CHAROTAR UNIVERSITY OF SCIENCE AND TECHNOLOGY

FACULTY OF TECHNOLOGY AND ENGINEERING (FTE)

Chandubhai S. Patel Institute of Technology (CSPIT) &
Devang Patel Institute of Advance Technology and Research (DEPSTAR)
ACADEMIC YEAR: 2024-25

Practical List Index

Subject: CE364 Cryptography and Network Security (6th Sem)
Exp.
Name of Experiment Hours CO
No.
A security training institute is setting up a lab for ethical hacking workshops.
The team must decide whether to use Kali Linux or Parrot Security OS,
prioritizing ease of installation, hardware requirements, and post-installation
configuration for beginner and intermediate students. Evaluate and install the
most suitable penetration testing operating system for a security team by
exploring the installation processes and user-friendliness of Kali Linux and
1. Parrot Security OS. 02 1
References:
1. Kali OS: https://www.kali.org/
2. Kali OS Installation:
https://www.youtube.com/watch?v=jk2KGdJU2OI
3. Parrot Security OS: https://parrotlinux.org/
4. Parrot Security OS Installation:
https://www.youtube.com/watch?v=4qvFp99rfXw

You are a penetration tester hired by a small corporate company to assess the
security of their internal network. The network consists of several devices,
including servers, routers, workstations, and IoT devices. The company has
provided a range of IP addresses for you to scan, but they want you to assess
the vulnerabilities and misconfigurations on their internal systems using
Nmap.
Your objectives:
2. 02 2
a. Map the network: Discover which devices are active on the network.
b. Identify open ports and services: Check which ports are open and
identify the services running on them.
c. Identify OS and versions: Detect the operating systems and their
versions running on different hosts.
d. Perform a vulnerability scan: Check for common vulnerabilities and
exposures.
Reference: https://nmap.org/book/man.html
 CHAROTAR UNIVERSITY OF SCIENCE AND TECHNOLOGY
FACULTY OF TECHNOLOGY AND ENGINEERING (FTE)
Chandubhai S. Patel Institute of Technology (CSPIT) &
Devang Patel Institute of Advance Technology and Research (DEPSTAR)
ACADEMIC YEAR: 2024-25

Languages exhibit distinct statistical characteristics, with certain letters

appearing more frequently than others. For example, in English, the letter 'e'
is the most common, followed by 't', 'a', and others. By comparing the
frequency of characters in the encrypted text to this standard distribution, we

3. can hypothesize which symbols correspond to which letters in the original

02 3
language. Implement how statistical patterns in a language can assist in
decoding an encrypted message. The encrypted text has been generated using
a consistent letter-shifting method. Our objective is to analyze the frequency
of characters within the text and uncover the underlying pattern to reconstruct
the original message.
Encrypt a message using the standard Playfair cipher and attempt to decrypt
it without the key by analyzing patterns in the ciphertext. Then, implement an

4. extended Playfair cipher with a 10x10 matrix, incorporating

02 3
uppercase/lowercase letters, digits, and symbols (e.g., @, #, $). Encrypt and
decrypt a message with this extended cipher, demonstrating how the increased
complexity improves security compared to the standard version.
XYZ Bank implements the encryption technique shown in figure to secure
transactions between its servers and customers. The bank uses the following
setup:
1. The server's public key is n=119 and e=5.

5. 2. Customers encrypt sensitive information, such as their PINs, using this

04 5
public key before sending it to the server.
A customer wants to send their 2-digit PIN, M=31, to the bank.
However, an attacker intercepts the encrypted message, which is C=92 and
algorithm used. The attacker is determined to decrypt the ciphertext and
discover the PIN.
 CHAROTAR UNIVERSITY OF SCIENCE AND TECHNOLOGY
FACULTY OF TECHNOLOGY AND ENGINEERING (FTE)
Chandubhai S. Patel Institute of Technology (CSPIT) &
Devang Patel Institute of Advance Technology and Research (DEPSTAR)
ACADEMIC YEAR: 2024-25

Implement the above scenario.

Reference: https://www.youtube.com/watch?v=VF3AHG0T9ec
Refer to the figure (a) attached here. Bob (Source A) is preparing to send a
message to Alice (Destination B). Bob applies the SHA256 hash algorithm on
the prepared message and appends it with original message (M) which is
further encrypted by a single secret key. Alice will receive a bundle of
encrypted H(M) and original messages (M). Alice will first apply a single
secret key to decrypt the entire bundle and collect H(M) and the original
message (M). Furthermore, Alice will apply the same algorithm SHA256
which was used by Bob, and produce a hash of the received message (H).
Lastly, Alice will verify the computed hash with the received H(M) to make
6. 04 5
sure the message is not altered by any attackers.

Task to perform:
1. Use any Symmetric key/Asymmetric key algorithm to implement
encryption function and decryption.
 CHAROTAR UNIVERSITY OF SCIENCE AND TECHNOLOGY
FACULTY OF TECHNOLOGY AND ENGINEERING (FTE)
Chandubhai S. Patel Institute of Technology (CSPIT) &
Devang Patel Institute of Advance Technology and Research (DEPSTAR)
ACADEMIC YEAR: 2024-25

2. Implementation can be done using any programming language such as

Java programming or python programming.
3. For SHA256 hashing, you may use library compatible as per your
programming language.

Discuss the issues causes with this scenario. What happened if we encrypt the
generated hash?
Refer to the attached figure here. Bob is preparing to send message to Alice.
Bob and Alice both secretly computes the code(s) without sharing on any
communication channel. Suggest key exchange algorithm to Bob and Alice
for securely exchange informationwithoutsharing actual key.Once they
formsecret code, Bob applies SHA256 hash algorithm on original message
(M) plus code (s) and send hash of original message and code (M||s) to Alice.
Alice will receive bundle of H(M||s) and first append code (s) with received
message (M) and produce hash of the message (H) that compare with H(M||s)
to make sure that message is not altered by any attackers.

7. 04 6

The task to perform:

1. Use some key exchange algorithm to calculate the value of s (secret
code) which must be unique at the sender and receiver side.
2. Implementation can be done using any programming language such as
Java programming or python programming.
3. Apply SHA256 on t h e message and secret code and display it on the
output screen. Verify the hash value at the receiver end.

Show a practical scenario of Key Distribution. Use the separate key-sharing

server that shares the secret key created using the AES-256-bit algorithm and
8. share the secret key using the RSA algorithm with 1024/2048-bit key size. 02 5
The key-sharing server produces a new secret key for each new
communication between two nodes.
 CHAROTAR UNIVERSITY OF SCIENCE AND TECHNOLOGY
FACULTY OF TECHNOLOGY AND ENGINEERING (FTE)
Chandubhai S. Patel Institute of Technology (CSPIT) &
Devang Patel Institute of Advance Technology and Research (DEPSTAR)
ACADEMIC YEAR: 2024-25

A digital signature is a mathematical scheme for presenting the authenticity of

digital messages or documents. A valid digital signature gives a recipient reason
to believe that
• The message was created by a claimed sender (authentication),
• The sender cannot deny having sent the message (non-repudiation),
9. • The message was not altered in t r a n s i t . 02 6
Create a secure server that generates the digital certificate and shares it with
the client machine. Show that information is signed and verified by the
recipient entity to test the authenticity, non-repudiation, and integrity of the
document (transaction).
A digital forensics team is investigating a case involving encrypted files and
documents critical to their investigation. The team must recover the passwords
for various applications, including archived files and PDF documents, using
tools like Passware Password Recovery Kit Forensic, Advanced Archive
Password Recovery, and Advanced PDF Password Recovery. Recover
application passwords using specialized tools to demonstrate password
recovery techniques and evaluate the efficiency of each tool in real-world
10. scenarios. 02 2
References:
1. Passware Password Recovery Kit Forensic -
https://www.passware.com/
2. Advanced Archive Password Recovery
https://www.elcomsoft.com/archpr.html
3. Advanced PDF Password Recovery -
https://www.elcomsoft.com/apdfpr.html

Study SQL Injection and cross-site scripting (XSS) and implement following
practical scenario:

11. Set up an e-commerce web server with a login page and a product search 04 2
feature. Test the server's security by attempting SQL Injection to bypass login
authentication and XSS to inject malicious scripts into the product reviews
section, demonstrating how attackers can exploit these vulnerabilities.