Professional Documents
Culture Documents
ON
ETHICAL HACKING
SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR
THE AWARD
OF THE DEGREE OF
BACHELOR OF ENGINEERING
JUNE-JULY,2022
SUBMITTED BY:
SATNAM SINGH
19BCS1583
i
Certificate by Internshala Trainings
ii
CHANDIGARH UNIVERSITY,GHARUAN,MOHALI
CANDIDATE'S DECLARATION
I Satnam Singh hereby declare that I have undertaken Summer Training and developed
project titled Ethical Hacking during a period from Jun'22 to July'22 in partial fulfillment of
work.
iii
Table of Contents
iv
3.4 Selecting tools..............................................................................................................33
3.5 Characteristics in tools for ethical hacking..............................................................34
3.6 Evaluating results.......................................................................................................34
3.7 Controversy.................................................................................................................35
CHAPTER 4 CONCLUSION AND FUTURE SCOPE.....................................................37
4.1 Conclusion...................................................................................................................37
4.2 Future Scope...............................................................................................................37
Reports................................................................................................................................38
Online Sources....................................................................................................................39
References...........................................................................................................................40
v
List of Figures
Figures Page No.
vi
List of Tables
Tables Page No.
Table 1 Examples of hacking events over the decades since hackers have attacked computer
systems......................................................................................................................................8
vii
Abstract
One of the fastest growing areas in network security, and certainly an area that generates
much discussion is that of ethical hacking. In today's context where the communication
techniques have brought the world together; have also brought into being anxiety for the
system owners all over the globe. The main reason behind this insecurity is Hacking- more
specifically cracking the computer systems. Thus the need of protecting the systems from the
nuisance of hacking generated by the hackers is to promote the persons who will punch back
the illegal attacks on our computer systems, The Ethical Hackers. The main purpose of this
study is to reveal the brief idea of the ethical hacking and its affairs with the corporate
security. This paper encloses the epigrammatic disclosure about the Hacking and as well the
detailed role of the ethical hacking as the countermeasure to cracking in accordance with the
corporate security as well as the individual refuge. This paper tries to develop the centralized
idea of the ethical hacking and all its aspects as a whole.
viii
Acknowledgments
This is the third book in a series exploring Internet issues. The first was called Adult-to-Adult
Cyberbullying: An Exploration of a Dark Side of the Internet, published in 2015, while the
second was called Trolls and Trolling: An Exploration of Those That Live Under The
internet Bridge, published in 2017. Hackers are a major concern as we move towards more
use of information technology and artificial intelligence. Although alarming, understanding
hackers and how to prevent hacking is valuable. This book raises awareness of this issue.
Like the first two books, it is a mixture of practical and academic material. While not totally
conclusive and recognising not all material can be covered in this type of book, it still
functions as a reference guide. I would like to thank: Again, like the first two books, Dr
Thomas Apperley of Deakin University Melbourne for advice on book layout. Professor Tara
Brabazon, Dean of Graduate Research and Professor of Cultural Studies at Flinders
University, Adelaide for incredible encouragement especially confirming that any form of
research and writing offered up for public scrutiny is still worth doing.
Thank you.
Cybersecurity and hacking is important. In exploring those that are lurking behind the screen,
I want to again thank the vast numbers of people from the first hacker to current hackers, and
to those who have written and published about them.
ix
About the Course
Learn Internshala Trainings' Ethical Hacking Course to hack and secure websites like an
expert. Learning how to hack can help you implement the strongest possible security
practices. It's as much about finding and fixing security vulnerabilities as it is about
anticipating them. Learning about the methods hackers use to infiltrate systems will help you
resolve issues before they become dangerous
Course Highlights
1. Free Placement Prep Training: Learn how to build your resume, make great
applications, and ace your interviews.
2. Curated internships & jobs: Get internships and fresher jobs as per your preference in your
inbox.
1. Because it's fun: Searching for vulnerabilities, detecting them, and suggesting fixes. You
get to be the modern day Sherlock Holmes!
2. Be in demand: With the entire world and its data coming online, the demand
for cybersecurity experts is skyrocketing.
x
3. Lucrative salary: The average salary of a Cybersecurity Analyst is 6.8 LPA+ according to
Indeed.
2. Test yourself: Test your knowledge through quizzes & module tests at regular intervals
3. Hands-on practice: Work on assignments and projects. Use our in-browser IDE for coding
practice
4. 1:1 doubt solving: Get your doubts solved by experts through Q&A forum within 24 hours
5. Take final exam: Complete your training by taking the final exam
6. Get certified: Get certified in Web Development upon successful completion of training
xi
CHAPTER 1 INTRODUCTION
1
1.2 Definitions of Hackers, Hacking and Cybercrime
The terms ‘hacker’, ‘hacking’ and ‘cybercrime’ strike fear into people based on past
perceptions and knowledge, combined with the panic of media reporting, that such people are
out to cause harm. In this book these will be defined to create an understanding of whom they
are, what they are and what they do. These are general definitions based on a collective and
common understanding of them.
Hackers
Hackers are people who share an appreciation of technology, how it can be turned into new
and unexpected uses, and have a low-level familiarity with the operation of it, being capable
of devising technically elegant software solutions.
Cybercrime
Cybercrimes are defined as those which directed at computers or other devices. Where
computers or other devices are integral to the offence (for example, online fraud, identity
theft and the distribution of child exploitation material) (Australian Cybercrime Online
Reporting Network (ACORN), n.d.a). Cybercrime is used as an umbrella term to refer to an
array of criminal activity including offences against computer data and systems, computer-
related offences, content offences, and copyright offences (Australian Institute of
Criminology, 2011). Hacking can be a form of cybercrime, although examples of what are
called cybercrimes are broad such as:
2
1. Computer Viruses
A computer virus is defined as: A program that can replicated itself and infect a computer,
spread from one computer to another (in some form of executable code) when its host is
taken to the target computer; for instance because a user sent it over a network or the
internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB
drive.
2. Spyware
This is software designed to covertly collect information from a computer system without the
permission or knowledge of the computer user (Inter hack Corporation, 2018). When it is
installed it will transmit information through the Internet connections and networks. Common
types of spyware include:
3
Keylogging Software
Form Fillers
Track ware
Cookies
Rootkits - This is a computer program designed to provide continued privileged
access to a computer while actively hiding its presence
Web Beacons - a transparent graphic image placed on a website that monitors the
computer user’s behavior
3. Worms
A worm is a small piece of software that uses computer networks and security holes to
replicate itself (Brain, n.d.). A copy of the worm scans the network for another machine that
has a specific security hole. It copies itself to the new machine using the security hole, and
then starts replicating from there, as well.
4. Trojan Horses
A Trojan Horse program has the appearance of having a useful and desired function. Secretly,
the program will perform other undesired functions. These may cause data destruction or
compromise a system by providing a means for another computer to gain access, thus
bypassing normal access controls, such as Firewalls. Trojan horse attacks are one of the most
serious threats to computer security as they can be spread in the guise of literally anything,
which makes it difficult to notice them (Khan, 2012, p. 9).
5. Ransomware
There is also a dilemma for companies who have to pay the hackers because they may pay
the ransom without consulting law officials so the company’s reputation remains intact
4
Figure 1 2 Ransomware attack screen message demanding payment
A Denial of Service attack stops people from using someone’s website and is a common
hacking strategy. This denies the user the opportunity to use the web site that can cause the
owner to lose business. A technical explanation is offered by Schuba, Krsul, Kuhn, Spafford,
Sundaram and Zamboni (1996) as to how the DOS attack works: It works by an attacker
sending many TCP (Transmission Control Protocol)connection requests with spoofed source
addresses to a victim's machine. Each single request causes the targeted host to instantiate
data structures out of a limited pool of resources. Once the target host's resources are
exhausted, no more incoming TCP connections can be established, thus denying further
legitimate access.
5
7. Structured Query Language (SQL) Injections
Our personal details are now contained in countless databases across the world, filled with
information hackers would like to obtain. When obtaining information from a database,
programmers use a programming language to manage data in a relational database system
called Structured Query Language. It operates across many database management systems,
especially on commonly used databases such as Oracle and Microsoft SQL Server Access. As
databases contain much sensitive data, particularly financial, health and police record
disorganizations struggle to keep SQL Injections from happening. There are legal
consequences as people have taking out class actions against organizations that did not take
steps to protect client or patient data from these attacks.
SELECT name FROM bank WHERE userid=’prerna’ AND pswrd=’’; drop table Loans
This means select client name from the bank where the user id and password returns loan
amount the customer owes.
SELECT name FROM bank WHERE userid=’prerna’ AND pswrd=’ ’; dr op table Loans
AND pin=’123’
This statement can be inserted in SQL based databases, be executed and result in data loss or
the passing on of information to hackers. Considering the millions of databases that exist, the
potential for hackers to externally or internally write statements that can destroy data or
collect information attests to the depth of the problem of SQL Injections.
These attacks demonstrate the potential of disruption to organizations and peoples’ lives, but
also display the difficulties of putting into place strategies to manage them. Other attacks not
in this table were significant in alerting the public to hackers and especially viruses.
Additionally, Hollywood movies such as ‘Sneakers’, ‘The Net’, ‘Blackhat’ but especially the
1983 film ‘War Games’, have changed perceptions of hackers and showed the public it was
a serious social problem
6
Figure 1 4 Christmas Tree virus/work 1987
Table1:
Examples of hacking events over the decades since hackers have attacked computer systems
1940 Rene Carmille was a double agent in World War Two and convinced the
Nazi’s to be in charge of a punched card system that was set up to find out
Jewish French citizens, but hacked the system so the Nazi’s could not easily,
or at all, find Jewish citizens.
1976 Famous hacker Kevin Mitnick gained access through a phone number for a
system called the Ark, run by Digital Equipment Corporation, copying
their software.
1986 The 414 computer hacker group hacked into several computer systems in the
United States, of which the hackers were aged 15 to 22 years old.
1988 Release of the Morris Worm created by Robert Morris interrupted and slowed
down computer systems.
7
1994 A Russian hacker in St Petersburg hacks into a major United States bank and
steals money.
2000 Russian Natural Gas Company Gazprom had a Trojan Horse try to gain
access to control the gas pipeline system
2013/15 Hacking of power plant designs and system passwords on power plants in the
United States and Canada.
2016 Hacker steals patient data and offers for sale on the dark web or dark net
2017 Cloudflare, a cloud storage provider, did not respond to a cloud leakage from
a bug which resulted in data being able to be obtained from accounts.
2017 Ride sharing company Uber pays ransomware hackers when up to 57 million
customer names, account details, email and phone numbers were hacked.
8
entertainment industries portraying hackers as mostly criminals with negative childhoods,
being loners and have vengeful, vindictive personalities. The majority of research focuses on
males as hackers, but females and other genders have also become major hacker figures.
There is a body of sociological and psychological research asking why people become
computer hackers, either for amusement or for criminal purposes. A number of reasons will
be listed and discussed in this section. Four metrics are suggested by Atkinson (2015, p. 5)
that suggests an overall technical and psychological skill set hackers acquire that motivates
them to hack:
Persistence – taking time and effort to understand a system and compromise it using
attention to detail and resources to do so, including taking time to gather information
to do so.
Skill – the technical skills that the hacker possesses developed over time, such as
programming, network hacking skills and systems administration.
Greed – The amount or need to acquire information or compromise numerous systems
define the greed that a hacker possesses in order to get the most out of their ill-gotten
gains.
Stealth – The ability to manipulate and exfiltrate data without being detected,
compromise a system and alter system logs without raising alarms which makes for
causing much destruction. This is a key skill in doing the act of hacking.
Table 2
Fötinger & Ziegler (2004) Feeling inferior leading to hacking providing a feeling of
power
9
Sharma (2007) Desire for fame and money outweigh fear of criminal
consequences
Chiesa, Ducci & Ciappi Intellectual curiosity, making the personal computer safer,
(2009) conflict with authority, boredom, seeking fame, anger,
political reasons, escaping from responsibilities
Ledingham & Mills (2015) Regarding self as a hero (especially extremist hacker
groups)
1. Keylogging Software
A keylogger is a hardware device or a software program that records the real time activity of
a computer user including the keyboard keys they press (Mitchell, 2017). This is a concern
because passwords and banking details are entered as keystrokes and can be detected and
recorded. They can also be remotely used on computer networks. Although they can be
removed by anti-virus and anti-hacker detection programs, they can be effectively hidden on
computer systems. Money stealing has occurred because of this. As Mitchell (2017) further
explains these can:
1
capture copies of sent emails
automatically send the reports containing stored logs and emails to a remote location
(by email, FTP or HTTP)
A remote administration tool (RAT) is a programmed tool that allows a remote device to
control a system as if they have physical access to that system. While desktop sharing and
remote administration have many legal uses, RAT software is usually associated with
unauthorized or malicious activity (Ethical Hacking Tutorials.com, 2017). Examples include:
ScreenConnect, AnyDesk, GoToMyPC, TeamViewer and Chrome (Google) Remote
Desktop. Many people have been victims of hackers that have scammed them through
convincing the person, usually someone who has a home computer, that their software
contains many viruses. By complying and agreeing to let the hacker access the computer
remotely, it is possible to scam the person of money as the confused person gives the hacker
their credit card number. The RAT is able to access the home computer and find out file
names and personal details from visited web sites such as online banking
1
Punishments for hacking and cybercrimes vary worldwide, but legislation exists in many
countries which show the legal consequences of hacking. In this section the Australian laws
on hacking and punishments under those laws will be discussed. Five short examples of the
crime and punishment will also be discussed. The Australian Act that covers cybercrimes is
the Cybercrime Act 200119 which was tabled in October 2001 and came into law in April
2002. A serious of definitions of data and electronic communication are useful as they frame
what are subject to criminal tampering. It covers the nature of computer-based offences and
the punishments the law courts have in making decisions to place monetary, community
service or incarceration sentences on the offender. Although it is a lengthy document, for this
book two areas will be taken from the legislation to show the seriousness of hacking crimes.
They are: the crimes themselves and the intention to commit crimes that are proven that the
person intended to hack. The Act does raise concerns about the powers legal and policing
authorities have to access computer systems. In another section the key logging and other
invasive software was mentioned. Sometimes this software is used for legitimate reasons and
not hacking, hence why the organization Electronic Frontiers Australia (2001) expressed
concerns about the Act before it was passed. They also had other concerns about how much
power police and others would have to access individual and organizational computer system.
Boulton (2004), of the organization GIAC Certifications in Australia, also argued the
investigation powers were invasive. However, the Act is in force as at today and despite
concerns has not been challenged by the public.
There have been many cases of hacking activities brought before the courts for judgement,
sentencing and monetary compensation punishments. Six of these cases are presented here
that show the crime and the punishment20. Some occurred before the implementation of the
Act. These all took place in Australia and illustrate that over time Australian courts have
taken hacking activity seriously:
1. Skeeve Stevens:
Activity: In 1995 he broke into the computer system of Internet Service Provider AUSNet
causing actual and potential commercial harm, by stealing and publishing the credit card
numbers of 1200AUSNet subscribers that was considered at that time a major and serious
violation of privacy (AustLii, 1998).
2. Vitek Boden:
Activity: Hacked into a Maroochy Shire Council in Queensland waste management system
causing raw sewerage to spill into marine life habitats, rivers and a luxury resort.
3. David McIntosh
1
Activity: Hacked into a Northern Territory government network causing computers to crash
including deleting public service user accounts, including the Royal Darwin Hospital.
CERN, the European Organization for Nuclear Research, is one of the world's largest and
most respected centers for scientific research. Its business is fundamental physics, finding out
what the Universe is made of and how it works. At CERN, the world's largest and most
complex scientific instruments are used to study the basic constituents of matter -the
fundamental particles.
What Happened
A group of hackers identifying themselves as the 2600 succeeded in hacking into a computer
network of the Large Hadron Collider at CERN. The hacker team 2600 also identified
themselves as the "Greek Security Team" and was competing against a rival hacker group to
successfully tap the computer system of history's largest physics experiment.
Impact
1
There are four main terms used to describe hackers and hacking used by society, the law and
researchers use to differentiate between positive and negative hacking. These terms are: black
hacker, white hacker, grey hacker, ethical hacker, as well as the practice of Hacktivism. They
are known by the term ‘hat’ and are discussed first. Table 3 lists and explains several terms.
Kirwan and Power’s (2011) work is again drawn upon for the table, with other sources
included.
Black Hats:
The common characteristic of black hat hackers is that they are usually malicious. They are
hacking computer systems for personal and selfish gain. Best (2003) makes a claim that the
black hats are ‘new school’ hackers motivated by greed, political ideas or other negative
motivations such as desire for becoming notorious. This does seem at odds though with the
motivations of many hackers who are white or grey that actually fight with black hackers
trying to stop the black hats from destroying computer systems. However, the black hat has
become the cultural term accepted for those who are hacking for purposes that are criminal.
White Hats:
The white hat hacker is also called an ‘ethical’ hacker because they use their hacking
knowledge for motivation to help individuals and companies be protected from black hat
hackers. Often they are hired by corporations performing computer system activities such as
penetration testing, test in-place security systems and perform vulnerability assessments for
companies, often paid large salaries to do so (Symantec, 2017). They are not criminals and
are said to be working within the law of where they are operating from. Crawley (2016) from
a network security and company position, such hackers possess qualities, such as not backing
down from hacking challenges, which makes them valuable to the data protection process
and makes the risk of hiring them a wise corporate strategy.
Grey Hats:
The term for this type of hacker arose in 1999 in The New York Times to describe those who
hack, fitting in between the black and white hacker spectrum (Kirsch, 2014). This intersection
of hackers is called grey because they can undertake illegal activities, but also have prevented
black hat hackers from carrying out hacks. An effective description is given by Aggarwal,
Arora, Neha and Poonam (2014): A Grey Hat in the computer security community, refers to a
killed hacker who sometimes acts legally, sometimes in good will, and sometimes not. They
are a hybrid between white and black hat hackers. They usually do not hack for personal gain
or have malicious intentions, but may or may not occasionally commit crimes during the
course of their technological exploits It is reported that grey hats exploit computer system
vulnerabilities but do little to no damage other than access (Hald & Pedersen, 2012), although
the same authors suggest grey hacker, United States Private Bradley Manning who
downloaded 700,000 classified documents from the United States military and passed them to
WikiLeaks18, is an example of a grey hat hacker being labelled by the media as a criminal.
1
Hacktivism:
This has become a popular term widely used in the media, often associated with WikiLeaks
and hacker group Anonymous that has become a hacking practice as a form of protest against
powerful agents, such as governments. A definition found of the term is by Sorell, (2015, p.
391):
Hacktivism is a form of political activism in which computer hacking skills are heavily
employed against powerful commercial institutions and governments, among other targets. It
has various negative connotations and can be mischievous. Yet it can be positive because it
fights for the rights of individuals. Anonymous, for example, received praise for its hacking
of the conservative American Westboro Baptist Church, governments and political leaders.
While demonized by the media, Anonymous has received much support for their actions.
Table 3 lists and defines a selection of hacker and hacking terms, although it should be stated
that new terms to describe hackers and their activities will arise in the future. Again, Kirwan
and Power (2011) are mainly drawn on due to their expertise in naming types of hackers. Any
others sources are listed in the table.
Table 3
Term Definition/Characteristics
Advanced Persistent Threat This group is responsible for highly targeted attacks
(APT) Agents carried out by extremely organized state-sponsored groups.
Their technical skills are deep and they have access to vast
computing resources. It refers to a group, such as a
government, with both the capability and the intent to
persistently and effectively target a specific entity
Casual Hacker Less active hackers, may not hack much but keeps up-to-
date with what other hackers are doing (Zhang, Tsang,
Yue, & Chau, 2015)
Coders Hackers with high level skills who hack in white or black
ways
1
Cyberterrorist Carries out acts of terrorism by hacking computer systems
Ethical Hacker Another name associated with the White Hat Hacker
Information Warriors Another name for hackers who commit acts of industrial
espionage (Hald & Pedersen, 2012)
Learning Hackers These hackers may not always maliciously hack, but rather
are constantly for their own reasons learning how to hack
and will share knowledge with others in Internet forums
and social media
Novice Hacker These hackers are still learning but tend not to share their
knowledge with others
Quiet, Paranoid and Skilled A hacker who is paranoid and covers their tracks with
Hacker incredible skill
Script Kiddies Use others’ hacking tools to hack and then boast to others
especially on social media and virtual forums, often treated
with contempt by established hackers like newbies are.
However, these hackers have gotten angry against those
that make fun of them and if they take revenge they can be
labelled Blue Hats (GrayHat4Life, 2015)
1
organisation they are hacking, phishing through email is
part of this engineering
The ‘37337 K-rAd iRC #hack Kirwan & Power (2011, p. 57) state these are ‘Characters
0-day exploitz guy who would do anything to become “famous”...they are
willing to use “brutal methods” to get where they want to
be’ and they have access to hacking weapons to cause
destruction of systems
This sample of hacker types demonstrates not just the wide range of definitions and labels,
but also the activities they do.
1
CHAPTER 2 TRAINING WORK UNDERTAKEN
1
2.2 Hacking Methodologies and Security Auditing
Phase 1 — Reconnaissance
This is a set of techniques like foot-printing, scanning, and enumeration along with processes
used to discover and find information about the target system. An ethical hacker during
reconnaissance attempts to gather as much information about a target system as possible.
1. Information Gathering — The idea over here is to collect as much information as possible
about the target which is interesting, new and of utmost importance. And to achieve this
many tools are available which are used by hackers so as to stop any real planned attacks.
2. Determining the network range — After finding out the target IP address, it is time to
determine the network range. It is important to determine the maximum number of
networks that will give a clear plan and matrix of hacking.
3. Identifying the active machine — We need to find the active machines that are on the
target network range. It is a simple way by performing a ping on the target network. In
order to avoid it being caught by the host or rejected, we need to follow a proper suit so as
to complete the process successfully.
4. Finding open ports and access points — After determining the network range and active
machine, an ethical hacker proceeds with the port scanning process to retrieve the open
TCP and UDP access port points.
5. OS fingerprinting — It is the process of learning whether the operating system is running
on the target device. So, OS Fingerprinting is the process in which we compute and
determine the identity of a remote host’s operating system.
6. Fingerprinting Services — This is accomplished by sending specially crafted packets to a
target machine and then noting down their response. It is analysed by gathering the
information to determine the target OS.
7. Mapping the Network — It is the study of the physical connectivity of networks. In-
network mapping, an ethical hacker discovers the devices on the network and their
connectivity which is not to be confused with the network discovery or network
enumerating that leads to discovery of their characteristics.
Phase 2 — Scanning
Scanning is a set of steps and methods that are for identifying live hosts, ports, services and
discovering operating systems and architecture of the target system. Identifying
vulnerabilities, threats in the network by scanning which is used to create a profile of the
target organization.
1
3. Operating System
4. System Architecture
5. Services running on each System
1. System Hacking
2. Acquire Passwords
3. Password Cracking Techniques
4. Generate Rainbow Tables
Password Cracking
Non-Electronic Attack Attacker need not to possess technical knowledge to crack password.
Active Online Attack Attacker performs password cracking by directly communicating with
the victim machine. Passive Online Attack Attacker performs password cracking without
communicating with the victim machine. Offline Attack Attacker copies target’s password
file and then tries to crack password in his own machine at different location.
Sometimes, it’s not always obvious that you are contributing to your digital footprint. For
example, websites can track your activity by installing cookies on your device, and apps can
collate your data without you knowing it. Once you allow an organization to access your
information, they could sell or share your data with third parties. Worse still, your personal
information could be compromised as part of a data breach.
You often hear the terms ‘active’ and ‘passive’ in relation to digital footprints:
Active Footprint
An active digital footprint is where the user has deliberately shared information about
themselves – for example, through posting or participating on social networking sites or
online forums. If a user is logged into a website through a registered username or profile, any
posts they make form part of their active digital footprint. Other activities that contribute to
2
active digital footprints include completing an online form – such as subscribing to a
newsletter – or agreeing to accept cookies on your browser.
Passive Footprint
A passive digital footprint is created when information is collected about the user without
them being aware that this is happening. For example, this occurs when websites collect
information about how many times users visit, where they come from, and their IP address.
This is a hidden process, which users may not realize is taking place. Other examples of
passive footprints include social networking sites and advertisers using your likes, shares, and
comments to profile you and target you with specific content.
After working with hundreds of clients, we have come to an understanding that the decision-
makers of businesses have many misconceptions about web application security. In this
article, we debunk these myths to ensure that the decision-makers can make the right
decisions when it comes to the technical security of their organization.
So often, we have seen that many startups, and small and medium-scale businesses believe
that they do not need sophisticated security measures as they are not a big organization. On
the contrary, the statistics given here clearly show that around 43% of the cyber attacks are
aimed at smaller organizations intentionally. Also, small businesses have ended up becoming
a victim in 70% of data breach incidents.
2. A firewall is enough.
Absolute security is not possible. No business can state that they are absolutely secure, and
no attacker can hack their applications or infiltrate their network. As the security systems are
getting sophisticated, so are the attackers and their attack techniques. Without a doubt, a web
application firewall, or WAF, is efficient in providing a significant level of protection from
the attackers from common attacks such as SQL injection, XSS, etc. However, they cannot
guarantee that your website is not going to be hacked.
2
3. Penetration testing is sufficient.
When a business conducts a penetration test, many weaknesses in its applications and
networks are found which could be exploited by the attackers. These vulnerabilities are then
addressed to ensure that the risk is minimized. However, you shall never underestimate the
attackers as they might already be one step ahead of you. Penetration tests shall be conducted
regularly, and the organization’s security program must be kept in check so that security is a
continuous process.
2
2.4 Introduction to PHP and Setting up XAMPP
PHP is the most popular and widely-used server-side scripting language for web
development. However, it requires a webserver to run even a locally developed webpage.
There are various web server software for setting up our local webserver. Amongst them,
PHP XAMPP and WampServer are the most popular. While WampServer is only available
for the Windows platform, XAMPP is a cross-platform application that can run on Windows,
Linux, and macOS. Hence, in this tutorial, you will learn PHP using XAMPP.
What is XAMPP?
XAMPP is an open-source web server solution package. It is mainly used for web application
testing on a local host webserver.
X = Cross-platform
A = Apache Server
M = MariaDB
P = PHP
P = Perl
2
2.5 Introduction to VAPT and OWASP
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or
ranking) the vulnerabilities in a target. Assessments are typically performed according to the
following steps:
Penetration testing is the practice of testing a computer system, network or web application to
find security vulnerabilities that an attacker could exploit. Penetration testing can be
automated with software applications or performed manually. Either way, the process
involves gathering information about the target before the test, identifying possible entry
points, attempting to break in.
A penetration test target may be a White box (which provides background and system
information) or Black box (which provides only basic or no information except the company
name). A Grey box penetration test is a combination of the two (where limited knowledge of
the target is shared with the auditor). A penetration test can help determine whether a system
is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test
defeated.
2
REPORTING TOOLS:
VAPT tools are tools that automatically identifies the vulnerability in the system and also
generate report on penetration testing.
Pros
Cons
Compromise with the data security as you will be sharing the access of IP to untrusted
tools without any agreement.
Free application results may not be accurate.
Penetration testing could open the portals which may entertain the hackers, it is
important to close all the portals after testing, where some tools fail to do so.
Some of the tools are expensive to own and sensitive for the starters.
SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page
input.
The Simplest way is to put “‘”(without quotes) at the username or password field. If
the server returns any kind of SQL error in the Response then the website is most
probably vulnerable to SQL Injection attack.
2
Figure 2 4 SQL Injection
Bypassing Authentication:
1. After we confirm that the site is vulnerable to SQL injection, the next step is to type
the appropriate payload(input) in the password field to gain access to the account.
2. Enter the below-mentioned command in the vulnerable field and this will result in a
successful Authentication Bypass.
Since 1=1 is always true, and we combined 1=1 with an OR operator, now we don’t
have to know username or password as whatever be the username, password, our 1=1
will always be true thus giving us access to our account.
‘ or 1=1–+(in the password field) ‘ before OR operator is used to terminating the
single quotes of password(ie- Select id from users where username=’username’ and
password=’password’)
So that after we insert ‘ before OR operator, our SQL command becomes: Select id
from users where username=’username’ and password=’’ or 1=1–+
–+ is used to ignore the rest of the command. Its main use is to ignore the ‘ after the
password and if we won’t use that ,we will get the following error.
2
Client-Side Filter
These filters ensure that the input given by the user is in the correct format. Basically, this
filter validates the input, and then it is forwarded to the server-side. For example: If you don’t
put ‘@’ in your email id, or if u don’t click on terms and conditions if you insert alphabets in
phone no. field, you are prompted to enter valid inputs.
Alright, now that we’ve understood the security systems, let’s see the easiest method to crack
through this kind of security. You must remember from the Burp Suite tutorial, that every
time you want to interact with a web server, the information is sent in the form of an HTTP
request to the server from the browser. And using Burp Suite, we can intercept that request
and make potential changes to it.
Fortunately, these inputs go through HTTP requests as well, so we’re gonna exploit this
property of the input system to bypass client-side validation. So, I turn the Burp Suite on with
my browser. I open the webpage and enter a valid email that looks like an email and passes
through the client-side validation without any issues.
2
2.8 Documenting Stages of Vulnerabilities Using Tools
When creating a vulnerability management program, there are several stages you should
account for. By building these stages into your management process, you help ensure that no
vulnerabilities are overlooked. You also help ensure that discovered vulnerabilities are
addressed appropriately.
1. Identify vulnerabilities
The first stage of the management process requires identifying which vulnerabilities might
affect your systems. Once you know which vulnerabilities or vulnerability types you are
looking for, you can begin identifying which ones exist.
This stage uses threat intelligence information and vulnerability databases to guide your
search. It also often uses vulnerability scanners to identify affected components and create an
inventory for use in patch management.
As part of this phase, you want to create a full map of your system that specifies where assets
are, how those assets can potentially be accessed, and which systems are currently in place
for protection. This map can then be used to guide the analysis of vulnerabilities and ease
remediation.
2. Evaluating vulnerabilities
After you have identified all possible vulnerabilities in your system, you can begin evaluating
the severity of the threats. This evaluation helps you prioritize your security efforts and can
help reduce your risks more quickly.
If you start remediating the most severe vulnerabilities first, you can reduce the chance of an
attack occurring while you’re securing the rest of your system. When evaluating
vulnerabilities, there are several systems you can use to establish the risk of a vulnerability
being exploited.
One system is the Common Vulnerability Scoring System (CVSS). This is a standardized
system used by many vulnerability databases and researchers. CVSS evaluates the level of
vulnerability according to inherent characteristics, temporal traits, and the specific effect of
the vulnerability to your systems. The challenge with CVSS is that once a risk level is
assigned, it is permanent, so it’s important to include other factors from threat intelligence
and your own business risk information, in order to determine prioritization.
2
3. Remediating vulnerabilities
With a prioritized vulnerability management plan in place, you can begin your remediation
efforts. During this phase, you may also want to increase monitoring or reduce access to areas
identified as at-risk. This can help prevent successful exploitation of vulnerabilities until you
can apply patches or permanently increase protections to those areas.
After vulnerabilities are addressed, make sure that you verify successful remediation.
Penetration testing is useful for this, as it can help you gauge the effectiveness of your fix. It
can also help you ensure that new vulnerabilities weren’t created during your remediation
efforts.
4. Reporting vulnerabilities
Reporting vulnerabilities after remediation may seem unnecessary, but it can help you
improve your security and responses in the future. Having a record of vulnerabilities and
when those issues were fixed shows accountability for security and is required for many
compliance standards. It can also be useful when investigating future events. For example, if
you find evidence that an attack has been ongoing, you can look at your patch histories to
narrow down possible routes and times of entry.
Patch management requires staying current on available patches, deciding which patches are
needed for specific software and devices, testing them, making sure they have been properly
installed and documenting the process.
This comprehensive guide explains the entire patch management process and its role in IT
administration and security. The hyperlinks direct you to detailed articles on patch
management best practices, tools and services.
2
Why is patch management important?
Patch management helps keep computers and networks secure, reliable and up to date with
features and functionality that the organization considers important. It is also an essential tool
for ensuring and documenting compliance with security and privacy regulations. Patching can
improve performance and is sometimes used to bring software up to date, so it will work with
the latest hardware.
A centralized patch management server does more than just automate patch management; it
also gives the organization a degree of control over the patch management process. For
example, if a particular patch is determined to be problematic, the organization can configure
its patch management software to prevent the patch from being deployed.
Although many organizations handle patch management on their own, some managed service
providers perform patch management in conjunction with the other network management
services they provide to clients. MSP patch management can minimize the significant
administrative hassles of doing the work in-house.
3
CHAPTER 3 RESULTS AND DISCUSSION
When we know hacker tricks, we can see how vulnerable your systems are. Hacking preys on
weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual
private networks (VPN s) can create a false feeling of safety. These security systems often
focus on high-level vulnerabilities, such as viruses and traffic through a firewall, without
affecting how hackers work. Attacking the own systems to discover vulnerabilities is a step to
making them more secure. This is the only proven method of greatly hardening our systems
from attack. If we don't identify weaknesses, it's a matter of time before the vulnerabilities are
exploited. As hackers expand their knowledge, so should we.
We must think like them to protect our systems from them. We, as the ethical hacker, must
know activities hackers carry out and how to stop their efforts. We should know what to look
for and how to use that information to thwart hackers' efforts. We don't have to protect your
systems from everything. We can't. The only protection against everything is to unplug our
computer systems and lock them away so no one can touch them-not even us. That's not the
best approach to information security.
What's important is to protect our systems from known vulnerabilities and common hacker
attacks. It's impossible to buttress all possible vulnerabilities on all our systems. We can't
plan for all possible attacks—especially the ones that are currently unknown. However, the
more combinations we can try- the more we test whole systems instead of individual units-the
better our chances of discovering vulnerabilities that affect everything as a whole. Ethical
Hacking makes little sense to harden our systems from unlikely attacks.
For instance, if you don't have a lot of foot traffic in your office and no internal Web server
running, you may not have as much to worry about as an Internet hosting provider would
have. However, don't forget about insider threats from malicious employees!
3
several vulnerabilities at the same time can take its toll. For example, a default Windows OS
configuration, a weak SQL Server administrator password, and a server hosted on a wireless
network may not be major security concerns separately. But exploiting all three of these
vulnerabilities at the same time can be a serious issue.
Exploits that involve manipulating people are the greatest vulnerability within any computer
or network infrastructure. Humans are trusting by nature, which can lead to social-
engineering exploits. Social engineering is defined as the exploitation of the trusting nature of
human beings to gain information for malicious purposes. Other common and effective
attacks against information systems are physical. Hackers break into buildings, computer
rooms, or other areas containing critical information or property. Physical attacks can include
dumpster diving (rummaging through trash cans and dumpsters for intellectual property,
passwords, network diagrams, and other information).
2. Network-infrastructure attacks:
Hacker attacks against network infrastructures can be easy. because many networks can be
reached from anywhere in the world via the Internet. Here are some examples of network-
infrastructure attacks:
Connecting into a network through a rogue modem attached to a computer behind a firewall
Flooding a network with too many requests, creating a denial of service (DoS) for legitimate
requests
Installing a network analyzer on a network and capturing every packet that travels across it,
revealing confidential information in clear text
3
unexpectedly if someone claims they never authorized for the tests. The authorization can be
simple. One needs a detailed plan, but that doesn't mean we have to have volumes of testing
procedures. One slip can crash your systems not necessarily what anyone wants. A well-
defined scope includes the following information:
To crack passwords, we need a cracking tool such as LC4, John the Ripper or pwdump. (A
general port scanner, such as Super Scan, may not crack passwords.) For an in-depth analysis
of a Web application, A web-application assessment tool (such as Whisker or Web Inspect) is
more appropriate than a network analyzer (such as Ethereal). Hundreds, if not thousands, of
tools can be used for ethical hacking -from our own words and actions to software-based
vulnerability- assessment programs to hardware-based network analyzers. The following list
runs down some of most favorite commercial, freeware, and open-source security tools.
3
3.5 Characteristics in tools for ethical hacking
Adequate documentation.
Detailed reports on the discovered vulnerabilities, including how they may be
exploited and fixed.
Updates and support when needed. High-level reports that can be presented to
managers or non tachylytes
These features can save our time and effort when we're executing the plan. Ethical hacking
can take persistence. Time and patience are important. We should be careful when we're
performing our ethical hacking tests. A hacker in our network or a seemingly benign
employee looking over our shoulder may watch what's going on. This person could use this
information against us. It's not practical to make sure that no hackers are on our systems
before we start. Just make sure to keep everything as quiet and private as possible. This is
especially critical when transmitting and storing our test results. If possible, encrypt the e-
mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum,
password-protect them. Harness as much information as possible about the organization and
systems, which is what malicious hackers do.
1. Search the Internet for your organization's name, your computer and network
system names, and your IP addresses. I think "Google" is a great place to start for this.
2. Narrow the scope, targeting the specific systems which are being tested. Whether physical-
security structures or Web applications, a casual assessment can turn up much information
about our systems.
3. Further narrow the focus with a more critical eye. Perform actual scans and other detailed
tests on the systems.
When we've finished with our ethical hacking tests, we still need to implement our analysis
and recommendations to make sure that our systems are secure. New security vulnerabilities
continually appear. Information systems constantly change and become more complex. New
hacker exploits and security vulnerabilities are regularly uncovered. Security tests are a
snapshot of the security posture of our systems. At any time, everything can change,
especially after software upgrades, adding computer systems. or applying patches.
3
3.7 Controversy
Certain computer security professionals have objected to the term ethical hacker: "There's no
such thing as an "ethical hacker' - that's like saying 'ethical rapist' - it's a contradiction in
terms." Part of the controversy may arise from the older, less stigmatized, definition of
hacker, which has become synonymous with computer criminal. Some companies on the
other hand do not seem to mind the association. According to EC-Council, there has been an
increase of careers where CEH and other ethical hacking certifications are preferred or
required. Hacking refers to the use of computing skills to penetrate, disrupt, or interfere with
a computer system by non-standard avenues.
Hacking is a fertile debate topic because this skill can be used for many different purposes
both lawful and unlawful; ethical and unethical. Some hackers use their skills for criminal
activities while others may use their skills to create cybersecurity defenses against malicious
actors. Activists may use hacking to undermine dictatorship just as dictators might use
hacking to suppress individual liberties.
This controversial topic is extremely relevant in our tech-driven world, which makes hacking
a popular subject for a persuasive essay. The nearly infinite range of hacking activities, and
the intentions underlying them, make this a controversial topic. There are many competing
views on what should or should not be considered ethical hacking. In its earliest incarnation,
during the 1950s and 1960s, “hacker culture” represented playful subversiveness and
technical virtuosity. For the “hacker culture,” the ability to breach classified data or tinker
with a proprietary operating system was done for the sheer intellectual thrill.
In the decades that followed, hacking persisted as an activity for those with intellectual
curiosity, but also increasingly became associated with ideological and activist pursuits,
especially as they pertained to the ideas of informational freedom, and the development of
open source, non-proprietary systems and applications. Hacking also became a prominent
theme in science-fiction writing as well as in an emergent genre called cyberpunk.
By the mid-1990s, widespread internet use also produced newly widespread vulnerabilities
for private citizens, commercial entities, and national governments. The consequence has
been steady growth in use of the term hacking to describe cybercriminal activities as well as
some of the activities aimed at preventing cybercrime.
The hacking controversy, therefore, largely centers on the different ways that hacking is used
today:
Hackers, in the purest sense of the word, are those who practice hacking for the exhibition of
computing skills, the pursuit of intellectual curiosity, and the spirit of playfulness.
Hacktivists view their hacking activities through the prisms of social justice, activism,
freedom of information, software freedom, and other ideological frameworks.
Black Hat hackers, or cybercriminals, use their skills to commit financial crimes, data and
identity theft, viral attacks, and other malicious computing activities;
3
White Hat hackers are cybersecurity professionals and security hackers who use hacking
skills to identify weaknesses and recommend strategies for improvement in security systems
for financial entities, government agencies, e-commerce merchants, and more.
Malicious state actors may use hacking to suppress civil liberties, violate the privacy of their
citizens, steal secrets from other sovereign states, or engage in cyberwarfare.
3
CHAPTER 4 CONCLUSION AND FUTURE SCOPE
4.1 Conclusion
The idea of testing the security of a system by trying to break into it is not new. From a
practical standpoint the security problem will remain as long as manufacturers remain
committed to current system architectures, produced without a firm requirement for security.
As long as there is support for ad hoc fixes and security packages for these inadequate
designs and as long as the illusory results of penetration teams are accepted as demonstrations
of a computer system security, proper security will not be a reality. Regular auditing. vigilant
intrusion detection, good system administration practice, and computer security awareness
are all essential parts of an organization's security efforts. A single failure in any of these
areas could very well expose an organization to cyber-vandalism. embarrassment, loss of
revenue or mind share, or worse. Any new technology has its benefits and its risks. While
ethical hackers can help clients better understand their security needs, it is up to the clients to
keep their guards in place.
If we were to split hacking into 3 levels, say low, middle and high. Low is requiring the least
amount of technical skill and relies more on social engineering and a few simple things like
hardware key loggers. Middle level comprises a good skill with tools available and
precompiled buffer overflows, etc... High is someone who can think way outside the box and
deepest aspects of TCP/IP and can code accordingly. Our strong feeling is that the middle
level as defined it will be the one that will disappear in the future. Buffer overflows will
become a thing of the past. Technology is growing strongly towards that direction. Exploiting
code will slowly become more and more difficult and tools that focus on that will lose more
and more of their effectiveness. Hackers will either focus on things like social engineering or
gaining physical access. Join a cleaning crew and place a hardware key logger. Come back
the next night and retrieve it and while not very sophisticated it can be very devastating none
the less. The high end will be those that understand the very core of IP6 and will understand
how to manipulate packet flows in ways no one has ever thought about. Obviously if this
scenario is correct, most hackers will focus on the low level and that perhaps is even scarier.
Using a combination of hardware and social skills could prove the most difficult to defend
against.
3
Reports
Allison, S., Schuck, A., & Lersch, K. (2005). Exploring the crime of identity theft: prevalence,
clearance rates, and victim/offender characteristics. Journal of Criminal Justice, 33, 19-29.
Anandrao, S. (2011). Cryptovirology: Virus approach. International Journal of Network Security & Its
Applications (IJNSA), 3(4), 33-46. DOI:10.5121/ijnsa.2011.3404
Bachmann, M. (2010). The risk propensity and rationality of computer hackers. International Journal
of Cyber Criminology, 4(1/2), 643-656. Retrieved from
http://www.cybercrimejournal.com/michaelbacchmaan2010ijcc.pdf
Cohen, F. (1984). Computer viruses: theory and experiments. 7th DOD/NBS Computer Security
Conference, Gaithersburg, Maryland, United States of America, 240-263. Retrieved from
https://csrc.nist.gov/CSRC/media/Publications/conferencepaper/1984/09/24/7th-dod-nbs-computer-
security-conference/documents/1984-7thconference-proceedings.pdf
3
Online Sources
Aleteuk. (2008, January 17). Tom Cruise Scientology video - (Original UNCUT) [Video file].
Retrieved from https://www.youtube.com/watch?v=UFBZ_uAbxS0
The Story of the Anonymous Hacktivists Full Documentary [Video file]. Retrieved from
https://www.youtube.com/watch?v=bC1ex2zRCYA
3
References
https://trainings.internshala.com/hacking-course/
https://scholar.google.com/
https://www.geeksforgeeks.org/