Professional Documents
Culture Documents
PBL-II Report
On
CERTIFICATE
Submitted by
Rajat D. Kokane
Is a Bonafide work carried out by them under the supervision of Prof. Santosh Biradar
and it is submitted towards the partial fulfillment of Second Year Engineering in Computer
Engineering through the Savitribai Phule Pune University during the academic
Year 2020-21.
ii
Prof. Santosh Biradar
PBL-II Guide
HOD Principal
ACKNOWLEDGMENT
With immense pleasure, I am presenting the PBL-II report as part of the curriculum of the
S. E. Computer Engineering. I wish to thank all the people who gave us an unending support right from the
idea was conceived.
I express my sincere and profound thanks to our Head of the Department Dr. M. K. Nighot sir and my
Seminar Guide Prof. Santosh Biradar sir for their guidance and motivation for completing my work, and I
am also thankful to all those who directly or indirectly guided and helped me in preparation of this report.
iii
Rajat D. Kokane
ABSTRACT
Due to advancements in technology, improving standard of life of people and various other factors, access
to the internet and devices that utilize internet like PCs and smartphones have increased. As internet can
make personal and professional work easier, provide entertainment, provide education, it is used in
practically every field imaginable. This widespread usage of internet, unfortunately, has also created a new
type of crime called Cybercrime. These cybercriminals, which include hackers, can steal a person’s data
iv
which they have stored on the internet. It could be their name, address, internet browsing history, their
bank details etc.
To protect people from such cybercriminals, awareness about Digital Safety must be spread. This project
aims to do the same by explaining the basics of legal hacking, as thinking like a hacker can help one
understand how to protect themselves and their precious data.
v
Contents
Certificate ii
Acknowledgement iii
Abstract iv
3.4 Sniffing
6
5. References 15
CHAPTER 1
INTRODUCTION
1.1 Introduction
This is a project about Cybersecurity and an introduction to Digital Ethical Hacking. It will cover the
topics of personal digital security and legal hacking.
7
1.2 Motivation behind project topic
Generally, people are not worried about their so-called digital footprint. They simply don’t care
about how they use electronic gadgets and IOT devices. The motivation behind this project is to
make people realize how vulnerable they are when they use devices like a smartphone and what
The aim of this project is to teach people about digital safety and how they can protect themselves
from a hacker.
To do this, we will learn basics of Digital Hacking and Internet Etiquette. If we know how a hacker
thinks, we will be able to safeguard ourselves from a potential hack attack.
Our objective is to learn about the following points:
1. What exactly is Digital Hacking? What do hackers actually they do?
2. Information Gathering
3. System Hacking
4. Sniffing
5. Types of Malware and how to Protect Yourself from them
6. Internet Etiquette
8
CHAPTER 2
LITERATURE SURVEY
INTRODUCTION:
9
Child Rights And You Organization conducted a study on internet usage by adolescents in the Delhi NCR
The study was conducted among school going adolescents in the age group of 13 to 18 years, spread across
urban and rural areas of Delhi-NCR (NCT of Delhi, Noida and Faridabad). Six hundred and thirty adolescents
across eight schools in Delhi - NCR were selected for the study. A structured questionnaire capturing their
Internet Usage habits and relevant characteristics were administered to the adolescents, in conjunction with
an Internet Addiction Test (IAT), which was an adapted version (after securing requisite proprietary
permissions) of the original IAT based on Young’s 20-item scale for Internet addiction (YIAT 20). The
psychometric properties of the IAT are well-documented in the literature. Young’s IAT, developed for
screening and measuring levels of Internet addiction, and has been the most widely used and well-tested for
METHODOLOGY:
Usage (device, place, number of hours etc.), demographics, socio-economic background of the
Respondents, information and knowledge about Internet rules and guidelines, positive
Internet Addiction Test – Internet addiction (YIAT 20) was applied to qualify for the prevalence of Internet
addiction. It is a 20-item questionnaire measured on the five-point Likert Scale. After all the questions have
10
been answered, numbers for each response are added to obtain a final score. The higher the score range,
the greater the level of addiction; normal range: 0-30 points; mild: 31-49
points; moderate: 50-79 points and severe: 80-100 points. The psychometric properties of
YIAT 20 questionnaire are well-documented in the literature. Young’s IAT, developed for
screening and measuring levels of Internet addiction, and has been the most widely used and
well-tested for its psychometric properties. The items of the IAT, each rated from 1 (rarely) to
5 (always), include compulsive behaviour related to use of the Internet, the occupational or
emotional problems. The rationale for basing the Internet Addiction Test was that Young’s
diagnostic questionnaire for the study was that it is the first global psychometric measure
and hence has been extensively and frequently used across many studies globally, is self-completed,
has been validated on adult and adolescent populations, and has good internal
In Indian context, IAT was used in earlier studies with young population and
adolescents aged 18-24 years and 16 years (Sachin R Gedam et al., 2017; Sharmitha
11
CHAPTER 3
ETHICAL HACKING
DO?
Hacking is the technique of finding the weak links or loopholes in the computer systems or the networks and
exploiting it to gain unauthorized access to data or to change the features of the target computer systems or
the networks. Hacking describes the modification in the computer hardware, software or the networks to
accomplish certain goals which are not aligned with the user goals. In contrast, it is also called breaking into
someone's security and stealing their personal or secret data such as phone numbers, credit card details,
Ethical hackers are usually security professionals or network penetration testers who use their hacking skills
and toolsets for defensive and protective purposes. Ethical hackers who are security professionals test their
network and systems security for vulnerabilities using the same tools that a hacker might use to compromise
the network. Any computer professional can learn the skills of ethical hacking.
12
13
INFORMATION GATHERING
Information gathering is the first step in ethical hacking, where relevant information about the target is
gathered passively. The information the hacker is looking for during the footprinting phase is gives clues to
the network architecture, server, and application types where valuable information is stored. Some of the
pieces of information to be gathered about a target during footprinting are domain name, network blocks-,
network services and applications- system architecture, Intrusion detection system etc. This module covers
A hacker may find information about a person or an organization they want to attack freely on the internet.
Websites like zabasearch.com, pipl.com, anywho.com, peoplesearch.com contains information like names,
14
phone numbers, addresses, date of birth, social media details etc. of people. In combination, these sites
allow attackers to locate key individuals, identify their home phone numbers, and even create maps to their
houses. Attackers can even see the surroundings of the company or the home they are targeting with great
quality satellite pictures. Even a simple Google search can reveal a lot of information about an individual.
15
SYSTEM HACKING
Many hacking attempts start with cracking the password of the target system. Passwords are the key to
access a system, and most often users select passwords that are easy to guess. Many reuse passwords or
choose one that's that is easy to remember, such as their name, date of birth, pet's mane. This typical
human nature makes it very easy for hackers to guess the password if they have a little information about
the target. Information gathering and reconnaissance can give away information that may help a hacker
guess a user's password. Once a password is guessed or cracked, it can be the launching point for escalating
privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then
passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.
Every hacker has certain goals before attack, without objective the attempt would be in vain. The goal could
be anything and it may vary from attacker to attacker. Some of the reasons for hacking and their stages have
access.
16
Hiding Files To hide malicious files. Rootkits.
compromise.
17
SNIFFING
Sniffers operate at the data link layer of the OSI Sm model. This means that they do not have to play by the
same rules as applications and services that reside further up the stack. Sniffers can grab whatever they see
on the wire and record it for later review. They allow the user to see all the data contained in the packet,
A sniffer is a program or device that monitors data traveling over a network. Sniffer can be used for
legitimate activities, such as network management, or for illegitimate activities, like stealing information
found on a network. A variety of different types of sniffers are available, including commercial and open-
source variations. Some of the simplest types use a command-line interface to dump captured data onto the
screen while more sophisticated types use a graphical user interface (GUI), and can graph traffic statistics,
track multiple sessions, and offer different configuration options Network utilization and monitoring
programs often use sniffers to gather data for metrics and analysis. Generally, sniffers do not intercept or
E-mail text
18
Sniffing involves capturing, decoding, Inspecting and interpreting the information inside a network packet on
a network. It contains fields such as source and destination IP address ports, sequence numbers and the
protocol types. Packet sniffing is a method of tapping each packet as it flows across the network i.e. it is a
technique in which a user capture data belonging to other users of the network. Packet sniffer is a program
or device that monitors data travelling over a network. Packet sniffers can be used for malicious purposes.
Attackers use sniffers to capture data packets containing sensitive information. Attackers may gain
19
TYPES OF MALWARE AND HOW TO PROTECT YOURSELF FROM THEM
Viruses and worms belong to a higher category of malicious code or malware. They are programs that can
cause a wide range of damage, from displaying messages to making programs work erratically, and may
even destroy data or hard drives. A virus normally needs a host program or file to infect. Viruses require
some type of human interaction. A worm can travel from system to system without human interaction.
Worms have the capability of replication, so when a worm is executed more number of programs and
systems are infected. For example, a worm may email itself to everyone in your address book and then
repeat this process again and again from each user it infects. That massive amount of traffic can lead to a
denial of service very quickly. Closely related to viruses and worms is spyware. Spyware is considered
another type of malicious software. In many ways, spyware is similar to a Trojan, where most users don't
know that the program has been installed, as it hides itself in an obscure location. Spyware steals
information from the user and also consumes the bandwidth. To go a further, it can also redirect your web
traffic and flood you with annoying pop ups. Spyware is considered as another type of virus by many users.
Preventing Viruses
Because prevention is better than a cure, everything should be checked before being used. Many sites will a
MD5Sum with their programs to give users an easy way to tell that no changes have been made. Email
attachments should also always be checked. In a high-security, controlled environment, a sheep dip system
can even be used. This term originated from the practice of dipping sheep to make sure that they are clean
and free of pests. A sheep dip computer can be used to screen suspect programs and connects to a network
20
only under controlled conditions. It can be used to further examine suspected files, incoming messages, and
attachments. Overall, the best way to prevent viruses is by following an easy five-point plan:
2. Keep the virus definitions up-to-date. Dated antivirus is no better than no protection at all.
3. Use common sense when dealing with attachments. Do not open an attachment if you
don't know the sender; have not requested for it or it looks suspicious.
4. Keep the system patched. Many viruses exploit vulnerabilities that have previously been found and
5. Be wary of attachments as even today it remains one of the primary means of spreading
advanced persistent threats (APTS) and other malware such as viruses and worms.
Although virus prevention is good practice, there is still the possibility that your system might get infected
with a virus. In general, the only way to protect your data from viruses is to maintain current copies of your
data. Make sure that you perform regular system backups. A variety of tools are available to help with this
task. The three types of backup methods possible are full, incremental, and differential.
21
INTERNET ETIQUETTE
Be Nice: The first rule of internet etiquette is to be kind and courteous. Remember that
whatever you send from your keyboard or your phone is still an extension of you, even
though you're not with others in person. It's just as important to show good manners
Keep Messages and Posts Brief: Most people use the internet to save time, so honor that
and keep all messages as brief as possible. If you have more to say, try breaking it up
into smaller topics. This will force you to be more organized and enable the reader to
Don’t Shout: Avoid using all caps in any email or post. Some people think that keeping
the caps lock button on for the entire message will make it easier to read, while it
actually does the opposite. It is not only difficult to read, it comes across as shouting,
which is rude.
22
Use Discretion: Whether you are sending email, instant messaging, commenting on
Facebook, adding images to Snapchat, or posting a message to your blog, you need to
remember that anything you put on the internet can be there forever. Even if you
remove the material, someone may have made a screen shot, copied, or saved it. One
rule of thumb many people use is to never post anything you wouldn’t want your
Protect Personal Information: Since anything you post on the Internet is out there for
all to see, avoid adding anything personal. This includes your address, phone number,
social security number, and driver’s license information. You don’t want to make things
Before You Click “Send”: It is always a good idea to reread anything you type before
clicking the “send” button. If you have time, step away for a few minutes and come back
to it with fresh eyes. For those times when you need to post quickly, at least check your
spelling, grammar, and tone of the message. If it is late at night, and you are extremely
tired, it’s probably best to wait until the next morning. You can save most messages and
23
CONCLUSION
The whole world is moving towards the enhancement of technology, and more and more
Digitisation of the real world processes, with this the risk of security increases. This paper described the
working of malicious hackers or crackers on one hand who tries to illegally break into the security and on the
other hand white hat hackers or ethical hackers, who tries to maintain the security. As in the computer
system, hacking plays a vital role as it deals with both sides of being good or bad. Further, this project tells
about the types, working, and various attacks performed by the hackers. In conclusion, it must be said that
Ethical Hacking is a tool which when properly utilised can help in better understanding of the computer
24
25
REFERENCES
[1] Mahara P. (2020) Online Safety And Internet Addiction, Child Rights And You Organization, page no 18-
20.
[2] Skills Factory, Certificate In Digital Ethical Hacking, Skills Factory Learning Pvt. Ltd., Module 1-5.
26
[3] Debby Mayne (2020), Proper Internet Etiquette, https://www.thespruce.com/proper-internet-etiquette-
1216946
27