ISM Black Book PDF

INDEX
Sr No. Topic Page Date Sign
Working with Sniffers for monitoring network

1
communication
Using OpenSSL for web server – browser

2
communication
Using GNU PGP

3
4 Configuring S/MIME for email communication
Understanding Buffer Overflow and Format

5
String Attacks
6 Using NMap
7 Socket Programming
8 Exposure to Client Server concept using TCP
INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Practical No. 1
Aim: Working with sniffers for monitoring network communication.
Step 1: Open WIRESHARKgo to capture tabselect Interfaces.
Step 2: In Wireshark Capture Interfaces window select Local area connection.

Step 3: It will capture all network traffic.
Step 4: Go to google type all site one by

onehttp://www.scf.usc.edu/~csci571/Special/HTTP/simple1.html
http://www.scf.usc.edu/~csci571/Special/HTTP/simple2.html
 http://www.scf.usc.edu/~csci571/Special/HTTP/simple3.html
http://www.scf.usc.edu/~missingflie.html

Step 5: Here, it will display the site (HTTP/simple1.html) automatically through the network.
Step 6: It will capture this(HTTP/simple2.html) through the network.

Step 7: It will capture this(HTTP/simple3.html) through the network.
Step 8: Here, it will display the site (/~csci571/missingfile.html) automatically through the
network.

Step 9: Go to Expression tabselect HTTP-Hypertext Transfer
Protocolhttp.request.method click on “==” Value:POSTclick on OK.
HTTP REQUEST POST
Step 10: It will display POST method.

Protocolhttp.request.uriclick on “==” Value:GETclick on OK.
HTTP REQUEST URI
Step 12: It will display GET method.

Protocolhttp.response.codeclick on “==” Value:404click on OK.
HTTP RESPONSE CODE 404
Step 14: It will capture the HTTP 404 not found.
HTTP.REQUEST.FULL_URI

It will display URI method.

Step 15: Now open a website. Example www.monster.com
Step 16: Now go to wireshark and see the packets and filter it as http.

Protocolhttp.request.methodclick on “==” Value:POSTclick on OK.
HTTP REQUEST POST
HTTP REQUEST POST

Step19: Go to Expression tabselect HTTP-Hypertext Transfer
Protocolhttp.request.methodclick on “==” Value:GETclick on OK.
HTTP REQUEST GET
HTTP REQUEST GET

Practical No. 2
Aim: Using GNUPGP
Generate the Key

Sign and Encrypt a File

Practical No. 3
Aim: Using IP TABLES on Linux and setting the filtering rules.
Step 1: Open Linux Server in VMware Workstation. Open the terminal (Applications ->
Accessories -> Terminal). Enter the command ‘sudoiptables -F’ to flush all existing chains
and then enter, ‘sudoiptables -L’ after every command to view the rules if they have been
applied.
Enter the command ‘sudoiptables -A INPUT -m conntrack --

ctstateRELATED,ESTABLISHED -j ACCEPT’. After executing this command, the
connection is established, and ctstate RELATED, ESTABLISHED is displayed.
SSH:
Step 2: Enter the command ‘sudoiptables -A INPUT -p tcp --dportssh -j ACCEPT’ to allow
the incoming traffic at the destination port,.i.e, SSH(22).

HTTP:
Step 3: Enter the command ‘sudoiptables -A INPUT -p tcp --dport 80 -j ACCEPT’ to allow
all incoming web traffic at the destination port,.i.e, Http(80).
DROP:
Step 3: Enter the command ‘sudoiptables -A INPUT -j DROP’ to drop all input traffic.
INSERT:
Step 4: Enter the command ‘sudoiptables -I INPUT 1 -m conntrack --ctstate RELATED,
ESTABLISHED -j ACCEPT’. After executing this command, the connection is established,
and a connection is added at the first row.

INSERTING RULES IPTABLES
Step 5: Enter the command ‘sudoiptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT’. After
executing this command, the https rule is inserted at the fourth row and the drop command is
shifted to the next row. The rules should always be inserted before DROP.
LOOPBACK INTERFACE:
Step 6: Enter the command ‘sudoiptables -I INPUT 1 -i lo -j ACCEPT’. After executing this
command, an interface is inserted at the first row.

SHOW DETAILED INFO IN OUTPUT
Step 7: Enter the command ‘sudoiptables -L -v’. It displays detailed information, eg.
OUTPUT chain displays information in the form of packets and bytes.
LOGGING CHAIN
Step 8: Enter the command ‘sudoiptables -N LOGGING’ to create a new chain called
‘LOGGING’ whose name is predefined.
ENSURE UNMATCHED PACKETS

Step 9: Enter the command ‘sudoiptables –A INPUT -j LOGGING’.Initially, when the new
chain is created, the references is 0 and after execution of this command(where input is
provided), the references changes to 1.

LOG THE PACKET WITH PREFIX
Step 10: Enter the command, ‘sudoiptables -A LOGGING -m limit --limit 4/min -j LOG --
log-prefix “IPTables Packet Dropped:” --log-level 3. It displays the error prefix. i.e., level 3.

SAVING IPTABLES
Step 11: Enter the command ‘sudoiptables-save’. It saves the iptable’s configuration, so that
even if machine is rebooted, the iptable’s configuration is not lost.

Practical No. 4
Aim: Working with S/Mime with MS Outlook.
Register for Certificate online on Comodo Site
Fill in the required details. The certificates can only be installed in the browser, where the
registration was done from

Open the received email and click on the Click and Install Certificate
Outlook Configuration
Go to http://www.google.com/settings -> Security Tab
There Enable the option in Access for less secure apps
In Gmail, go to Settings -> Forwarding / POP IMAP and Enable POP and
Enable IMAP

Configure Outlook
Open Outlook Options -> Trust Center -> Trust Center

Settings

In Email Security, click on Settings -> OK
Check all options.

Create and send an email. For Encryption to happen, you need the recipients public key
installed on your machine and their contact in your address book
To export the public key, go into Internet Options, Certificates and export the certificate
w/out private key

Practical No. 5
Aim: Understanding the buffer overflows and format string attacks.

Buffer overflow attack
Step 1: Start Ubuntu from ‘Oracle VM VirtualBox Manager’ and login as a “Guest User”.
Step2: Open the terminal using ‘Ctrl+Alt+T’. Type this ‘gedit’ command in terminal for
opening the text editor.

Step 3: Type the program for the buffer overflow attack and save it on desktop as
‘bufferoverflow.c’. The root privileges should be granted to the user even after password
entered is incorrect, which is the major flaw in the code.
Code:
#include <stdio.h>
#include <string.h>
int main(void)
{
char buff[15];
int pass = 0;
printf("\n Enter the password : \n");
gets(buff);
if(strcmp(buff, "@@@patkar@@@"))
{
printf ("\n Wrong Password \n");
}
else
{
printf ("\n Correct Password \n");
pass = 1;
}
if(pass)
{
/* Now Give root or admin rights to user*/
printf ("\n Root privileges given to the user \n");
}
return 0;
}
Step 4: Open the terminal using ‘Ctrl+Alt+T’. Enter the command ‘cd Desktop’ and then
‘gccbufferoverflow.c –o bufferoverflow’ where bufferoverflow.c denotes the file containing
the code and bufferoverflow is the name of the output file to be created.
The warnings are displayed on executing the above command. Type the command
‘./bufferoverflow’ to execute the program.

Step 5: After the executing the above command, the output file ‘bufferoverflow’ is created on
the desktop.

Step 6: On executing the program, it prompts to enter a password. On entering the password
as ‘@@@snitsem3@@@’ which is provided in the program, the output is displayed as
correct password and root privileges are granted to the user.
Step 7: On entering the password of size more than 14, the output is displayed as ‘Core
dumped’ because the size specified in the program is 15, i.e., 0 to 14. If the password entered
is 15 characters, then only ‘Wrong Password’ is displayed because gets() has a feature of
allowing in one more size than the specified size, i.e. it allows character at 15th position
although size specified is till 14.

FORMAT STRING ATTACK
Step 1: Start Ubuntu from ‘Oracle VM VirtualBox Manager’ and login as a “Guest User”.

Step 2: Type the program for Format String attack in Text Editor which is at left side of the
ubuntu desktop and then save the program with any name, e.g. FormatString.c’, but
compulsorily with “.c” extension with the location as desktop.
CODE:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main (int argc, char **argv)

{
char buf [100];
int x = 1;
printf(“\n %s \n”, argv[0]);
printf(“\n %s \n”, argv[1]);
snprintf ( buf, sizeof buf, argv [1] ) ;
buf [ sizeof buf -1 ] = 0;
printf ( “Buffer size is: (%d) \nData input: %s \n” , strlen (buf) , buf ) ;
printf ( “X equals: %d/ in hex: %#x\nMemory address for x: (%p) \n” , x, x, &x) ;
return 0 ;
}
Step 3: The file is saved on the desktop.

Step 4: Next open the ‘Terminal’ by pressing ‘Alt+Ctrl+T’ or by going for the option in the
left pane of the desktop & then write the following commands:‘cd Desktop’,then
‘gccFormatString.c –o FormatString’
Step 5: The output file named ‘FormateString’ is created on desktop.

Step 6: Next go in terminal window the above command is executed with warnings, type the
following command to execute the program: ‘./FormatString’

Step 7: Now the format string vulnerability will be explored. If the format string parameter
‘%x %x’ is inserted in the input string, when the format function parses the argument, the
output will display the hello mscit, but instead of showing the %x string, the application will
show the contents of a memory address.
Step 8: When no input is provided, then buffer size is displayed as 0. When the input
provided is only hello mscit, then the buffer size is displayed as 11. When the input provided
is hello %x %x, then the buffer size is displayed as 10. The inputs hello and the format
strings parameters will be attributed to the variable buf inside the code which should take the
place of the %s in the Data input. So now the printf argument looks like: printf(“Buffer size
is: (%d) \n Data input: Bob %x %x \n” , strlen (buf) , buf ) ;When the application prints the
results, the format function will interpret the format string inputs, showing the content of a
memory address.

INPUT"%x %x %x %x"
buffer (15): 0 1b 6 2cb43048
x is 0xbfb818b4

Practical No. 6
Aim: Using NMAP for ports monitoring.
Step 1: Open Nmapzenmap GUI Enter Target IP addressselect Intense scan click on
scan.Nmap Output tab will display all info about ip address.
Step 2: Click on scanPorts/Hosts tab will display all tcp ports.

Step 3: It will display the topology.
Step 4: It will display the Host Details.

Step 5: It will display Scan ip address.
Step 6: Click on Scan tab select Save scan.

Step 6: Save Scan as select file type (.xml)
Step 7: Enter the second ip address  here we enter the Google sites ip address

Step 8: It will display Nmap Output.
Step 9: It will display All tcp ports/hosts.

Step 10: It will display the topology.
Step 11: It will display host details.

Step 12: It will display Scans ip address.
Step 13: Here also save the scan.
Step 14: Choose a scan to save.
Step 15: Save the second scan as .xml format.

Step 16: Now click on tools tab Select Compare Result.

Step 17: Click on Open buttonie open the firstscan.xml file.  Open secondscan .xml flie
Step 18: It will display all information Host ans OS details.

Practical No. 7
Aim: Socket Programming
GreetingClient.Java
import java.net.*;
import java.io.*;
public class GreetingClient

{
public static void main(String [] args)
{
String serverName = args[0];
int port = Integer.parseInt(args[1]); try
{
System.out.println("Connecting to " + serverName+ " on port " + port); Socket client = new
Socket(serverName, port); System.out.println("Just connected to " +
client.getRemoteSocketAddress());
OutputStream outToServer = client.getOutputStream(); DataOutputStream out = new
DataOutputStream(outToServer); out.writeUTF("Hello from " +
client.getLocalSocketAddress()); InputStream inFromServer = client.getInputStream();
DataInputStream in = new DataInputStream(inFromServer); System.out.println("Server says
" + in.readUTF()); client.close();
}
catch(IOException e)
{
e.printStackTrace();
}
}
}

GreetingServer.java
import java.net.*;
import java.io.*;
public class GreetingServer extends Thread
{
private ServerSocket serverSocket;
public GreetingServer(int port) throws IOException
{
serverSocket = new ServerSocket(port); serverSocket.setSoTimeout(10000);
}
public void run()
{
while(true)
{
try
{
System.out.println("Waiting for client on port " + serverSocket.getLocalPort() + "...");
Socket server = serverSocket.accept(); System.out.println("Just connected to "+
server.getRemoteSocketAddress());
DataInputStream in = new DataInputStream(server.getInputStream());
System.out.println(in.readUTF()); DataOutputStream out = new
DataOutputStream(server.getOutputStream());
out.writeUTF("Thank you for connecting to " + server.getLocalSocketAddress() +
"\nGoodbye!"); server.close();
}
catch(SocketTimeoutException s)
{
System.out.println("Socket timed out!"); break;
}
{
break;
}
}
}
public static void main(String [] args)

{
int port = Integer.parseInt(args[0]); try
{
Thread t = new GreetingServer(port); t.start();
}
{
}
}
}

Output:

Practical No. 8
Aim: Exposure to Client Server concept using TCP/IP.
TCPServer.java
import java.io.*;
import java.net.*;
class TCPServer
{
public static void main(String argv[]) throws Exception
{
String clientSentence;
String capitalizedSentence;
ServerSocket welcomeSocket = new ServerSocket(6789); while(true)
{
Socket connectionSocket = welcomeSocket.accept(); BufferedReader inFromClient = new
BufferedReader(new InputStreamReader(connectionSocket.getInputStream()));
DataOutputStream outToClient = new
DataOutputStream(connectionSocket.getOutputStream()); clientSentence =
inFromClient.readLine(); System.out.println("Received: " + clientSentence);
capitalizedSentence = clientSentence.toUpperCase() + '\n';
outToClient.writeBytes(capitalizedSentence);
}
}
}

TCPClient.java
import java.io.*;
import java.net.*;
class TCPClient
{
public static void main(String argv[]) throws Exception
{
String sentence;
String modifiedSentence;
BufferedReader inFromUser = new BufferedReader(new InputStreamReader(System.in));
Socket clientSocket = new Socket("localhost", 6789);
DataOutputStream outToServer = new DataOutputStream(clientSocket.getOutputStream());
BufferedReader inFromServer = new BufferedReader(new
InputStreamReader(clientSocket.getInputStream()));
sentence = inFromUser.readLine(); outToServer.writeBytes(sentence + '\n');
modifiedSentence = inFromServer.readLine(); System.out.println("FROM SERVER: " +
modifiedSentence); clientSocket.close();
}
}


ISM Black Book PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ISM Black Book PDF

Hochgeladen von

Copyright:

Verfügbare Formate

INDEX

Sr No. Topic Page Date Sign

Working with Sniffers for monitoring network

Using OpenSSL for web server – browser

Using GNU PGP

4 Configuring S/MIME for email communication

Understanding Buffer Overflow and Format

8 Exposure to Client Server concept using TCP

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Aim: Working with sniffers for monitoring network communication.

Step 1: Open WIRESHARKgo to capture tabselect Interfaces.

Step 2: In Wireshark Capture Interfaces window select Local area connection.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Step 4: Go to google type all site one by

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Step 6: It will capture this(HTTP/simple2.html) through the network.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

HTTP REQUEST POST

Step 10: It will display POST method.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

HTTP REQUEST URI

Step 12: It will display GET method.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

HTTP RESPONSE CODE 404

Step 14: It will capture the HTTP 404 not found.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

HTTP REQUEST POST

HTTP REQUEST POST

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

HTTP REQUEST GET

HTTP REQUEST GET

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Generate the Key

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Aim: Using IP TABLES on Linux and setting the filtering rules.

Enter the command ‘sudoiptables -A INPUT -m conntrack --

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

ENSURE UNMATCHED PACKETS

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Aim: Working with S/Mime with MS Outlook.

Register for Certificate online on Comodo Site

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

There Enable the option in Access for less secure apps

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Open Outlook Options -> Trust Center -> Trust Center

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Check all options.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

Aim: Understanding the buffer overflows and format string attacks.

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]

INTERNET SECURITY MANAGEMENT MSc. IT SEM 3 [2017 – 2018]