Hacker’s Guide to Machine Learning Concepts

Hacker’s Guide to Machine Learning Concepts

Hacker’s Guide to Machine Learning Concepts

Trilokesh Khatri

Hacker’s Guide to Machine Learning Concepts

Trilokesh Khatri

ISBN - 9789361529351

COPYRIGHT © 2025 by Educohack Press. All rights reserved.

This work is protected by copyright, and all rights are reserved by the Publisher. This includes, but is not limited to, the rights to translate, reprint, reproduce, broadcast, electronically store or retrieve, and adapt the work using any methodology, whether currently known or developed in the future.

The use of general descriptive names, registered names, trademarks, service marks, or similar designations in this publication does not imply that such terms are exempt from applicable protective laws and regulations or that they are available for unrestricted use.

The Publisher, authors, and editors have taken great care to ensure the accuracy and reliability of the information presented in this publication at the time of its release. However, no explicit or implied guarantees are provided regarding the accuracy, completeness, or suitability of the content for any particular purpose.

If you identify any errors or omissions, please notify us promptly at "[email protected] & [email protected]" We deeply value your feedback and will take appropriate corrective actions.

The Publisher remains neutral concerning jurisdictional claims in published maps and institutional affiliations.

Published by Educohack Press, House No. 537, Delhi- 110042, INDIA

Email: [email protected] & [email protected]

Cover design by Team EDUCOHACK

Preface

This book is written to explain hacking concepts in-depth and encourage people to learn ethical hacking through machine learning concepts. Even beginners can start working with the book to learn topics at their own pace and intelligence. Coding examples are given to explain hacking easily and try it on your own. The book doesn't encourage malicious hacking but ethical hacking, which is in great scope right now. It's in demand, and major companies are looking for hackers with high intellectual skills and experience. Hackers can gain the required amount of knowledge from the book and start working on their own projects. There are many loopholes in the websites and databases on the internet. Hacking is an easy way to look for these loopholes and also rectify them.

Hacking is a growing field, and it grows with a direct proportionality with the industries and IT sector.

The book aims to attract an audience with zero and moderate knowledge about hacking and its benefits.

There are various technologies in trend, and some of them are covered in the book with examples that are easy to understand.

Some hardware requirements are needed to implement these examples, yet they can be done with minimum effort.

Content

01. Ethical Hacking

1.1 Introduction 1

1.2 Key – Concepts 2

1.3 How are they different from malicious

1.4 Skills and certifications required 6

1.5 Terminologies 6

1.6 Exercise 9

02. Exploiting Application-Based Vulnerabilities

2.1 Cross-Site Scripting 11

2.3 LDAP Injection 27

2.4 Cross-Site request forgery 29

2.5 Exercise 35

03. Exploiting Injection-Based Vulnerability

3.1 XML 37

3.2 XML queries 41

3.3 OS commands injections 43

3.4 No-SQL Injection 53

3.5 Exercise 58

04. Quantifying Learning Algorithms

4.1 Regularization 61

4.2 Dimensionality reduction 66

4.3 PCA 71

4.4 Exercise 79

05. Penetration Testing Tools

5.1 What is penetration testing? 81

5.2 How to use Net Sparker? 91

5.3 Exercise 101

06. Python Language

6.1 What is python? 103

6.2 Design philosophy and features 105

6.3 Syntax and semantics 106

6.4 How to install and use python 108

6.5 Python in machine learning 109

6.6 Trapped In An Infinite Loop? 134

6.7 Importing Modules 140

6.8 Aggregating and analyzing data In python 149

6.9 Exercise 159

07. Cryptology

7.1 Information theory 163

7.2 Algorithmic run time 171

7.3 Symmetric encryption 176

7.4 Asymmetric encryption 187

7.5 Hybrid Ciphers 204

7.6 Exercise 210

08. Shellcode

8.1 Assembly vs. C 212

8.2 path to shellcode 214

8.3 Shell-Spawning Shellcode 218

8.4 port-binding shellcode 219

8.5 connect-back shellcode 228

8.6 Exercise 236

09. Attacking Authentication

9.1 Authentication technologies 238

9.3 Implementation Flaws in Authentication 247

9.4 Exercise 248

10. Attacking Session Managements

10.1 Weakness in session token generation 252

10.2 weakness in session token handling 262

10.3 Exercise 280

Glossary 282

Index288

Chapter 1. Ethical Hacking

1.1 Introduction

Gaining access to a system that you simply aren’t alleged to have access to is taken into account as hacking. For example, login into an email account that’s not alleged to have access, gaining access to a foreign computer that you simply aren’t alleged to have access to, reading information that you simply aren’t alleged to read is considered as hacking. There is an outsized number of the way to hack a system. In 1960, the primary known event of hacking had taken place at ES, and at an equivalent time, the term Hacker was organized.

1.1.1 Ethical hacking

Ethical hacking is additionally referred to as White hat Hacking or Penetration Testing. Ethical hacking involves a licensed plan to gain unauthorized access to a computing system or data. Ethical hacking is employed to enhance the safety of the systems and networks by fixing the vulnerability found while testing. Ethical hackers improve the safety posture of a corporation. Ethical hackers use equivalent tools, tricks, and techniques that malicious hackers use, but with the permission of the authorized person. Ethical hacking aims to enhance safety and defend the systems from attacks by malicious users.

1.1.2 Types of Hacking

We can define hacking into different categories, supported what’s being hacked. These are as follows:

•Network Hacking: Network hacking means gathering information on a few networks with the intent to harm the network system and hamper its operations using varied tools like Telnet, NS lookup, Ping, Tracert, etc.

•Website hacking: Website hacking means taking unauthorized access over an internet server, database and make a change within the information.

•Computer hacking: Computer hacking means unauthorized access to the pc and steals knowledge from PC like Computer ID and passwords by applying hacking methods.

•Password hacking: Password hacking is that the process of recovering secret passwords from data that has been already stored within the computing system.

•Email hacking: Email hacking means unauthorized access to an Email account and using it without the owner’s permission.

1.1.3 Advantages of Hacking

•It is used to recover the loss of data, especially once you lost your password.

•It is used to perform penetration testing to extend the safety of the pc and network.

•It is used to test how good security is on your network.

1.1.4 Disadvantages of Hacking

•It can harm the privacy of somebody.

•Hacking is against the law.

•Criminal can use hacking to their advantage.

•Hampering system operations.

1.2 Key – Concepts

Hacking experts follow four key protocol concepts:

•Stay legal. Obtain proper approval before accessing and performing a security assessment.

•Define the scope. Determine the scope of the assessment so that the moral hacker’s work remains legal and within the organization’s approved boundaries.

•Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.

•Respect data sensitivity. Counting on the info sensitivity, ethical hackers may need to comply with a non-disclosure agreement, additionally to other terms and conditions required by the assessed organization.

1.2.1 Ethical Hacking: Legal or Illegal?

The International Council of E-Commerce provides certification programs for ethical hacker skills testing. These certificates must be renewed after a period of your time. Other ethical hacking certificates will also suffice, like the RHC Red Hat and Kali InfoSec certifications.

1.2.2 Necessary Skills

An Ethical Hacker needs certain skills to realize access to a computer or network system. These skills include knowing to program, using the web, problem-solving, and devising counter-security algorithms.

1.2.3 Programming Languages

An Ethical Hacker requires sufficient command of the many programming languages because different systems are created with different programming languages. The thought of learning one specific language should be avoided, and learning cross-platform languages should be prioritized. a number of these languages are listed below:

•HTML (cross-platform): Used for web hacking combined with HTML forms.

•JavaScript (cross-platform): Used for web hacking with the assistance of Java code scripts and cross-site scripting.

•PHP (cross-platform): Used for web hacking combined with HTML to seek out vulnerabilities in servers.

•SQL (cross-platform): Used for web hacking by using SQL injection to bypass the login process in web applications or databases.

•Python, Ruby, Bash, Perl (cross-platform): Used for building scripts to develop automated tools and make scripts for Hacking.

•C, C++ (cross-platform): Used for writing and exploiting via shellcodes and scripts to perform password cracking, data tampering, etc.

1.2.4 Tools

• John the Ripper

John the Ripper may be a fast and reliable toolkit that contains numerous cracking modes. This tool is very customizable and configurable, consistent with your needs. By default, John the Ripper can work with many hash types, including traditional DES, big crypt, FreeBSD MD5, Blowfish, BSDI, extended DES, Kerberos, and MS Windows LM. John also supports other DES-based tripcodes that require only be configured. This tool also can work on SHA hashes and Sun MD5 hashes and supports OpenSSH private keys, PDF files, ZIP, RAR archives, and Kerberos TGT. John the Ripper contains many scripts for various purposes, like unafs (warning about weak passwords), unshadows (passwords and shadows files combined), and unique (duplicates are far away from wordlist).

• Medusa

Medusa may be a brute-force login tool with a really fast, reliable, and modular design. Medusa supports many services that allow remote authentication, including multi thread-based parallel testing; this tool has flexible user input with a modular design that will support independent brute force services. Medusa also supports many protocols, like SMB, HTTP, POP3, MSSQL, SSH version 2, and lots more.

• Hydra

This password attack tool may be a centralized parallel login crack with several attack protocols. Hydra is very flexible, quick, reliable, and customizable for the addition of the latest modules. This tool can obtain unauthorized remote access to a system, which is extremely important for security professionals. Hydra works with Cisco AAA, Cisco authorization, FTP, HTTPS GET/POST/PROXY, IMAP, MySQL, MSSQL, Oracle, PostgreSQL, SIP, POP3, SMTP, SSHkey, SSH, and lots of more.

• Metasploit Framework (MSF)

Metasploit Framework may be a penetration testing tool that will exploit and validate vulnerabilities. This tool contains most of the choices required for social engineering attacks and is taken into account one among the foremost famous exploitation and social engineering frameworks. MSF is updated daily; new exploits are updated as soon as they’re published. This utility contains many necessary tools used for creating security workspaces for vulnerability testing and penetration-testing systems.

• Ettercap

Ettercap may be a comprehensive toolkit for man within the middle attacks. This utility supports sniffing of live connections, filtering out content on the fly. Ettercap can dissect various protocols both actively and passively and includes many various options for network analysis, also as host analysis. This tool features a GUI interface, and therefore the options are easy to use, even to a replacement user.

• Wireshark

Wireshark is one of the simplest network protocols analyzing freely available packages. Wireshark was previously referred to as Ethereal. This tool is widely employed by industries, also as educational institutes. Wireshark contains a live capturing ability for packet investigation. The output data is stored in XML, CSV, PostScript, and plain text documents. Wireshark is that the best tool for network analysis and packet investigation. This tool has both a console interface and a graphical user interface; the choice on the GUI version is extremely easy to use.

• Nmap (Network Mapper)

Nmap is brief for network mapper. This tool is an open-source utility used for scanning and discovering vulnerabilities during a network. Nmap is employed by Pen testers and other security professionals to get devices running in their networks. This tool also displays the services and ports of each host machine, exposing potential threats.

• Reaver

To recover WPA/WPA2 passphrases, Reaver adopts a brute force against Wi-Fi Protected Setup (WPS) registrar PINs. Reaver is made to be a reliable and effective WPS attack tool and has been tested against a broad range of access points and WPS frameworks. Reaver can recover the specified access point WPA/WPA2 secured password in 4-10 hours, counting on the access point. In actual practice, however, this point could be reduced to half.

• Autopsy

Autopsy is an all-in-one forensic utility for fast data recovery and hash filtering. This tool carves deleted files and media from unallocated space using PhotoRec. Autopsy also can extract EXIF extension multimedia. Additionally, Autopsy scans for compromise indicators using STIX library. This tool is out there within the instruction, also because of the GUI interface.

1.3 How are they different from malicious

hackers?

Ethical hackers use their knowledge to secure and improve organizations’ technology. they supply an important service to those organizations by trying to find vulnerabilities that will cause a security breach. An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they supply remediation advice. In many cases, with the organization’s consent, the moral hacker performs a re-test to make sure the vulnerabilities are fully resolved. Malicious hackers shall gain unauthorized access to a resource (the more sensitive, the better) for gain or personal recognition. Some malicious hackers deface websites or crash backend servers for fun, reputation damage, or to cause loss. The methods used and vulnerabilities found remain unreported. They aren’t concerned with improving the organization’s security posture.

1.4 Skills and certifications required

An ethical hacker should have a wide range of computer skills. They often specialize, becoming subject matter experts (SME) in a particular area within the ethical hacking domain.

All ethical hackers should have:

•Expertise in scripting languages.

•Proficiency in operating systems.

•A thorough knowledge of networking.

•A solid foundation in the principles of information security.

1.5 Terminologies

Following may be a list of important terms utilized in the sector of hacking.

•Adware − Adware is software designed to force pre-chosen ads to display on your system.

•Attack − An attack is an action that’s done on a system to urge its access and extract sensitive data.

•Back door − A back door, or door, maybe a hidden entry to a computer or software that bypasses security measures, like logins and password protections.

•Bot − A bot may be a program that automates an action so that it is often done repeatedly at a way higher rate for a more sustained period than a person’s operator could roll in the hay. for instance, sending HTTP, FTP, or Telnet at a better rate or calling script to make objects at a better rate.

•Botnet − A botnet, also referred to as a zombie army, may be a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks.

•Brute force attack − A brute force attack is an automatic and the simplest quiet method to realize access to a system or website. It tries different combinations of usernames and passwords, over and once again, until it gets in.

•Buffer Overflow − Buffer Overflow may be a flaw when more data is written to a block of memory or buffer than the buffer is allocated to carry.

•Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.

•Cracker − A cracker modifies the software to access the features considered undesirable by the person cracking the software, especially copy protection features.

•Denial of service attack (DoS) − A denial of service (DoS) attack may be a malicious plan to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a number connected to the web.

•DDoS − Distributed denial of service attack.

•Exploit Kit − An exploit kit is a software designed to run on web servers, with the aim of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client.

•Exploit − Exploit may be a piece of software, a piece of knowledge, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the safety of a computer or network system.

•Firewall − A firewall may be a filter designed to stay unwanted intruders outside a computing system or network while allowing safe communication between systems and users within of the firewall.

•Keystroke logging − Keystroke logging is that the process of tracking the keys which are pressed on a computer (and which touchscreen points are used). It’s simply the map of a computer/human interface. It’s employed by Gray and black hat hackers to record login IDs and passwords. Keyloggers are usually secreted onto a tool employing a Trojan delivered by a phishing email.

•Logic bomb − an epidemic secreted into a system that triggers a malicious action when certain conditions are met. The foremost common version is that the time bomb.

•Malware − Malware is an umbrella term want to ask for a spread of sorts of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

•Master Program − A master program is that the program a black hat hacker uses to remotely transmit commands to infected zombie drones, normally to hold out Denial of Service attacks or spam attacks.

•Phishing − Phishing is an e-mail fraud method during which the perpetrator sends out legitimate-looking emails to collect personal and financial information from recipients.

•Phreaker − Phreakers are considered the first computer hackers, and that they are those that force an entry into the phone network illegally, typically to form free long-distance phone calls or to tap phone lines.

•Rootkit − Rootkit may be a stealthy sort of software, typically malicious, designed to cover the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

•Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched or poorly configured software.

•Social engineering − Social engineering implies deceiving someone to acquire sensitive and private information, like Mastercard details or user names and passwords.

•Spam − A Spam is just an unsolicited email, also referred to as junk email, sent to an outsized number of recipients without their consent.

•Spoofing − Spoofing may be a technique want to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

•Spyware − Spyware is software that aims to collect information from a few people or organizations without their knowledge which may send such information to a different entity without the consumer’s consent or that asserts control over a computer without the consumer’s knowledge.

•SQL Injection − SQL injection is an SQL code injection technique, wants to attack data-driven applications, during which malicious SQL statements are inserted into an entry field for execution (e.g., to dump the database contents to the attacker).

•Threat − A threat may be a possible danger that will exploit an existing bug or vulnerability to compromise the safety of a computer or network system.

•Trojan − A Trojan, or computer virus, maybe a computer virus disguised to seem sort of a valid program, making it difficult to differentiate from programs that are alleged to be there designed to destroy files, alter information, steal passwords, or other information.

•Virus − an epidemic may be a computer virus or a bit of code that is capable of copying itself and typically features a detrimental effect, like corrupting the system or destroying data.

•Vulnerability − A vulnerability may be a weakness that allows a hacker to compromise the safety of a computer or network system.

•Worms − A worm may be a self-replicating virus that doesn’t alter files but resides in active memory and duplicates itself.

•Cross-site Scripting − Cross-site scripting (XSS) may be a sort of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into sites viewed by other users.

•Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that’s getting used anonymously as a soldier or ‘drone’ for malicious activity, for instance, distributing unwanted spam e-mails.

1.6 Exercise

1. What is ethical hacking?

2. What are the key concepts involved in ethical hacking?

3. How is ethical hacking legal?

4. What are some key benefits of ethical hacking?

5. What are the disadvantages of ethical hacking?

6. What is malicious hacking?

7. How is ethical hacking different from malicious hacking?

8. What are the skills required for being an ethical hacker?

9. What are some major certifications required in this field?

10. Define the following:

• botnet

• adware

• malware

• spam

• butter overflow

• clone fishing

• cracker

• denial of service attack

• DDOS

• firewall

• logic bomb

• fishing

• spoofing

• spyware

• trojan

• virus

• a zombie

• HTTP

• FTP

• TCP/IP

11. How is fishing different from spoofing?

12. Explain different types of malware.

13. How is a trojan different from a virus?

14. Are bots and zombies different?

15. What could be possible vulnerabilities faced by a network?

References

Seitz, J., & Arnold, T. (2021). Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd ed.). No Starch Press.

Sarwar, F. A. (2021). Python Ethical Hacking from Scratch: Think like an ethical hacker, avoid detection, and successfully develop, deploy, detect, and avoid malware. Packt Publishing.

Gupta, A., & Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal Of Engineering And Computer Science. Published. https://doi.org/10.18535/ijecs/v6i4.42

McFedries, P. (2004). Hacking unplugged [review of hacking activities and terminology]. IEEE Spectrum, 41(2), 80. https://doi.org/10.1109/mspec.2004.1265143

S. (2021, June 17). What is Ethical Hacking and Type of Ethical Hackers. Simplilearn.Com. https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking

Ethical Hacking Tutorial. (2021). Ethical Hacking. https://www.tutorialspoint.com/ethical_hacking/index.htm

Harper, A., Regalado, D., Linn, R., Sims, S., Spasojevic, B., Martinez, L., Baucom, M., Eagle, C., & Harris, S. (2018). Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth Edition (5th ed.). McGraw-Hill Education.

Ethical Hacking - javatpoint. (2019). Www.Javatpoint.Com. https://www.javatpoint.com/ethical-hacking

EC-Council. (2018). What is Ethical Hacking | Types of Ethical Hacking. https://www.eccouncil.org/ethical-hacking/

Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2018). Hacking, Protection and the Consequences of Hacking, Protection and the Consequences of Hacking. Communications - Scientific Letters of the University of Zilina, 20(2), 83–87. https://doi.org/10.26552/com.c.2018.2.83-87

Chapter 2. Exploiting Application-Based Vulnerabilities

2.1 Cross-Site Scripting

Cross-site scripting is additionally referred to as XSS. When malicious JavaScript is executed by a hacker within the user’s browser, then cross-site scripting will occur. During this attack, the code is going to be run within the browser of the victim. Upon initial injection, the attacker doesn’t fully control the location. Instead, the malicious code is attacked on the highest of a legitimate website by the bad actor. Whenever the website is loaded, the malware is going to be executed, and this may load to trick the browser.

2.1.1 JavaScript in XSS

JavaScript may be a programming language that runs on an internet server inside. The interactivity and functionality are added to the online page using the client-side code. It’s used extensively on CMS platforms or all major applications. If the JavaScript code exists inside our browser, it’ll not impact the web site’s visitors, unlike the server-side language like PHP. JavaScript cannot run on the server because it’s client-side. Using the background requests, it can interact with the server. An attacker can use these background requests to feature malicious content to an internet page without refreshing the online page. These requests can perform the actions asynchronously or gather analytics about the browser of the client.

2.1.2 Working of Cross-site scripting

When the attacker exploits a vulnerability on the software of an internet site, only then can they inject their code into an internet page of the victim’s website. After successfully exploiting the vulnerability, attackers can inject their script, which can be executed using the victim’s browser.

When the victim’s browser page successfully runs the JavaScript, sensitive information about the target user is often accessed from the session. The session allows an attacker to focus on the location administrator and completely compromise an internet site.

The cross-site scripting attack will be very useful when most of the publicly available pages on the website have vulnerabilities. During this case, the malicious code is often injected by adding their malicious content, phishing prompt, ads on the website to focus on the website’s visitors.

2.1.3 Types of Cross-site scripting attacks

There are various ways to use cross-site scripting on the idea of our goals. the foremost common sort of cross-site scripting attacks is as follows:

2.1.3.1 Stored Cross-site scripting attack

When a payload is stored by the attacker on the compromised server, during this case, a stored cross-site scripting attack will occur. Thanks to this, the malicious code will be delivered by the website to the opposite visitors. During this attack, the initial action is merely required by the attacker, and thanks to this, many visitors need to be compromised. The stored cross-site attack is that the most dangerous cross-site scripting. An example of this attack includes the fields of our profile like our email id, username, which are stored by the server and displayed on our account page.

2.1.3.2 Reflected Cross-site scripting attack

When the info is shipped from browser to server, and therefore the payload is stored therein data, during this case, reflected cross-site scripting would occur. An example of