A

PBL-II Report

On

"ETHICAL HACKING AND CYBERSECURITY"

SUBMITTED TO THE SAVITRIBAI PHULE PUNE UNIVERSITY,

IN THE PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE AWARD OF THE DEGREE
OF
SECOND YEAR ENGINEERING
By
Rajat D. Kokane

UNDER THE GUIDANCE OF

Prof. Santosh Biradar

DEPARTMENT OF COMPUTER ENGINEERING

D. Y. PATIL COLLEGE OF ENGINEERING, AMBI
Sr.No.124 & 126, A/P Ambi, MIDC Road. Tal Maval,
Talegaon Dabhade, Pune - 410 506

ACADEMIC YEAR: 2020-21

 DEPARTMENT OF COMPUTER ENGINEERING

D. Y. PATIL COLLEGE OF ENGINEERING, AMBI

Sr.No.124 & 126, A/P Ambi, MIDC Road. Tal Maval,

Talegaon Dabhade, Pune - 410 506

CERTIFICATE

This is to certify that the PBL-II report entitled

“ETHICAL HACKING AND CYBERSECURITY”

Submitted by

Rajat D. Kokane

Is a Bonafide work carried out by them under the supervision of Prof. Santosh Biradar

and it is submitted towards the partial fulfillment of Second Year Engineering in Computer

Engineering through the Savitribai Phule Pune University during the academic

Year 2020-21.

ii
 Prof. Santosh Biradar

PBL-II Guide

Dr. M. K. Nighot Dr. Abhay A. Pawar

HOD Principal

Place: Date: 13/06/2021

ACKNOWLEDGMENT

With immense pleasure, I am presenting the PBL-II report as part of the curriculum of the

S. E. Computer Engineering. I wish to thank all the people who gave us an unending support right from the
idea was conceived.

I express my sincere and profound thanks to our Head of the Department Dr. M. K. Nighot sir and my
Seminar Guide Prof. Santosh Biradar sir for their guidance and motivation for completing my work, and I
am also thankful to all those who directly or indirectly guided and helped me in preparation of this report.

iii
 Rajat D. Kokane

ABSTRACT

Due to advancements in technology, improving standard of life of people and various other factors, access
to the internet and devices that utilize internet like PCs and smartphones have increased. As internet can
make personal and professional work easier, provide entertainment, provide education, it is used in
practically every field imaginable. This widespread usage of internet, unfortunately, has also created a new
type of crime called Cybercrime. These cybercriminals, which include hackers, can steal a person’s data

iv
which they have stored on the internet. It could be their name, address, internet browsing history, their
bank details etc.

To protect people from such cybercriminals, awareness about Digital Safety must be spread. This project
aims to do the same by explaining the basics of legal hacking, as thinking like a hacker can help one
understand how to protect themselves and their precious data.

v
 Contents

Certificate ii

Acknowledgement iii

Abstract iv

Sr. Chapter Page No

1. Introduction 6
1.1 Introduction
1.2 Motivation
1.3 Objective of the work
2. Literature Survey of Internet Usage 7
2.1 Introduction
2.2 Methodology
3. ETHICAL HACKING 8
3.1 What exactly is Digital Hacking? What do hackers actually they do?
3.2 Information Gathering

3.3 System Hacking

3.4 Sniffing

3.5 Types of Malware and how to protect yourself from them

3.6 Internet Etiquette

4. Conclusion 14

6
 5. References 15

CHAPTER 1

INTRODUCTION

1.1 Introduction

This is a project about Cybersecurity and an introduction to Digital Ethical Hacking. It will cover the
topics of personal digital security and legal hacking.
7
1.2 Motivation behind project topic

Generally, people are not worried about their so-called digital footprint. They simply don’t care

about how they use electronic gadgets and IOT devices. The motivation behind this project is to

make people realize how vulnerable they are when they use devices like a smartphone and what

measures they must take to protect themselves from a hacker.

1.3 Aim and Objective(s) of the work

The aim of this project is to teach people about digital safety and how they can protect themselves
from a hacker.
To do this, we will learn basics of Digital Hacking and Internet Etiquette. If we know how a hacker
thinks, we will be able to safeguard ourselves from a potential hack attack.
Our objective is to learn about the following points:
1. What exactly is Digital Hacking? What do hackers actually they do?
2. Information Gathering
3. System Hacking
4. Sniffing
5. Types of Malware and how to Protect Yourself from them
6. Internet Etiquette

8
 CHAPTER 2

LITERATURE SURVEY

INTRODUCTION:

9
Child Rights And You Organization conducted a study on internet usage by adolescents in the Delhi NCR

region in the year 2020.

The study was conducted among school going adolescents in the age group of 13 to 18 years, spread across

urban and rural areas of Delhi-NCR (NCT of Delhi, Noida and Faridabad). Six hundred and thirty adolescents

across eight schools in Delhi - NCR were selected for the study. A structured questionnaire capturing their

Internet Usage habits and relevant characteristics were administered to the adolescents, in conjunction with

an Internet Addiction Test (IAT), which was an adapted version (after securing requisite proprietary

permissions) of the original IAT based on Young’s 20-item scale for Internet addiction (YIAT 20). The

psychometric properties of the IAT are well-documented in the literature. Young’s IAT, developed for

screening and measuring levels of Internet addiction, and has been the most widely used and well-tested for

its psychometric properties.

METHODOLOGY:

The research instrument for quantitative research was:

Structured Questionnaire – This was a research instrument with 20 questions on – Internet

Usage (device, place, number of hours etc.), demographics, socio-economic background of the

Respondents, information and knowledge about Internet rules and guidelines, positive

Experiences on Internet, negative experiences on Internet and their reporting.

Internet Addiction Test – Internet addiction (YIAT 20) was applied to qualify for the prevalence of Internet

addiction. It is a 20-item questionnaire measured on the five-point Likert Scale. After all the questions have

10
been answered, numbers for each response are added to obtain a final score. The higher the score range,

the greater the level of addiction; normal range: 0-30 points; mild: 31-49

points; moderate: 50-79 points and severe: 80-100 points. The psychometric properties of

YIAT 20 questionnaire are well-documented in the literature. Young’s IAT, developed for

screening and measuring levels of Internet addiction, and has been the most widely used and

well-tested for its psychometric properties. The items of the IAT, each rated from 1 (rarely) to

5 (always), include compulsive behaviour related to use of the Internet, the occupational or

academic difficulties, lack of competence at home, problems in interpersonal relations, and

emotional problems. The rationale for basing the Internet Addiction Test was that Young’s

diagnostic questionnaire for the study was that it is the first global psychometric measure

and hence has been extensively and frequently used across many studies globally, is self-completed,

has been validated on adult and adolescent populations, and has good internal

consistency reliability as well as concurrent validity.

In Indian context, IAT was used in earlier studies with young population and

adolescents aged 18-24 years and 16 years (Sachin R Gedam et al., 2017; Sharmitha

Krishnamurthy, Satish Kumar Chetlapalli, 2015)

11
 CHAPTER 3

ETHICAL HACKING

WHAT EXACTLY IS DIGITAL HACKING? WHAT DO HACKERS ACTUALLY

DO?

Hacking is the technique of finding the weak links or loopholes in the computer systems or the networks and

exploiting it to gain unauthorized access to data or to change the features of the target computer systems or

the networks. Hacking describes the modification in the computer hardware, software or the networks to

accomplish certain goals which are not aligned with the user goals. In contrast, it is also called breaking into

someone's security and stealing their personal or secret data such as phone numbers, credit card details,

addresses, online banking passwords etc.

Ethical hackers are usually security professionals or network penetration testers who use their hacking skills

and toolsets for defensive and protective purposes. Ethical hackers who are security professionals test their

network and systems security for vulnerabilities using the same tools that a hacker might use to compromise

the network. Any computer professional can learn the skills of ethical hacking.

12
13
 INFORMATION GATHERING

Information gathering is the first step in ethical hacking, where relevant information about the target is

gathered passively. The information the hacker is looking for during the footprinting phase is gives clues to

the network architecture, server, and application types where valuable information is stored. Some of the

pieces of information to be gathered about a target during footprinting are domain name, network blocks-,

network services and applications- system architecture, Intrusion detection system etc. This module covers

various techniques and tools used to gather information.

A hacker may find information about a person or an organization they want to attack freely on the internet.

Websites like zabasearch.com, pipl.com, anywho.com, peoplesearch.com contains information like names,
14
phone numbers, addresses, date of birth, social media details etc. of people. In combination, these sites

allow attackers to locate key individuals, identify their home phone numbers, and even create maps to their

houses. Attackers can even see the surroundings of the company or the home they are targeting with great

quality satellite pictures. Even a simple Google search can reveal a lot of information about an individual.

15
 SYSTEM HACKING

Many hacking attempts start with cracking the password of the target system. Passwords are the key to

access a system, and most often users select passwords that are easy to guess. Many reuse passwords or

choose one that's that is easy to remember, such as their name, date of birth, pet's mane. This typical

human nature makes it very easy for hackers to guess the password if they have a little information about

the target. Information gathering and reconnaissance can give away information that may help a hacker

guess a user's password. Once a password is guessed or cracked, it can be the launching point for escalating

privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then

passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.

Every hacker has certain goals before attack, without objective the attempt would be in vain. The goal could

be anything and it may vary from attacker to attacker. Some of the reasons for hacking and their stages have

been explained below:

HACKING STAGE GOAL TECHNIQUE

Gaining Access To collect enough information to Password, eavesdropping, brute

gain access. forcing.

Escalating Privileges To create a privileged user account Password cracking, known exploits.

if the user level is obtained.

Client-side Executions To create and maintain backdoor Trojans.

access.

16
Hiding Files To hide malicious files. Rootkits.

Covering Tactics To hide the presence of Cleaning event logs.

compromise.

17
 SNIFFING

Sniffers operate at the data link layer of the OSI Sm model. This means that they do not have to play by the

same rules as applications and services that reside further up the stack. Sniffers can grab whatever they see

on the wire and record it for later review. They allow the user to see all the data contained in the packet,

even information that you may not want others to see.

A sniffer is a program or device that monitors data traveling over a network. Sniffer can be used for

legitimate activities, such as network management, or for illegitimate activities, like stealing information

found on a network. A variety of different types of sniffers are available, including commercial and open-

source variations. Some of the simplest types use a command-line interface to dump captured data onto the

screen while more sophisticated types use a graphical user interface (GUI), and can graph traffic statistics,

track multiple sessions, and offer different configuration options Network utilization and monitoring

programs often use sniffers to gather data for metrics and analysis. Generally, sniffers do not intercept or

alter captured data. The objective of sniffing is to steal the following:

• Passwords (from e-mail, the Web, SMB, FTP, SQL, or Telnet)

 E-mail text

• Files in transfer (e-mail files, FTP files, or SMB)

18
Sniffing involves capturing, decoding, Inspecting and interpreting the information inside a network packet on

a network. It contains fields such as source and destination IP address ports, sequence numbers and the

protocol types. Packet sniffing is a method of tapping each packet as it flows across the network i.e. it is a

technique in which a user capture data belonging to other users of the network. Packet sniffer is a program

or device that monitors data travelling over a network. Packet sniffers can be used for malicious purposes.

Attackers use sniffers to capture data packets containing sensitive information. Attackers may gain

information by reading unencrypted data packets.

19
 TYPES OF MALWARE AND HOW TO PROTECT YOURSELF FROM THEM

Viruses and worms belong to a higher category of malicious code or malware. They are programs that can

cause a wide range of damage, from displaying messages to making programs work erratically, and may

even destroy data or hard drives. A virus normally needs a host program or file to infect. Viruses require

some type of human interaction. A worm can travel from system to system without human interaction.

Worms have the capability of replication, so when a worm is executed more number of programs and

systems are infected. For example, a worm may email itself to everyone in your address book and then

repeat this process again and again from each user it infects. That massive amount of traffic can lead to a

denial of service very quickly. Closely related to viruses and worms is spyware. Spyware is considered

another type of malicious software. In many ways, spyware is similar to a Trojan, where most users don't

know that the program has been installed, as it hides itself in an obscure location. Spyware steals

information from the user and also consumes the bandwidth. To go a further, it can also redirect your web

traffic and flood you with annoying pop ups. Spyware is considered as another type of virus by many users.

Preventing Viruses

Because prevention is better than a cure, everything should be checked before being used. Many sites will a

MD5Sum with their programs to give users an easy way to tell that no changes have been made. Email

attachments should also always be checked. In a high-security, controlled environment, a sheep dip system

can even be used. This term originated from the practice of dipping sheep to make sure that they are clean

and free of pests. A sheep dip computer can be used to screen suspect programs and connects to a network

20
only under controlled conditions. It can be used to further examine suspected files, incoming messages, and

attachments. Overall, the best way to prevent viruses is by following an easy five-point plan:

1. Install antivirus software.

2. Keep the virus definitions up-to-date. Dated antivirus is no better than no protection at all.

3. Use common sense when dealing with attachments. Do not open an attachment if you

don't know the sender; have not requested for it or it looks suspicious.

4. Keep the system patched. Many viruses exploit vulnerabilities that have previously been found and

are well known.

5. Be wary of attachments as even today it remains one of the primary means of spreading

advanced persistent threats (APTS) and other malware such as viruses and worms.

Although virus prevention is good practice, there is still the possibility that your system might get infected

with a virus. In general, the only way to protect your data from viruses is to maintain current copies of your

data. Make sure that you perform regular system backups. A variety of tools are available to help with this

task. The three types of backup methods possible are full, incremental, and differential.

21
 INTERNET ETIQUETTE

Be Nice: The first rule of internet etiquette is to be kind and courteous. Remember that

whatever you send from your keyboard or your phone is still an extension of you, even

though you're not with others in person. It's just as important to show good manners

online as it always has been.

Keep Messages and Posts Brief: Most people use the internet to save time, so honor that

and keep all messages as brief as possible. If you have more to say, try breaking it up

into smaller topics. This will force you to be more organized and enable the reader to

digest the information in a more orderly manner.

Don’t Shout: Avoid using all caps in any email or post. Some people think that keeping

the caps lock button on for the entire message will make it easier to read, while it

actually does the opposite. It is not only difficult to read, it comes across as shouting,

which is rude.

22
Use Discretion: Whether you are sending email, instant messaging, commenting on

Facebook, adding images to Snapchat, or posting a message to your blog, you need to

remember that anything you put on the internet can be there forever. Even if you

remove the material, someone may have made a screen shot, copied, or saved it. One

rule of thumb many people use is to never post anything you wouldn’t want your

parents or boss to see.

Protect Personal Information: Since anything you post on the Internet is out there for

all to see, avoid adding anything personal. This includes your address, phone number,

social security number, and driver’s license information. You don’t want to make things

easy for identity thieves, burglars, and predators.

Before You Click “Send”: It is always a good idea to reread anything you type before

clicking the “send” button. If you have time, step away for a few minutes and come back

to it with fresh eyes. For those times when you need to post quickly, at least check your

spelling, grammar, and tone of the message. If it is late at night, and you are extremely

tired, it’s probably best to wait until the next morning. You can save most messages and

posts in draft mode.

23
 CONCLUSION

The whole world is moving towards the enhancement of technology, and more and more

Digitisation of the real world processes, with this the risk of security increases. This paper described the

working of malicious hackers or crackers on one hand who tries to illegally break into the security and on the

other hand white hat hackers or ethical hackers, who tries to maintain the security. As in the computer

system, hacking plays a vital role as it deals with both sides of being good or bad. Further, this project tells

about the types, working, and various attacks performed by the hackers. In conclusion, it must be said that

Ethical Hacking is a tool which when properly utilised can help in better understanding of the computer

systems and improving the security techniques as well.

24
25
 REFERENCES

[1] Mahara P. (2020) Online Safety And Internet Addiction, Child Rights And You Organization, page no 18-

20.

[2] Skills Factory, Certificate In Digital Ethical Hacking, Skills Factory Learning Pvt. Ltd., Module 1-5.

26
[3] Debby Mayne (2020), Proper Internet Etiquette, https://www.thespruce.com/proper-internet-etiquette-

1216946

27