server, Microsoft BizTalk Server, Microsoft Small Business Server 4.5
and 2000, Microsoft SharePoint Portal Server, Microsoft FrontPage Server Extensions, and
SharePoint Team Services.
 URLscan integration, with customized templates for each supported server role: This
integration enables the IIS Lockdown Tool to provide additional security enforced by URLscan
without requiring the administrator to design a custom URLscan filter for the particular server
configuration and application.
 Ability to remove or disable IIS services: Services such as HTTP, FTP, SMTP, and NNTP
can be removed or disabled.
 Support for scripted or unattended installation: The tool can read from an answer file.
 Redesigned user interface and fixes: In response to user feedback, the IIS Lockdown Tool
offers an improved user experience.
52

lOMoARcPSD|33022384
EXPERIMENT-8
AIM- Study of Security configuration tools: Bastile, Microsoft IIS lockdown tool.
Bastille System Lockdown tool
Bastille is a system-hardening/lockdown program that enhances the security of a Unix host. It

configures daemons, system settings and firewalls to be more secure. It can shut off unneeded
services and r-tools like rcp and rlogin, and helps create "chroot jails" that help limit the vulnerability
of common Internet services, like Web servers and DNS. This tool currently hardens Red Hat 6.0-8.0,
Mandrake 6.0-8.1, HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. It is currently being tested on
Debian, SuSE, and Turbo Linux.
The utility includes a policy/configuration-selection interface, a configuration engine and a reporting

module. The primary profile-building interface is an X interface via Perl/Tk. There is also a text-
based Perl/Curses interface for Linux. The tool can be used interactively and noninteractively (when
the policy-application engine is used directly). Used interactively, to build system-security
configurations, Bastille has been designed to explain security issues to system administrators, then let
them decide how to let the tool handle them. This both secures the system and educates the
administrator. When the configuration engine is used directly, the utility is useful for duplicating a
security configuration on multiple machines.
When used interactively (bastille, bastille -x, or bastille -c), the user interface guides you through a
series of questions. Each step contains a description of a security decision involved in hardening a
Unix system. Each question describes the cost/benefit of each decision. The Tk interface gives you
the option to skip to another question module and return to the current module later. The X interface
provides "Completed Indicators" to show you which question modules are complete. After you have
answered all of the questions, the interface then provides automated support in performing lockdown
steps. After performing the steps Bastille can perform automatically, the utility produces a "to-do" list
that describes remaining actions you must perform manually to ensure their system is secure.
Security hardening can also be performed directly through the configuration engine (bastille -b) using
the default or an alternate configuration (bastille -b -f file) (see the config file in the FILES section
below for the default location). This method is useful for duplicating a particular security
configuration on multiple machines. Before using the configuration engine directly, a
configuration file must be
53
lOMoARcPSD|33022384
created by using Bastille interactively. After the configuration file is created, copy it to the other
systems, install Bastille Unix on those systems, then run the configuration engine on those systems.
Bastille draws from many major reputable sources on Unix Security. The initial development
integrated Jay Beale's existing O/S hardening experience for Solaris and Linux with most major
points from the SANS' Securing Linux Step by Step and Kurt Seifried's Linux Administrator's
Security Guide. Later versions incorporated suggestions from the HP-UX Bastion Host Whitepaper,
Center for Internet Security, and other sources.
To ensure that Bastille is used as safely as possible, please:
 Let the developers know about any impacts you discover which aren't mentioned in the
question text for possible inclusion in future revisions of the questions text.
 Test Bastille configurations in a non-production environment first, with the application stack
fully functionally tested after lockdown before deployment in a production environment. The
characterization of consequences is known to be incomplete, especially for general purpose
systems.
Options
Bastill recognizes the following options
 -b : Run in batch mode. This option takes the answers that were created interactively and
applies them to the machine.
 -c: Linux Only. Bring up the text interface of the interactive portion of Bastille. It is
implemented with the Perl/Curses module, which must be installed separately if it did not come
with your version of Perl.
 -f : alternate_config_file. Use an alternate config file versus the default location.
 -l: List applied configuration files. List the configuration files in the configuration file directory
that matches the one last used.
 --assess: Run Bastille in assessment-only mode so that it investigates the state of hardening,
reports on such and generates a score. No changes are made to the system. It generates HTML
and text reports and a Bastille configuration file.
For each question, Bastille generates one of the following results:
 Secure
The associated Bastille lockdown has been applied to the product or service shipped with HP-
UX. Bastille may not always correctly detect the status of products or services that are not
shipped with the HP-UX OE. Also, Bastille may not detect all variations of the possible ways
to
54
lOMoARcPSD|33022384
disable or enable a service or feature. It will detect if Bastille did so, and will likely detect
configuration made in accepted, standard ways.
 Not Secure
The question configuration has not been applied.
 Manual
Bastille had performed a partial configuration; leaving the user with some actions needed to
complete the configuration. These actions are listed in the TODO file listed below.
 Inconsistent
Bastille can not tell the status. Usually, this is do to the system being in an inconsistent state.
For example, Bastille would return this status of a service running in the process list, but
configured on disk to be off. Note, there are some cases where inconsistent states that Bastille
can not detect could be created on the system, so if the administrator has made changes to the
system, and needs to rely on Bastille results, the system should be rebooted first to ensure the
configuration is consistent. This caveat does not apply to Bastille initiated actions.
N/A: S/W Not Installed
This indicates that the relevant software is not installed, so there is no need to lock down the
given item, but care should be taken when the software is installed to lock it down at that point.
Set to value
This indicates a non-boolean setting.
Not Defined
This indicates a non-boolean setting that has not been set yet. Thus the system default settings
apply. In the case of later HP-UX versions, default account security settings are often found in
the /etc/security.dsc file.
See the FILES section for location. The HTML version of the report is shown in a browser if
either a graphical or text browser can be found.
--assessnobrowser
Same as --assess, except that the report is not displayed in a browser.
--os[ version ]
Explicitly set the operating system version while generating a configuration file. By setting the
operating system version, all questions valid for that operating system will be asked and
configuration files can be generated for any version Bastille recognizes. For a complete list of
operating system versions type bastille -x --os.
55

lOMoARcPSD|33022384
 Diagnostics
$DISPLAY not set, cannot use X interface...
You explicitly asked for the X interface using the -x option, but the DISPLAY environment
variable was not set. Set the environment variable to the desired display to correct the problem.
System is in original state...
You attempted to revert the files that Bastille changes with the -r option, but there were no
changes to revert.
Must run Bastille as root
Bastille must run as the root user, since the changes it makes configure the machine.
 Troubleshooting
Error messages that cite problems with opening, copying, or reading files usually relate to NFS
file systems that do not trust the root user on the local machine. Please see the options
parameter in the fstab(4) manpage for details. Errors that complain about individual
configuration files indicate that a system has been too heavily modified for Bastille to make
effective changes, or that the files, locations, or permissions of the Bastille installation
directories have been changed.If Bastille is unable to complete a lockdown, you should receive
errors or warnings. Analyze the errors or warnings to determine if your lockdown was
successfully applied. You may use the -assess option to aid in this diagnostic. Once the system
state that caused the abort is fixed, run bastille again to complete the lockdown. This helps
avoid cases where an incomplete lockdown can contribute to an inconsistent system
configuration.
Microsoft IIS Lockdown tool
Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista Microsoft has released
an updated version of Internet Information Services (IIS) Lockdown Tool 2.1, which provides
templates for the major IIS-dependent Microsoft products. The IIS Lockdown Tool functions by
turning off unnecessary features. This reduces the attack surface available to an attacker. To provide
in-depth defense or multiple layers of protection against an attacker, URLscan, with customized
templates for each supported server role, has been integrated into the IIS Lockdown Tool.
However, to help keep your server secure and to stay protected against known security vulnerabilities,
you must install all critical updates.
All the default security-related configuration settings in IIS versions 6.0 and 7.0 meet or exceed the
security configuration settings made by the IIS Lockdown tool. Therefore, you do not have to run this
tool on Web servers that are running IIS version 6.0 or 7.0. However, if you are upgrading from an
56
lOMoARcPSD|33022384
earlier version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the
security of your Web server.
Here is a list of the new features in IIS Lockdown Tool 2.1:
 Server roles. Version 2.1 is driven by supplied templates for the major IIS-dependent Microsoft
products. These include Microsoft Exchange Server 5.5 and Exchange 2000 Server, Microsoft
Commerce Server, Microsoft BizTalk Server, Microsoft Small Business Server 4.5 and 2000,
Microsoft SharePoint Portal Server, Microsoft FrontPage Server Extensions, and SharePoint
Team Services.
 URLscan integration, with customized templates for each supported server role. This
integration enables the IIS Lockdown Tool to provide additional security enforced by URLscan
without requiring the administrator to design a custom URLscan filter for the particular server
configuration and application.
 Ability to remove or disable IIS services. Services such as HTTP, FTP, SMTP, and NNTP can
be removed or disabled.
Support for scripted or unattended installation. The tool can read from an answer file.
57

lOMoARcPSD|33022384
EXPERIMENT-9
AIM- To identify an organization’s firewall IP address.
Firewall
A firewall is a network security system, either hardware- or software-based, that uses rules to control
incoming and outgoing network traffic.
A firewall acts as a barrier between a trusted network and an untrusted network. A firewall controls
access to the resources of a network through a positive control model. This means that the only traffic
allowed onto the network is defined in the firewall policy; all other traffic is denied.
History and types of firewalls
Computer security borrowed the term firewall from firefighting and fire prevention, where a
firewall is a barrier established to prevent the spread of fire.
When organizations began moving from mainframe computers and dumb clients to the clientserver
model, the ability to control access to the server became a priority. Before firewalls emerged in the
late 1980s, the only real form of network security was performed by access control lists (ACLs)
residing on routers. ACLs determined which IP addresses were granted or denied access to the
network.
The growth of the Internet and the resulting increased connectivity of networks meant that this type
of filtering was no longer enough to keep out malicious traffic as only basic information about
network traffic is contained in the packet headers. Digital Equipment Corp. shipped the first
commercial firewall (DEC SEAL in 1992) and firewall technology has since evolved to combat the
increasing sophistication of cyberattacks.
 Packet firewalls
The earliest firewalls functioned as packet filters, inspecting the packets that are transferred
between computers on the Internet. When a packet passes through a packet-filter firewall, its
source and destination address, protocol, and destination port number are checked against the
firewall's rule set. Any packets that aren't specifically allowed onto the network are dropped
(i.e., not forwarded to their destination). For example, if a firewall is configured with a rule to
block Telnet access, then the firewall will drop packets destined for TCP port number 23, the
port where
58
lOMoARcPSD|33022384
a Telnet server application would be listening. Packet-filter firewalls work mainly on the first
three layers of the OSI reference model (physical, data-link and network), although the
transport layer is used to obtain the source and destination port numbers. While generally fast
and efficient, they have no ability to tell whether a packet is part of an existing stream of traffic.
Because they treat each packet in isolation, this makes them vulnerable to spoofing attacks and
also limits their ability to make more complex decisions based on what stage communications
between hosts are at.
 Stateful firewalls
In order to recognize a packet's connection state, a firewall needs to record all connections
passing through it to ensure it has enough information to assess whether a packet is the start of
a new connection, a part of an existing connection, or not part of any connection. This is what's
called "stateful packet inspection." Stateful inspection was first introduced in 1994 by Check
Point Software in its FireWall-1 software firewall, and by the late 1990s, it was a common
firewall product feature. This additional information can be used to grant or reject access based
on the packet's history in the state table, and to speed up packet processing; that way, packets
that are part of an existing connection based on the firewall's state table can be allowed through
without further analysis. If a packet does not match an existing connection, it's evaluated
according to the rule set for new connections.
 Application-layer firewalls
As attacks against Web servers became more common, so too did the need for a firewall that
could protect servers and the applications running on them, not merely the network resources
behind them. Application-layer firewall technology first emerged in 1999, enabling firewalls to
inspect and filter packets on any OSI layer up to the application layer.
The key benefit of application-layer filtering is the ability to block specific content, such as
known malware or certain websites, and recognize when certain applications and protocols --
such as HTTP, FTP and DNS -- are being misused. Firewall technology is now incorporated
into a variety of devices; many routers that pass data between networks contain firewall
components and most home computer operating systems include software-based firewalls.
Many hardware- based firewalls also provide additional functionality like basic routing to the
internal network they protect.
 Proxy firewalls
Firewall proxy servers also operate at the firewall's application layer, acting as an intermediary
for requests from one network to another for a specific network application. A proxy firewall
prevents direct connections between either sides of the firewall; both sides are forced to
conduct
59
lOMoARcPSD|33022384
the session through the proxy, which can block or allow traffic based on its rule set. A proxy
service must be run for each type of Internet application the firewall will support, such as an
HTTP proxy for Web services.
IP Address
This definition is based on Internet Protocol Version 4. See Internet Protocol Version 6 (IPv6) for a
description of the newer 128-bit IP address. Note that the system of IP address classes described here,
while forming the basis for IP address assignment, is generally bypassed today by use of Classless
Inter-Domain Routing (CIDR) addressing.
In the most widely installed level of the Internet Protocol (IP) today, an IP address is a 32-bit number
that identifies each sender or receiver of information that is sent in packets across the
Internet. When you request an HTML page or send e-mail, the Internet Protocol part of TCP/IP
includes your IP address in the message (actually, in each of the packets if more than one is required)
and sends it to the IP address that is obtained by looking up the domain name in the Uniform
Resource Locator you requested or in the e-mail address you're sending a note to. At the other end,
the recipient can see the IP address of the Web page requestor or the e-mail sender and can respond
by sending another message using the IP address it received.
An IP address has two parts: the identifier of a particular network on the Internet and an identifier of
the particular device (which can be a server or a workstation) within that network. On the Internet
itself
- that is, between the router that move packets from one point to another along the route - only the
network part of the address is looked at.
The Network Part of the IP Address
The Internet is really the interconnection of many individual networks (it's sometimes referred to as
an internetwork). So the Internet Protocol (IP) is basically the set of rules for one network
communicating with any other (or occasionally, for broadcast messages, all other networks). Each
network must know its own address on the Internet and that of any other networks with which it
communicates. To be part of the Internet, an organization needs an Internet network number, which
it can request from the Network Information Center (NIC). This unique network number is included
in any packet sent out of the network onto the Internet.
The Local or Host Part of the IP Address
In addition to the network address or number, information is needed about which specific machine
or host in a network is sending or receiving a message. So the IP address needs both the unique
60
lOMoARcPSD|33022384
network number and a host number (which is unique within the network). (The host number is
sometimes called a local or machine address.)
IP Address Classes and Their Formats
Since networks vary in size, there are four different address formats or classes to consider when
applying to NIC for a network number:
 Class A addresses are for large networks with many devices.

 Class B addresses are for medium-sized networks.
 Class C addresses are for small networks (fewer than 256 devices).
 Class D addresses are multicast addresses.
Relationship of the IP Address to the Physical Address
The machine or physical address used within an organization's local area networks may be different
from the Internet's IP address. The most typical example is the 48-bit Ethernet address. TCP/IP
includes a facility called the Address Resolution Protocol (ARP) that lets the administrator create a
table that maps IP addresses to physical addresses. The table is known as the ARP cache.
Static versus Dynamic IP Addresses
The discussion above assumes that IP addresses are assigned on a static basis. In fact, many IP
addresses are assigned dynamically from a pool. Many corporate networks and online services
economize on the number of IP addresses they use by sharing a pool of IP addresses among a large
number of users. If you're an America Online user, for example, your IP address will vary from one
logon session to the next because AOL is assigning it to you from a pool that is much smaller than
AOL's base of subscribers.
The steps to find the IP address of an organizational firewall are as follows:
 Depending upon the ASA configuration it might accepttelnet or ssh.

 To track-down the IP address of the firewall you should:
1. Physically locate which physical port the ASA is plugged into the Cisco switch.
2. From the Cisco switch run the following command: sh mac-address-table interface
<interface the ASA is plugged into>.
3. This command will display a MAC address the switch has learned for the ASA.
4. Take this MAC address and perform the following command: showiparp | include
<MAC address of ASA>.
5. This should then tell you what the IP address the switch has learned for the
adjoining device (ASA).
61

lOMoARcPSD|33022384
EXPERIMENT-10
AIM- To determine an organization's Firewall Access Control.
Firewall can be used to control user’s access to the Internet. To configure it following steps should be
taken.
Block a computer whose IP is 192.168.1.100 to access the Internet from 00:00 to 06:00. According to
the purpose above, some necessary Parameters should be needed and clarified during the whole
configuration process. They are:
 Rule Type: Block

 LAN Host: 192.168.1.100
 Target: Internet
 Schedule: 00:00~06:00
 After having the above information, you can start the configuration on TD-W8968.
Step 1. Login to Modem Router’s configuration page.

Open your web browser and type the LAN IP address of the router in the address bar
(the default IP address of TP-Link Modem router is http: //192.168.1.1.), then press
Enter.
Step 2. The Firewall settings are based on the modem’s time, rather than PC’s, so firstly we
should adjust the modem’s time consisting with the PC’s.Go to System Tools-> Time
Settings-> Get from PC> Save
Step 3. Go to Firewall -> LAN Host and click Add New.1
Step 4. Select the IP Address in Mode field, then enter a brief description of the rule you are
setting up, here we take LAN as example. And type the IP range or specific one
which you want to block in IP Address bar.
62

lOMoARcPSD|33022384
Step 5. Note: Leave the Port blank.

Step 6. Go to Firewall -> Schedule and click Add New.
Step 7. Select the Day mode, then enter a brief description of the rule you are setting up. You
can select the certain day (s), or choose Each day. What’s more, you can also select
the certain time to get onto the Internet, specify the Start Time and Stop Time
yourself, here we set the period as 00:00~06:00. And Click Save to save the settings.
Step 8. Go to Firewall -> Rule select Enable Firewall and tick Allow then click Save.
63

Cns File HHH Cryptography and Network Security File 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cns File HHH Cryptography and Network Security File 2

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|33022384

CNS File hhh - Cryptography and Network Security File

Cryptography and Network Security (Maharaja Surajmal Institute of Technology)

Studocu is not sponsored or endorsed by any college or university

MAHARAJA SURAJMAL INSTITUTE OF

CRYPTOGRAPHY AND NETWORK SECURITY

Submitted to:- NAME- Harsh

Downloaded by HARDIK SHARMA

Downloaded by HARDIK SHARMA

AIM- Test the program to implement Monoalphabetic substitution.

//char sp=" ";

cout<<"\nEnter the key - ";

cout<<"\nEnter the text - "; gets(text);

cout<<"\n1. Encryption\n2. Decryption\n";

cout<<"\nEnter your choice - ";

cout<<"\nThe text after encryption is - ";

Downloaded by HARDIK SHARMA

cout<<"\nThe text after decryption is - ";

default: cout<<"Wrong choice!!";

Downloaded by HARDIK SHARMA

AIM- Test the program to implement Polyalphabetic substitution (Playfair algorithm).

The development of Polyalphabetic Substitution Ciphers was the cryptographers answer to

How this Cipher Works

1. Pick a keyword (for our example, the keyword will be "MEC").

How to crack this cipher:

#include<stdio.h> #include<stdlib.h> void main(){

Downloaded by HARDIK SHARMA

cout<<"\n\nPLAYFAIR ALGORITHM FOR ENCRYPTION\n\n";

cout<<"Enter the keyword(without spaces and repitition of letters) :"<<endl;

cout<<"Enter the string to encrypt(without punctuation marks) :"<<endl;

//for making keysquare

Downloaded by HARDIK SHARMA

//end of making square

else if(text[i]==' '){

Downloaded by HARDIK SHARMA

int el=j; //length of extra array

Downloaded by HARDIK SHARMA

Downloaded by HARDIK SHARMA

Downloaded by HARDIK SHARMA

//end of encryption cout<<"\n\

Downloaded by HARDIK SHARMA

Downloaded by HARDIK SHARMA

Downloaded by HARDIK SHARMA

AIM- Write a program in NS 3 to create Wifi Simple Adhoc Mode

char gg='a',hh='a'; char zz='z';

cout<<"\n\nVIGENERE CIPHER ENCODING\n\n";

cout<<"\nEnter the key - ";

cout<<"\nEnter the text - ";

Downloaded by HARDIK SHARMA

cout<<"\nCIPHER TEXT: ";

cout<<" "; break; }

Downloaded by HARDIK SHARMA

Now number the letters in the keyword in alphabetical order.

Downloaded by HARDIK SHARMA

void cipher(inti,int c);

char *message,*dmessage; inti,j,klen,emlen,flag=0;

printf("Enetr the key\n");

printf("\nEnter message to be ciphered\n");

Downloaded by HARDIK SHARMA

nEncrypted message is\n");

printf("%c", emessage[i]); printf("\

emlen=strlen(emessage); //emlen is length of encrypted message

//rows is no of row of the array to made from ciphered message

char message,dmessage; inti,j,klen,emlen,flag=0;