EH Slips PDF

UNIVERSITY OF MUMBAI
M.Sc. (Part – II) INFORMATION TECHNOLOGY Semester III (Practical) Examination

JANUARY 2018
COURSE - PSIT3P4B
Candidate No: _______________________ (Ethical Hacking)
1. Find the number of hops from your PC to www.certifiedhacker.com. 10

2. Find the maximum packet size that can be sent to certifiedhacker.com without 10
being fragmented.
3. Analyze and determine each of the following DNS resource records for 20
certifiedhacker.com
• SOA
• NS
• A
• PTR
• CNAME
• MX
• SRV
4. Journal 5
5. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Find the owner of the website google.com, geographic location of google.com 10

and owner of the IP address block of google.com.
2. Trace the following details of email: 20
• Location in GUI map.
• Hop in the route with IP.
• From and to email addresses.
• Date.
• Subject.
• Location.
• Sender IP.
3. Make an offline copy of the website www.certifiedhacker.com. 10
4. Journal 5
5. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Execute the following tasks: 20

• Perform system and network scan.
• Enumerate the user accounts.
• Execute remote penetration.
• Gather information about local network computers.
2. Identify the application protocols running on open ports 80. 10
3. Draw the map of showing the logical connectivity of the network and navigate 10
around the map.
4. Journal 5
5. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform the following tasks: 20

• Scan the system for currently open TCP and UDP ports.
List the following details:
• Process name
• Process ID
• Protocol
• Local port
• Local Address
• Remote port
• Remote Address
• Remote Host name
• Perform the vulnerability scan.
• Audit the network
• Detect the vulnerable ports
• Identify the security vulnerabilities in the network.
• Correct security vulnerabilities with remedial action.
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B

• Scan the system for currently open TCP and UDP ports.
• Analyze host details and their topology.
• Determine the type of packet filters.
• Record and save all the scanned ports.
• Compare results for suspicious ports.
• Perform the vulnerability scan.
• Audit the network
• Detect the vulnerable ports
• Identify the security vulnerabilities in the network.
• Correct security vulnerabilities with remedial action.
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Using Nmap (ZenMap) perform the following scans on the system: 40

• Intense scan
• Xmas Scan
• Null Scan
• ACK flag scan
Document of the findings.
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Draw a map showing logical connectivity of the lab network and navigate 20
around the map. Create a report that includes all the managed switches and
hubs.
2. Use NMap to scan a computer. Display the OS Information and open ports. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Use MegaPing and Advanced IP Scanner to scan the network. List your 20
findings
2. Using appropriate too remove and block the Google Cookies from the system. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform the following tasks using Colasoft Packet Builer 20

• Create and enable custom network packets.
• Verify network attacks against attacks and intruders.
2. Using Megaping and The Dude, draw a network map of the current network. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Run a continuous ping command to a website. Show the current ports active on 20
your system. Extract a selected list of processes to an HTML view in CurrPorts
2. Using Megaping and The Dude, draw a network map of the current network. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. You are given a target machine. Scan the machine to determine its open ports. 20
Depending on the open ports, perform NETBIOS Enumeration (using
SuperScan)
2. Perform NETBIOS enumeration using NETBIOS enumerator tool. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform enumeration on the network to obtain 40

• User names and user groups.
• List of computers, their operating systems and ports on them.
• Machine names, network resources and services.
• List of shares on individual hosts on the network
• Policies and passwords.
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform NETBIOS enumeration using Softperfect network scanner. 20

2. Perform SNMP Enumeration. What information is retrieved about the remote 20
machine?
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform NETBIOS enumeration using Hyena. 20

2. Perform NETBIOS enumeration using Softperfect network scanner. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Crack the password using: 40

• LCP
• L0pthcrack
• Ophcrack
• RainbowCrack
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Hide the file calc.exe in a text file readme.txt. Create a link to the file and 20
execute it.
2. Use ADS Spy to find the hidden files along with their location. 10
3. Demonstrate steganography using stealth files tool. 10
4. Journal 5
5. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Create Two text files fileone and filetwo. 20

• Hide fileone inside filetwo using Data Streams.
• Access fileone from filetwo and show its contents.
• Remove the hidden fileone from filetwo using ADSpy
2. Hide the message “Practical exam is going on” inside a text file destination.txt 20
using SNOW
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Use OphCrack and RainbowCrack to crack and verify the passwords. Extract 20
the password SAM data using PWDump.
2. Demonstrate Image based Steganography using QuickStego. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. You are given a system whose password has been forgotten. Reset the password 40
of the system admin using just a bootable image. Login to the system and create
a new user with your roll no.
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Demonstrate ProRat Trojan. 20

2. Demonstrate HTTP Trojan. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Demonstrate MoSucker. 20
2. Demonstrate the use of Onefile EXE maker. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Create a server and test network for attack. Attack it with sample Trojans. 20
Detect Trojans and backdoors. Document all the vulnerabilities and flaws
detected. (Use Theef)
2. Demonstrate Biodox trojon.
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Demonstrate the Omnipeek Network Analyzer. 20

2. Change the Mac Address of the base machine 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Using Wireshark, capture Telnet data. Show the ASCII version of the telnet 20
data in a text file. Telnet to towel.blinkenlights.nl
2. Perform network analysis using Colasoft Capsa network analyzer. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Demonstrate the use of wireshark in sniffing the data. 20

2. Demonstrate the use of Cain and Abel to recover the password. 20
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform Man-in-the-middle attack using Cain & Abel. 20

2. Use Sinff-o-matic to analyze the network and sniff the password. Document the 20
results.
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Perform DOS Attacks on a port using 20

a. HPing3 (SYN Flood)
b. DOSHttp
Show the attack happening using WireShark
2. Perform DOS Attacks on a Webservers port using 20
a. HPing3 (Use Random Source & SYN Flood)
b. DOSHttp
Show the attack happening using WireShark
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Search for Mumbai on Google or Bing. 20

Intercept the stream using ZAProxy and modify the search string from Mumbai
to Delhi
2. Retrieve webserver information using 20
a. HTTPRecon
b. IDServe
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Use Metasploit and take advantage of the victims Java exploit. Run various 40
commands via the command shell to
a. Extract its IP information
b. List the running processes
c. List SystemInfo
d. Print and change current working directory
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Using manual SQL Injection extract 40

a. Database name [database()]
b. Hostname hostname()
c. Username and password from dvwa.users table
d. List the table names of the database.
e. Make sure the DVWA Security is set to low
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Use Webcruiser to perform SQL Injection and retrieve the user names and 20
passwords from the DVWA database. Make sure the DVWA Security is set to
low
2. Using HashCalc and MD5Calculator, demonstrate how Hash Values change 20
after a file is modified
3. Journal 5
4. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. You are presented with a WEP Based Wireless Access Point. Using the 40
Aircrack utilities, crack the wireless network from Kali Linux.
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Demonstrate Encryption and Decryption using 40

a. Caesar Cipher on plain text
b. RC4 Cipher on plain text
c. BCText Encoder on a block of text
d. Advanced Encryption Package on a random file
2. Journal 5
3. Viva 5
JANUARY 2018
COURSE - PSIT3P4B
1. Using HashCalc, generate the Hash values using any 4 Hashing algorithms 20
2. Use Truecrypt and create an encrypted volume of 100mb using AES and 20
RIPEMD160 algorithm’s. Name the truecrypt file as ‘EncrFile’
3. Journal 5
4. Viva 5

EH Slips PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

EH Slips PDF

Загружено:

Авторское право:

Доступные форматы

UNIVERSITY OF MUMBAI

M.Sc. (Part – II) INFORMATION TECHNOLOGY Semester III (Practical) Examination

Candidate No: _______________________ (Ethical Hacking)

1. Find the number of hops from your PC to www.certifiedhacker.com. 10

Candidate No: _______________________ (Ethical Hacking)

1. Find the owner of the website google.com, geographic location of google.com 10

Candidate No: _______________________ (Ethical Hacking)

1. Execute the following tasks: 20

Candidate No: _______________________ (Ethical Hacking)

1. Perform the following tasks: 20

Candidate No: _______________________ (Ethical Hacking)

1. Perform the following tasks: 20

Candidate No: _______________________ (Ethical Hacking)

1. Using Nmap (ZenMap) perform the following scans on the system: 40

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Perform the following tasks using Colasoft Packet Builer 20

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Perform enumeration on the network to obtain 40

Candidate No: _______________________ (Ethical Hacking)

1. Perform NETBIOS enumeration using Softperfect network scanner. 20

Candidate No: _______________________ (Ethical Hacking)

1. Perform NETBIOS enumeration using Hyena. 20

Candidate No: _______________________ (Ethical Hacking)

1. Crack the password using: 40

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Create Two text files fileone and filetwo. 20

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Demonstrate ProRat Trojan. 20

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Demonstrate the Omnipeek Network Analyzer. 20

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Demonstrate the use of wireshark in sniffing the data. 20

Candidate No: _______________________ (Ethical Hacking)

1. Perform Man-in-the-middle attack using Cain & Abel. 20

Candidate No: _______________________ (Ethical Hacking)

1. Perform DOS Attacks on a port using 20

Candidate No: _______________________ (Ethical Hacking)

1. Search for Mumbai on Google or Bing. 20

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Using manual SQL Injection extract 40

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

Candidate No: _______________________ (Ethical Hacking)

1. Demonstrate Encryption and Decryption using 40

Candidate No: _______________________ (Ethical Hacking)

Вам также может понравиться