Professional Documents
Culture Documents
Eh Record 21aia30
Eh Record 21aia30
Technology
(Affiliated to ANNA University, Chennai and Approved by AICTE, New Delhi)
365, KGiSL Campus, Thudiyalur Road, Saravanampatti
Coimbatore – 641035
Name :
Register Number :
Regulation : R-2021
NAME :
PAGE MARKS
EX.NO DATE DESCRIPTIONOF THE CONTENT SIGNATURE
NO.
1 Install Kali
2 Basics of Reconnaissance
AIM:
To successfully install Kali Linux, a specialized operating system for penetration testing and ethical hacking,
on a computer system.
PROCEDURE:
After disabling secure boot, we can finally boot to the drive. At startup, you’ll have to access the boot menu and then
choose the stick you just made. You should be welcomed with the Kali Installer Menu.
Select your time zone. This is important as it could affect your network configurations post-
installation.
Choose the hard drive you want to install Kali on. I’m using a virtual machine so my only option is a small
21 GB drive.
Desktop environments are basically the way the desktop looks to the user. Kali offers Xfce
(most common), Gnome, and KDE. I’m a sucker for Gnome so I went with that option. You
can still install all three and later configure your computer to choose the one you’d like.
If you installed the xfce desktop environment, you will have to put in your username, enter your password,
and you should have a nice looking desktop.
AIM:
To practice reconnaissance techniques to gather information about a target, such as IP addresses, domain
names, network details, and potentially sensitive information available publicly.
ALGORITHM:
1. Identify the Target:
• Choose a target (e.g., a website, IP address, or network) that you have permission to
performreconnaissance on.
2. Reconnaissance Techniques:
• DNS Enumeration: Use tools like ‘nslookup’, ‘dig’, or ‘host’ to gather information
about the target'sdomain names and associated IP addresses.
• WHOIS Lookup: Use ‘whois’ to retrieve domain registration information, such
as registrant details,registrar, and contact information.
• Network Scanning: Utilize tools like ‘nmap’ to scan for open ports, services
running, and OSfingerprinting.
• Web Scraping: Employ tools like ‘theHarvester’ or search engines to gather publicly
availableinformation about the target, such as email addresses, subdomains, or employee
names.
3. Information Collection:
• Collect and organize the obtained information from various reconnaissance techniques.
4. Analysis:
• Analyze the gathered data to identify potential vulnerabilities, points of entry, or areas
for furtherinvestigation.
PROCEDURE:
1. DNS Enumeration:
• Use commands like ‘nslookup’, ‘dig’, or ‘host’ to query DNS servers for domain information.
2. WHOIS Lookup:
• Utilize the ‘whois’ command or online WHOIS lookup tools to retrieve domain
registration details.
3. Network Scanning:
• Conduct a network scan using ‘nmap’ with various flags to gather information about open
ports and services
4. Web Scraping:
• Use tools like ‘theHarvester’ to collect email addresses, subdomains, and related
information from search engines and other publicly available sources.
To utilize tools like FOCA or SearchDiggityto extract metadata from files and expand the target
list bydiscovering potentially sensitive information or hidden details about the target.
PROCEDURE:
• Download FOCA or SearchDiggity from their official websites, ensuring you acquire
the latest version of the tools.
• Follow the provided installation instructions to set up the tools on your system,
ensuring theyare properly configured and ready for use.
• Select a specific target for analysis, such as a website, documents, or any digital
content relevant to your investigation.
• Collect files associated with the chosen target, ensuring they cover a range of file
types (documents, PDFs, images, etc.).
3. Metadata Extraction:
• Launch FOCA or SearchDiggity and import the collected files into the respective tool.
• Initiate the metadata extraction process, allowing the tools to scan and extract
metadata embedded within the files.
• Review the extracted metadata for relevant information such as author details,
timestamps, geolocation data, software versions, and any other metadata attributes
available
• Analyze the extracted metadata to gain insights into the target. Look for clues or hidden
information that could be valuable for further investigation.
• Identify patterns or connections within the metadata that might lead to the discovery of
related documents, email addresses, server details, or other pertinent information.
• Utilize the obtained metadata to conduct further searches or queries, leveraging the
information gleaned from the extraction process.
• Search for related documents, additional email addresses, subdomains, server details,
or any other hidden information that the metadata may indicate.
• Document all findings, including the metadata extracted and any newly
discovered information related to the target.
OUTPUT:
AIM:
To use Maltego, a data visualization tool, to aggregate and analyze information fromvarious public
databases and online sources to create a comprehensive view of a target.
PROCEDURE:
1. Setup and Configuration:
Download and install Maltego fromthe officialwebsite onto your system.
Upon installation, configure Maltego by accessing settings to optimize itsfunctionality,
including integrations with required data sources and APIs.
Gather preliminary information about the target that could aid in the investigation,such as
names, email addresses, domain names, or anyknown affiliations.
3. Maltego Transformations:
Utilize Maltego's transforms, leveraging its extensive library to query publicdatabases and
online sources for information.
Execute transforms to extract valuable data points, including social media profiles,domain
details, relationships between entities, affiliations, and other pertinent information related to the
target.
Visualize the collected data using Maltego's intuitive graphical interface, allowing for
a comprehensive overview of the interconnected entities and data points.
Perform in-depth analysis to uncover relationships and connections between entities,
potentially revealing hidden associations or identifying potential vulnerabilities.
AIM:
To utilize Robtex and similar tools to gather comprehensive information about a target,including IP
addresses, domain information, network details, and associated data available in public records.
PROCEDURE:
1. Target Identification:
Choose a specific target, such as a domain name, IP address, or network range,
for comprehensive information gathering.
2. Accessing Robtex:
Navigate to the Robtex platform using a web browser (https://www.robtex.com/) or access the
Robtex API for automated datacollection.
3. Input Target Information:
Enter the chosen target's details, such as domain name or IP address, into the search bar
provided on the Robtex platform.
4. Data Extraction:
Gather information provided by Robtex, including:
DNS Records: Explore DNS information like nameservers, MXrecords, and associated DNS
entries.
IP Details: Obtain details related to IP addresses, ownership,geolocation, and historical data.
Hosting Information: Identify hosting providers, IP blocks, andrelated infrastructure.
Network Connections: Discover connections, BGP routes, AS (Autonomous System)
information, and related networks.
Associated Domains: Explore domains linked or associated with the target, including
subdomains.
Historical Data: Review historical records and changes related tothe target's online presence.
5. Analysis and Correlation:
Analyze the extracted data meticulously to identify:
Patterns: Look for recurring elements or commonalities within thegathered information.
Relationships: Identify connections between different data points,such as shared
IPs or hosting providers.
Potential Vulnerabilities: Assess the data for indications ofweaknesses or potential
entry points.
OUTPUT:
AIM:
To use Nessus, a vulnerability scanner, to identify potential security vulnerabilitieswithin a target's
network or system.
PROCEDURE:
1. Target Selection:
Choose the specific target for the vulnerability scan, whether it's an IP address, domain, or
network range. Ensure that you have the necessaryauthorization to scan the selected target.
2. Nessus Scan Setup:
Open Nessus and create a new scan profile.
Define the target specifications accurately to focus the scan on the intendedscope.
Customize the scan parameters, such as selecting the scan type (full, quick,or custom) based
on time constraints and depth required.
Set scan policies and preferences to align with the assessment goals and
compliance standards if applicable.
3. Initiate the Scan:
Start the vulnerability scan within Nessus.
Probe the target systems and network for vulnerabilities.
Conduct in-depth analysis of discovered services, ports, and potentialsecurity weaknesses.
Automatically generate a comprehensive report detailing identifiedvulnerabilities.
4. Monitoring and Assessment:
Monitor the progress of the scan to ensure it proceeds smoothly withoutinterruptions.
Be vigilant for any errors or issues that might affect the scan's accuracy orcompletion.
5. Analysis of Scan Results:
Identify and categorize vulnerabilities based on their severity levels.
Understand the potential impact of each vulnerability on the target systemsor network.
Review suggested remediation steps provided by Nessus to addressidentified vulnerabilities.
6. Reporting and Actionable Steps:
Detailed information on each vulnerability discovered during the scan.
Prioritized recommendations for remediation or mitigation of identifiedweaknesses.
Actionable steps to enhance the overall security posture of the targetenvironment.
RESULT:
Thus, Nessus identifies vulnerabilities within the target, providing a clear understanding ofpotential
security risks and guidance on mitigation strategies successfully.
AIM:
To use Wireshark, a network protocol analyzer, to view and capture network traffic,gaining insights
into data packets transmitted over a network.
PROCEDURE:
1. Download Wireshark:
Visit the Wireshark website and download the appropriate installer for youroperating system.
Follow the installation instructions to install Wireshark on your system.
2. Permissions:
Ensure that you have the necessary permissions to capture network trafficon the chosen
network interface.
On some systems, administrative privileges might be required to capturetraffic.
3. Open Wireshark:
Launch Wireshark from the installed applications or programs list.
Select Network Interface:
Upon opening, Wireshark will present a list of available network interfaces.
Choose the interface you want to monitor (Ethernet, Wi-Fi, etc.) forcapturing traffic.
4. Start Capturing:
Click on the 'Start' or 'Capture' button in Wireshark to initiate the packet captureprocess.
5. Monitor Traffic:
Wireshark will start capturing network packets transmitted on the selectedinterface in real-time.
Allow Wireshark to record packets for the desired duration or specific activity.
6. Apply Filters:
Use Wireshark's filter options to focus on specific types of packets or protocols, ifneeded.
Apply filters based on criteria such as source/destination IP, port numbers, orprotocols.
OUTPUT:
AIM:
To use Armitage to automate vulnerability scanning, exploit matching, and potentially exploit
vulnerable systems in a controlled environment.
PROCEDURE:
1. Setup Environment:
Set up a controlled environment with Kali Linux (or BackTrack), Metasploitable, and Windows
XP within a virtualized environment likeVMware or VirtualBox.
2. Tool Installation:
Install FOCA, Nessus, Wireshark, and Armitage within the Kali Linuxenvironment.
3. FOCA Usage:
Use FOCA to extract metadata and expand the target list by gathering information from
documents, websites, or online sources. Collect dataabout the target environment.
4. Nessus Vulnerability Scan:
Run Nessus scans against the target systems (Metasploitable and WindowsXP) to identify
vulnerabilities. Analyze the Nessus report for detailed vulnerability information.
5. Wireshark Traffic Capture:
Use Wireshark to capture network traffic between the systems and analyzepackets for potential
security concerns or anomalies.
6. Armitage for Exploitation:
Launch Armitage and connect it to the Metasploit Framework.
Utilize the vulnerabilities identified by Nessus to search for correspondingexploits within
Armitage.
7. Exploitation and Post-Exploitation Activities:
Exploit identified vulnerabilities on the target systems using Armitage'sautomated exploitationfeatures.
Perform post-exploitation actions such as gaining access, privilegeescalation, or payload
delivery.
8. Monitoring and Analysis:
Monitor the effects of successful exploits on the target systems.
Analyze the results to understand the impact of the vulnerabilities and theexploitation process.
RESULT:
Thus, Automation of vulnerability identification using FOCA and Nessus, Effective network traffic
capture and analysis using Wireshark was done successfully.