SUMMER TRAINING REPORT

ON

ETHICAL HACKING
SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR
THE AWARD

OF THE DEGREE OF

BACHELOR OF ENGINEERING

(Computer Science & Engineering)

JUNE-JULY,2022

SUBMITTED BY:

SATNAM SINGH

19BCS1583

DEPARTMENT OF COMPUTER SCIENCE &ENGINEERING

CHANDIGARH UNIVERSITY GHARUAN, MOHAL

i
Certificate by Internshala Trainings

Ethical Hacking Course

Learn to hack and secure websites like an expert

ii
 CHANDIGARH UNIVERSITY,GHARUAN,MOHALI

CANDIDATE'S DECLARATION

I Satnam Singh hereby declare that I have undertaken Summer Training and developed

project titled Ethical Hacking during a period from Jun'22 to July'22 in partial fulfillment of

requirements for the award of degree of B.E(COMPUTER SCIENCE & ENGINEERING) at

CHANDIGARH UNIVERSITY GHARUAN, MOHALI. The work which is being presented

in the training report submitted to Department of Computer Science & Engineering at

CHANDIGARH UNIVERSITY GHARUAN, MOHALI is an authentic record of training

work.

Signature of the Student

The training Viva–Voce Examination of has been held on

and accepted.

Signature of Internal Examiner Signature of External Examiner

iii
 Table of Contents

Topic Page No.

Certificate by Internshala Trainings...................................................................................ii

CANDIDATE'S DECLARATION...................................................................................iii
List of Figures.....................................................................................................................vi
List of Tables.....................................................................................................................vii
Abstract.............................................................................................................................viii
Acknowledgments...............................................................................................................ix
About the Course.................................................................................................................x
CHAPTER 1 INTRODUCTION........................................................................................1
1.1 Background of Hacking...............................................................................................1
1.2 Definitions of Hackers, Hacking and Cybercrime....................................................2
1.3 Types of Hacking..........................................................................................................2
1.4 Major Hacker Attacks on Systems.............................................................................6
1.5 Why Do Hackers Hack?..............................................................................................8
1.6 What do Hackers Use to Hack?................................................................................10
1.7 Legal Consequences of Hacking................................................................................11
1.8 Case study...................................................................................................................13
1.9 Classification of Hackers and Hacking Activity......................................................13
CHAPTER 2 TRAINING WORK UNDERTAKEN..........................................................18
2.1 Basics of Information Security and Computer Networking...................................18
2.2 Hacking Methodologies and Security Auditing.......................................................19
2.3 Introduction to Web Architecture and Understanding Common Security
Misconceptions....................................................................................................................21
2.4 Introduction to PHP and Setting up XAMPP.........................................................23
2.5 Introduction to VAPT and OWASP.........................................................................24
2.6 Authentication Bypass using SQL Injection............................................................25
2.7 Bypassing Client Side Filters using Burp Suite.......................................................26
2.8 Documenting Stages of Vulnerabilities Using Tools...............................................28
2.9 Documenting Stages of Vulnerabilities Using Tools...............................................29
CHAPTER 3 RESULTS AND DISCUSSION................................................................31
3.1 Understanding the Need to Hack the Systems.........................................................31
3.2 Understanding the Dangers that a Systems Face....................................................31
3.3 The Ethical Hacking Process.....................................................................................32

iv
3.4 Selecting tools..............................................................................................................33
3.5 Characteristics in tools for ethical hacking..............................................................34
3.6 Evaluating results.......................................................................................................34
3.7 Controversy.................................................................................................................35
CHAPTER 4 CONCLUSION AND FUTURE SCOPE.....................................................37
4.1 Conclusion...................................................................................................................37
4.2 Future Scope...............................................................................................................37
Reports................................................................................................................................38
Online Sources....................................................................................................................39
References...........................................................................................................................40

v
 List of Figures
Figures Page No.

Figure 1 1 Flame virus as computer virus example...................................................................3

Figure 1 2 Ransomware attack screen message demanding payment........................................5
Figure 1 3 Common message sign of a DOS attack...................................................................5
Figure 1 4 Christmas Tree virus/work 1987..............................................................................7
Figure 1 5 All in One Keylogger software...............................................................................11
Figure 2 1 Basic of Computer
Networking..................................................................................................................18
Figure 2 2 Web Architecture....................................................................................................22
Figure 2 3 Introduction of Setting up XAMPP........................................................................23
Figure 2 4 SQL Injection..........................................................................................................26
Figure 2 5 Client Side Filters using Burp Suite.......................................................................27

vi
 List of Tables
Tables Page No.
Table 1 Examples of hacking events over the decades since hackers have attacked computer
systems......................................................................................................................................8

Table 2 Why hackers hack explanations..................................................................................10

Table 3 Hacker and hacking terms...........................................................................................15

vii
 Abstract

One of the fastest growing areas in network security, and certainly an area that generates
much discussion is that of ethical hacking. In today's context where the communication
techniques have brought the world together; have also brought into being anxiety for the
system owners all over the globe. The main reason behind this insecurity is Hacking- more
specifically cracking the computer systems. Thus the need of protecting the systems from the
nuisance of hacking generated by the hackers is to promote the persons who will punch back
the illegal attacks on our computer systems, The Ethical Hackers. The main purpose of this
study is to reveal the brief idea of the ethical hacking and its affairs with the corporate
security. This paper encloses the epigrammatic disclosure about the Hacking and as well the
detailed role of the ethical hacking as the countermeasure to cracking in accordance with the
corporate security as well as the individual refuge. This paper tries to develop the centralized
idea of the ethical hacking and all its aspects as a whole.

viii
 Acknowledgments
This is the third book in a series exploring Internet issues. The first was called Adult-to-Adult
Cyberbullying: An Exploration of a Dark Side of the Internet, published in 2015, while the
second was called Trolls and Trolling: An Exploration of Those That Live Under The
internet Bridge, published in 2017. Hackers are a major concern as we move towards more
use of information technology and artificial intelligence. Although alarming, understanding
hackers and how to prevent hacking is valuable. This book raises awareness of this issue.
Like the first two books, it is a mixture of practical and academic material. While not totally
conclusive and recognising not all material can be covered in this type of book, it still
functions as a reference guide. I would like to thank: Again, like the first two books, Dr
Thomas Apperley of Deakin University Melbourne for advice on book layout. Professor Tara
Brabazon, Dean of Graduate Research and Professor of Cultural Studies at Flinders
University, Adelaide for incredible encouragement especially confirming that any form of
research and writing offered up for public scrutiny is still worth doing.

Thank you.

Cybersecurity and hacking is important. In exploring those that are lurking behind the screen,
I want to again thank the vast numbers of people from the first hacker to current hackers, and
to those who have written and published about them.

ix
 About the Course

Learn Internshala Trainings' Ethical Hacking Course to hack and secure websites like an
expert. Learning how to hack can help you implement the strongest possible security
practices. It's as much about finding and fixing security vulnerabilities as it is about
anticipating them. Learning about the methods hackers use to infiltrate systems will help you
resolve issues before they become dangerous

Course Highlights

-Learn online, at your own schedule

-Mobile friendly - No laptop? No problem

-Placement assistance to build your career

-Certificate of training from Internshala Trainings

-72 hacking challenges & 1 project to help you practice hacking

-Doubt clearing through Q&A forum

-Beginner-friendly- No prior knowledge required

-8 weeks duration- 1 hr/day (flexible schedule)

-Downloadable content with lifetime access

What placement assistance will you receive?

1. Free Placement Prep Training: Learn how to build your resume, make great
applications, and ace your interviews.

2. Curated internships & jobs: Get internships and fresher jobs as per your preference in your
inbox.

3. Get highlighted on Internshala: Top performers will be highlighted in their internship

& job applications on Internshala.

Why Learn Ethical Hacking?

1. Because it's fun: Searching for vulnerabilities, detecting them, and suggesting fixes. You
get to be the modern day Sherlock Holmes!

2. Be in demand: With the entire world and its data coming online, the demand
for cybersecurity experts is skyrocketing.

x
3. Lucrative salary: The average salary of a Cybersecurity Analyst is 6.8 LPA+ according to
Indeed.

How will your training work?

1. Learn concepts: Go through training videos to learn concepts

2. Test yourself: Test your knowledge through quizzes & module tests at regular intervals

3. Hands-on practice: Work on assignments and projects. Use our in-browser IDE for coding
practice

4. 1:1 doubt solving: Get your doubts solved by experts through Q&A forum within 24 hours

5. Take final exam: Complete your training by taking the final exam

6. Get certified: Get certified in Web Development upon successful completion of training

xi
CHAPTER 1 INTRODUCTION

1.1 Background of Hacking

What hackers do is figure out technology and experiment with it in ways many people never
imagined. They also have a strong desire to share this information with others and to explain
it to people whose only qualification may be the desire to learn. Emmanuel Goldstein, pen
name of Eric Corley1 It is a fairly open secret that almost all systems can be hacked,
somehow. It is a less spoken of secret that such hacking has actually gone quite mainstream.
Everybody hacks sometimes. Dan Kaminsky, American Security Expert2013. We now see
hacking taking place by foreign governments and by private individuals all around the world.
Michael Pompeo, Director of the Central Intelligence Agency in 2017 At the end of a long
working week you look forward to being paid on Friday. You go to the Automatic Teller
Machine after work to get some cash for a dinner and drinks evening with friends. Your
account balance is zero. What happened? You ring your bank’s emergency number and ask
why the money is not there. They claim the money went in your account but was withdrawn
immediately. There is nothing they can do. You have become a victim of a computer hacker.
These scenarios have become common as our reliance on the Internet increases. We have
many passwords for many accounts that are not unique and often not changed. We place our
trust in websites and phone applications (apps) to do financial transactions. We often buy
goods and services using our credit cards. We visit web sites without updating our firewall
sand anti-virus software. Our personal data, especially our names, addresses and electronic
mail (email) addresses, are stolen. The constant battle of banks, governments and businesses
to protect your data is growing. Hackers have a long history of causing disruption and
mayhem. Now, in this online age, the potential for catastrophic damage is on a global scale as
electricity grids are shutdown and money can disappear from bank accounts instantly.
Hacking has gone from an underground to a mainstream practice. Plenty of online public
tutorials, hacker forums and social media groups offer advice on how to hack. Yet not all
hackers are criminals; some are considered heroes and some have turned from malicious
shacking to helping the companies they hacked to stop other attacks. It has become a complex
issue for our society to manage and prevent. This book aims to inform the reader about
hackers, hacking and the types of cybercrime that raises concerns and anxieties about one’s
online safety4. There are many books about hacking, its history and its consequences. A
World Wide Web search can yield many alarming stories about hackers. This book will
discuss a selection of hacking issues designed to create an awareness of the depth of these
issues and an appreciation of the hacker ethos and mindset. To begin, a framework of who,
what and how of hackers is presented in this chapter. It serves to show what will be discussed
in this book and define the terms that are used.

1
1.2 Definitions of Hackers, Hacking and Cybercrime
The terms ‘hacker’, ‘hacking’ and ‘cybercrime’ strike fear into people based on past
perceptions and knowledge, combined with the panic of media reporting, that such people are
out to cause harm. In this book these will be defined to create an understanding of whom they
are, what they are and what they do. These are general definitions based on a collective and
common understanding of them.

Hackers

Hackers are people who share an appreciation of technology, how it can be turned into new
and unexpected uses, and have a low-level familiarity with the operation of it, being capable
of devising technically elegant software solutions.

Cybercrime

Cybercrimes are defined as those which directed at computers or other devices. Where
computers or other devices are integral to the offence (for example, online fraud, identity
theft and the distribution of child exploitation material) (Australian Cybercrime Online
Reporting Network (ACORN), n.d.a). Cybercrime is used as an umbrella term to refer to an
array of criminal activity including offences against computer data and systems, computer-
related offences, content offences, and copyright offences (Australian Institute of
Criminology, 2011). Hacking can be a form of cybercrime, although examples of what are
called cybercrimes are broad such as:

 Identity Theft and Forgery

 Credit Card Theft and Scamming
 Child Exploitation Material
 Copyright Infringements as represented by the famous case of Napster in the 1990’s
 Computer Viruses
 Email Spam and Scams
 Online Piracy such as Bit Torrents where movies and music can be downloaded for
free
 Steganography which is concealing information within files

1.3 Types of Hacking

This section has a substantial discussion of types of hacking to give an indication of how it
appears and what it consists of. The discussion in this section is not exhaustive and focuses
on common types of hacking and hacker techniques. It will attempt to avoid as much jargon
as possible, but will need to explain technical terms.

2
1. Computer Viruses

A computer virus is defined as: A program that can replicated itself and infect a computer,
spread from one computer to another (in some form of executable code) when its host is
taken to the target computer; for instance because a user sent it over a network or the
internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB
drive.

Figure 1 1 Flame virus as computer virus example

2. Spyware

This is software designed to covertly collect information from a computer system without the
permission or knowledge of the computer user (Inter hack Corporation, 2018). When it is
installed it will transmit information through the Internet connections and networks. Common
types of spyware include:
3
  Keylogging Software
 Form Fillers
 Track ware
 Cookies
 Rootkits - This is a computer program designed to provide continued privileged
access to a computer while actively hiding its presence
 Web Beacons - a transparent graphic image placed on a website that monitors the
computer user’s behavior

3. Worms

A worm is a small piece of software that uses computer networks and security holes to
replicate itself (Brain, n.d.). A copy of the worm scans the network for another machine that
has a specific security hole. It copies itself to the new machine using the security hole, and
then starts replicating from there, as well.

4. Trojan Horses

A Trojan Horse program has the appearance of having a useful and desired function. Secretly,
the program will perform other undesired functions. These may cause data destruction or
compromise a system by providing a means for another computer to gain access, thus
bypassing normal access controls, such as Firewalls. Trojan horse attacks are one of the most
serious threats to computer security as they can be spread in the guise of literally anything,
which makes it difficult to notice them (Khan, 2012, p. 9).

5. Ransomware

Ransomware is a piece of pernicious software that exploits a user’s computer vulnerabilities

sneak into the victim’s computer and encrypt all his/her files. The key point with this hacker
attack is the locking of the files with strong unbreakable encryption that usually cannot be
unlocked by computer users. The attacker keeps the files locked unless the victim agrees to
pay a ransom or the price of giving a key or code to unlock the computer increase. It results
in data loss and is a form of blackmail. It is wasteful for reorganizations in terms of time lost
and money paid out to hackers, can be critically devastating if crucial data, such as patient
health records, is locked and is personally distressing to the user who loses data such as
personal photos. As such it is considered the most insidious of malware, especially as the
payment usually needs to be made by cryptocurrency Bitcoin, which home computer users
may not have. Lata Rebo Locker prevents its victims from using their computers by using a
large image containing the ransom note. It adds entries to the Windows Registry to enable
activation whenever the user’s operating system starts up. It will also add additional registry
entries that disable the task manager, preventing users from terminating its process.

There is also a dilemma for companies who have to pay the hackers because they may pay
the ransom without consulting law officials so the company’s reputation remains intact

4
 Figure 1 2 Ransomware attack screen message demanding payment

6. Denial of Service (DOS)

A Denial of Service attack stops people from using someone’s website and is a common
hacking strategy. This denies the user the opportunity to use the web site that can cause the
owner to lose business. A technical explanation is offered by Schuba, Krsul, Kuhn, Spafford,
Sundaram and Zamboni (1996) as to how the DOS attack works: It works by an attacker
sending many TCP (Transmission Control Protocol)connection requests with spoofed source
addresses to a victim's machine. Each single request causes the targeted host to instantiate
data structures out of a limited pool of resources. Once the target host's resources are
exhausted, no more incoming TCP connections can be established, thus denying further
legitimate access.

Figure 1 3 Common message sign of a DOS attack

5
7. Structured Query Language (SQL) Injections

Our personal details are now contained in countless databases across the world, filled with
information hackers would like to obtain. When obtaining information from a database,
programmers use a programming language to manage data in a relational database system
called Structured Query Language. It operates across many database management systems,
especially on commonly used databases such as Oracle and Microsoft SQL Server Access. As
databases contain much sensitive data, particularly financial, health and police record
disorganizations struggle to keep SQL Injections from happening. There are legal
consequences as people have taking out class actions against organizations that did not take
steps to protect client or patient data from these attacks.

SELECT name FROM bank WHERE userid=’prerna’ AND pswrd=’’; drop table Loans

This means select client name from the bank where the user id and password returns loan
amount the customer owes.

SELECT name FROM bank WHERE userid=’prerna’ AND pswrd=’ ’; dr op table Loans
AND pin=’123’

This statement can be inserted in SQL based databases, be executed and result in data loss or
the passing on of information to hackers. Considering the millions of databases that exist, the
potential for hackers to externally or internally write statements that can destroy data or
collect information attests to the depth of the problem of SQL Injections.

1.4 Major Hacker Attacks on Systems

Large-scale cyber criminal and cyber terrorist attacks are almost a daily occurrence. Although
not an exhaustive list, this section lists a selection of hacker attacks that have taken place
since the invention of networked computer system. Notable in these attacks are their scale
and their worldwide effects on financial systems, infrastructure and on the privacy of those
affected by such attacks.

These attacks demonstrate the potential of disruption to organizations and peoples’ lives, but
also display the difficulties of putting into place strategies to manage them. Other attacks not
in this table were significant in alerting the public to hackers and especially viruses.
Additionally, Hollywood movies such as ‘Sneakers’, ‘The Net’, ‘Blackhat’ but especially the
1983 film ‘War Games’, have changed perceptions of hackers and showed the public it was
a serious social problem

6
 Figure 1 4 Christmas Tree virus/work 1987

Table1:

Examples of hacking events over the decades since hackers have attacked computer systems

Year Hacking Attack Event Details

1930 Inventor Nevil Maskelyne disrupted a public demonstration by John Fleming
who was using Marconi’s secure wireless telegraphy system by sending
various insults through Morse Code from the auditorium projector.

1940 Rene Carmille was a double agent in World War Two and convinced the
Nazi’s to be in charge of a punched card system that was set up to find out
Jewish French citizens, but hacked the system so the Nazi’s could not easily,
or at all, find Jewish citizens.

1976 Famous hacker Kevin Mitnick gained access through a phone number for a
system called the Ark, run by Digital Equipment Corporation, copying
their software.

1986 The 414 computer hacker group hacked into several computer systems in the
United States, of which the hackers were aged 15 to 22 years old.

1988 Release of the Morris Worm created by Robert Morris interrupted and slowed
down computer systems.

7
 1994 A Russian hacker in St Petersburg hacks into a major United States bank and
steals money.

2000 Russian Natural Gas Company Gazprom had a Trojan Horse try to gain
access to control the gas pipeline system

2001 California Power distribution centre is attacked by hackers on 2 web servers

due to poor information technology security.

2003 Worm malware used on an Ohio nuclear power plant.

2009 Night Dragon cyber attack on global oil companies.

2012 The Saudi Arabia Shamoon Disttrack viruses released.

2012 Virus attacks in United States on power companies.

2013 Power grid attacks in Austria and Germany resulting in deliberate

breakdowns of power systems.

2013/15 Hacking of power plant designs and system passwords on power plants in the
United States and Canada.

2015 South Korean nuclear power plant hack.

2015 Department of Resources and Energy in Australia’s computer systems hacked

2016 Israel malware attacks in electricity systems.

2016 Hacker steals patient data and offers for sale on the dark web or dark net

2017 British health system ransomware attack.

2017 Cloudflare, a cloud storage provider, did not respond to a cloud leakage from
a bug which resulted in data being able to be obtained from accounts.

2017 Ride sharing company Uber pays ransomware hackers when up to 57 million
customer names, account details, email and phone numbers were hacked.

1.5 Why Do Hackers Hack?

Hacking is considered a criminal and deviant act by the law, psychologists and sociologists.
There has been over time the persistent belief that hacking is a criminal act to be feared, a
form of social deviance and poses a serious worldwide threat to information systems security
(Nycyk, 2016; Dremliuga, 2014; Taylor, Fritsch, Liederbach & Holt, 2011; Kshetri, 2010;
Warren & Leitch, 2009; Flowers, 2008). This has been re-enforced by the mass media and

8
entertainment industries portraying hackers as mostly criminals with negative childhoods,
being loners and have vengeful, vindictive personalities. The majority of research focuses on
males as hackers, but females and other genders have also become major hacker figures.
There is a body of sociological and psychological research asking why people become
computer hackers, either for amusement or for criminal purposes. A number of reasons will
be listed and discussed in this section. Four metrics are suggested by Atkinson (2015, p. 5)
that suggests an overall technical and psychological skill set hackers acquire that motivates
them to hack:

 Persistence – taking time and effort to understand a system and compromise it using
attention to detail and resources to do so, including taking time to gather information
to do so.
 Skill – the technical skills that the hacker possesses developed over time, such as
programming, network hacking skills and systems administration.
 Greed – The amount or need to acquire information or compromise numerous systems
define the greed that a hacker possesses in order to get the most out of their ill-gotten
gains.
 Stealth – The ability to manipulate and exfiltrate data without being detected,
compromise a system and alter system logs without raising alarms which makes for
causing much destruction. This is a key skill in doing the act of hacking.

Table 2

Why hackers hack explanations

Researcher Names and Reason for Hacking

Publication Year

Chandler (1996) Imitate behaviours of others, model behaviour on other hackers

Taylor (1999) Curiosity, boredom, enjoyment, feeling powerful, peer

acceptance

Spitzner (2002) Entertainment, peer acceptance and social group

membership

Dreyfus (2002) Look at success of hack not consequences

Fötinger & Ziegler (2004) Feeling inferior leading to hacking providing a feeling of
power

Rennie & Shore (2007) Hacker experiences sense of flow17– concentration,

interest and control

9
 Sharma (2007) Desire for fame and money outweigh fear of criminal
consequences

Bryant & Marshall (2008) Self-esteem, peer recognition and acceptance

Chiesa, Ducci & Ciappi Intellectual curiosity, making the personal computer safer,
(2009) conflict with authority, boredom, seeking fame, anger,
political reasons, escaping from responsibilities

Ledingham & Mills (2015) Regarding self as a hero (especially extremist hacker
groups)

1.6 What do Hackers Use to Hack?

Although an in-depth technical discussion of the vast array of hacking tools hackers use in
their activities is beyond this book’s scope, naming and brief explanations of some of them
give an appreciation of hacking. Some of these tools are reasonably easy to learn and use.
These software tools are in the public domain of the World Wide Web, so although many are
illegal they are easy to find and download. Using them with criminal intent is illegal but also
those who use them do need to learn them, often turning to public or private hacking forums,
social media and the Dark Web to find experienced hackers to mentor them (Nycyk, 2016).
These five examples of hacking tools and were found on web searches, representing a sample
of what hackers use. They were chosen based on their reputation as key instruments of
hacking and to illustrate the relative ease of what hackers can use to access a computer
system.

1. Keylogging Software

A keylogger is a hardware device or a software program that records the real time activity of
a computer user including the keyboard keys they press (Mitchell, 2017). This is a concern
because passwords and banking details are entered as keystrokes and can be detected and
recorded. They can also be remotely used on computer networks. Although they can be
removed by anti-virus and anti-hacker detection programs, they can be effectively hidden on
computer systems. Money stealing has occurred because of this. As Mitchell (2017) further
explains these can:

 capture any passwords entered by users on the device

 take screen captures of the device at periodic intervals
 record the URLs that were visited via Web browsers, and possibly also take screen
captures of the Web pages viewed
 record a list of the applications run by users on the device
 capture logs of all instant messaging (IM) sessions

1
  capture copies of sent emails
 automatically send the reports containing stored logs and emails to a remote location
(by email, FTP or HTTP)

Figure 1 5 All in One Keylogger software

2. Remote Administration Tools

A remote administration tool (RAT) is a programmed tool that allows a remote device to
control a system as if they have physical access to that system. While desktop sharing and
remote administration have many legal uses, RAT software is usually associated with
unauthorized or malicious activity (Ethical Hacking Tutorials.com, 2017). Examples include:
ScreenConnect, AnyDesk, GoToMyPC, TeamViewer and Chrome (Google) Remote
Desktop. Many people have been victims of hackers that have scammed them through
convincing the person, usually someone who has a home computer, that their software
contains many viruses. By complying and agreeing to let the hacker access the computer
remotely, it is possible to scam the person of money as the confused person gives the hacker
their credit card number. The RAT is able to access the home computer and find out file
names and personal details from visited web sites such as online banking

1.7 Legal Consequences of Hacking

1
Punishments for hacking and cybercrimes vary worldwide, but legislation exists in many
countries which show the legal consequences of hacking. In this section the Australian laws
on hacking and punishments under those laws will be discussed. Five short examples of the
crime and punishment will also be discussed. The Australian Act that covers cybercrimes is
the Cybercrime Act 200119 which was tabled in October 2001 and came into law in April
2002. A serious of definitions of data and electronic communication are useful as they frame
what are subject to criminal tampering. It covers the nature of computer-based offences and
the punishments the law courts have in making decisions to place monetary, community
service or incarceration sentences on the offender. Although it is a lengthy document, for this
book two areas will be taken from the legislation to show the seriousness of hacking crimes.
They are: the crimes themselves and the intention to commit crimes that are proven that the
person intended to hack. The Act does raise concerns about the powers legal and policing
authorities have to access computer systems. In another section the key logging and other
invasive software was mentioned. Sometimes this software is used for legitimate reasons and
not hacking, hence why the organization Electronic Frontiers Australia (2001) expressed
concerns about the Act before it was passed. They also had other concerns about how much
power police and others would have to access individual and organizational computer system.
Boulton (2004), of the organization GIAC Certifications in Australia, also argued the
investigation powers were invasive. However, the Act is in force as at today and despite
concerns has not been challenged by the public.

Example Australian Cases:

There have been many cases of hacking activities brought before the courts for judgement,
sentencing and monetary compensation punishments. Six of these cases are presented here
that show the crime and the punishment20. Some occurred before the implementation of the
Act. These all took place in Australia and illustrate that over time Australian courts have
taken hacking activity seriously:

1. Skeeve Stevens:

Activity: In 1995 he broke into the computer system of Internet Service Provider AUSNet
causing actual and potential commercial harm, by stealing and publishing the credit card
numbers of 1200AUSNet subscribers that was considered at that time a major and serious
violation of privacy (AustLii, 1998).

Punishment: Three years jail.

2. Vitek Boden:

Activity: Hacked into a Maroochy Shire Council in Queensland waste management system
causing raw sewerage to spill into marine life habitats, rivers and a luxury resort.

Punishment: Two years jail.

3. David McIntosh

1
Activity: Hacked into a Northern Territory government network causing computers to crash
including deleting public service user accounts, including the Royal Darwin Hospital.

Punishment: Three years jail.

1.8 Case study

The Organization

CERN, the European Organization for Nuclear Research, is one of the world's largest and
most respected centers for scientific research. Its business is fundamental physics, finding out
what the Universe is made of and how it works. At CERN, the world's largest and most
complex scientific instruments are used to study the basic constituents of matter -the
fundamental particles.

What Happened

A group of hackers identifying themselves as the 2600 succeeded in hacking into a computer
network of the Large Hadron Collider at CERN. The hacker team 2600 also identified
themselves as the "Greek Security Team" and was competing against a rival hacker group to
successfully tap the computer system of history's largest physics experiment.

Impact

The website-cmsmon.cern.ch - can no longer be accessed by the public as a result of the

attack. Scientists working at CERN, the organisation that runs the vast smasher, were worried
about what the hackers could do because they were "one step away" from the computer
control system of one of the huge detectors of the machine. If they had hacked into a second
computer network, they could have turned off parts of the vast detector and, said the insider,
"it is hard enough to make these things work if no one is messing with it." Fortunately, only
one file was damaged but one of the scientists firing off emails as the CMS team fought off
the hackers said it was a "scary experience"

1.9 Classification of Hackers and Hacking Activity

Classification of hackers consists of terms used in their culture that have become widely
used. To compile this list and their definitions, several sources were consulted to find
commonly used terms. Table 3 gives terms and definitions of the main terms used to describe
hackers and hacking activities. An important point of this list is that it is free of gender titles
and references to the physical characteristics of hackers and their societal status. Over time
hackers were assumed to be mostly young Caucasian males, but this has proven not to be true
with female hackers becoming well-known for their illegal and ethical activities. Kirwan and
Power (2011) argued that much research supports the young male as the stereotype and whilst
likely still the majority, this is changing. They also argue that many hackers have some type
of formal education.

1
There are four main terms used to describe hackers and hacking used by society, the law and
researchers use to differentiate between positive and negative hacking. These terms are: black
hacker, white hacker, grey hacker, ethical hacker, as well as the practice of Hacktivism. They
are known by the term ‘hat’ and are discussed first. Table 3 lists and explains several terms.
Kirwan and Power’s (2011) work is again drawn upon for the table, with other sources
included.

The Main Types of Hackers and Hacking

Black Hats:

The common characteristic of black hat hackers is that they are usually malicious. They are
hacking computer systems for personal and selfish gain. Best (2003) makes a claim that the
black hats are ‘new school’ hackers motivated by greed, political ideas or other negative
motivations such as desire for becoming notorious. This does seem at odds though with the
motivations of many hackers who are white or grey that actually fight with black hackers
trying to stop the black hats from destroying computer systems. However, the black hat has
become the cultural term accepted for those who are hacking for purposes that are criminal.

White Hats:

The white hat hacker is also called an ‘ethical’ hacker because they use their hacking
knowledge for motivation to help individuals and companies be protected from black hat
hackers. Often they are hired by corporations performing computer system activities such as
penetration testing, test in-place security systems and perform vulnerability assessments for
companies, often paid large salaries to do so (Symantec, 2017). They are not criminals and
are said to be working within the law of where they are operating from. Crawley (2016) from
a network security and company position, such hackers possess qualities, such as not backing
down from hacking challenges, which makes them valuable to the data protection process
and makes the risk of hiring them a wise corporate strategy.

Grey Hats:

The term for this type of hacker arose in 1999 in The New York Times to describe those who
hack, fitting in between the black and white hacker spectrum (Kirsch, 2014). This intersection
of hackers is called grey because they can undertake illegal activities, but also have prevented
black hat hackers from carrying out hacks. An effective description is given by Aggarwal,
Arora, Neha and Poonam (2014): A Grey Hat in the computer security community, refers to a
killed hacker who sometimes acts legally, sometimes in good will, and sometimes not. They
are a hybrid between white and black hat hackers. They usually do not hack for personal gain
or have malicious intentions, but may or may not occasionally commit crimes during the
course of their technological exploits It is reported that grey hats exploit computer system
vulnerabilities but do little to no damage other than access (Hald & Pedersen, 2012), although
the same authors suggest grey hacker, United States Private Bradley Manning who
downloaded 700,000 classified documents from the United States military and passed them to
WikiLeaks18, is an example of a grey hat hacker being labelled by the media as a criminal.

1
Hacktivism:

This has become a popular term widely used in the media, often associated with WikiLeaks
and hacker group Anonymous that has become a hacking practice as a form of protest against
powerful agents, such as governments. A definition found of the term is by Sorell, (2015, p.
391):

Hacktivism is a form of political activism in which computer hacking skills are heavily
employed against powerful commercial institutions and governments, among other targets. It
has various negative connotations and can be mischievous. Yet it can be positive because it
fights for the rights of individuals. Anonymous, for example, received praise for its hacking
of the conservative American Westboro Baptist Church, governments and political leaders.
While demonized by the media, Anonymous has received much support for their actions.

Taxonomy and Definitions:

Table 3 lists and defines a selection of hacker and hacking terms, although it should be stated
that new terms to describe hackers and their activities will arise in the future. Again, Kirwan
and Power (2011) are mainly drawn on due to their expertise in naming types of hackers. Any
others sources are listed in the table.

Table 3

Hacker and hacking terms

Term Definition/Characteristics

Advanced Persistent Threat
(APT) Agents
This group is responsible for highly targeted attacks
carried out by extremely organized state-sponsored groups.
Their technical skills are deep and they have access to vast
computing resources. It refers to a group, such as a
government, with both the capability and the intent to
persistently and effectively target a specific entity

Casual Hacker Less active hackers, may not hack much but keeps up-to-
date with what other hackers are doing (Zhang, Tsang,
Yue, & Chau, 2015)

Coders Hackers with high level skills who hack in white or black
ways

Crackers Violent attackers who cause serious damage to an

organisation such as delete data or releasing personal
details

Cyber-Punks Capable skilled hackers who intentionally engage in

malicious hacking acts like defacing web pages

1
Cyberterrorist Carries out acts of terrorism by hacking computer systems

Cyber-Warrior Hack more for monetary reasons

Ethical Hacker Another name associated with the White Hat Hacker

Guru Guru hackers have reputations through the media or the

Internet that make them sort after by other hackers (Zhang
et al., 2015)

Industrial Spy A hacker who is motivated by money, including

employees who work for an organization

Information Warriors Another name for hackers who commit acts of industrial
espionage (Hald & Pedersen, 2012)

Internals Disgruntled employees in an organisation who deliberately

hack a system or destroy data

Learning Hackers These hackers may not always maliciously hack, but rather
are constantly for their own reasons learning how to hack
and will share knowledge with others in Internet forums
and social media

Newbie A beginner hacker who usually join Internet virtual

communities and forums, constantly asking questions.
They have also been called Green Hats and their title is
abbreviated as nOObz

Novice Hacker These hackers are still learning but tend not to share their
knowledge with others

Quiet, Paranoid and Skilled A hacker who is paranoid and covers their tracks with
Hacker incredible skill

Phreaker Phreaker is a telecom network hacker who hacks a

telephone system illegally to make calls without paying for
them (OmniSecu.com, 2018)

Script Kiddies Use others’ hacking tools to hack and then boast to others
especially on social media and virtual forums, often treated
with contempt by established hackers like newbies are.
However, these hackers have gotten angry against those
that make fun of them and if they take revenge they can be
labelled Blue Hats (GrayHat4Life, 2015)

Social Engineer In hacking terms these use deception to persuade people

to, mostly unknowing, give information about the

1
 organisation they are hacking, phishing through email is
part of this engineering

The ‘37337 K-rAd iRC #hack Kirwan & Power (2011, p. 57) state these are ‘Characters
0-day exploitz guy who would do anything to become “famous”...they are
willing to use “brutal methods” to get where they want to
be’ and they have access to hacking weapons to cause
destruction of systems

Vulnerability Broker Exploit vulnerabilities especially in new software and sell

them to governments or organisational rivals (Fry, 2013)

This sample of hacker types demonstrates not just the wide range of definitions and labels,
but also the activities they do.

1
 CHAPTER 2 TRAINING WORK UNDERTAKEN

2.1 Basics of Information Security and Computer Networking

Introduction to Information Security is a graduate-level introductory course in information

security. It teaches the basic concepts and principles of information security and the
fundamental approaches to secure computers and networks. Its main topics include: security
basics, security management and risk assessment, software security, operating systems
security, database security, cryptography algorithms and protocols, network authentication
and secure network applications, malicious malware, network threats and defenses, web
security, mobile security, legal and ethical issues, and privacy.

Figure 2 1 Basic of Computer Networking

1
2.2 Hacking Methodologies and Security Auditing
Phase 1 — Reconnaissance

This is a set of techniques like foot-printing, scanning, and enumeration along with processes
used to discover and find information about the target system. An ethical hacker during
reconnaissance attempts to gather as much information about a target system as possible.

1. Information Gathering — The idea over here is to collect as much information as possible
about the target which is interesting, new and of utmost importance. And to achieve this
many tools are available which are used by hackers so as to stop any real planned attacks.
2. Determining the network range — After finding out the target IP address, it is time to
determine the network range. It is important to determine the maximum number of
networks that will give a clear plan and matrix of hacking.
3. Identifying the active machine — We need to find the active machines that are on the
target network range. It is a simple way by performing a ping on the target network. In
order to avoid it being caught by the host or rejected, we need to follow a proper suit so as
to complete the process successfully.
4. Finding open ports and access points — After determining the network range and active
machine, an ethical hacker proceeds with the port scanning process to retrieve the open
TCP and UDP access port points.
5. OS fingerprinting — It is the process of learning whether the operating system is running
on the target device. So, OS Fingerprinting is the process in which we compute and
determine the identity of a remote host’s operating system.
6. Fingerprinting Services — This is accomplished by sending specially crafted packets to a
target machine and then noting down their response. It is analysed by gathering the
information to determine the target OS.
7. Mapping the Network — It is the study of the physical connectivity of networks. In-
network mapping, an ethical hacker discovers the devices on the network and their
connectivity which is not to be confused with the network discovery or network
enumerating that leads to discovery of their characteristics.

Phase 2 — Scanning

Collecting more information using complex and aggressive reconnaissance techniques is

termed as Scanning

Scanning is a set of steps and methods that are for identifying live hosts, ports, services and
discovering operating systems and architecture of the target system. Identifying
vulnerabilities, threats in the network by scanning which is used to create a profile of the
target organization.

Following procedure is to be followed while performing the process of Scanning:

1. Which Servers are alive

2. Specific IP address

1
3. Operating System
4. System Architecture
5. Services running on each System

Phase 3-Gaining Access

1. System Hacking
2. Acquire Passwords
3. Password Cracking Techniques
4. Generate Rainbow Tables

Password Cracking

Non-Electronic Attack Attacker need not to possess technical knowledge to crack password.
Active Online Attack Attacker performs password cracking by directly communicating with
the victim machine. Passive Online Attack Attacker performs password cracking without
communicating with the victim machine. Offline Attack Attacker copies target’s password
file and then tries to crack password in his own machine at different location.

2.3 Digital Footprints and Information Gathering

A digital footprint – sometimes called a digital shadow or an electronic footprint – refers to

the trail of data you leave when using the internet. It includes websites you visit, emails you
send, and information you submit online. A digital footprint can be used to track a person’s
online activities and devices. Internet users create their digital footprint either actively or
passively. Whenever you use the internet, you leave behind a trail of information known as
your digital footprint. A digital footprint grows in many ways – for example, posting on
social media, subscribing to a newsletter, leaving an online review, or shopping online.

Sometimes, it’s not always obvious that you are contributing to your digital footprint. For
example, websites can track your activity by installing cookies on your device, and apps can
collate your data without you knowing it. Once you allow an organization to access your
information, they could sell or share your data with third parties. Worse still, your personal
information could be compromised as part of a data breach.

You often hear the terms ‘active’ and ‘passive’ in relation to digital footprints:

Active Footprint

An active digital footprint is where the user has deliberately shared information about
themselves – for example, through posting or participating on social networking sites or
online forums. If a user is logged into a website through a registered username or profile, any
posts they make form part of their active digital footprint. Other activities that contribute to

2
 active digital footprints include completing an online form – such as subscribing to a
newsletter – or agreeing to accept cookies on your browser.

Passive Footprint

A passive digital footprint is created when information is collected about the user without
them being aware that this is happening. For example, this occurs when websites collect
information about how many times users visit, where they come from, and their IP address.
This is a hidden process, which users may not realize is taking place. Other examples of
passive footprints include social networking sites and advertisers using your likes, shares, and
comments to profile you and target you with specific content.

2.3 Introduction to Web Architecture and Understanding Common

Security Misconceptions
Businesses, irrespective of their industry, are now deploying web applications to deliver their
products and services efficiently. When a web application is being deployed, the development
team tries to ensure that a web application has the minimum time to market possible. Moving
to agile development is already not smooth sailing, and on top of that, accommodating
security aspects without slowing down the development process is an altogether different
obstacle.

After working with hundreds of clients, we have come to an understanding that the decision-
makers of businesses have many misconceptions about web application security. In this
article, we debunk these myths to ensure that the decision-makers can make the right
decisions when it comes to the technical security of their organization.

1. Hackers only target big organizations and popular applications.

So often, we have seen that many startups, and small and medium-scale businesses believe
that they do not need sophisticated security measures as they are not a big organization. On
the contrary, the statistics given here clearly show that around 43% of the cyber attacks are
aimed at smaller organizations intentionally. Also, small businesses have ended up becoming
a victim in 70% of data breach incidents.

2. A firewall is enough.

Absolute security is not possible. No business can state that they are absolutely secure, and
no attacker can hack their applications or infiltrate their network. As the security systems are
getting sophisticated, so are the attackers and their attack techniques. Without a doubt, a web
application firewall, or WAF, is efficient in providing a significant level of protection from
the attackers from common attacks such as SQL injection, XSS, etc. However, they cannot
guarantee that your website is not going to be hacked.

2
3. Penetration testing is sufficient.

When a business conducts a penetration test, many weaknesses in its applications and
networks are found which could be exploited by the attackers. These vulnerabilities are then
addressed to ensure that the risk is minimized. However, you shall never underestimate the
attackers as they might already be one step ahead of you. Penetration tests shall be conducted
regularly, and the organization’s security program must be kept in check so that security is a
continuous process.

4. Applications are safe if the network is safe.

Security controls such as anti-virus and anti-malware applications, firewalls, intrusion

detection, and prevention system (IDS/IPS), etc. are often construed to be sufficient. It must
be understood that these are network perimeter security solutions and threats such as Account
Takeover (ATO) and SQLi can allow an attacker to bypass them easily. These advanced
threats essentially allow an attacker to exploit the loopholes in an organization’s network
perimeter. Without any doubt, the above-mentioned controls are essential, but they are not
entirely comprehensive.

Figure 2 2 Web Architecture

2
2.4 Introduction to PHP and Setting up XAMPP
PHP is the most popular and widely-used server-side scripting language for web
development. However, it requires a webserver to run even a locally developed webpage.
There are various web server software for setting up our local webserver. Amongst them,
PHP XAMPP and WampServer are the most popular. While WampServer is only available
for the Windows platform, XAMPP is a cross-platform application that can run on Windows,
Linux, and macOS. Hence, in this tutorial, you will learn PHP using XAMPP.

What is XAMPP?

XAMPP is an open-source web server solution package. It is mainly used for web application
testing on a local host webserver.

XAMPP stands for:

X = Cross-platform

A = Apache Server

M = MariaDB

P = PHP

P = Perl

Figure 2 3 Introduction of Setting up XAMPP

2
2.5 Introduction to VAPT and OWASP
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or
ranking) the vulnerabilities in a target. Assessments are typically performed according to the
following steps:

 Cataloging assets and capabilities (resources) in a system.

 Assigning quantifiable value (or at least rank order) and importance to those resources
 Identifying the vulnerabilities or potential threats to each resource
 Mitigating or eliminating the most serious vulnerabilities for the most valuable
resources

Penetration testing is the practice of testing a computer system, network or web application to
find security vulnerabilities that an attacker could exploit. Penetration testing can be
automated with software applications or performed manually. Either way, the process
involves gathering information about the target before the test, identifying possible entry
points, attempting to break in.

Types of penetration testing:

A penetration test target may be a White box (which provides background and system
information) or Black box (which provides only basic or no information except the company
name). A Grey box penetration test is a combination of the two (where limited knowledge of
the target is shared with the auditor). A penetration test can help determine whether a system
is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test
defeated.

There are various areas of Penetration Testing:

 Application penetration testing — Web, Mobile and Thick client application

 API penetration testingNetwork penetration testing
 IOT penetration testing
 Cloud penetration testing
 Device penetration testing

VA – Vulnerability Assessment is a process set with a goal of finding loopholes in the IT

infra, it could be in your application, software system, network, etc. PT- Penetration Testing
is the test conducted to investigate the severity of the loopholes found by VA testing. Let me
give you a simple example to understand better, VA testing identifies weak cryptography in
the host, to know how it will impact the system can be done by penetration testing tools,
either it can be decoded and have access to the database possibly by phishing attack than that
could be a threat. VA is a list of loopholes wherein PT is to identify the severity of each
loopholes.

2
REPORTING TOOLS:

VAPT tools are tools that automatically identifies the vulnerability in the system and also
generate report on penetration testing.

Pros

 Easily available, open-source applications are available.

 Time-consuming, on adding the IP addresses in few mins to hours reports are auto-
generated
 Manual expertise is not required, as it runs automated & shows the end results in the
form of reports
 Helps to understand the IT environment for small scale companies, even a Non-IT can
operate these tools

Cons

 Compromise with the data security as you will be sharing the access of IP to untrusted
tools without any agreement.
 Free application results may not be accurate.
 Penetration testing could open the portals which may entertain the hackers, it is
important to close all the portals after testing, where some tools fail to do so.
 Some of the tools are expensive to own and sensitive for the starters.

2.6 Authentication Bypass using SQL Injection

SQL injection is a technique used to exploit user data through web page inputs by injecting
SQL commands as statements. Basically, these statements can be used to manipulate the
application’s web server by malicious users.

 SQL injection is a code injection technique that might destroy your database.
 SQL injection is one of the most common web hacking techniques.
 SQL injection is the placement of malicious code in SQL statements, via web page
input.

Checking the form for SQL Injection:

The Simplest way is to put “‘”(without quotes) at the username or password field. If
the server returns any kind of SQL error in the Response then the website is most
probably vulnerable to SQL Injection attack.

2
 Figure 2 4 SQL Injection

Bypassing Authentication:

1. After we confirm that the site is vulnerable to SQL injection, the next step is to type
the appropriate payload(input) in the password field to gain access to the account.

2. Enter the below-mentioned command in the vulnerable field and this will result in a
successful Authentication Bypass.

“ Select id from users where username=’username’ and password=’password’ or 1=1--+ “

In the above command:

 Since 1=1 is always true, and we combined 1=1 with an OR operator, now we don’t
have to know username or password as whatever be the username, password, our 1=1
will always be true thus giving us access to our account.
 ‘ or 1=1–+(in the password field) ‘ before OR operator is used to terminating the
single quotes of password(ie- Select id from users where username=’username’ and
password=’password’)
 So that after we insert ‘ before OR operator, our SQL command becomes: Select id
from users where username=’username’ and password=’’ or 1=1–+
 –+ is used to ignore the rest of the command. Its main use is to ignore the ‘ after the
password and if we won’t use that ,we will get the following error.

2.7 Bypassing Client Side Filters using Burp Suite

Many websites lack client-side filter checks, so it becomes easy to bypass that. But, our
bypass will only be successful if there is no server-side filter check either. First, let’s dig a
little bit about the client-side filter bypass.

2
Client-Side Filter

These filters ensure that the input given by the user is in the correct format. Basically, this
filter validates the input, and then it is forwarded to the server-side. For example: If you don’t
put ‘@’ in your email id, or if u don’t click on terms and conditions if you insert alphabets in
phone no. field, you are prompted to enter valid inputs.

Alright, now that we’ve understood the security systems, let’s see the easiest method to crack
through this kind of security. You must remember from the Burp Suite tutorial, that every
time you want to interact with a web server, the information is sent in the form of an HTTP
request to the server from the browser. And using Burp Suite, we can intercept that request
and make potential changes to it.

Fortunately, these inputs go through HTTP requests as well, so we’re gonna exploit this
property of the input system to bypass client-side validation. So, I turn the Burp Suite on with
my browser. I open the webpage and enter a valid email that looks like an email and passes
through the client-side validation without any issues.

Figure 2 5 Client Side Filters using Burp Suite

2
2.8 Documenting Stages of Vulnerabilities Using Tools
When creating a vulnerability management program, there are several stages you should
account for. By building these stages into your management process, you help ensure that no
vulnerabilities are overlooked. You also help ensure that discovered vulnerabilities are
addressed appropriately.

1. Identify vulnerabilities

The first stage of the management process requires identifying which vulnerabilities might
affect your systems. Once you know which vulnerabilities or vulnerability types you are
looking for, you can begin identifying which ones exist.

This stage uses threat intelligence information and vulnerability databases to guide your
search. It also often uses vulnerability scanners to identify affected components and create an
inventory for use in patch management.

As part of this phase, you want to create a full map of your system that specifies where assets
are, how those assets can potentially be accessed, and which systems are currently in place
for protection. This map can then be used to guide the analysis of vulnerabilities and ease
remediation.

2. Evaluating vulnerabilities

After you have identified all possible vulnerabilities in your system, you can begin evaluating
the severity of the threats. This evaluation helps you prioritize your security efforts and can
help reduce your risks more quickly.

If you start remediating the most severe vulnerabilities first, you can reduce the chance of an
attack occurring while you’re securing the rest of your system. When evaluating
vulnerabilities, there are several systems you can use to establish the risk of a vulnerability
being exploited.

One system is the Common Vulnerability Scoring System (CVSS). This is a standardized
system used by many vulnerability databases and researchers. CVSS evaluates the level of
vulnerability according to inherent characteristics, temporal traits, and the specific effect of
the vulnerability to your systems. The challenge with CVSS is that once a risk level is
assigned, it is permanent, so it’s important to include other factors from threat intelligence
and your own business risk information, in order to determine prioritization.

2
 3. Remediating vulnerabilities

With a prioritized vulnerability management plan in place, you can begin your remediation
efforts. During this phase, you may also want to increase monitoring or reduce access to areas
identified as at-risk. This can help prevent successful exploitation of vulnerabilities until you
can apply patches or permanently increase protections to those areas.

After vulnerabilities are addressed, make sure that you verify successful remediation.
Penetration testing is useful for this, as it can help you gauge the effectiveness of your fix. It
can also help you ensure that new vulnerabilities weren’t created during your remediation
efforts.

4. Reporting vulnerabilities

Reporting vulnerabilities after remediation may seem unnecessary, but it can help you
improve your security and responses in the future. Having a record of vulnerabilities and
when those issues were fixed shows accountability for security and is required for many
compliance standards. It can also be useful when investigating future events. For example, if
you find evidence that an attack has been ongoing, you can look at your patch histories to
narrow down possible routes and times of entry.

Additionally, reporting on your vulnerability management process creates a baseline for

future efforts. This can help you improve the effectiveness of future efforts, and can help you
avoid the inclusion of new vulnerabilities by reflecting the lessons you’ve learned.

2.9 Documenting Stages of Vulnerabilities Using Tools

Patch management is the subset of systems management that involves identifying, acquiring,
testing and installing patches, or code changes, that are intended to fix bugs, close security
holes or add features.

Patch management requires staying current on available patches, deciding which patches are
needed for specific software and devices, testing them, making sure they have been properly
installed and documenting the process.

This comprehensive guide explains the entire patch management process and its role in IT
administration and security. The hyperlinks direct you to detailed articles on patch
management best practices, tools and services.

2
Why is patch management important?

Patch management helps keep computers and networks secure, reliable and up to date with
features and functionality that the organization considers important. It is also an essential tool
for ensuring and documenting compliance with security and privacy regulations. Patching can
improve performance and is sometimes used to bring software up to date, so it will work with
the latest hardware.

How does patch management work?

Patch management works differently depending on whether a patch is being applied to a

standalone system or systems on a corporate network. On a standalone system, the operating
system and applications will periodically perform automatic checks to see if patches are
available. New patches will typically be downloaded and installed automatically.

In networked environments, organizations generally try to maintain software version

consistency across computers and usually perform centralized patch management rather than
allowing each computer to download its own patches. Centralized patch management uses a
central server that checks network hardware for missing patches, downloads the missing
patches and distributes them to the computers and other devices on the network in accordance
with the organization's patch management policy.

A centralized patch management server does more than just automate patch management; it
also gives the organization a degree of control over the patch management process. For
example, if a particular patch is determined to be problematic, the organization can configure
its patch management software to prevent the patch from being deployed.

Another advantage of centralized patch management is that it helps conserve internet

bandwidth. It makes little sense from a bandwidth perspective to allow every computer in an
organization to download the exact same patch. Instead, the patch management server can
download the patch once and distribute it to all the computers designated to receive it.

Although many organizations handle patch management on their own, some managed service
providers perform patch management in conjunction with the other network management
services they provide to clients. MSP patch management can minimize the significant
administrative hassles of doing the work in-house.

3
 CHAPTER 3 RESULTS AND DISCUSSION

3.1 Understanding the Need to Hack the Systems

To catch a thief, think like a thief. That‘s the basis for ethical To catch a thief, think like a
thief. hacking. The law of averages works against security. With the increased numbers and
expanding knowledge of hackers combined with the growing number of system
vulnerabilities and other unknowns, the time will come when all computer systems are
hacked or compromised in some way. Protecting the systems from the bad guys and not just
the generic vulnerabilities that everyone knows about-is absolutely critical.

When we know hacker tricks, we can see how vulnerable your systems are. Hacking preys on
weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual
private networks (VPN s) can create a false feeling of safety. These security systems often
focus on high-level vulnerabilities, such as viruses and traffic through a firewall, without
affecting how hackers work. Attacking the own systems to discover vulnerabilities is a step to
making them more secure. This is the only proven method of greatly hardening our systems
from attack. If we don't identify weaknesses, it's a matter of time before the vulnerabilities are
exploited. As hackers expand their knowledge, so should we.

We must think like them to protect our systems from them. We, as the ethical hacker, must
know activities hackers carry out and how to stop their efforts. We should know what to look
for and how to use that information to thwart hackers' efforts. We don't have to protect your
systems from everything. We can't. The only protection against everything is to unplug our
computer systems and lock them away so no one can touch them-not even us. That's not the
best approach to information security.

What's important is to protect our systems from known vulnerabilities and common hacker
attacks. It's impossible to buttress all possible vulnerabilities on all our systems. We can't
plan for all possible attacks—especially the ones that are currently unknown. However, the
more combinations we can try- the more we test whole systems instead of individual units-the
better our chances of discovering vulnerabilities that affect everything as a whole. Ethical
Hacking makes little sense to harden our systems from unlikely attacks.

For instance, if you don't have a lot of foot traffic in your office and no internal Web server
running, you may not have as much to worry about as an Internet hosting provider would
have. However, don't forget about insider threats from malicious employees!

3.2 Understanding the Dangers that a Systems Face

It's one thing to know that our systems generally are under fire from hackers around the
world. It's another to understand specific attacks against our systems that are possible. Many
information- security vulnerabilities aren't critical by themselves. However, exploiting

3
several vulnerabilities at the same time can take its toll. For example, a default Windows OS
configuration, a weak SQL Server administrator password, and a server hosted on a wireless
network may not be major security concerns separately. But exploiting all three of these
vulnerabilities at the same time can be a serious issue.

1. Non technical attacks:

Exploits that involve manipulating people are the greatest vulnerability within any computer
or network infrastructure. Humans are trusting by nature, which can lead to social-
engineering exploits. Social engineering is defined as the exploitation of the trusting nature of
human beings to gain information for malicious purposes. Other common and effective
attacks against information systems are physical. Hackers break into buildings, computer
rooms, or other areas containing critical information or property. Physical attacks can include
dumpster diving (rummaging through trash cans and dumpsters for intellectual property,
passwords, network diagrams, and other information).

2. Network-infrastructure attacks:

Hacker attacks against network infrastructures can be easy. because many networks can be
reached from anywhere in the world via the Internet. Here are some examples of network-
infrastructure attacks:

Connecting into a network through a rogue modem attached to a computer behind a firewall

"Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS

Flooding a network with too many requests, creating a denial of service (DoS) for legitimate
requests

Installing a network analyzer on a network and capturing every packet that travels across it,
revealing confidential information in clear text

Piggybacking onto a network through an insecure 802.11b wireless configuration

3.3 The Ethical Hacking Process

Like practically any IT or security project, ethical hacking needs to be planned in advance.
Strategic and tactical issues in the ethical hacking process should be determined and agreed
upon. Planning is important for any amount of testing-from a simple password-cracking test
to an all-out penetration test on a Web application. Formulating the plan Approval for ethical
hacking is essential. Obtaining sponsorship of the project is the first and important step. One
needs someone to back up and sign off on the plan. Otherwise, the testing may be called off

3
unexpectedly if someone claims they never authorized for the tests. The authorization can be
simple. One needs a detailed plan, but that doesn't mean we have to have volumes of testing
procedures. One slip can crash your systems not necessarily what anyone wants. A well-
defined scope includes the following information:

 Specific systems to be tested

 Risks that are involved
 When the tests are performed and your overall timeline
 How the tests are performed
 How much knowledge of the systems you have before you start
 testing

What is done when a major vulnerability is discovered? "The specific deliverables-this

includes security-assessment reports and a higher-level report outlining the general
vulnerabilities to be addressed, along with countermeasures that should be implemented
When selecting systems to test, start with the most critical or vulnerable systems.

3.4 Selecting tools

As with any project, if we don't have the right tools for ethical hacking, accomplishing the
task effectively is difficult. Having said that, just because we use the right tools doesn't mean
that we will discover all vulnerabilities. It is important to know the personal and technical
limitations. Many security-assessment tools generate false positives and negatives
(incorrectly identifying vulnerabilities). Others may miss vulnerabilities.

If we're performing tests such as social engineering or physical-security assessments, we may

miss weaknesses. Many tools focus on specific tests, but no one tool can test for everything.
For the same reason that we wouldn't drive in a nail with a screwdriver, we shouldn't use a
word processor to scan our network for open ports. This is why we need a set of specific tools
that we can call on for the task at hand. The more tools we have, the easier our ethical
hacking efforts are. It is very much essential to make sure you that we're using the right tool
for the task:

To crack passwords, we need a cracking tool such as LC4, John the Ripper or pwdump. (A
general port scanner, such as Super Scan, may not crack passwords.) For an in-depth analysis
of a Web application, A web-application assessment tool (such as Whisker or Web Inspect) is
more appropriate than a network analyzer (such as Ethereal). Hundreds, if not thousands, of
tools can be used for ethical hacking -from our own words and actions to software-based
vulnerability- assessment programs to hardware-based network analyzers. The following list
runs down some of most favorite commercial, freeware, and open-source security tools.

3
3.5 Characteristics in tools for ethical hacking
 Adequate documentation.
 Detailed reports on the discovered vulnerabilities, including how they may be
exploited and fixed.
 Updates and support when needed. High-level reports that can be presented to
managers or non tachylytes

These features can save our time and effort when we're executing the plan. Ethical hacking
can take persistence. Time and patience are important. We should be careful when we're
performing our ethical hacking tests. A hacker in our network or a seemingly benign
employee looking over our shoulder may watch what's going on. This person could use this
information against us. It's not practical to make sure that no hackers are on our systems
before we start. Just make sure to keep everything as quiet and private as possible. This is
especially critical when transmitting and storing our test results. If possible, encrypt the e-
mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum,
password-protect them. Harness as much information as possible about the organization and
systems, which is what malicious hackers do.

1. Search the Internet for your organization's name, your computer and network
system names, and your IP addresses. I think "Google" is a great place to start for this.

2. Narrow the scope, targeting the specific systems which are being tested. Whether physical-
security structures or Web applications, a casual assessment can turn up much information
about our systems.

3. Further narrow the focus with a more critical eye. Perform actual scans and other detailed
tests on the systems.

4. Perform the attacks, if that's what has been chosen to do.

3.6 Evaluating results

Assess the results to see what is uncovered, assuming that the vulnerabilities haven't been
made obvious before now. I think, this is the most important step. Evaluating the results and
correlating the specific vulnerabilities discovered is a skill that gets better with experience. At
the end of the day we'll end up knowing our systems as well as anyone else. This makes the
evaluation process much simpler moving forward.

When we've finished with our ethical hacking tests, we still need to implement our analysis
and recommendations to make sure that our systems are secure. New security vulnerabilities
continually appear. Information systems constantly change and become more complex. New
hacker exploits and security vulnerabilities are regularly uncovered. Security tests are a
snapshot of the security posture of our systems. At any time, everything can change,
especially after software upgrades, adding computer systems. or applying patches.

3
3.7 Controversy
Certain computer security professionals have objected to the term ethical hacker: "There's no
such thing as an "ethical hacker' - that's like saying 'ethical rapist' - it's a contradiction in
terms." Part of the controversy may arise from the older, less stigmatized, definition of
hacker, which has become synonymous with computer criminal. Some companies on the
other hand do not seem to mind the association. According to EC-Council, there has been an
increase of careers where CEH and other ethical hacking certifications are preferred or
required. Hacking refers to the use of computing skills to penetrate, disrupt, or interfere with
a computer system by non-standard avenues.

Hacking is a fertile debate topic because this skill can be used for many different purposes
both lawful and unlawful; ethical and unethical. Some hackers use their skills for criminal
activities while others may use their skills to create cybersecurity defenses against malicious
actors. Activists may use hacking to undermine dictatorship just as dictators might use
hacking to suppress individual liberties.

This controversial topic is extremely relevant in our tech-driven world, which makes hacking
a popular subject for a persuasive essay. The nearly infinite range of hacking activities, and
the intentions underlying them, make this a controversial topic. There are many competing
views on what should or should not be considered ethical hacking. In its earliest incarnation,
during the 1950s and 1960s, “hacker culture” represented playful subversiveness and
technical virtuosity. For the “hacker culture,” the ability to breach classified data or tinker
with a proprietary operating system was done for the sheer intellectual thrill.

In the decades that followed, hacking persisted as an activity for those with intellectual
curiosity, but also increasingly became associated with ideological and activist pursuits,
especially as they pertained to the ideas of informational freedom, and the development of
open source, non-proprietary systems and applications. Hacking also became a prominent
theme in science-fiction writing as well as in an emergent genre called cyberpunk.

By the mid-1990s, widespread internet use also produced newly widespread vulnerabilities
for private citizens, commercial entities, and national governments. The consequence has
been steady growth in use of the term hacking to describe cybercriminal activities as well as
some of the activities aimed at preventing cybercrime.

The hacking controversy, therefore, largely centers on the different ways that hacking is used
today:

Hackers, in the purest sense of the word, are those who practice hacking for the exhibition of
computing skills, the pursuit of intellectual curiosity, and the spirit of playfulness.

Hacktivists view their hacking activities through the prisms of social justice, activism,
freedom of information, software freedom, and other ideological frameworks.

Black Hat hackers, or cybercriminals, use their skills to commit financial crimes, data and
identity theft, viral attacks, and other malicious computing activities;

3
White Hat hackers are cybersecurity professionals and security hackers who use hacking
skills to identify weaknesses and recommend strategies for improvement in security systems
for financial entities, government agencies, e-commerce merchants, and more.

Malicious state actors may use hacking to suppress civil liberties, violate the privacy of their
citizens, steal secrets from other sovereign states, or engage in cyberwarfare.

3
 CHAPTER 4 CONCLUSION AND FUTURE SCOPE

4.1 Conclusion
The idea of testing the security of a system by trying to break into it is not new. From a
practical standpoint the security problem will remain as long as manufacturers remain
committed to current system architectures, produced without a firm requirement for security.
As long as there is support for ad hoc fixes and security packages for these inadequate
designs and as long as the illusory results of penetration teams are accepted as demonstrations
of a computer system security, proper security will not be a reality. Regular auditing. vigilant
intrusion detection, good system administration practice, and computer security awareness
are all essential parts of an organization's security efforts. A single failure in any of these
areas could very well expose an organization to cyber-vandalism. embarrassment, loss of
revenue or mind share, or worse. Any new technology has its benefits and its risks. While
ethical hackers can help clients better understand their security needs, it is up to the clients to
keep their guards in place.

4.2 Future Scope

It is always enticed to predict the future when it comes to computer security. Of course it's
impossible to know for sure but it is possible to make an educated guess. They say we are in
the "the golden age of hacking" and we do not agree more. Tools for both windows and
Linux are available and now anyone can actually be a decent hacker using nothing but
windows. The best of times for those curious about security and how it can be breached and
the worst of times if you are sitting on the net with a vulnerable computer.

If we were to split hacking into 3 levels, say low, middle and high. Low is requiring the least
amount of technical skill and relies more on social engineering and a few simple things like
hardware key loggers. Middle level comprises a good skill with tools available and
precompiled buffer overflows, etc... High is someone who can think way outside the box and
deepest aspects of TCP/IP and can code accordingly. Our strong feeling is that the middle
level as defined it will be the one that will disappear in the future. Buffer overflows will
become a thing of the past. Technology is growing strongly towards that direction. Exploiting
code will slowly become more and more difficult and tools that focus on that will lose more
and more of their effectiveness. Hackers will either focus on things like social engineering or
gaining physical access. Join a cleaning crew and place a hardware key logger. Come back
the next night and retrieve it and while not very sophisticated it can be very devastating none
the less. The high end will be those that understand the very core of IP6 and will understand
how to manipulate packet flows in ways no one has ever thought about. Obviously if this
scenario is correct, most hackers will focus on the low level and that perhaps is even scarier.
Using a combination of hardware and social skills could prove the most difficult to defend
against.

3
 Reports

Allison, S., Schuck, A., & Lersch, K. (2005). Exploring the crime of identity theft: prevalence,
clearance rates, and victim/offender characteristics. Journal of Criminal Justice, 33, 19-29.

Anandrao, S. (2011). Cryptovirology: Virus approach. International Journal of Network Security & Its
Applications (IJNSA), 3(4), 33-46. DOI:10.5121/ijnsa.2011.3404

Bachmann, M. (2010). The risk propensity and rationality of computer hackers. International Journal
of Cyber Criminology, 4(1/2), 643-656. Retrieved from
http://www.cybercrimejournal.com/michaelbacchmaan2010ijcc.pdf

Cohen, F. (1984). Computer viruses: theory and experiments. 7th DOD/NBS Computer Security
Conference, Gaithersburg, Maryland, United States of America, 240-263. Retrieved from
https://csrc.nist.gov/CSRC/media/Publications/conferencepaper/1984/09/24/7th-dod-nbs-computer-
security-conference/documents/1984-7thconference-proceedings.pdf

3
 Online Sources

Aleteuk. (2008, January 17). Tom Cruise Scientology video - (Original UNCUT) [Video file].
Retrieved from https://www.youtube.com/watch?v=UFBZ_uAbxS0

Alisa Esage Шевченко. (2018, September 17). [Tweet].

https://twitter.com/alisaesage/status/1041596672004878336 allaboutcookies.org (n.d.).

What are cookies in computers? Retrieved from http://www.allaboutcookies.org/

Anonymous. (n.d.a). Retrieved from https://anonofficial.com/

Anonymous (Facebook). (n.d.b). Retreived from https://www.facebook.com/anonews.co/

Anonymous (Twitter). (n.d.c). Retrieved from https://twitter.com/youranonnews?lang=en

Anonymous (YouTube). (n.d.d). Retrieved from

https://www.youtube.com/user/AnonymousWorldvoce Anonymous Official. (2014, July 6).

The Story of the Anonymous Hacktivists Full Documentary [Video file]. Retrieved from
https://www.youtube.com/watch?v=bC1ex2zRCYA

Rapid 7. (n.d.). SQL injection attacks (SQLi). Retrieved

from https://www.rapid7.com/fundamentals/sql-injection-
attacks/

3
 References

 https://trainings.internshala.com/hacking-course/
 https://scholar.google.com/
 https://www.geeksforgeeks.org/