DEPARTMENT OF COMPUTER

SCIENCE AND ENGINEERING

 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE

UNIT 2 - INSTALLATION AND TOOLS

Installation of attacker and victim system. Information gathering
using advanced google search, archive.org, netcraft, whois, host, dig,
dnsenum and NMAP tool. Vulnerability scanning using NMAP and
Nessus. Creating a secure hacking environment. System Hacking:
password cracking, privilege escalation, application execution. Malware
andVirus. ARP spoofing and MAC attack.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

Information Gathering and getting to know the

target systems is the first process in ethical hacking.
Reconnaissance is a set of processes and techniques
(Foot printing, Scanning & Enumeration) used to
covertly discover and collect information about a target
system.
• Active Reconnaissance
• Passive Reconnaissance

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

Foot printing means gathering information about a target system

that can be used to execute a successful cyber attack. To get
this information, a hacker might use various methods with
variant tools. This information is the first road for the hacker to
crack a system. There are two types of foot printing as following
below.
•Active Foot printing: Active foot printing means performing
foot printing by getting in direct touch with the target machine.
•Passive Foot printing: Passive foot printing means collecting
information about a system located at a remote distance from
the attacker.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

Scanning in ethical hacking is a network exploration technique

used to identify the systems connected to an organization’s
network. It provides information about the accessible systems,
services, and resources on a target system. Some may refer to
this type of scan as an active scan because it can potentially
disrupt services on those hosts that are susceptible. Scanning is
often used during vulnerability assessment when probing
weaknesses in existing defenses.
There are two ways of scanning:
•Active Scanning
•Passive Scanning
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

Active Scanning
Active scanning is a type of network scanning technique that is used to
gather information about a target system or network.
Which only gathers information that is readily available, active scanning
actively interacts with the target system to gather information.
Passive Scanning
Passive scanning is a type of network scanning technique that is used to
gather information about a target system or network without actively
interacting with the target.
Which sends requests or packets to the target and analyzes the responses,
passive scanning only gathers information that is readily available, such as
information transmitted over the network or stored in system logs.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

User Enumeration:
User enumeration is an important phase in penetration testing
that entails identifying valid user names on a company’s
network and attempting to use each of these usernames and
passwords until they are able to gain unauthorized access to
the system

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

During reconnaissance, an ethical hacker attempts to gather

as much information about a target system as possible,
following the seven steps listed below −
•Gather initial information
•Determine the network range
•Identify active machines
•Discover open ports and access points
•Fingerprint the operating system
•Uncover services on ports
•Map the network

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

Active Reconnaissance
In this process, you will directly interact with the computer
system to gain information. This information can be relevant and
accurate. But there is a risk of getting detected if you are planning
active reconnaissance without permission. If you are detected, then
system admin can take severe action against you and trail your
subsequent activities.

Passive Reconnaissance
In this process, you will not be directly connected to a computer
system. This process is used to gather essential information without
ever interacting with the target systems.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Reconnaissance

RECONNAISSANCE

Passive Reconnaissance Active Reconnaissance

• Who is database lookup • DNS Enumeration
• Net Craft • Mail Sever Enumeration
• History of Website • DNS Zone Transfer
• Advance Google Search • Scanning
• Google Hacking
• E-Mail Harvesting

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

WHOIS database looker

WHOIS allows us to access information about the target
including registration details, IP address, contact information
containing the addresses, email id, phone number. It also
displays domain owner and domain
register.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

WHOIS database looker

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - WHOIS Database Looker

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NETCRAFT

Netcraft
Netcraft is an internet service company based in
England. Using this service one can find the list of sub
domain and the operating system of the corresponding
server.

https://sitereport.netcraft.com/

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NETCRAFT

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NETCRAFT

𝑤𝑤𝑤. 𝑎𝑟𝑐ℎ𝑖𝑣𝑒. 𝑜𝑟𝑔

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARCHIVE.ORG

𝑤𝑤𝑤. 𝑎𝑟𝑐ℎ𝑖𝑣𝑒.org
History of the website; it is very easy to get a complete history of any
website using

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Site Operator

SITE OPERATOR; site operator has been used to limit the result
for a particular site. For example, suppose we are going to limit our
search result with only the site 𝑚𝑖𝑐𝑟𝑜𝑠𝑜𝑓𝑡. 𝑐𝑜𝑚. So, now I am opening
my browser and using the site operator.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Advanced Google Search

List of Google Search Operators

Google Search Operators are special commands that can be added to your
search queries to help you refine your search and get more accurate results.

File Type Operator: You can use the "filetype:" operator to search for specific
file types. In this case, you would use it to find PowerPoint presentations (PPT
files).
Example: filetype:ppt presentation topic

Intitle Operator: The "intitle:" operator helps you find pages where the specified
keyword appears in the title. Example: intitle:presentation topic filetype:ppt

Inurl Operator: The "inurl:" operator lets you search for keywords that appear in
the URL of the page. Example: inurl:presentation-topic filetype:ppt
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Advanced Google Search

Related Operator: If you want to find presentations related to a

specific website, you can use the "related:" operator.
Example: related:example.com filetype:ppt

Site Operator: The "site:" operator limits your search to a

specific website.Example: site:example.com filetype:ppt

Link Operator: You can use the "link:" operator to find pages that
link to a specific URL. Example: link:example.com filetype:ppt

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Advanced Google Search
We can also use intitle search parameter. So, using intitle search parameters, search only in
those page title for a word or phrase, use exact match for pages. So, for example suppose I am
searching intitle.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Advanced Google Search

SEARCH PARAMETER IN URL 𝑐𝑜𝑛𝑡𝑟𝑜𝑙/𝑢𝑠𝑒𝑟𝑖𝑚𝑎𝑔𝑒. ℎ𝑡𝑚𝑙

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Advanced Google Search

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NMAP
Nmap, short for Network Mapper, is a widely used open-source tool for network discovery, mapping,
and security auditing. It provides valuable insights into network topologies, device configurations, and
potential vulnerabilities.
Key Features of Nmap:
1.Network Discovery: Nmap scans networks to identify active hosts, IP addresses, and open ports.
2.Port Scanning: It determines which ports are open, closed, or filtered on target systems.
3.Version Detection: Nmap can identify software and services running on open ports.
4.OS Fingerprinting: It can deduce the operating system of a target based on network responses.
5.Scriptable Interaction: Nmap offers a scripting engine for customizing scans and interactions with
targets.
Use Cases:
1.Network Inventory: Nmap helps create an inventory of devices connected to a network, aiding in
network management.
2.Security Assessment: It identifies potential security vulnerabilities, misconfigurations, and weak
points in the network.
3.Penetration Testing: Nmap is commonly used by ethical hackers to assess the security of a network
from an attacker's perspective.
4.Network Troubleshooting: It assists in diagnosing connectivity issues and mapping network paths.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NMAP

Scanning: In scanning the attacker begins to actively gather information

from a target machine or network for vulnerabilities that can be
exploited. There are different types of scanning at there like network
scan, port scan version or service scan, OS scan, vulnerability scan
etc.

Network scan: It basically detect the live host on the network, port scan
detect the open port on the host, version a service scan detect the
software and the version to the respective service running in any
particular port. OS scan detect operating system, vulnerability scan
detect computers or computer systems or networks or applications for
weakness.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NMAP
Benefits of Nmap:
1.Open Source: Nmap is freely available and actively maintained by a dedicated
community.
2.Cross-Platform: It runs on various operating systems, including Windows, Linux,
and macOS.
3.Customizability: Nmap's extensive options and scripts allow tailored scans for
different purposes.
4.Educational: Nmap is a valuable tool for learning about network protocols and
security concepts.
Security Considerations:
1.Permission: Always ensure you have authorization before scanning networks you
don't own.
2.Legal Compliance: Be aware of laws and regulations governing network scanning in
your jurisdiction.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NMAP

nmap -sS -p 1-1000 192.168.1.0/24

This command scans the first 1000 ports on all hosts in the
192.168.1.0/24 subnet using TCP SYN scan.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NMAP

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

Overview of Nessus
•Nessus: Industry-leading vulnerability assessment tool
•Developed by Tenable
•Used to identify and manage security vulnerabilities

How Nessus Works

•Scans target systems for vulnerabilities
•Checks for software flaws, misconfigurations, weak passwords
•Leverages extensive vulnerability database

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

Key Features of Nessus

•Comprehensive Scanning: Covers various vulnerability types
•Known Vulnerability Database: Updated regularly
•Risk Assessment: Prioritizes critical vulnerabilities
•Remediation Recommendations: Offers steps to mitigate risks
•Reporting: Generates detailed vulnerability reports
Benefits of Nessus
•Proactive Defense: Identifies vulnerabilities before exploitation
•Improved Security: Reduces attack surface
•Compliance: Helps meet regulatory requirements
•Informed Decision-Making: Data-driven remediation

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

Nessus Editions
•Free Version: Limited features for personal use
•Paid Editions: Enhanced features for businesses
•Enterprise: Scalability, advanced reporting, integrations
Real-world Use Case
•Financial Institution
• Nessus identified critical vulnerabilities in web application
• Prompt remediation prevented potential data breach
Best Practices
•Regular Scanning: Scheduled assessments for continuous monitoring
•Timely Remediation: Address vulnerabilities promptly
•Integration: Integrate Nessus with existing security tools
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - NESSUS

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Creating a secure hacking environment

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Creating a secure hacking environment

https://www.kali.org/

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Creating a secure hacking environment

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Creating a secure hacking environment

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Creating a secure hacking environment

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking

System Hacking in Ethical Hacking

System hacking is the process of exploiting vulnerabilities in
electronic systems for the purpose of gaining unauthorized access
to those systems. Hackers use a variety of techniques and
methods to access electronic systems, including phishing, social
engineering, and password guessing.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking

Purpose of System Hacking:

Generally, the motive of the hackers behind System Hacking is
gaining access to the personal data of an individual or sensitive
information belonging to an organization in order to misuse the
information and leak it which may cause a negative image of the
organization in the minds of people, Privilege Escalation, Executing
malicious applications to constantly monitor the system.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking

How this is carried out?

This type of hacking is generally done by a Hacker who has a lot of
information regarding the System security, network, software, and
how the system communicates with others in the network, often
called Footprinting and Reconnaissance. Then these hackers try
numerous ways to carry out the attack but the common ways are:
•By deploying Viruses, Worms, Malware, Trojans
•Using phishing techniques
•Social Engineering
•Identifying and exploiting Vulnerability

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking
Steps:
1. Reconnaissance: The first step in this type of Hacking is collecting information
regarding the System’s infrastructure, working, system’s network. This step is very
important as after this step the Hacker knows what attack to perform and how to
gain access without leaving a trace.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking
2. Scanning: This step involves scanning the target System, which includes:
•Vulnerability Scanning: Checking vulnerabilities in the targeted system that can
be exploited to gain access.
•Mapping of Network: Finding the working of the network, firewalls, routers,
and systems connected to it.
•Port Scanning: Scanning the open ports, and services running over the
System/Server.
3. Gaining Access: This is the phase in which the hacker breaks into the system and
gains unauthorized access to the System/Network and then elevates his privileges
to that of Administrator or SuperUser so he can play with the System files that a
normal/Guest user is unable to access.
4. Maintaining the Access: After the Hacker enters the System he tries to maintain
the connection with it in the background until he accomplishes the goal with which
he entered it.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - System Hacking

Prevention from Hacking:

•Using Firewall.
•Installing Anti-Virus and Anti-Spyware packages.
•Keeping the system up-to-date as security patches updates comes
regularly.
•Be Aware of various phishing techniques.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Password Cracking

What is password cracking?

Password cracking is the process of using an application
program to identify an unknown or forgotten password to a
computer or network resource. It can also be used to help a
threat actor obtain unauthorized access to resources.
A password cracker recovers passwords using various
techniques. The process can involve comparing a list of words
to guess passwords or the use of an algorithm to repeatedly
guess the password.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Password Cracking

How do you create a strong password?

Password crackers can decipher passwords in a matter of days or hours, depending on how weak or
strong the password is. To make a password stronger and more difficult to uncover, a plaintext password should
adhere to the following rules:
• Be at least 12 characters long. The shorter a password is, the easier and faster it will be cracked.
• Combine letters and a variety of characters. Using numbers and special characters, such as periods and
commas, increases the number of possible combinations.
• Avoid reusing a password. If a password is cracked, then a person with malicious intent could use that same
password to easily access other password-protected accounts the victim owns.
• Pay attention to password strength indicators. Some password-protected systems include a password strength
meter, which is a scale that tells users when they have created a strong password.
• Avoid easy-to-guess phrases and common passwords. Weak passwords can be a name, a pet's name or a
birthdate -- something personally identifiable. Short and easily predictable patterns, like 123456, password or
qwerty, also are weak passwords.
• Use encryption. Passwords stored in a database should be encrypted.
• Take advantage of password creation tools and managers. Some smartphones will automatically create long,
hard-to-guess passwords. For example, Apple iPhones will create strong website passwords for users. An
iPhone stores the passwords in its password manager, iCloud Keychain and automatically fills the password
into the correct field so the user doesn't have to remember the complicated password.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Password Cracking

What does a password cracking attack look like?

The general process a password cracker follows involves these four
steps:
1.Steal a password via some nefarious means. That password has
likely been encrypted before being stored using a hash Hashes are
mathematical functions that change arbitrary-length inputs into an
encrypted fixed-length output.
2.Choose a cracking methodology, such as a brute-force or dictionary
attack, and select a cracking tool.
3.Prepare the password hashes for the cracking program. This is done
by providing an input to the hash function to create a hash that can be
authenticated.
4.Run the cracking tool.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Password Cracking
What are password cracking techniques?
Password crackers use two primary methods to identify correct passwords: brute-force and dictionary attacks.
However, there are plenty of other password cracking methods, including the following:
•Brute force. This attack runs through combinations of characters of a predetermined length until it finds the
combination that matches the password.
•Dictionary search. Here, a password cracker searches each word in the dictionary for the correct password.
Password dictionaries exist for a variety of topics and combinations of topics, including politics, movies and
music groups.
•Phishing. These attacks are used to gain access to user passwords without the use of a password cracking
tool. Instead, a user is fooled into clicking on an email attachment. From here, the attachment could
install malware or prompt the user to use their email to sign into a false version of a website, revealing their
password.
•Malware. Similar to phishing, using malware is another method of gaining unauthored access to passwords
without the use of a password cracking tool. Malware such as keyloggers, which track keystrokes, or
screen scrapers, which take screenshots, are used instead.
•Rainbow attack. This approach involves using different words from the original password in order to generate
other possible passwords. Malicious actors can keep a list called a rainbow table with them. This list contains
leaked and previously cracked passwords, which will make the overall password cracking method more effective.
•Guessing. An attacker may be able to guess a password without the use of tools. If the threat actor has enough
information about the victim or the victim is using a common enough password, they may be able to come up
with the correct characters.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Password Cracking

What are password cracking tools?

Password crackers can be used maliciously or legitimately to recover lost passwords.
Among the password cracking tools available are the following three:
1.Cain and Abel. This password recovery software can recover passwords for
Microsoft Windows user accounts and Microsoft Access passwords. Cain and Abel
uses a graphical user interface, making it more user-friendly than comparable tools.
The software uses dictionary lists and brute-force attack methods.
2.Ophcrack. This password cracker uses rainbow tables and brute-force attacks to
crack passwords. It runs on Windows, macOS and Linux.
3.John the Ripper. This tool uses a dictionary list approach and is available primarily
for macOS and Linux systems. The program has a command prompt to crack
passwords, making it more difficult to use than software like Cain and Abel.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Privilege Escalation Attack

What is a Privilege Escalation Attack?

A privilege escalation attack is a cyberattack to gain illicit
access of elevated rights, permissions, entitlements, or privileges
beyond what is assigned for an identity, account, user, or machine.
This attack can involve an external threat actor or an insider threat.
Privilege escalation is a key stage of the cyberattack chain and
typically involves the exploitation of a privilege escalation
vulnerability, such as a system bug, misconfiguration, or inadequate
access controls.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Privilege Escalation Attack

How does Privilege Escalation Work?

Every local interactive session or remote access session represents some form of privileged access,
regardless if executed by a human or a machine. This encompasses everything from guest privileges
allowing local logon only, to administrator or root privileges for a remote session and potentially
complete system control.
There are five primary methods:
1.Credential exploitation
2.Vulnerabilities and exploits
3.Misconfigurations
4.Malware
5.Social engineering

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Privilege Escalation Attack

Vertical vs Horizontal Privilege Escalation

Horizontal privilege escalation
Horizontal privilege escalation involves gaining access to the rights of another account—human or
machine—with similar privileges. This action is referred to as “account takeover.” Typically, this
would involve lower-level accounts (i.e., standard user), which may lack proper protection. With each
new horizontal account compromised, an attacker broadens their sphere of access with similar
privileges. This is basic lateral movement.
Vertical privilege escalation
Vertical privilege escalation, also known as a privilege elevation attack, involves an increase of
privileges/privileged access beyond what a user, application, or other asset already has. This entails
moving from a low level of privileged access to a higher level of privileged access. Achieving vertical
privilege escalation could require the attacker to perform a number of intermediary steps (i.e.,
execute a buffer overflow attack, etc.) to bypass or override privilege controls, or exploit flaws in
software, firmware, the kernel, or obtain privileged credentials for other applications or the operating
system itself.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Malware

Malware, short for "malicious software," refers to a category of

software designed with harmful intent. Its purpose is to compromise, damage,
or gain unauthorized access to computer systems, networks, or devices.
Types of Malware:
Viruses:
1. Attaches to legitimate files; spreads when those files are executed
2. Requires user interaction to spread
3. Example: Code Red, Sasser
Worms:
1. Self-replicating and spreads across networks without user intervention
2. Exploits vulnerabilities for propagation
3. Example: Conficker, Blaster

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Malware

Trojans:
1. Disguised as legitimate software but performs unauthorized actions
2. Often used to create backdoors or steal information
3. Example: Zeus, Emotet
Ransomware:
1. Encrypts user data and demands a ransom for decryption
2. Often delivered through malicious email attachments or links
3. Example: WannaCry, NotPetya
Spyware:
1. Monitors user activity without consent, collects sensitive information
2. Used for espionage, identity theft, and more
3. Example: FinFisher, SpyEye

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - Malware
Prevention Measures:
1.Use Antivirus/Anti-Malware Software:
Regularly update and use reputable security software to detect and remove malware.
2.Keep Software Updated:
Apply security patches and updates for operating systems, applications, and plugins.
3.Practice Safe Browsing:
Avoid clicking on suspicious links or downloading files from untrusted sources.
4.Use Strong Authentication:
Employ strong, unique passwords and consider multi-factor authentication.
5.Be Cautious with Email:
Don't open attachments or click links from unknown or unexpected senders.
6.Backup Data Regularly:
Create backups of important data and keep them offline to prevent ransomware attacks.
7.Educate Users:
Train individuals on recognizing phishing attempts, suspicious links, and downloads.
8.Implement Network Security:
Use firewalls, intrusion detection systems, and network segmentation.
9.Apply Least Privilege Principle:
Limit user and application access to only what's necessary for their roles.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - VIRUS

A computer virus is a type of malicious software that attaches itself to

legitimate programs or files and spreads by making copies of itself within the host
system. It's designed to execute its malicious code when the infected program or
file is run, often causing harm to the system, data, or both.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - VIRUS

Characteristics:
•Replication: A virus reproduces by embedding its code into
other files or programs, thereby spreading the infection.
•Payload: The virus carries a payload, which is the harmful
action it's programmed to perform, such as data corruption or
unauthorized access.
•Activation: The virus becomes active when the infected
program or file is executed by a user or an automated process.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - VIRUS
Types of Viruses:
1.File Infector Viruses:
1. Infect executable files (e.g., .exe, .dll) and spread when the infected program is run.
2. Examples: CIH (Chernobyl), Sasser
2.Macro Viruses:
1. Infect documents (e.g., Word, Excel) that contain macros, exploiting their automation
features.
2. Examples: Melissa, Concept
3.Boot Sector Viruses:
1. Infect the master boot record of a computer's hard drive or removable media.
2. Activate during system boot-up, affecting the system's startup process.
3. Examples: Stoned, Michelangelo
4.Polymorphic Viruses:
1. Modify their own code or appearance to evade detection by antivirus software.
2. Adapt to changes, making it difficult to identify and remove them.
3. Examples: Storm Worm, Marburg M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - VIRUS
Prevention and Mitigation:
•Use Antivirus Software: Employ reputable antivirus and anti-malware programs to
detect and remove viruses.
•Regular Updates: Keep operating systems, applications, and security software
updated to patch vulnerabilities.
•Download from Trusted Sources: Only download software and files from reputable
websites and sources.
•Be Cautious with Attachments: Avoid opening email attachments from unknown or
suspicious senders.
•Disable Macros: In programs like Microsoft Office, disable macros if not needed.
•Scan Removable Media: Scan USB drives and other external devices for viruses
before use.
•Educate Users: Teach users to recognize potential virus threats and avoid risky
behavior.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARP Spoofing Attack

ARP Spoofing Attack

Spoofing is a type of attack in which hackers gain access to the victim’s
system by gaining the trust of the victim (target user) to spread the
malicious code of the malware and steal data such as passwords and
PINs stored in the system.In Spoofing, psychologically manipulating
the victim is the main target of the hacker.

Address Resolution Protocol:

ARP stands for Address Resolution Protocol. It is a communication
protocol that is one of the important network layer protocols in the OSI
model and is used to determine a device’s Media Access Control (MAC)
address based on its Internet Protocol (IP) address in order to
communicate with other devices on the network.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARP Spoofing Attack

ARP Spoofing Attack:

ARP spoofing is a cyber attack that allows hackers to intercept communications
between network devices on a network. Hackers can also use ARP spoofing to
alter or block all traffic between devices on the network.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARP Spoofing Attack
Types of ARP Spoofing:
•Man-in-the-Middle: In the Man-in-the-Middle Attack, hackers use ARP
spoofing to intercept communications that occur between devices on a
network to steal information that is transmitted between devices.
Sometimes, hackers also use man-in-the-middle to modify traffic between
network devices.
•Session hijacking: In Session hijacking, With the help of ARP spoofing
hackers are able to easily extract the session ID or gain inauthentic access
to the victim’s private systems and data.
•Denial-of-service attacks: Denial-of-service attack is a type of attack in
which one or more victims deny to access the network. With the help of
ARP spoofing, A single target victim’s mac address is linked with multiple
IP addresses. Due to this whole traffic is shifted toward the target victim’s
mac address which causes overloading of the network of the target victim
with traffic. M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARP Spoofing Attack

Working:
•Scanning: Hackers use ARP spoofing tools to scan the IP
and MAC addresses of hosts.
•Selection and Launching: Hackers select their target and
then send ARP packets over the local network containing the
hacker’s MAC address and the target’s IP address.
•Accessing: Once the ARP cache on the host on the local
network is corrupted. Then the data the host wants to send to
the victim is sent to the hacker instead of the victim. Hackers
can steal data or launch other attacks from here.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
 20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - ARP Spoofing Attack

Preventive Measure:
•Cryptographic Network Protocols: With the help of encrypted
communication protocols like Transport Layer
Security (TLS), HTTP Secure (HTTPS), and Secure Shell (SSH), We are
able to reduce the chance of an ARP Spoofing attack.
•Packet Filtering: With the help of packet filters, we can protect the
network from maliciously transmitted packets on the network as well
as suspicious IP addresses.
•Virtual Private Network: The most useful preventive measure against
ARP spoofing attacks is to use a VPN (Virtual Private Network).
•ARP Spoofing Detection Software: With the help of ARP Spoofing
Detection Software it is easier to detect ARP spoofing attacks as it
helps in inspecting and certifying data before data is transmitted.
M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - MAC ATTACK

MAC attack" generally refers to a type of network attack that

targets the Media Access Control (MAC) addresses of devices
within a network. There are various types of MAC attacks, each
with its own specific methods and goals. Here are a few common
types of MAC attacks:

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - MAC ATTACK
MAC Flooding:
•In a MAC flooding attack, the attacker floods the network switch with a large
number of fake MAC addresses, overwhelming the switch's MAC address
table.
•When the MAC address table is full, the switch starts operating in a "fail-
open" mode, which means it begins to behave like a hub, broadcasting
network traffic to all ports instead of efficiently forwarding traffic.
•This attack can lead to a loss of network performance, and in some cases, it
can facilitate eavesdropping on network traffic.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - MAC ATTACK

MAC Spoofing:
•MAC spoofing involves changing the MAC address of a network device to impersonate
another legitimate device's MAC address.
•This can be used to bypass network access controls that rely on MAC filtering or to conduct
man-in-the-middle attacks.
•For example, an attacker might change their MAC address to match that of an authorized
device to gain unauthorized access to a network.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - MAC ATTACK
MAC Cloning:
•Similar to MAC spoofing, MAC cloning involves copying the MAC address of a
legitimate device and using it on the attacker's system.
•The attacker's goal might be to impersonate the legitimate device to gain network
access or avoid detection.
MAC DoS (Denial of Service):
• In a MAC DoS attack, the attacker continuously sends spoofed MAC frames to a
target's network interface, causing the target device to consume excessive
processing resources.
• This can lead to device slowdowns or even crashes, resulting in a denial of service.
CAM Table Overflow:
• In this attack, an attacker sends a flood of forged MAC address frames to a switch,
causing the switch's Content Addressable Memory (CAM) table to fill up.
• When the CAM table is full, legitimate MAC address mappings may be evicted,
causing network disruption.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.
20CS5905 - ETHICAL HACKING AND NETWORK DEFENCE - MAC ATTACK

Prevention and Mitigation:

•Implement Network Segmentation: Divide the network into smaller
segments to contain the impact of MAC attacks.
•Use Network Intrusion Detection Systems (NIDS) and Intrusion
Prevention Systems (IPS) to detect and block suspicious MAC-based
activities.
•Regularly monitor network traffic and MAC address tables for
anomalies.
•Apply appropriate security configurations on switches, routers, and
firewalls to prevent MAC-based attacks.
•Educate users and administrators about the risks of MAC attacks and
how to identify and respond to them.

M. Saravanan, AP/CSE
K.Ramakrishnan College of Technology,
Tiruchirappalli.