Introducing to Ethical Hacking

Industrial Report Submitted in partial fulfillment of the

requirement for the degree of

Bachelor
Of
Computer Application
Under the supervisor of
Ms. Bhawna Sharma
By
Kanak Sharma
20-BCA-16

Department of Advance Computing

AP Goyal Shimla University,
Shimla, Himachal Pradesh-171009
December, 2022

i
 DECLARATION

I hereby declare that the Industrial Report entitled “Introducing

to Ethical Hacking" is an authentic record of my own work as
requirements of Industrial Training during the period from July
2022 to August 2022 for the award of degree of Bachelor of
Science in Cyber Security to Alakh Prakash Goyal Shimla
University, under the guidance of (Ms. Bhawna Sharma).

Kanak Sharma
Date- ________ 20-BCA-16

ii
CERTIFICATE

iii
 ACKNOWLEDGEMENT

First of all, I thank my Lord and God who has made me what I have
been. I thank him for the Salvation he has given me and also for
making me know the right way to go and be in the Kingdom of God.

I thank my Parents, my father and my mother for supporting me

throughout my life, making me gain Strength every Holy Day, I love
my parents.

I am grateful to my Supervisor Ms. Bhawna Sharma Assistant

professor, who has always been concerned with improving this
work, since the beginning of she has always supported me in all
phases of the work.

I also thank Assistant professor Mr. ANKIT THAKUR the Head of

the Department of Computer Science Engineering program of the
Master's Department in APG Shimla University.

I thank all my Friend in the Branch of computer application for the

good moment spend together and cooperation.

I am grateful to all the people that I may have forgotten to mention

in this acknowledgment.

Place

Shimla

iv
 About the company: Thinknext Technologies

ThinkNEXT Technologies Private Limited (An ISO 9001:2008

Certified Company), is emerging as most innovative company in
Education Domain in India. The Management of ThinkNEXT
Technologies Private Limited has wide experience more than nine
years in education domain. Over the years, we have worked very
closely with Universities, Group of Colleges and other
Institutions. We have wide experience working with eminent
Educationists, Managements, Directors, Principals, Head of
Departments, other Staff Members, Parents and students.
Therefore we do not sell only software Modules but an innovative
system which has more importance than just ERP software
modules. Today Smart Campus solutions are a need of hour for
every University/Group of Colleges or an Institution to make edge
over others and maintain a lead over their competitors. Our
Research and Development09 team is committed to make your
institute(s) to maintain lead over their competitors.

ThinkNEXT Technologies Private Limited approved from Ministry

of Corporate Affairs which deals in Web Designing and
Development, Mobile Apps Development, Digital Marketing,
College/School ERP Software, University Conferences and
Journals Management, Android/iPhone Mobile Apps
development , Cloud Telephony Services, Bulk SMS, Voice SMS,
TechSmart Classes (Schools), Biometrics Time Attendance,
Security Systems, PLC/SCADA Solutions, Embedded Systems
based Electronics Kits and CAD/CAM Consultancy etc.

v
 Table of Contents

CHAPTER CHAPTER NAME Page NO.

NO.
Title Page i
Declaration ii
Certificate iii
Acknowledgement iv
About the company v
Table of Contents vi
List of Figures vii
1. Introduction 1
2. Ethical Hacking 2-6
3. Kali Linux 7-10
4. Commonly Hacked Ports 11-13
5. Most Common Hacks 14-18

6. Network Mapping 19-21

7. Penetration Testing 22-26

vi
 LIST OF FIGURES

FIGURE NO. FIGURE NAME PAGE NO.

1.1 DDOS Attack 5
1.2 SQL Injection 5
2.1 Kali Linux 7
2.2 Kali Linux Installation 10
3. Hacked Ports 12

4. Scanning Methodology 18
5. Network Mapping 21
6. NMap 24

vii
Introduction

Ethical Hacking is a process in which hackers get access to a

network and system to identify potential threats. The individuals
undertaking this process of ethical hacking refer to White Hackers.
The term “white” comes here due to their positive intention to help
organizations strengthen their security. The importance of ethical
hacking doesn’t end here.

The countries are always alert about each other’s movements even
in cyberspace. With even small conflicts, many use their
intelligence team to hack into the country’s server for information.

The question of national security comes at stake in such cases.

But ethical hacking can prevent such situations. They can make
use of it to identify potential threats and avoid the compromise of
important data.

The government recognizes the value of ethical hackers and even

offers official certifications to them. For organizations, these
hackers can perform regular audits and training to keep them on
their toes. They can be in their security teams or at security
consultant firms.

1
Chapter 1:

Ethical Hacking

Ethical hacking is the practice of identifying vulnerabilities in a

computer system orr a network to exploit the security to gain
access to personal data or business data.

Hacker

A Hacker is a person who finds and exploits the weakness in

computer systems and/or networks to gain access. Hackers are
usually skilled computer programmers (HTML, PHP, Python, Perl,
Java Script etc) with knowledge of computer security.

Types of Hackers

White Hat Hackers

• White Hat hackers are also known as Ethical Hackers. They never
intent to harm a system, rather they try to find out weaknesses in
a computer or a network system as a part of penetration testing
and vulnerability assessments.

• Ethical hacking is not illegal and it is one of the demanding jobs

available in the IT industry. There are numerous companies that
hire ethical hackers for penetration testing and vulnerability
assessments.

Black Hat Hackers

•Black Hat hackers, also known as crackers, are those who hack
in order to gain unauthorized access to a system and harm its
operations or steal sensitive information.

2
• Black Hat hacking is always illegal because of its bad intent
which includes stealing corporate data, violating privacy,
damaging the system, blocking network communication, etc.

Grey Hat Hackers

• Grey hat hackers are a blend of both black hat and white hat
hackers. They act without malicious intent but for their fun, they
exploit a security weakness in a computer system or network
without the owner's permission or knowledge.

• Their intent is to bring the weakness to the attention of the

owners and getting appreciation or a little bounty from the owners.

Types of Ethical Hacking

There are different kinds of ethical hacking practices since almost

every component of a system can be hacked and these 'hacking'
performances require deep knowledge regarding the component.
Below you can find a list of different ethical hacking practices.

• Email Hacking

• Web application hacking.

• Social engineering

• System hacking

• Hacking wireless networks

• Web server hacking

• Software Hacking

3
Ethical Hacking Terminologies

• Trojan- A Trojan, or Trojan Horse, is a malicious program

disguised to look like a valid program, making it difficult to
distinguish from programs that are supposed to be there designed
with an intention to destroy files, alter information, steal
passwords or other information.

• Vulnerability- A vulnerability is a weakness which allows a

hacker to compromise the security of a computer or network
system.

• Attack- An attack is an action that is done on a system to get

its access and extract sensitive data.

• Botnet- A botnet, also known as zombie army, is a group of

computers controlled without their owners' knowledge. Botnets are
used to send spam or-make denial of service attacks.

• Brute force attack- A brute force attack is an automated and

the simplest kind of method to gain access to a system or website.
It tries different combination of usernames and passwords, over
and over again, until it gets in.

• Clone phishing- Clone phishing is the modification of an

existing, legitimate email with a false link to trick the recipient into
providing personal information.

• DDoS- -Distributed denial of service attack.

4
 Fig. 1.1 – DDOS Attack

* Exploit-Exploit is a piece of software, a chunk of data, or a

sequence of commands that takes advantage of a bug or
vulnerability to compromise the security of a computer or network
system.

• SOL Injection- SQL injection is an SQL code injection

technique, used to attack data-driven applications, in which
malicious SQL statements are inserted into an entry field for
execution (e.g., to dump the database contents to the attacker.

Fig. 1.2 – SQL Injection

5
Career in Ethical Hacking

1) Network administrator/manager

2) Security investigator

3) Penetration tester

4) Web security administrator/manager

5) Data security analyst/specialist

6) Computer/digital forensics investigator

7) IT security administrator/consultant/manager

8) Network defence technicians

Operating Systems for Ethical Hackers

1) Kali Linux Operating System.

2) Parrot Operating System.

3) BackBox Operating System.

4) BlackArch Operating System.

5) Samurai Web Testing Framework.

6
Chapter 2:

Kali Linux

Kali Linux is a Debian-based Linux distribution that comes with a

plethora of pre-installed tools to help with information security
tasks like ethical hacking. Kali Linux was developed by a renowned
information security company called Offensive Security.

Key Features: -

• Over 600 penetration testing tools pre-installed

• Free of cost

• Multi-language support

Fig 2.1 – Kali Linux

7
Professionals that use Kali Linux

• Security Administrators- Security Administrators are

responsible for safeguarding their institution’s information
and data. They use Kali Linux to review their environment(s)
and ensure there are no easily discoverable vulnerabilities.
• Network Administrators- Network Administrators are
responsible for maintaining an efficient and secure network.
They use Kali Linux to audit their network. For example, Kali
Linux has the ability to detect rogue access points.
• Network Architects- Network Architects, are responsible
for designing secure network environments. They utilize Kali
Linux to audit their initial designs and ensure nothing was
overlooked or misconfigured.
• Pen Testers- Pen Testers, utilize Kali Linux to audit
environments and perform reconnaissance on corporate
environments which they have been hired to review.
• Forensic Engineers- Kali Linux possess a “Forensic
Mode”, which allows a Forensic Engineer to perform data
discovery and recovery in some instances.
• White Hat Hackers- White Hat Hackers, similar to Pen
Testers use Kali Linux to audit and discover vulnerabilities
which may be present in an environment.
• Black Hat Hackers- Black Hat Hackers, utilize Kali Linux
to discover and exploit vulnerabilities. Kali Linux also has
numerous social engineer applications, which can be utilized

8
 by a Black Hat Hacker to compromise an organization or
individual.
• Grey Hat Hackers- Grey Hat Hackers, lie in between
White Hat and Black Hat Hackers. They will utilize Kali Linux
in the same methods as the two listed above.

Kali Linux Installation Methods

1) Directly on a PC, Laptop- Utilizing a Kali ISO image, Kali

Linux can be installed directly onto a PC or Laptop. This method
is best if you have a spare PC and are familiar with Kali Linux.
Also, if you plan or doing any access point testing, installing Kali
Linux directly onto Wi-Fi enabled laptop is recommended.

2) Virtualized (VMware, Hyper-V, Oracle VirtualBox,

Citrix)- Kali Linux supports most known hypervisors and can be

easily into the most popular ones. Pre-configured images are
available for download from https://www.kali.org/, or an ISO can
be used to install the operating system into the preferred
hypervisor manually.

3) Cloud (Amazon AWS, Microsoft Azure)- Given the

popularity of Linux, both AWS and Azure provide images for Kali
Linux.

4) USB Boot Disc- Utilizing Kali Linux’s ISO, a boot disc can be
created to either run Kali Linux on a machine without actually
installing it or for Forensic purposes.

9
5) Windows 10 (App)- Kali Linux can now natively run on
Windows 10, via the Command Line. Not all features work yet as
this is still in beta mode.

6) Mac (Dual or Single boot)- Kali Linux can be installed on

Mac, as a secondary operating system or as the primary. Parallels
or Mac’s boot functionality can be utilized to configure this setup.

Fig. 2.2 – Kali Linux Installation

10
Chapter 3:

Commonly Hacked Ports

• Port 20,21- FTP. An outdated and insecure protocol,

which utilize no encryption for both data transfer and
authentication.
• Port 22- SSH. Typically, it is used for remote management.
While it is generally considered secure, it requires proper key
management.
• Port 23- Telnet. A predecessor to SSH, is no longer
considered secure and is frequently abused by malware.
• Port 25- SMTP. If not properly secured, it can be abused
for spam e-mail distribution.
• Port 53- DNS. Very often used for amplification DDoS
attacks.
• Port 139- NetBIOS. Legacy protocol primarily used for file
and printer sharing.
• Ports 80,443- Used by HTTP and HTTPS. HTTP servers
and their various components are very exposed and often
sources of attacks.
• Port 445- SMB. Provides sharing capabilities of files and
printers. Used in the 2017 WannaCry attack.
• Ports 1433, 1434, and 3306- SQL Server and
MySQL default ports - used for malware distribution.

11
 • Port 3389- Remote Desktop. Utilized to exploit various
vulnerabilities in remote desktop protocols, as well as weak
user authentication. Remote desktop vulnerabilities are
commonly used in real world attacks, with the last example
being the BlueKeep vulnerability.

Fig. 3 – Hacked Ports

Set Up of Virtual Environment

1) Virtual Machine- Virtual machines allow you to run an

operating system in an app window on your desktop that behaves
like a full, separate computer. You can use them play around with
different operating systems, run software your main operating
system can't, and try out apps in a safe, sandboxed environment.

Eg: VMware Workstation Player, VirtualBox, Parallels Desktop,

QEMU, Citrix Hypervisor, Xen Project. Microsoft Hyper-V etc.

12
2) Operating System:

Eg: Kali Linux, Parrot, BlackArch, Backbox, ninjutsu etc.

3) Essential Tools:

Eg: Metasploit Framework (MSF), Nmap, John the Ripper, OWASP

ZAP, WireShark etc.

13
Chapter 4:

Most Common Hacks

1) Phishing is a commonly known hacking technique where a

hacker creates a replica of some web page in order to steal money
or personal information of users.

2) Denial of Service (DoS\DDoS) One of the most common

types of attacks, DoS or DDOS (Distributed Denial of Service) is
employed to disable or crash a server. Hackers generally do this by
sending tonnes of server requests via bots.

3) DNS spoofing or DNS cache poisoning is used by hackers

to infect DNS servers and redirect internet traffic to a similar but
fraudulent website.

4) SQL Injection Using this technique, hackers place malicious

code in SQL statements and are able to access and control
sensitive databases.

5) Brute force Considered as one of the simplest methods gain

access, brute force is a hacking technique where a hacker tries
numerous combinations of usernames and passwords until he is
able to get into the target system.

6) Man in the Middle Attack In this attack, a hacker

positions himself in the middle of a conversation happening
between a user and an application. Mostly, the motive is to gain
sensitive user or business information.

14
Phases of Ethical Hacking

1) Information Gathering - Reconnaissance is the phase

where the attacker gathers information about a target using active
or passive means. The tools that are widely used in this process
are NMAP, Hping, Maltego, and Google Dorks.

2) Scanning - In this process, the attacker begins to actively

probe a target machine or network for vulnerabilities that can be
exploited. The tools used in this process are Nessus, Nexpose, and
NMAP.

3) Gaining Access - In this process, the vulnerability is located

and you attempt to exploit it in order to enter into the system. The
primary tool that is used in this process is Metasploit.

4) Maintaining Access - It is the process where the hacker has

already gained access into a system. After gaining access, the
hacker installs some backdoors in order to enter into the system
when he needs access in this owned system in future. Metasploit
is the preferred tool in this process.

5) Clearing Tracks - This process is actually an unethical

activity. It has to do with the deletion of logs of all the activities
that take place during the hacking process.

15
Scanning

Scanning is a set of procedures for identifying live hosts, ports, and

services, discovering Operating system and architecture of target
system, Identifying vulnerabilities and threats in the network.
Network scanning is used to create a profile of the target
organization.

Types of Scanning:

• Network Scanning
• Port Scanning
• Vulnerability Scanning

Objectives of Network Scanning

• To discover live hosts/computer, IP address, and open ports

of the victim.
• To discover services that are running on a host computer.
• To discover the Operating System and system architecture of
the target.
• To discover and deal with vulnerabilities in Live hosts.

Best IP Scanner Tools for Windows

• Free IP Scanner
• IP Address Manager
• PRTG Network Monitor

16
 • Angry IP Scanner
• IP Scanner by Spiceworks
• Network Scanner
• Advanced IP Scanner
• IP Range Scanner
• ZenNMAP

Best Network Scanners for Linux

• Netdiscover
• Nessus
• Nikto
• OpenVAS
• Angry IP scanner
• Nmap
• Qualys FreeScan

Port Scanning

A port scan is a method for determining which ports on a network

are open. As ports on a computer are the place where information
is sent and received, port scanning is analogous to knocking on
doors to see if someone is home. Running a port scan on a network
or server reveals which ports are open and listening (receiving
information), as well as revealing the presence of security devices
such as firewalls that are present between the sender and the
target. This technique is known as fingerprinting. It is also

17
valuable for testing network security and the strength of the
system's firewall. Due to this functionality, it is also a popular
reconnaissance tool for attackers seeking a weak point of access
to break into a computer.

Port Scanning Tools

1) NMAP - nmap -p 1-65535 ip

2) Masscan - masscan ip -p1-65353

3) Unicornscan ip

Fig. 4 – Scanning Methodology

18
Chapter 5:

Network Mapping

Network mapping is the study of the physical connectivity of

networks e.g. the Internet. Network mapping discovers the devices
on the network and their connectivity. It is not to be confused with
network discovery or network enumerating which discovers
devices on the network and their characteristics such as (operating
system, open ports, listening network services, etc.). The field of
automated network mapping has taken on greater importance as
networks become more dynamic and complex in nature.

Best Network Mapping Tools for Windows

• SolarWinds Port Scanner (FREE TOOL) A free utility

that scans a range of IP addresses, identifying which
addresses are in use and also gives the option of limiting
scans to a port number range. The tool uses multi-threading
to speed up the scan. Installs on Windows Server.
• Manage Engine OpUtils (FREE TRIAL) A package of free
network monitoring tools that includes a Ping-based network
scanner, and a MAC address resolver. Available for Windows
Server and Linux.
• Nmap A command-line utility that includes a range of
network management tools, including IP address
management features and a port scanner. Available for
Windows, macOS, and Linux.

19
• Advanced IP Scanner A suite of network exploration
tools, including a port scanner as well as an IP scanner, that
has more than 53 million users. Installs on Windows.
• Angry IP Scanner A free network address monitoring
utility that includes IP management functions and a port
scanning service. Available for Windows, macOS, and Linux.
• Free IP Scanner by Eusing this tool searches a network,
working through each IP address in a given range, reporting
on whether or not that address is in use. It can also be used
as a port scanner. Runs on Windows.
• NetCat A network data management utility that has IP
address usage detection and a port scanning option. This is
an old utility but there are many clones available for
Windows, macOS, and Linux.
• LanSweeper IP Scanner. This is a network device
discovery tool that reports on attributes of discovered
equipment, including the IP addresses assigned to them.
Installs on Windows.
• MyLanViewer Network/IP Scanner A network scanner
that reconciles discovered IP addresses to DHCP records.
Runs on Windows.
• Slitheris Network Discovery This tool delivers detailed
information on every device connected to the network. This
includes IP address information. Installs on Windows.

20
Open Source Network Mapping For Linux

• Nmap
• EtherApe
• Netdiscover
• Masshandra
• OpenNMS
• Nwdiag
• Bruteshark
• Nagios Core

Fig. 5 – Network Mapping

21
Chapter 6:

Penetration Testing

Penetration testing, also called pen testing or ethical hacking, is

the practice of testing a computer system, network or web
application to find security vulnerabilities that an attacker could
exploit. Penetration testing can be automated with software
applications or performed manually. Either way, the process
involves gathering information about the target before the test,
identifying possible entry points, attempting to break in -- either
virtually or for real -- and reporting back the findings.

The main objective of penetration testing is to identify security

weaknesses. Penetration testing can also be used to test an
organization's security policy, its adherence to compliance
requirements, its employees' security awareness and the
organization's ability to identify and respond to security incidents.

Typically, the information about security weaknesses that are

identified or exploited through pen testing is aggregated and
provided to the organization's IT and network system managers,
enabling them to make strategic decisions and prioritize
remediation efforts.

Penetration tests are also sometimes called white hat attacks

because in a pen test, the good guys are attempting to break in.

22
Types of Pen Testing

1) Black Box Penetration Testing - No Prior Knowledge

2) White Box Penetration Testing - Full Knowledge

3) Grey Box Penetration Testing - Limited Knowledge

Types Of Penetration Testing

1) Web Application Pen Testing

2) Network Security Pen Testing

3) Physical Penetration Testing

4) IoT Security Penetration Testing

5) Software Penetration Testing

Nmap

Nmap stands for "network mapping". The initial release of this

software was in the year 1997. As I said Nmap is a network
mapping tool, this particular tool comes under the scanning
section. In sinte words, Nmap is software that scans the network
of a particular IP Address and displays the details of domains like
the OS and firewa level securities. The Nmap is available for all
three OS like Linux, Mac, and also windows.
23
 Fig. 6 - NMap

Features in NMap

• Basic Nmap IP or host Scan

• Scan multi ports
• Save scan results to a .txt or xml file
• Scanning TCP or UDP ports
• How to find or detect the operating system
• Disabling DNS name resolution.
• Get Information about HTTP services
• How to Scan the Firewall Settings on a Network Device
24
 • Scan IPv6 Addresses
• how to determined Host Interfaces, Routes, and Packets etc.,
• Find the open port
• Check the number of packets send or received
• Detect service/daemon versions
• Scan for MAC address spoofing
• Launching DOS
• Launching brute force attacks
• Detecting malware infections on remote hosts
• Timing and Performance

Nmap Basic Scans

• Host Scan - #nmap -sn 192.100.1.1/24

• OS Scanning - # nmap -v -O <target IP>
• Only Port Scan - # nmap -Pn 192.168.1.1
• Scan Services - # nmap -SV 192.168.1.1
• Aggressive Scan - # nmap -A 192.168.1.1
• nmap -sV -SC-O-n -oA nmapscan 192.168.0 1/24
• Output to a File - # -ON output.txt

25
NETWORK PENETRATION TESTING

The simplest way to define network penetration testing is that it

simulates the processes hackers would use to attack your
business network, network applications, business website, and
attached devices. This simulation aims to identify security issues
early on, before hackers can find and exploit them.

• WIFI Password Hacking Attacks

• Network Scanning & Find Vulnerabilities
• Network Sniffing & Session Hijacking Attacks

26