A Seminar Report

On

“HACKING-The Art of Exploitation”

Submitted By
Master Aniket D. Jawade
(Second Year)
(Department of Computer Science & Engineering)

Under Guidance Of
Miss. M.O. Sharma

Department of

COMPUTER SCIENCE & ENGINEERING

DATTA MEGHE INSTITUTE OF ENGINEERING
TECHNOLOGY& RESEARCH
SAWANGI MEGHE WARDHA.

YEAR-2016-2017

ISO 9001:2008 CERTIFIED

 Certificate
This is to certify that

Master Aniket D. Jawade

Of second year Diploma (C.S.E) has
Successfully completed his seminar titled

“HACKING-THE ART OF EXPLOITATION”

And submitted the seminar report in partial fulfilment of the
Diploma in Computer Science & Engineering
During academic year: 2016-2017.

Department of

COMPUTER SCIENCE & ENGINEERING

DATTA MEGHE INSTITUTE OF ENGINEERING TECHNOLOGY & RESEARCH

SAWANGI MEGHE WARDHA.

YEAR-2016-2017

Mr. A.S.Durani Miss.M.O.Sharma

(H.O.D) (Subject Teacher)

(Department of C.S.E.) (Department of Poly)

 INTRODUCTION
The term “Hacker” has a dual usage in the computer industry today.
Originally, the term was defined as:

A person who enjoys learning the details of computer system

and how to stretch their capabilities

This complimentary description was often extended to the verb

form “hacking”, which was used to describe the rapid crafting of
a new program of making of changes to existing, usually
complicated software

Because of this increasingly popularity of computers and their

continued high coast, access to them was restricted. When
refused access to the computers, some users would steal
passwords or account by looking on some ones shoulders.

Explore the system for bugs that might get them past the rules
or even take control of the whole system they would do these
things in order to be able to run the programs of their choice or
just to change the limitation under which their programs were
running. Since calling someone “hacker” was originally meant as
a compliment, computer security professionals prefer to use the
term “cracker” or similar “intruder” for those hackers who turn
dark sides of hacking. For clarity, we will use the explicit terms
“ethical hacker” and “criminal hacker”.

That is the good ones who are making use of their skills for good
purpose are called as “ethical hackers”

And the people who are making illegal use of their skills are
called has simply hacker or “crackers”.
TYPES OF HACKERS
SCRIPT KIDDIES
In programming and hacking culture, a script kiddie or
skiddie (other names include skid or script bunny is an unskilled
individual who uses scripts or programs developed by others to
attack computer systems and networks and deface websites. It is
generally assumed that script kiddies are juveniles who lack the
ability to write sophisticated programs or exploits on their own
and that their objective is to try to impress their friends or gain
credit in computer-enthusiast communities. However, the term
does not relate to the actual age of the participant. The term is
generally considered to be pejorative.

"The more immature but unfortunately often just as dangerous

exploiter of security lapses on the Internet. The typical script
kiddie uses existing and frequently well-known and easy-to-find
techniques and programs or scripts to search for and exploit
weaknesses in other computers on the Internet—often randomly
and with little regard or perhaps even understanding of the
potentially harmful consequences”.

Script kiddies vandalize websites both for the thrill of it and to

increase their reputation among their peers. Some more
malicious script kiddies have used virus toolkits to create and
propagate the Anna Kournikova and Bug viruses. Script kiddies lack,
or are only developing, programming skills sufficient to
understand the effects and side effects of their actions. As a
result, they leave significant traces which lead to their detection,
or directly attack companies.
 WHITE HAT (COMPUTER SECURITY)

The term "white hat" in Internet slang refers to an ethical

computer hacker, or a computer security expert, who specializes
in penetration testing and in other testing methodologies to
ensure the security of an organization's systems. Ethical is a term
coined by IBM meant to imply a broader category than just
penetration testing. Contrasted with black hat, a malicious
hacker, the name comes from Western films, where heroic and
antagonistic cowboys might traditionally wear a white and a
black hat respectively.

White-hat hackers may also work in teams called "sneakers", red

teams, or tiger teams.

Some other methods of carrying out these include:

 DoS attacks
 Social engineering tactics
 Security scanners such as:
o W3af
o Nessus
o Nexpose
 Frameworks such as:
o Metasploit

Such methods identify and exploit known vulnerabilities, and

attempt to evade security to gain entry into secured areas. They
are able to do this by hiding software and system 'back-doors'
that could be used as a link to the information or access the non-
ethical hacker, also known as 'black-hat' or 'grey-hat', may want
to reach.
 BLACK HAT

A black-hat hacker is a hacker who "violates computer security

for little reason beyond maliciousness or for personal gain".

The term was coined by Richard Stallman, to contrast the

maliciousness of a criminal hacker versus the spirit of
playfulness and exploration of hacker culture, or the ethos of the
white-hat hacker, who performs hickory duties to identify places
to repair. The black-hat and white-hat terminology originates in
Western films, where heroic and antagonistic cowboys might
traditionally wear a white and a black hat respectively.

Black-hat hackers form the stereotypical, illegal hacking groups

often portrayed in popular culture, and are "the epitome of all
that the public fears in a computer criminal". Black-hat hackers
break into secure networks to destroy, modify, or steal data or to
make the network unusable for those who are authorized to use
the network.
 GREY HAT

The term "grey hat" refers to a computer hacker or computer

security expert who may sometimes violate laws or typical
ethical standards, but does not have the malicious intent typical
of a black hat hacker.

The term began to be used in the late 1990s, derived from the
concepts of "white hat" and "black hat" hackers. When a white
hat hacker discovers a vulnerability, they will exploit it only with
permission and not divulge its existence until it has been fixed,
whereas the black hat will illegally exploit it and/or tell others
how to do so. The grey hat will neither illegally exploit it, nor tell
others how to do.

The phrase grey hat was first publicly used in the computer
security context when DEF CON announced the first scheduled
Black Hat Briefings in 1996, although it may have been used by
smaller groups prior to this time. Moreover, at this conference a
presentation was given in which Madge, a key member of the
hacking group L0pht, discussed their intent as grey hat hackers
to provide Microsoft with vulnerability discoveries in order to
protect the vast number of users of its operating system. Finally,
Mike Nash, Director of Microsoft’s server group, stated that grey
hat hackers are much like technical people in the independent
software industry in that “they are valuable in giving us feedback
to make our products better.
 HACKTIVISM

Hacktivism or hactivism (a portmanteau of hack and activism)

is the subversive use of computers and computer networks to
promote a political agenda. With roots in hacker culture and
hacker ethics, its ends are often related to the free speech,
human rights, or freedom of information movements.

The term was coined in 1994 by a Cult of the Dead Cow (cDc)
member known as "Omega" in an e-mail to the group. Due to
the variety of meanings of its root words, hacktivism is
sometimes ambiguous and there exists significant disagreement
over the kinds of activities and purposes it encompasses. Some
definitions include acts of cyber terrorism while others simply
reaffirm the use of technological hacking to affect social change.

Hacktivist activities span many political ideals and issues. Free net, a
peer-to-peer platform for censorship-resistant communication, is a
prime example of translating political thought (anybody should be
able to speak freely) into code.

"Hacktivism" is a controversial term with several meanings. The word

was coined to characterize electronic direct action as working toward
social change by combining programming skills with critical thinking.
But just as hack can sometimes mean cyber crime, hacktivism can be
used to mean activism that is malicious, destructive, and undermining
the security of the Internet as a technical, economic, and political
platform.
 TYPES OF HACKING

Interruption
In an interruption, an asset of the system becomes lost, unavailable, or unusable.

An interception means that some unauthorized party has gained access to an

asset.

Modification
If an unauthorized party not only accesses but tampers with an asset, the threat is a
modification. For example, someone might change the values in a database, alter a
program so that it performs an additional computation, or modify data being
transmitted electronically.

Fabrication
An unauthorized party might create a fabrication of counterfeit objects on a
computing system. The intruder may insert spurious transactions to a network
communication system or add records to an existing database.

HOW CAN BE A REAL HACKER?

 To be a real Hacker one should be a master in
C/C++/assembly language.
 It is important to Study the whole architecture
of computer.
 Studying operating systems can help to hack
any type of device.
 Study computer network to hack any device
over networks.
 Examine the hacking tools for a month.
 Think the problems of the computer, so that if
any occur during process you can solve it.

WHY DO HACKERS ATTACK?

 It is just a fun for them.
 To show off it to others.
 To hack others system.
 Notify many people their thoughts, which can
be good or bad.
 To steal others important information.
 Destroy enemy’s computer network during the
war, which can be very hazardous on
international level.

Types of Hacking Attacks

 Simplicity
It is a simple attack performed. But it’s
results are very impressive.

 Mastery
It is an complicated attack which is
performed by experts. And only hackers
can understand it...

 Illicitness
It is an illegal attack, which is against of
all rules.

Advantages of Hacking
 Hacking can be very useful if any important file
or information is lost, it can help to recover lost
data.
 Hacking shows us that any kind of technical
device is not secure.
 It can be very helpful to fight against terrorism
& national security breaches.

Disadvantages of Hacking…
 Hacking is the illegal thing.
 Hackers can destroy any type of important file
for their favour.
 Enemy can use it to destroy someone’s privacy.
 Criminals use it to do crimes all over internet.

Conclusion
 Hackers are of good type and bad type but it
depends upon which path you choose.
 Education doesn’t teaches bad things its human
they make choices.