Cyber Security And Malware Analysis Lab

1.configure a LAN by using a switch

AIM: To configure a LAN by using a switch

Description:

 A network switch is like a simpler version of a router. It will allow connected

devices to talk to each other, but will not automatically assign IP addresses and
will not share an internet connection. Switches are best used to expand the
number of LAN ports available on the network, as they can be connected to the
router.

Determine if you want all network devices to have internet access. If you want
all of the connected devices to have access to the internet, you'll need a router to
handle the connections. If you don't need the devices to have a network connection,
you can just use a network switch

Measure the distances for all hardwired devices. This isn't much of an issue in
most homes, but network cables cannot run longer than 100m (328 ft). If you have
to run cable farther than this, you'll need switches in between.

Consider your future needs. If you're filling all of the ports on your hardware,
consider future-proofing to allow for more devices in the future.

Connect your switch to your router (if necessary). If you're using a switch to
expand the number of ports available on the router, plug an Ethernet cable into any
LAN port on the router and any LAN port on the switch. This will expand the
network to the rest of the LAN ports on the switch.

Connect your computers to open LAN ports. Use Ethernet cables to connect
each computer to an open LAN port on your switch. It doesn't matter what order
the ports are connected in.
 Ethernet cables cannot reliably transfer data at lengths larger than 100m (328 ft).
Setup one PC as a DHCP server if you're just using a switch. If you're only
using a switch as your network hub, setting up one computer as a DHCP (Dynamic
Host Configuration Protocol) server will allow all of the connected computers to
easily obtain IP addresses.
 You can quickly create a DHCP server on one of your computers
by installing a third-party utility.

Pragati Women’s Degree College Page 1

 Cyber Security And Malware Analysis Lab

 The rest of the computers on the network will obtain IP addresses

automatically once the server is running, as long as they are set to do so.

Verify the network connection on each computer. After each computer obtains
an IP address, they'll be able to talk to each other on the network. If you're using a
router to share your internet connection, each computer will be able to access the
internet.
Set up file and printer sharing. Once your network is up, you won't see anything
on other computers unless that computer has shared files. You can designate files,
folders, drives, printers, and other devices as shared so that anyone on the network,
or just specific users, can access them

2. configure a LAN by using Router

AIM: To configure a LAN by using Router.

Description:

A router is a device that connects two or more packet-switched networks or

subnetworks. It serves two primary functions: managing traffic between these
networks by forwarding data packets to their intended IP addresses, and allowing
multiple devices to use the same Internet connection.
There are several types of routers, but most routers pass data
between LANs (local area networks) and WANs (wide area networks). A LAN is a
group of connected devices restricted to a specific geographic area. A LAN usually
requires a single router.
Setting up a local area network (LAN) server using a router involves the following
steps:
1. Connect the router to your modem: Connect one end of an Ethernet cable to
the WAN or internet port on the router and the other end to the modem. This
will allow the router to connect to the internet and provide internet access to
the devices connected to the LAN.
2. Connect the LAN server to the router: Connect one end of an Ethernet cable
to one of the LAN ports on the router and the other end to the LAN server.
This will allow the LAN server to communicate with the router and devices
connected to the LAN.

Pragati Women’s Degree College Page 2

 Cyber Security And Malware Analysis Lab

3. Configure the router's settings: Access the router's web interface by typing
the router's IP address into a web browser. You will be prompted to enter a
username and password to access the router's settings. Once logged in,
configure the router's settings such as IP address, DHCP, and wireless
settings.
4. Configure the LAN server: Configure the LAN server's settings such as IP
address, DHCP, and DNS. Make sure the IP address of the LAN server is in
the same subnet as the router's IP address.
5. Test the connection: Once the router and LAN server are configured, test the
connection by accessing the LAN server from a device connected to the
LAN.
6. (Optional) Enable port forwarding: If you want to access the LAN server
from outside of your LAN, you will need to configure port forwarding on
your router. This allows incoming traffic to be directed to a specific device
on your LAN. You will need to specify the IP address of the LAN server and
the ports that should be forwarded to it.

3.steps to attack a victim computer by using "ProRat" trojan tool

AIM: To attack victim computer using ProRat Trojan Tool.

Description:
Step 1: Open ProRat
Open ProRat with an icon of a horse, but most antivirus programs will warn you
this to be a malicious software. You may need to disable your anivirus program to
continue running ProRat.
Step 2 : Create a ProRat Trojan Horse
Click on the "Create" button at the bottom left of the ProRat user interface. And
then select Create ProRat Server item.
you'll see a text box called IP(DNS) Address. This is the IP address of your client
machine. In our case we use virtual network to simulate this, and we have to fill
this box with the IP address of your virtual network adapter. Type ipconfig in your
command prompt and enter the IP address of the virtual network adapter in the
above text box. And you can enter your email address to get the notification when
the victim gets infected. Leave other options alone.
Step3 : General Settings
Then click on General Settings button at the left. You will see it as follows,

Pragati Women’s Degree College Page 3

 Cyber Security And Malware Analysis Lab

This window will allow you to choose the port through which you can
communicate with the sever, and a password which is used to connect to victims
machine. And there are many options that can be used to keep the server invisible
on victim's machine and hidden from the task manager . In this case leave these
data as they are and click on the button Bind with file.
Step 4 : Bind With file
The facility Bind with file will allow you to bind the server with a file that the
victim sees as a useful file such as a setup file or another file. Select the checkbox
and Select a file by clicking on the button to be bound with the server.(I use a setup
file).
Step 5 : Server extentions
Then click on the button Server Extensions on the left and you will see as the
following. You can choose the final extension of your server file. Since I hope to
create a trojan horse as a setup file I choose this as EXE.
Step 6 : Choose a server icon
As the final step of creating the server, you can choose an icon for the server from
the list or browse for an icon. You can use an attractive icon that the server can
disguise.
Finally click on the Create Server button to create the server file which is bound
with the file you chose at step 5. You will be asked a question as follows. Click
Yes and continue.(This message is because we use a local connection for testing
purpose)
Step 7 : Simulate the server (Trojan horse)
Start your windows xp virtual machine and copy the created file into that. Then run
the infected setup file as a normal setup file. You may not notice any difference
and the setup program will launch without any problem. But, when you run the
infected setup file, prorat server will be installed in the background without giving
any suspicious behavior.
Now go to your real machine and go to the ProRat user interface.
You'll see a box to fill and IP address, which is the IP address of the victim. Go to
your virtual machine and get the ip address of the virtual network adapter and fill it
in here. (You must make sure you can communicate with the virtual machine
across the virtual network. Make the both ip addresses mentioned in this post are
in the same network). And click Connect.
If all are ok, your computer will be connected to the victim's machine (here, virtual
machine).
Now look at the options at the left in the ProRat window. Let's send a message to
the victim.
Click on the button Messege.
Now type a message and click Send. Now look at the victim's machine.
Pragati Women’s Degree College Page 4
 Cyber Security And Malware Analysis Lab

4.Perform the packet sniffing mechanism by download the “wireshark” tool

and extract the packets

AIM: To Perform the packet sniffing mechanism by download the “wireshark”

tool and extract the packets
Description:
Wireshark is a powerful tool for capturing and analyzing network traffic, but
sometimes you may want to export and share your results with others. Whether
you are working on a reverse engineering project, a security audit, or a
troubleshooting task, you can use Wireshark's built-in features to save, export, and
share your network analysis results in various formats.

Step 1: Save your capture file

The first step is to save your capture file in Wireshark's native format, which is
.pcapng. This format preserves all the metadata and details of your network
packets, and allows you to reopen and analyze them later in Wireshark or other
tools. To save your capture file, go to File > Save As and choose a name and
location for your file.
Step 2: Export packets as plain text
Sometimes you may want to export your packets as plain text, for example, to copy
and paste them into a report, an email, or a chat. To do that, you can use the Export
Packet Dissections feature in Wireshark. Go to File > Export Packet Dissections
and choose one of the options: As Plain Text, As CSV, As PSML, or As PDML.
Each option will generate a different text format for your packets, with varying
levels of detail and structure. You can also choose which packets to export, and
which fields to include or exclude.

Step 3: Export packets as JSON

Another option to export your packets as text is to use the JSON format, which is a
popular and widely supported format for data exchange. JSON stands for
JavaScript Object Notation, and it represents your packets as a collection of key-
value pairs, nested objects, and arrays. To export your packets as JSON, go to File
> Export Packet Dissections > As JSON. You can also choose which packets to
export, and which fields to include or exclude.

Step 4: Export objects from packets

Sometimes you may want to extract specific objects from your packets, such as
images, files, or certificates. Wireshark can help you do that with the Export
Pragati Women’s Degree College Page 5
 Cyber Security And Malware Analysis Lab

Objects feature. Go to File > Export Objects and choose the protocol that contains
the objects you want to export. For example, if you want to export images from
HTTP packets, choose HTTP. A window will pop up with a list of objects found in
your packets, and you can select which ones to save or view.
Step 5: Export statistics and graphs
Wireshark can also generate various statistics and graphs based on your network
analysis, such as endpoints, conversations, packet lengths, throughput, and more.
To access these statistics and graphs, go to Statistics or Analyze in the menu bar,
and choose the option that interests you. You can then export the statistics or
graphs as CSV, XML, PNG, or PDF files, depending on the option.
Step 6: Share your results online
Finally, you may want to share your network analysis results online, with your
colleagues, clients, or peers. One way to do that is to use CloudShark, a web-based
service that allows you to upload, view, and share your capture files online. To use
CloudShark, you need to create an account and get an API token. Then, you can go
to File > Export to CloudShark in Wireshark, and enter your API token and a
comment for your capture file. Wireshark will upload your file to CloudShark and
give you a URL that you can share with others.

5. Perform the task of creating mail messages by using fake mail id by using
the "fake mailer" website ( https://emkei.cz)
AIM: To Create mail messages by using fake mail id by using fake mailer.

Description:

Anonymity plays an important role in the life of a cybersecurity researchers and

law and enforcement agencies. Sometimes a situation occurs in which you have to
send an email anonymously to another security researcher in order to maintain
integrity which is a third important part of the CIA model. So here Fakemailer
plays an important role to send mails anonymously. Fakemailer is a free and open-
source tool available on GitHub. Fakemailer provides a command-line interface
that you can run on Kali Linux. The interactive console provides a number of
helpful features, such as command completion and contextual help. Fakemailer
helps law and enforcement agencies to investigate cybercrimes such as cyber
grooming, cyberstalking, cyberbullying, and spreading misinformation.
Pragati Women’s Degree College Page 6
 Cyber Security And Malware Analysis Lab

Installation :

Step 1: Open your kali linux operating system terminal and use the following
command to install the tool.
git clone https://github.com/htr-tech/fake-mailer
cd fake-mailer

Step 2: Now you are in the directory of Fakemailer tool. Now use the following
command to run the tool.
python2 mailer.py

Pragati Women’s Degree College Page 7

 Cyber Security And Malware Analysis Lab

Now we will see an example to use the tool.

Pragati Women’s Degree College Page 8

 Cyber Security And Malware Analysis Lab

6. Perform the IP scanning mechanism by using “tracert”and “arp”

commands
AIM: To perform IPScanning mechanism by using tracert and arp Commands.

Description:

using Tracert/Traceroute

1. Open a Command Prompt

 Click on the Start Menu and in the search bar, type 'cmd', and
press Enter.
 OR press Windows Key + R to open the Run Prompt. Type 'cmd',
then click OK (or press Enter)
2. In the Command Prompt window, type 'tracert' followed by the destination,
either an IP Address or a Domain Name, and press Enter.
 e.g. tracert google.co.nz
 OR tracert 216.58.196.131
3. The command will return output indicating the hops discovered and time (in
milliseconds) for each hop.

To use Traceroute via the Network Utility, you must be running Apple Mac OS
X.
1. Open the Network Utility
 Open Spotlight (Left Cmd + Spacebar or Click the Magnifying Glass on
the right of the Menu Bar). Type Network Utility and press Enter.
 In Network Utility, choose Traceroute. Enter a destination into the box,
either an IP Address or a Domain Name, and click Trace.
 e.g. google.co.nz
 OR 216.58.196.131
Pragati Women’s Degree College Page 9
 Cyber Security And Malware Analysis Lab

 The results will be printed in the window. You may have to scroll down to
see all results (by mousing over the white window and scrolling.)

USING ARP:

Connect two PC, say A and B with a cross cable. Now you can see the working
of ARP by typing these commands:

1. A > arp -a

There will be no entry at the table because they never communicated with each
other.

2. A > ping 192.168.1.2

IP address of destination is 192.168.1.2

Reply comes from destination but one
packet is lost because of ARP processing.

Pragati Women’s Degree College Page 10

 Cyber Security And Malware Analysis Lab

Now, entries of the ARP table can be seen by typing the command. This is what
the ARP table looks like:

7.Perform the port scanning mechanism by using NMAP tool

AIM: To Perform the port scanning mechanism by using NMAP tool.

Description:
Nmap is a security auditing tool used in the security field to actively enumerate a
target system/network. It is one of the most extensively used tools by network
administrators and conversely attackers for reconnaissance (enumeration), the first
step in the 5 phases of hacking. Nmap is used to actively probe the target network
for active hosts(host discovery), port scanning, OS detection, version details, and
active services running on the hosts that are up. For this, Nmap uses the technique
of sending packets and analyzing the responses.

Pragati Women’s Degree College Page 11

 Cyber Security And Malware Analysis Lab

First, fire up your command line or GUI. Typing scanme.nmap.org will perform a
default scan for open ports on the domain name scanme.nmap.org. Nmap provides
this server to test out different scans.
If you want to scan something else, type in the device’s DNS name or IP address.

Perform Syn Scans In Nmap

To get the most out of Nmap from a security perspective, it’s crucial to use flags.
Think of flags as settings or commands telling Nmap how to work. Flags usually
begin with – or –. Nmap has two different flag categories, scan types and options.
This is normally formatted like nmap [ -type ] [ -option ] [ target ].
Running certain scans will require administrator privileges, so in Windows it’s best
to start by running as admin or in MacOS or Linux using sudo. To perform a basic
syn scan, that would be nmap -sS scanme.nmap or sudo nmap -sS scanme.nmap

Pragati Women’s Degree College Page 12

 Cyber Security And Malware Analysis Lab

You can even combine most flags, but scan type flags only allow mixing TCP and
UDP types. That would be something like nmap -sS -SU scanme.nmap.org
Let’s say you want to just check if SSH (port 22) is open on your firewall. Add the
-p (for port) and give it the port number to check: nmap -sS -p 22 scanme.nmap.org

8.Perform an SQL Injection attack and its preventive measure to avoid

Injection attack

AIM: To Perform an SQL Injection attack and its preventive measure to avoid
Injection attack

Description:

SQL injection is a technique used to extract user data by injecting web page inputs
as statements through SQL commands. Basically, malicious users can use these
instructions to manipulate the application’s web server.

1. SQL injection is a code injection technique that can compromise your

database.

2. SQL injection is one of the most common web hacking techniques.

3. SQL injection is the injection of malicious code into SQL statements via
web page input.

Suppose we have a field like the one below:

Student id: The student enters the following in the input field: 12222345 or
1=1.
Query:
SELECT * from STUDENT where
STUDENT-ID == 12222345 or 1 = 1

Pragati Women’s Degree College Page 13

 Cyber Security And Malware Analysis Lab

Now, this 1=1 will return all records for which this holds true. So basically, all
the student data is compromised. Now the malicious user can also delete the
student records in a similar fashion. Consider the following SQL query.
Query:
SELECT * from USER where
USERNAME = “” and PASSWORD=””
Now the malicious can use the ‘=’ operator in a clever manner to retrieve
private and secure user information. So instead of the above-mentioned query
the following query when executed retrieves protected data, not intended to be
shown to users.
Query:
Select * from User where
(Username = “” or 1=1) AND
(Password=”” or 1=1).
Preventing SQL Injection
 User Authentication: Validating input from the user by pre-defining length,
type of input, of the input field and authenticating the user.
 Restricting access privileges of users and defining how much amount of
data any outsider can access from the database. Basically, users should not
be granted permission to access everything in the database.
 Do not use system administrator accounts.

Pragati Women’s Degree College Page 14

 Cyber Security And Malware Analysis Lab

9. Perform an activity to access a locked computer without knowing the

user's password.
AIM: To Perform an activity to access a locked computer without knowing
the user's password.
Description:
Method 1: Unlock Computer with Pre-created Password Reset Disk
 Start your computer, enter any incorrect password on the login screen, and
press Enter.
 Plug the password reset disk and click the Reset password link below the
password field.
 When the password reset wizard launches, click Next.

Choose your password reset disk from the dropdown list and click Next.

Pragati Women’s Degree College Page 15

 Cyber Security And Malware Analysis Lab

Enter the new password (if any) or leave the fields blank if you do not want to set
any password. Click Next.

Method 2: No Password Reset Disk? Try PassFab 4WinKey

 Install and launch PassFab on any nearby PC, plug in a USB device and
click Next.
 Choose your USB device from the menu, click Next and let the process
complete.
 Once your bootable media is ready, plug it out and switch to the locked PC.
 Restart the PC and press the Boot Key to enter the Boot Menu.

Pragati Women’s Degree College Page 16

 Cyber Security And Malware Analysis Lab

 Set your bootable device on priority, and press F10 to save changes.
 When the PC restarts, it will launch the PassFab’s interface. Choose the
Windows system. Click Next.
 Choose the user account and Reset Account Password from the option list.
Click Next.
 Enter the new password. Click Reset and then reboot.
 Your PC has been unlocked without a password successfully. Use the new
password to log into it.

Method 3: Unlock Computer Password with Command Prompt

 Restart your computer while holding the Shift key from the login screen.
 From Advanced Boot Options, choose Troubleshoot and press Enter.
 Select Advanced Options.
 Select Startup Settings.
 Press 6 or F6 to boot your computer in Safe mode with Command Prompt.
 When you see the Command Prompt window, type “net user” to view a list
of all the users on this PC.
 Type “net user [username] [new_password]” and hit Enter.

Pragati Women’s Degree College Page 17