Name: Rawandeep Kaur

Program name: BCA (CS)with IBM

Registration number: 72312388
Section: A
Subject: Cloud Security
Submitted to: Mr. Omkant Sharma
1. How to install kali—
1.Open web browser, go to
www.virtualbox.org and install
virtual box by clicking on window
hosts.

Once the installation is finished,

set up the VirtualBox.
Now go to www.kali.org and
click on get kali. Afterwards,
click on virtual machines.
4. Next, download the virtual box
zip file.
5. After finished installing it,
open it in WinRaR and extract the
file to a new folder in your
desktop or any location that you
desire.
6. Now, open your virtual box and
click on “add”, select the
extracted file .It will add your
virtual machine file for kali to the
virtual box.
7. And finally select the virtual
machine, click on start and it will
be powe
2. Encryption Decryption
practical----
Encryption is a data security
process in which plaintext data
is encoded into unreadable
ciphertext to help keep it secure
in or between cloud
environments.
For showing it practically we will
use online platform RSA Devglan
Encryption Decryption:
After opening the website
following page will show click on
the generate key pair.
Here it will generate both public
and private key.
Now here copy both public and
private keys and paste both of
them in different files of notepad.
After this refresh the page.

Now enter any plain text as per

the instructions.
After this paste the public key to
encrypt the message.
After clicking on encrypt you will
see the encrypt output of your
message.
Paste here the encrypted form of
your message.

Now here paste the private key

After that click on decrypt for
getting your encrypted input into
decrypted form.

So here is the final output as it is

showing the text you enter and
the decrypted output you get is
same. By this way you can use
the concept of encryption and
decryption.
3. How to create a phising
link and share it publicly—
For practical we will use kali
linux : first if all write cd to come
to present directory. Then write
cd Downloads you will see the
downloaded file that is zphisher
master .zip
Then write unzip zphisher
master.zip to unzip this file. After
this following output will shown.
After unzip the file go to zphisher
master for this we will write the
command cd zphisher master.

After this write ls. it will display

all the list present in that
zphisher master.
Then write ./ followed by the
name of your file.
This page will shown up. Now in
this it is asking you for choosing
a website by which you will
perform phishing attack. I want
Instagram website for this write
02 then press enter.
Then it will ask you what you
want in Instagram. So I need a
traditional login page so I will
write 01 then enter.

Here is the link generated on

click of this link you will direct to
a traditional login page of
Instagram.
Here is the login page.

Now you create a page but how

to share it to the public so you
can get the information. For this
use omkant sharma git hub.
Under this there is an option for
cyber security public click on it.

Then you will direct to above

page. Here is the option to create
phising link click on it.
Now in different terminal use the
two commands as shown. First
command will generate a key.
In the second command you will
provided with the link which you
can share to public.
Now you can send this link to
anyone at the moment the victim
fill his credentials it will shown to
you.

This is how phising works.

4.Data gathering through

online platform—
DNS Lookup: search the website
name DNS lookup this page will
show up.

Write any domain name of any

website for which you find the
records. Here I take the example
of facebook.
Click on find DNS records. Then
here is all the records related to
that domain like the ip address
etc.
What is my IP? ----
It is an online platform to find all
the related information to ip.
Here following page is showing
the information about facebook
ip.
You just have to type the ip in
search bar and click on search it
will shows you all the
information.

Here it is showing about the

hostname, country, state ,region.
How to find the public ip? ---
Just search in any browser what
is my ip then it will shows you the
ip allotted to your system.

How to find the private ip? ---

To find the private ip open
command prompt and type here
command ipconfig then press
enter.
This is the final output.

5. Basic commands of Kali

Linux and Cmd---
1.cd—This means current
directory. It will show you in
which directory you are currently
working.
2.pwd—Print working directory.

3.ls- It will shows you the lists

present in your directory.
4.ls -l: This will display the
number of lists in long listing
with their time and date. It also
shows the number of permission
a file contain and also location of
each file.

5. mkdir : It is used to make a

new directory.

6. touch : It is used to make a

new file.
7. cat : One is used to add the
text in a particular file and other
is used to read the text present
in the file. For this just write cat
followed with the name of file.

8. rm: This command is used to

remove the file. For this type rm
followed with name of file you
want to remove.

9. rmdir : This command is used

to remove the directory. The
syntax is same as rm.
10. echo : This command is used
to print any text you write after
echo.

Basic commands for cmd ---

Cd—it takes you to top of the
directory tree. To see its working
type cd in cmd and then press
enter now it will take you to the
top of directory tree.

Echo—it is used to print out the

text on the display screen.
DIR – this display the list of files
and folders contained in it,
together with some detail of
each of them.

4.mkdir – It stands for make

directory. With the use of this
single command you can create
folders.

Now there is a processor to

check whether the folder is
created or not.

5.rmdir--- it is useful command

when you want to remove the
empty directories from your
system.

the directory is removed.

Ping ---it is most popular
command to check the
connectivity between two
network devices.
Systeminfo---it is used to get the
information about your system.
Tasklist---this command displays
a list of currently running task or
processes. It shows the id
number , window title, name of
the executable program.

Taskkill—it is used to terminate

the processes going on.
Ipconfig-- It is used to display
information about your network
configuration and refresh DNS
settings. By default it shows you
IP address.
6. Data sniffing using
Wireshark---
First of all write the command
wireshark.

After writing wireshark this page

will shown up click on eth().
This page is shown up. This is
representing the communication
between two IP.
In this first column there is title
given and source and
destination. Source is your
system’s ip and destination is
where the request goes. Then
there is a protocol like TCP, UTP.

After this search test php

vulnweb site. This is vulnerable
site. Now open the login page
and fill the login credentials. The
username is test and password is
also test.

After doing login the

communication is showing up
that there, the communication of
login page.
Now filter the protocol search
http. And then click on follow and
then http stream. Then above is
the output. It is showing the login
credentials. Also the website
hosting this.
7. Man-in-the-middle
attack---
Search online foxy proxy and
then add to chrome.
After opening this website make
a proxy and fill the required
information and add it.
Set the title, hostname, port
number etc.

Open burpsuite in the

application.
Keep the intercept off.

Search online website php

vulnweb login page.
Then this will shown up do right
click and send to repeator.
Then click on render.

Here is the final output.

8. NMAP commands---
Here, I have used nmap tool on
www.google.com . we can see
that only two ports are open ,
rest are already filtered . port
number 80 is used by http and
port number 443 is used by https.
Here -sS flag is used for TCP SYN
Scan, Which is a stealthy and
efficient method of scanning for
open ports on a target system.

The “-p” flag is used with nmap to

perform scan on a specific port or
range of ports. ( In our case it will
scan port 80, 443 and 21 )
Here -A indicates aggressive, it
will give us extra information,
like OS detection (-O), version
detection, script scanning (-sC),
and traceroute (–traceroute). It
even provides a lot of valuable
information about the host.
Using this command we can
discover the target hosting
service or identify additional
targets according to our needs
for quickly tracing the path.
Here it will display the operating
system where the domain or ip
address is running, but will not
display the exact operating
system available on the
computer. It will display only the
chance of operating system
available in the computer. The
command will just guess the
running operating system (OS) on
the host.
The “-sU” flag is used with nmap
to perform a UDP scan, which
allows the user to discover open
UDP ports and services on a
target system.

9. SQL Injection practical --

--
Here, we get the vulnerable
points or url(s), where the attack
can be initiated.
Now, we have used the same
command but added –dbs to get
the names of the databases
stored in the backend.
Now, we will select one database
and write –tables to fetch the
names of the tables in that
particular database.

So, you can clearly see we have

got the names of the tables
present in the database acuart.
Now, we are going to fetch the
names and types of columns in
the table ‘users’.

Next, we will add --dump to the

command to get the whole data
stored in the table, which really
means that we can get names,
addresses, email, passwords,
phone numbers of the users
belonging to the website.

So here we have got the details

of the user, where name of the
user is John Smith and username
and password is test and so on.
And with this , we have
successfully implemented the
SQL injection attack.
10.XSS(Cross side
scripting)—

Firstly, go to
https://portswigger.net/ and
create your account. After doing
so, scroll down to the end, and
click on cross-site scripting.
Now scroll down a bit and click
on view all XSS labs.
So, you can see the alert
dialogue box being appeared,
which means this site is
vulnerable for XSS as we are
being able to make change in the
script on the backend and
initiate the particular functions
through it.