ETHICAL HACKING

UNIT - I
1.What is hacking? What are types of hacking? Explain briefly.

A. Hacking:-“The act of compromising digital devices and networks through

unauthorized access to an account or computer system.” (or) “Gaining Unauthorized
Access Into A System” .
What is the reason for having so many security issues?
• Lack of money • Convenience • Negligence • Too complex
systems
• Lack of time • Old systems • 3rd party component
Why Hack Happens?
ATTACKS = MOTIVE (GOAL) + METHOD + VULNERABILITY
MOTIVE: - Information theft, manipulating data, Financial loss, Revenge, Ransom,
Damaging Reputation.
Ethical hacking:
• Ethical hacking involves an authorized attempt to gain unauthorized access to
a computer system, application, or data. Carrying out an ethical hack involves
duplicating strategies and actions of malicious attackers.
• The primary goal of ethical hacking is to improve the security of the target
system by addressing and mitigating these vulnerabilities before they can be
exploited by malicious actors.
Why Ethical hacker?
* To prevent hackers from gaining access * To uncover vulnerabilities
* To strengthen the organization. * To safeguard the data
* To avoid security breaches. * To enhance security awareness

TYPES OF HACKERS:
Hackers can be categorized into different types based on their intentions, skills, and
activities:

Black Hat Hacker:-

➢ Hacker who works offensively. They believe in breaking the security without
any permission or authority.
➢ They are known as malicious hackers. Their activities can cause major damage
to their targets and their systems.
 ➢ Black hats are usually involved with criminal activities such as stealing
personal and financial information or shutting down websites and networks
White Hat Hacker:
➢ They work legally and are often employed by organizations to strengthen their
cybersecurity defenses. They perform hacking and security checks with
authority. They are known for security.
➢ White hat hackers think almost exactly like Black Hat hackers and will try to
breach into computer systems using every possible way.
Grey Hat Hacker:
➢ Hacker who is like a coin, two sided. They work for both offensive and
defensive work. Generally benefit oriented.
➢ Grey hat hackers operate in a morally ambiguous space. They may uncover
security flaws without permission . Their actions can be seen as both ethical
and unethical, depending on the perspective.
Blue Hat:
➢ Tech companies hire blue hat hackers to test products and find security issues.
➢ These hackers typically have a background in cybersecurity and are invited by
organizations to test their systems for vulnerabilities.
➢ They are similar to white hat hackers and are also usually external to the
organization.
Red Hat:
➢ Red hats act aggressively to stop the black hats and employ some of their
strategies. Government agencies hire red hats for their mission focus.
➢ They actively search for black hat hackers and shut them down. Whenever
they find one, they don’t report the hacker to the authorities, but take matters
into their own hands.
Green Hat:
➢ These are the hacking beginners who want to become white, blue, or red hats
(but hopefully not black hats).
➢ Green hat hackers are not aware of the security mechanism and the inner
workings of the web, but they are keen learners in the hacker community.
2.Explain phases of hacking with the help of a diagram.
A. PHASES OF HACKING:

Hacking is an unauthorized and illegal activity that involves gaining unauthorized access
to computer systems, networks, or data.

1. Reconnaissance (Information Gathering): This is the first phase where the Hacker
tries to collect information about the target. It can be done actively or passively.
• It may include Identifying the Target, finding out the target’s IP Address Range,
Network, DNS records, etc. Let’s assume that an attacker is about to hack a websites’
contacts.
Active Reconnaissance: In this process, you will directly interact with the computer
system to gain information.
Passive Reconnaissance: In this process, you will not be directly connected to a
computer system. Usually, information about three groups is collected.
•Network •Host •People involved
2. Scanning: In this phase, Attacker finds much more information about Target. Attackers
can perform port scanning or various assessments in order to get sensitive information
about target.
•Hackers are seeking any information that can help them perpetrate attack such as
computer names, IP addresses, and user accounts There are multiple tools like:

• network mappers, dialers , sweepers, vulnerability scanners, port scanners that

are utilized to scan data.
3. Gaining Access: In this phase, Attacker actually performs HACK. Using the information
found by previous phases, attacker takes advantage and perform exploit to gain access.
The hacker designs the blueprint of the network of the target with the help of data
collected during Phase 1 and Phase 2. This phase includes the usage of tools like dialers,
port scanners, network mappers, sweepers, and vulnerability scanners to scan data.
• Examples include stack based buffer overflows, denial of service (DoS), and session
hijacking. Gaining access is known as owning the system in the hacker world.
4. Maintaining Access: Once a hacker has gained access, they want to keep that access
for future exploitation and attacks. Once the hacker owns the system, they can use it as a
base to launch additional attacks. Attacker installs backdoors or Trojans in order to
maintain access into the target system.
• Once the hacker owns the system, they can use it as a base to launch additional
attacks. In this case, the owned system is sometimes referred to as a zombie system.
5. Covering Tracks: In this phase, Attacker deletes the logs and session details in order to
not be get caught. Once access is gained and, the hacker seeks to cover their tracks. This
includes clearing out Sent emails, clearing server logs, temp files, etc.
• Hackers try to remove all traces of the attack, such as log files or intrusion detection
system (IDS) alarms. Examples of activities during this phase of the attack include
steganography, the use of tunneling protocols, and altering log files.

3.What are different categories of penetration testing?

A. A penetration test is a subclass of ethical hacking; it comprises a set of methods and
procedures that aim at testing/protecting an organization’s security.
Categories of Penetration Test:
Black Box: A black box penetration test is where little or no information is provided
about the specified target. In the case of a network penetration test means that the
target os , server version etc., will not be provided; only IP ranges that you would test
will be provided.

➢ In the case of a web application penetration test, the source code of the web
application will not be provided, this is a very common scenario while performing an
external penetration test.
White Box: A white box penetration test is where almost all the information about the
target is provided. In the case of a network penetration test, information on the
application running, the corresponding versions, operating system, etc., are provided.

➢ In the case of a web application penetration test the application’s source code is
provided, enabling us to perform the static/dynamic “source code analysis.”
Gray Box: In a gray box test, some information is provided and some hidden. In the case
of a network penetration test, the organization provides the names of the application
running behind an IP; however, it doesn’t disclose the exact version of the services
running.

➢ In the case of a web application penetration test, some extra information, such as test
accounts, back end server, and databases, is provided.

4.Discuss the complete structure of penetrating testing report. (or) Describe

the procedure for report writing of penetration testing.
A. Report Writing:
In any penetration test, the report is the most crucial part. Writing a good report is key to
successful penetration testing.
Structure of a Penetration Testing Report:
1.Cover Page: We start with the cover page; this is where you would include details such
as your company logo, title, and a short description about the penetration test.
2.Table of Contents: On the very next page, you should have an index so that the
audience interested in reading a particular portion of the report can easily skip to that
port.
3.Executive Summary: It is the portion that is specifically addressed to executives such
as the CEO of the company.
Introduction: Briefly introduce the report and its purpose.
Scope: Define the scope of the penetration test, including target systems, networks.
Key Findings: Summarize the most critical vulnerabilities and their potential impact.
Recommendations: Provide high-level recommendations for addressing identified
security issues.
Risk Assessment: Present an overall risk assessment, highlighting potential business
impacts.
4. Remediation Report: Next we have the remediation report, which contains the overall
recommendations that once implemented would increase the security of the
organization.
5.Vulnerability Assessment Summary: Next, we have the vulnerability assessment
summary, sometimes referred to as “findings summary”.
➢ Personally, I include two graphs; the first one classifies the vulnerability assessment
on the basis of the severity and the second one on percentage.
Next, I include a “vulnerabilities breakdown” chart, where I talk about the findings for a
particular host followed by the number of vulnerabilities that were found.
6.Tabular Summary: A tabular summary is also a great way to present the findings of
a vulnerability assessment to a customer.
7. Risk Assessment:
Impact Analysis: Evaluate the potential business impact of each vulnerability.
Likelihood Assessment: Assess the likelihood of each vulnerability being exploit.
Risk Rating: Assign a risk rating to each vulnerability based on its impact.
8. Methodology:
Testing Approach: Explain the methodologies & techniques used during the
penetration test.
Rules of Engagement: Detail the rules and limitations defined for the engagement.
9.Detailed Findings:
Vulnerability List: Provide a comprehensive list of identified vulnerabilities.
Exploitation Details: Describe how each vulnerability was exploited.
10. Recommendations
Mitigation Strategies: Provide detailed recommendations for remediation,
including technical, procedural, and policy changes.
Priority: Prioritize the recommendations based on risk and criticality.
Timeline: Suggest timelines for addressing each recommendation.
11. Conclusion
Summary: Summarize the key findings, risk assessment, and recommendations.
Overall Assessment: Provide an overall assessment of security posture based on
the test results.

5. What are ports? List some useful ports.

A. PORTS:
• A port is logical access channel between two devices which helps in their
communication.
• Ethical hackers often interact with ports as part of their security assessments to identify
vulnerabilities.
A port is used to transfer the data. There are total 65535 ports. Some useful ports are
1. Well Known Ports: 0 -1023
2. Registered Ports: 1024 - 49151
3. Dynamic/Private Ports: 49152 - 65535
1. Well Known Ports (0 to 1023):
• These are also known as System Ports or Reserved Ports.
• Ports in this range are typically associated with well-known services or protocols.
• Many of these ports are standardized by organizations like the Internet Assigned
Numbers Authority (IANA).
• For example, Port 80 is used for HTTP, Port 22 for SSH (Secure Shell), and Port 25 for
SMTP.
2. Registered Ports (1024 to 49151):
• These ports are also known as User Ports.
• Ports in this range are assigned by IANA to various software applications.
• They are used for a wide range of applications beyond the well-known ones and are
often allocated to specific software vendors or applications.
3. Dynamic/Private Ports (49152 to 65535):
• These are also known as Private Ports or Ephemeral Ports.
• Ports in this range are used for dynamically assigned, temporary purposes.
• They are typically chosen by client applications (source ports) when making outbound
connections to servers (destination ports).
• These ports are not officially assigned by IANA and are used as needed for
communication.

6.What are Protocols? Explain any three widely used protocols.

A. Protocol is simply a set of rules which defines a standard way for exchanging
information over a network.
In Ethical hacking, various protocols are pertain to security assessments, and
vulnerability testing. Ethical hackers, also known as penetration testers often work
with protocols.
Most commonly used protocol are:
1.TRANSPORT CONTROL PROTOCOL (TCP):
• TCP is one of the core part of IPS (internet protocol suite). When a request is sent to a
server, this TCP protocol takes place.
• TCP provides the facility to exchange the information or data directly between two
hosts. Many major internet applications like e-mail, file transfer etc.
• This protocol contains variety of flags like SYN, ACK, RST, FIN etc.
2. INTERNET PROTOCOL (IP): This IP is used to deliver packets from source to
destination. Internet Protocol is other core part of IPS. IP is the main communication
protocol with is used for exchanging packets over inter-network using IPS. IP is used
to deliver packets from source to destination.
3. USER DATAGRAM PROTOCOL(UDP):
In UDP, simple transmission model is used and there is no hand-shaking method is
used which results into unreliability, duplication and missing of the information
without notice.
Data on the internet is generally organized into standard TCP or UDP packets.
• No "THREE WAY HANDSHAKE" takes place
• No encyption of Data, Sends and recieves in plain Text
• Less security

7.Explain various steps in the installation of Kali LINUX.

A. Kali Linux:
➢ Kali Linux is a linux based operating system which is a powerful and most popular
hacking os itself.
➢ Kali Linux is a specialized Linux distribution designed for cybersecurity, penetration
testing, and ethical hacking.
Installation Steps:
1. Create a New Virtual Machine:
• Open your virtualization software (e.g., VirtualBox).
• Click on the option to create a new virtual machine.
2. Choose Guest Operating System:
• Select "Linux" as the guest operating system.
• Choose the appropriate version (e.g., Debian).
3. Allocate Resources:
• Assign RAM to your VM. A minimum of 2GB is recommended.
• Create a virtual hard disk with a recommended size of at least 20-30GB.
4. Select ISO Image:
• Choose to install from an ISO image.
• Browse and select the Kali Linux ISO image that you downloaded earlier.
5. Configure Networking: Set up network settings for your VM. You can choose to use
Host-Only networking, depending on your requirements.
6. Start the VM:
• Click the "Start" or "Power On" button to boot the virtual machine.
• Follow the on-screen prompts to begin the installation process.
7. Install Kali Linux:
• Follow the Kali Linux installation wizard, which includes selecting your language,
region, keyboard layout, and setting up a root password.
• When prompted to partition the disk, you can choose to use the entire disk.
8. Configure the Package Manager: During the installation, you'll be asked to configure
the package manager. Choose a nearby mirror for package downloads.
9. Install GRUB Boot Loader: When asked to install the GRUB boot loader, select
"Yes" to install it.
10. Complete the Installation: Allow the installation process to complete, which may
take a few minutes.
11. Reboot the VM: Once the installation is finished, you'll be prompted to remove the
installation media. Reboot the VM.
12. Log In: After rebooting, you'll be presented with the Kali Linux login screen. Log in
using the username "root" and the password you set during installation.
13. Update and Upgrade: Open a terminal and run the following commands to update
and upgrade the system:
❖ apt update
❖ apt upgrade
Kali Linux virtual machine is now installed and ready for use.

8.Give the significance of virtual machine and explain some virtualization

softwares (or)What is Virtualization? Briefly explain some virtualization
software.
A.Virtualization is a software technology by which it is possible to run multiple
operating systems on the same device or server at the same time.
• It is one of the efficient way and reduce costs of multiple system setup.
• Virtualization is very helpful when you need to demonstrate something between two
different operating systems.
Ex:- A malware target windows machine.
Virtualization Software:
• Special software is developed for virtualization. These software are design to run
multiple operating systems at the same instant on the same system.
• Virtualization software enables the creation and management of virtual machines (VMs)
on a physical host machine.
• These virtualized environments can run multiple operating systems and applications
Independently on the same hardware, making them essential for various use cases,
including development, testing, and server consolidation.
Some commonly used Virtualization Software:
1. VmWare Workstation : (Download : http://www.vmware.com/in/products/workstation)
2. Virtual Box: (Download : https://www.virtualbox.org/wiki/ Downloads )
Using VmWare Workstation:
1. Download and Install VmWare Workstation.
2. Open VmWare Workstation & Click on “ Create Virtual Machine.”
3. Choose the image file of Operating system or application.
4. Choose the name of Operating system or application and select it’s version.
5. Provide Hard-drive space for virtual machine (min. required : 20GB) and click on
finish.
6. Virtual machine is ready to use. Start from the home screen of VmWare Workstation.

9. Describe the steps to be followed in web application penetration testing.

a. Explain the network penetration testing. How is it differing from other types?
(or) Differentiate between web application penetration testing and mobile
application penetration testing.
A. A penetration test is a subclass of ethical hacking; it comprises a set of methods and
procedures that aim at testing/protecting an organization’s security. The penetration tests
prove helpful in finding vulnerabilities in an organization and check whether an attacker
will be able to exploit them to gain unauthorized access to an asset
Types of Penetration Tests
1.Network Penetration Test:
In a network penetration test, you would be testing a network environment for potential
security vulnerabilities and threats. This test is divided into two categories: external and
internal penetration tests.
An external penetration test would involve testing the public IP addresses, whereas in an
internal test, you can become part of an internal network and test that network. You may
be provided VPN access to the network or would have to physically go to the work
environment for the penetration test depending upon the engagement rules that were
defined prior to conducting the test.
2.Web Application Penetration Test:
Web application penetration test is very common nowadays, since your application
hosts critical data such as credit card numbers, usernames, and passwords; therefore this
type of penetration test has become more common than the network penetration test.
3.Mobile Application Penetration Test:
The mobile application penetration test is the newest type of penetration test that has
become common since almost every organization uses Android- and iOS-based mobile
applications to provide services to its customers. Therefore, organizations want to make
sure that their mobile applications are secure enough for users to rely on when providing
personal information when using such applications.
4.Social Engineering Penetration Test:
A social engineering penetration test can be part of a network penetration test. In a
social engineering penetration test the organization may ask you to attack its users. This is
where you use speared phishing attacks and browser exploits to trick a user into doing
things they did not intend to do.
5.Physical Penetration Test:
A physical penetration test is what you would rarely be doing in your career as a
penetration tester. In a physical penetration test, you would be asked to walk into the
organization’s building physically and test physical security controls such as locks and
RFID mechanisms.

10. What is Kali LINUX? Explain its included tools and supported platforms.
(or) Outline the included tools and supported platforms of Kali LINUX.
A. Kali Linux is a linux based operating system which is a powerful and most popular
hacking os itself. Some of the included tools.
• Wireshark
• Metasploit Framework
• Burp Suite
• Social Engineering Toolkit
• Armitage
• Nmap
• Kismet
• Aircrack
• hping3
• and many more powerful tools.
Kali linux is available for following devices :
1. BeagleBone Black
2. Hp Chromebook
3. CubieBoard 2
4. CuBox
5. Raspberry Pi
6. Utilite Pro
7. Galaxy Note 10.1
and rest device can use via Raspberry Pi Image.

11.Explain various network types? Mention and explain widely used protocols.
A. NETWORK TYPES: Network is a group of computers linked to each other that
enables the computer to communicate with another computer and share their resources,
data, and applications. A computer network can be categorized by their size.
1.Local Area Network (LAN): In LAN, a computer network cover small local area like
home, office and small workgroups such as schools or university. Wi-Fi and Ethernet are
commonly used for LAN.

2. PAN(Personal Area Network) :Personal Area Network is a network arranged within

an individual person, typically within a range of 10 meters. Personal Area Network is
used for connecting the computer devices of personal use is known as Personal Area
Network.

There are two types of Personal Area Network:

• Wired Personal Area Network
• Wireless Personal Area Network
Wireless Personal Area Network: Wireless Personal Area Network is developed by
simply using wireless technologies such as WiFi, Bluetooth. It is a low range network.
Wired Personal Area Network: Wired Personal Area Network is created by using the
USB.
3.Wide Area Network (WAN): In WAN, a computer network cover larger area like on
national or regional level. A wide area network can be used as Local area network,
metropolitan area network (MAN), or for campus area network (CAN).

Wireless Local Area Network (WLAN): In WLAN, devices are connected wirelessly by
the mechanism of wireless distribution method (OFDM Radio or any other). In WLAN,
generally a access point provides the connection and hence provide the user an ease of
mobility. WLAN is easy to install and maintain. However it became very popular these
days with laptops and Personal Devices. It had observed that at railway stations, malls,
hotels, etc. are equipped with WLAN.
5. MAN(Metropolitan Area Network) :A metropolitan area network is a network that
covers a larger geographic area by interconnecting a different LAN to form a larger
network.
• Government agencies use MAN to connect to the citizens and private industries.
• In MAN, various LANs are connected to each other through a telephone exchange line.

Other Important Protocols :

4. HTTP/HTTPS (Hypertext Transfer Protocol/Secure): Ethical hackers commonly
analyze web applications and websites, making knowledge of HTTP and HTTPS crucial
for understanding how web traffic and vulnerabilities work.
5. INTERNET CONTROL MESSAGE PROTOCOL (ICMP):
• To check whether a Specfic website or host is Alive ,this ICMP protocol is used
• To check, go to CMD in desktop
• And type Ping 8.8.8.8 we can see packets is recived
• If there server is down, then it will show a Error message "HOST UNREACHABLE" .
6. FILE TRANSFER PROTOCOL (FTP):
• To transfer a file from one host to another , thsi FTP protocol is used
• First we should connect to a Host in which we need to transfer the files using Ftp@ip
• Then using PUT,GET command we can fetch the specific files.
• FTP runs on Port 21.
7. ADDRESS RESOLUTION PROTOCOL (ARP)
• The Address Resolution Protocol (ARP) is a fundamental networking protocol used to
map an IP address to a physical (MAC) address on a local network.
• ARP plays a crucial role in local network communication by enabling devices to
discover each other's hardware addresses, allowing data to be properly encapsulated and
delivered at the data link layer (Layer 2) of the OSI model.
8. Dynamic Host Configuration Protocol (DHCP):
• Dynamic Host Configuration Protocol (DHCP) is a network protocol used to
automatically assign IP addresses and other network configuration parameters to devices
on a TCP/IP network.
• DHCP simplifies the process of IP address management and network configuration by
dynamically allocating IP addresses as devices connect to the network.
9. Simple Mail Transfer Protocol (SMTP) :
• SMTP is the standard protocol used for exchanging the electronic mail (e-mail) across
the IP networks. SMTP Uses port 25 on TCP(for outgoing mail transfer).
 PENETRATION TESTING
A penetration test is a subclass of ethical hacking; it comprises a set of methods and
procedures that aim at testing/protecting an organization’s security.
The penetration tests prove helpful in finding vulnerabilities in an organization and check
whether an attacker will be able to exploit them to gain unauthorized access to an asset.
A penetration test, often abbreviated as "pen test," is a cybersecurity assessment and
testing methodology conducted by security professionals to identify and assess
vulnerabilities in computer systems, networks, applications, and other digital assets.
The primary objective of a penetration test is to simulate real-world attacks and evaluate
the security posture of an organization's assets.
Vulnerability Assessments versus Penetration Test:
Both vulnerability assessments and penetration tests as part of their overall cybersecurity
strategy. Vulnerability assessments help identify weaknesses, while penetration tests
provide a deeper understanding of the potential impact and real-world risk associated with
those vulnerabilities. Preengagement:
Before you start doing a penetration test, there is whole lot of things you need to discuss
with clients. This is the phase where both the customer and a representative from your
company would sit down and discuss about the legal requirements and the “rules of
engagement.”
Rules of Engagement:
Every penetration test you do would comprise of a rules of engagement
◾◾ A proper “permission to hack” and a “nondisclosure” agreement should be signed.
◾◾ The scope of the engagement and what part of the organization must be tested.
◾◾ The project duration including both the start and the end date.
◾◾ The methodology to be used for conducting a penetration test.
◾◾ The goals of a penetration test.
◾◾ The allowed and disallowed techniques, whether denial-of-service testing should
be performed or not.
Milestones:
Before starting a penetration test, it’s good practice to set up milestones so that your
project is delivered as per the dates given in the rules of engagement.
You can use either a GANTT chart or a website like Basecamp that helps you set up
milestones to keep track of your progress.
Penetration Testing Methodologies
In every penetration test, methodology and the reporting are the most important steps.
Let’s first talk about the methodology.
OSSTMM:
An open-source security testing methodology manual (OSSTMM) basically includes
almost all the steps involved in a penetration test. The methodology employed for
penetration test is concise yet it’s a cumbersome process which makes it difficult to
implement it in our everyday life
 UNIT - II
1.Compare Internal foot printing with external foot printing (or) What are the
objectives of foot printing? Explain External foot printing (or) Why does
attacker need foot printing? Discuss the use of “Who is” in detail.
A. Foot printing is the first phase of the information gathering process in ethical hacking
and cybersecurity.
➢ Foot printing attacker can collect information like emails, contacts, domain name
information and using social engineering even more sensitive data.
➢ The information gathered during foot printing can be used to plan and execute
subsequent phases of a penetration test or security assessment.
1.Internal Foot printing: Foot printing performed inside the network is known as
internal foot printing. In internal foot printing, attack may access internal network or is
directly or indirectly connected to the internal network.
Following attacks or mechanism can be used for internal footprinting:
a. Dumpster Diving:
➢ Looking for sensitive information in garbage or dumps is known as dumpster diving.
➢ Sometimes, attacker may find a piece of paper or some important important documents
from which sensitive information can be retrieved.
➢ When penetration testing or hacking is performed each and every possible aspect of
gathering information is taken into consideration.
b. Shoulder Surfing:
Shoulder surfing is a type of social engineering attack in which an attacker observes the
actions, data, or sensitive information of a person, often without their knowledge or
consent.
The term "shoulder surfing" derives from the idea that the attacker is figuratively
looking over the victim's shoulder to gain access to information.
c. Private Websites:
If attacker found any private websites of the target, it became treasure for him as he can
gain bunch of sensitive information like employee and client details etc.
2. External Foot printing: When attacker is not connected to the target network, in order
to gather information, external foot printing is used. Generally, External Foot printing
provides huge no. of information about the data.
Following attacks or mechanism can be used for External Foot printing:
1.Website:
Website of the target may contain some sensitive information or may be
vulnerable. From the website, attacker can easily get the contact details like e-mails and
phone numbers.
Besides, attacker can also perform social engineering over e-mails.
2. Google:
Google is one of the biggest search engine and helping hand for a hacker. Sometimes
simply googling about target can give much sensitive information like admin contents or
about target profiles over social media.
Google help both actively and passively in gaining sensitive information.
3. Who is:
Whois is a tool which is used to gather information about target domain like name server,
domain records, admin contacts and other relative information. Whois is one the major
information provider and this information is used in writing penetration testing reports.
www.whois.sc is one of the popular website to check whois information. How to use
whois.sc:
1. Navigate to www.whois.sc .
• Provide the domain name.
• Crawl and look for required information
4. Domain Name Server (DNS):
DNS footprinting can provide information same as of whois, sometimes attacker get
sensitive information which lead to compromise of Domain of target.
5. Social Networking:
Public profiles on social network contain contact information and activity details. Target
may be social engineered easily over social networking which lead to disclosure of
sensitive information.
6. Social Engineering:
Social engineering is art of human exploitation. It is one of the major attack which leads
to vast compromises. Social engineering may be tool based or human based.
In tool based social engineering, tools like Phishing, tabnapping and Social Engineering
toolkits are used. In human based social engineering, manipulating the target is used to
gain sensitive information like client details, passwords, etc.
7. Archive Websites:
There are some websites over internet which keeps archives of almost every websites.
Looking in archives can provide sensitive information about the target. Way Back
Machine is one of the website which contains archives of websites.
Using Way Back Machine:
• Navigate to www.archives.org
• Input target domain.

2. Define foot printing. Discuss any two foot printing tools. (or) Explain the use of
ping tool for foot printing. (or) Explain the use of nsLookup in windows
command line with suitable examples.
A. Foot printing is the first phase of the information gathering process in ethical hacking
and cybersecurity.
Foot printing tools:
1. Ping: Ping is a command line tool used to check the target is live or not. Only if target
is live, or not. Only if target is live, further exploitation can be done.
➢ Foot printing using the "ping" command is a basic but essential technique for gathering
information about a target network or host.
➢ The "ping" command is available on most operating systems and is used to test the
reachability and responsiveness of a network device.
Using Ping in windows command line:
a. Open Command Prompt (CMD) in windows (press win+R and type cmd)
b. Type “ ping target “.
For ex:- ping 127.0.0.1
ping [options] target
Common Options:
➢ -c count: Specifies the no. of packets to send before stopping.
➢ -i interval: Sets the time interval between sending packets in seconds.
➢ -t: sends continuous ping requests until manually stopped.
➢ -n: displays numeric IP addresses instead of resolving hostnames.
➢ -v: Verbose output, showing additional information.
c. Packets will be transferred between attacker and target.
d. TTL stands for Time to live and generally 4 packets are transferred between attacker
and target.
e. To understand more about ping command, type ping –h in terminal. It will open help
for ping command. It can be used in linux as well.

2. ns Lookup: ns Lookup is a command line tool used to gather information about name
server of target.
➢ ns lookup, which stands for "Name Server Lookup," is a command-line tool used for
querying Domain Name System (DNS) servers to obtain domain name or IP address
information.
➢ DNS is a fundamental system that translates human-readable domain names into IP
addresses , allowing computers to locate and communicate with each other on the
internet. Ns lookup is available on most operating systems, including Windows, Linux,
and macOS.
Using ns Lookup in windows command line :
1. Open Command Prompt (CMD) in windows (press win+R and type cmd).
2. Type “ nslookup target “ (replace target with IP or Website of target).
For ex: nslookup www.xyz.abc or nslookup 127.0.0.1
nslookup [options] [hostname or IP address] [DNS server]
Common Options:
➢ [hostname or IP address]: The domain name or IP address you want to look up.
➢ [DNS server]: (Optional) The DNS server you want to query
➢ -query=[type]: Specifies the type of DNS record to query.
➢ -type=[type]: Same as -query. Specifies the type of DNS record to query.
➢ -class=[class]: Specifies the DNS class to use.
➢ -timeout=[seconds]: Sets the query timeout in seconds.
➢ -debug: displays detailed query and response information.
➢ -help or ?: Displays the help and usage information for nslookup.
3. To access interactive mode type nslookup and hit enter.
4. To understand more about ping command, type nslookup –h in terminal. It will open
help for ping command. It can be used in linux as well.
5. You can change for looking up mail server, SOA and different services.

3. Compare and contrast remote scanning with port scanning.

A. Port Scanning :
Port scanning is used to check for open ports and services running on them. Sometimes
there are many ports open on the target system and some vulnerable services are running
over them. It becomes easy to exploit into target system if we can list the vulnerable
ports. Commonly used port scanning tools include Nmap, Nessus, and Masscan.

4. Compare and contrast active and passive foot printing.

A. Here's a comparison of Active and Passive Footprinting:
Active Foot printing
Definition: Directly interacting with the target network to gather information.
Characteristics:
1. Direct interaction with target network
2. Sends packets to target and analyzes responses
3. May be detectable by target's security systems
Techniques:
1. Network scanning (e.g., Nmap)
2. Port scanning
3. OS detection
Advantages:
1. Fast and efficient
2. Provides detailed information
Disadvantages:
1. May trigger security alerts
2. Can be blocked by firewalls

Passive Foot printing

Definition: Gathering information without directly interacting with the target network.
Characteristics:
1. No direct interaction with target network
2. Utilizes publicly available data
3. Less likely to be detected
Techniques:
1. Social engineering
2. Web crawling
3. Search engine queries
Advantages:
1. Low risk of detection
2. Does not trigger security alerts
Disadvantages:
1. Time-consuming
2. Limited information

Key Differences:
1. Interaction: Active involves direct interaction, while Passive does not.
2. Detection Risk: Active has a higher detection risk, while Passive is less likely to be
detected.
3. Permission: Active requires permission, while Passive does not.
4. Information: Active provides more detailed information, while Passive provides
limited information.
5. Explain port scanning using Nmap.
A. Nmap: Nmap is a powerful network mapping tool. It is mainly used to perform port
scanning and os fingerprinting. Open Kali Linux terminal and type nmap –h. It will show
the help window of Nmap.
1. Port Scanning Using Nmap:
a) Open terminal in kali linux, type “ ifconfig”. It will show your internet address and
mac address, to specifically check for Ethernet interface type “ ifconfig eth0 “.
b) Open new terminal, type “ nmap –h “. It will open nmap help screen.
c) Name command structure is : nmap [scan type] [target] [target specification]
Common Nmap Scan type:
-sS or -sT: Performs a TCP SYN scan or TCP connect scan, respectively.
-sU: Performs a UDP scan to identify open UDP ports.
-p <ports>: Specifies the ports to scan.
-A: Enables OS detection, version detection, and script scanning.
-T<0-5>: Sets the timing template for scan speed.
-oN <file>: Saves scan results to a text file.
-v or -vv: Increases verbosity for more detailed output.
-Pn: Treats all hosts as online, skipping host discovery.
d) For scanning the ports: nmap –sT [target].
Example: nmap -sT 192.168.1.1-20
e) To check how nmap works, Etherape and Wireshark are used.
f) To install the etherape, open new terminal and type “ apt-get install etherape”. Input Y
for the additional space.
g) Open a terminal and type “wireshark”. Wireshark windows will opens, now select the
layers on which analysis has to take place. Click on start capturing.
h) Open a terminal and type “Etherape”. Once the packets starts exchanging, the network
traffic will be illustrated in etherape.
i) Nmap will list all the ports open and this information is used to exploit the vulnerable
ports.

6. Explain flagscan using hPing3 with suitable examples.

A. Hping 3 is a powerful tool which is pre-installed in kali linux. Hping is a used for
advanced pinging, packet crafting, flooding the target by dos and many other uses.
Performing flag scan using hping3 :
1.Open terminal in kali linux and type “ wireshark”. wireshark will be opened and
choose interface to be performed. Click on Start Capture and minimize the window.
2. Open new terminal and type “ hping –S [target]”.
3. Once the command is completed, maximize the wireshark window and analyse the
packets.
4. Practise for various attack vectors of hping3. It is one of the important tools.
$ sudo hping3 [options] hostname
Some important options in hping3 command are as follows:
• -c, --count: specify the number of packets to be sent
• -8, --scan: Scan mode
• -9, --listen: Listen mode
• -a, --spoof: Spoof source address
• -t, --ttl: set TTL (time to live) of outgoing packets
1. Send TCP packets to a host
2. Send SYN packets to the target: use the -S or --syn option.
3. Send ICMP packets to the target: $ sudo hping3 --icmp 192.168.56.102
4.Send UDP packets to target: $ sudo hping3 --udp 192.168.56.102
5.Specify the number of packets: $ sudo hping3 -c num 192.168.56.102

7. Describe various foot printing techniques used in Ethical Hacking.

A. Here are various footprinting techniques used in Ethical Hacking:
Network Footprinting Techniques
1. Network Scanning: Identifying open ports and services using tools like Nmap.
2. Port Scanning: Identifying open ports and services.
3. OS Detection: Identifying the target's operating system.
DNS Footprinting Techniques
1. DNS Queries: Gathering information from DNS servers.
2. Reverse DNS Lookup: Mapping IP addresses to hostnames.
3. DNS Zone Transfer: Transferring DNS zone files.
Web Footprinting Techniques
1. Web Crawling: Analyzing website content and structure.
2. Web Scraping: Extracting data from websites.
3. Search Engine Queries: Using search engines to gather information.
Social Engineering Foot printing Techniques
1. Social Media Analysis: Gathering information from social media platforms.
2. Phone Calls: Gathering information through phone conversations.
3. Email Interrogation: Gathering information through email exchanges.
Physical Foot printing Techniques
1. Dumpster Diving: Gathering information from discarded documents.
2. Shoulder Surfing: Observing users' actions.
3. Physical Access: Gaining access to physical locations.

8. What is scanning? Discuss the three types of scanning. Discuss various

techniques of scanning. (or) How do hackers scan for vulnerability? Explain. (or)
What is the objective of scanning? Elaborate on vulnerability scanning.
A. Scanning is phase of information gathering in which attacker gather more advanced
information about the target like open ports and operating system of the target, etc.
➢ Generally this phase gives us vulnerable point about the target. Information gathered
by scanning is very important in performing actual HACK.
➢ In scanning, Port scanning, OS fingerprinting, DNS enumerating, etc. will be covered.
Attacker OSI Layer (Layer 3 & 4) Target Network
Between attacker and target the core OSI module layers, layer 3 which is Ipv4, ipv6 and
icmp and layer 4 which is TCP and UDP is present. Transmission over a network is done
through these layers. It is compulsory to understand the working of layer 3 and layer 4 of
OSI module if attacker wish to penetrate over network layer.
Basics of Scanning:
1. Connectivity of Host :
To check whether the host is live or not, ping command is used (already covered in
previous chapter), only if the host is up attacker can further perform the exploits.
2. Port Scanning :
Port scanning is used to check for open ports and services running on them. Sometimes
there are many ports open on the target system and some vulnerable services are running
over them. It becomes easy to exploit into target system. Commonly used port scanning
tools include Nmap, Nessus etc.,
Types of Ports:
Open: The host replies and announces that it is listening and open for queries.
Closed: The host responds but notices that no application is listening.
Filtered: The host does not respond to a request. This could mean that the packet was
dropped due to congestion or a firewall.

3.Network Scanning
Network scanning is the technique of scanning the devices and systems in a network for
vulnerabilities and inconsistencies. Its role is to help admins and ethical hackers find and
fix vulnerabilities so that hacking attacks on the network can be avoided.

4. Vulnerability Scanning: It is the automated scanning of the systems in a network to

find whether there are any vulnerabilities or loopholes.

5. ICMP Scanning: The role of ICMP scanning is to map network topology. It stands for
Internet Control Message Protocol.
Basic techniques of scanning
1.Ping Sweep : Ping sweep is scanning a range of ip address one by one to check whether
the target ip is alive or not. In this technique a range of ip address is defined in the same
ping command just like : ping 123.43.23.45, the whole range of ip address is scanned
until or unless live target is found. This technique is mainly used when there is no
specified target and hence targets the whole network to get live target.
2. Transmission control protocol (TCP): Tcp contains flag, sniffing into tcp flags can
provide information to a greater extent. There are following flags present in tcp. :

A. SYN: Synchronize, initiates the connection between two systems.

B. FIN: Finish indicates that transmission is finished.
C. ACK: Acknowledgement, Establish the connection
D. RST: Reset, used for resetting the connection established.
E. URG: Urgent, gives packet a priority to process immediately.
F. PSH: Push, instructs the target to respond with buffer data immediately.
3. 3-Way Handshake Mechanism :
3-way handshake is used for successful transmission of information or successful
connection establishment. 3-way Handshake process :
• The system A will initiate a connection request to the server via a packer with only SYN
FLAG.
• Server will reply back with packet having both SYN & ACK flag set.
• Now the client responds back to the server with a single ACK packet.

Some other scanning techniques: Describe Xmas scan and ICMP echo scan.
1. Full Scan: In Full Scan, Full TCP Connection is established between attacker and
target. If the port is open than only connection will be established. If Port is closed, target
becomes unreachable.
2. IDLE Scan: In the idle scan, attacker performs scanning without sending a single
packet from own ip address to the target. Zombies are used in IDLE Scan. Attacker
spoofs the IPID of the zombie system and SYN/ACK packets by the target are received
by that zombie system. Zombie system replies with RST Packet.
3. Half open Scan: In Half Open Scan, Full TCP connection is not completed. Attacker
send SYN packet to initiate the connection, if target responds back with ACK packet than
attacker consider that target is listening and if target replies back with RST packet than
target is not open or listening.
4. XMAS Scan: XMAS Scan don’t work against any versions of windows, if tested on
windows machine, it lists all the ports as closed. XMAS Scan Works only if the standard
of tcp/ip implementation is used which is based on RFC793.
5. ICMP-ECHO Scan: ICMP-ECHO Scan is used to check whether all the hosts in the
target network are live (up) or not by pinging them all. ICMP-Echo itself is not a port
scanning technique directly.
6. UDP Scan: UDP Doesn’t contains any flag. So what a TCP does UDP Don’t and vice-
versa. Though it don’t contain any packet, udp is simple but at the same difficult to
perform scan.
 UNIT - III
1.Differentiate between manual password cracking and automated passwords
cracking. (or) Discuss manual and automated password cracking.
A. MANUAL PASSWORD CRACKING :
Manual password cracking, also known as "hands-on password cracking," is the
process of attempting to guess or discover passwords through human intuition,
observation, and analysis, rather than relying solely on automated tools or algorithms. It is
a technique often used in ethical hacking and security testing to assess the strength of
passwords and identify potential vulnerabilities in authentication systems.
1.Ping the target network to check whether it is live or not. ultimately choose a valid
target.
2. Make a list of all possible passwords (easily available online).
3. Define the priority of each password on the basis of the key defined.
4. Try to get access using password, in case of failure, again try with different password.
5. Manual password crackers may observe users entering their passwords, either in person
or through surveillance techniques.
6. Social engineering is a technique where attackers manipulate individuals into revealing
their passwords or other sensitive information through psychological tactics.
AUTOMATED PASSWORD CRACKING:
Automated password cracking uses algorithms to crack passwords. Automated
password cracking provides attacker an ease and is quite faster than manual password
cracking.
This technique is often employed by both ethical hackers and malicious actors to assess
the security of authentication systems, discover weak passwords, and gain unauthorized
access to accounts, systems.
A. Dictionary Attack: In a dictionary attack, an automated tool uses a predefined list of
words, phrases, and commonly used passwords as potential password guesses. It
systematically tries each entry from the list until a correct password is found.

1. In the dictionary attack, firstly the encryption algorithm used is found.

2. The encrypted password is then obtained.

3. From the lists of passwords, each password is encrypted using the same encryption
algorithm and matched with original encrypted password (obtained in step 2).

4. It matches each encrypted password with original encrypted password, until the match
is found.
5. If match is found, it show the password, else the procedure is repeated again.

6. Attack speed is around 250-300 words per second.

B. Lan Manager Hash : The LAN Manager (LM) hash is a legacy password hashing
algorithm primarily used in older versions of Microsoft Windows operating systems, such
as Windows 95, Windows 98, and Windows Me. It was designed for backward
compatibility and is considered extremely weak from a security perspective.
LM Hash is a algorithm by which the passwords are encrypted.
Algorithm of LM HASH :
1. Suppose the password created is 234567xyzabcd_.
2. Firstly, all the characters are converted into uppercase letters, i.e. 234567XYZABCD_.
3. If the password is shorter than 14 characters, it is padded with null characters to reach a
length of 14 characters.
4.Each half is used to create a DES encryption key.
5.These two keys are used to encrypt a fixed string (the challenge). The resulting
ciphertext is the LM hash.
Here's an example using the password "Password123":
Convert password to uppercase: "PASSWORD123"
Pad the password: "PASSWORD123\0\0\0\0\0"
Split into two halves: "PASSWORD" and "123\0\0\0\0\0"
C. Salting:
Salting is a prevention mechanism for the passwords. It disables or prevents deriving of
passwords from the lists of passwords. In salting, the two different hashes may contain
same passwords, hence the representation differs.
• Salting is a fundamental concept in password security and cryptographic hashing.

• It is a technique used to enhance the security of stored passwords and defend against
various types of attacks, particularly dictionary attacks and rainbow table attacks.

When a user creates or changes their password, the system generates a random salt for
that specific password. The salt is then concatenated (combined) with the user's plaintext
password.

For example, Salt: R4nd0mS@lt | Password: password123 | Salted Password:

R4nd0mS@ltpassword123

2. Explain the process of system cracking or hacking with a neat sketch.

A. PROCESS OF SYSTEM HACKING
A. Privilege Escalation :
In this, when the user gained access to the target system by any user account, next
requirement is to gain access into administrative account or to gain higher privileges than
that of administrator.
Identify and exploit vulnerabilities that allow for privilege escalation, enabling you to
gain higher levels of access than initially obtained.
Techniques might include:
• Exploiting software vulnerabilities to gain administrative access.
• Exploiting weak or misconfigured permissions to access sensitive files or systems.
• Leveraging weak user credentials or password hashes to escalate privileges.
• Exploiting misconfigured service configurations to gain control.

B. Executing Applications to maintain access :

Once the privileges are successfully escalated, attacker executes applications like
backdoors or Trojans to maintain his access into the system. This is one of the important
phase where attacker needs to be careful, else he might get caught.
Keyloggers: Keyloggers are specially designer software or hardware which are used to
track keystroke activities of the target system. Keylogger may also track every activity of
the target system.
C. Hiding into target system :
Rootkits:
A rootkit is a type of malicious software or code that is designed to hide itself or other
malicious processes from detection by security software, while also granting unauthorized
access or control over a computer system. Rootkits are often used by attackers to maintain
persistent access to a compromised system, allowing them to manipulate its behavior,
steal data, or perform other malicious activities.
D. Clearing the tracks :
once the attacker maintained the administrative level access into the target system. The
target may try to detect the presence of the attacker. When attacker is done with his work
inside the target system, he leaves the target system after installing a back door for future
access. Before leaving the system, attacker needs to cover all the tracks to not get caught.
1. Clearing Audit policy
2. Clearing Event viewer
3. Using alternate data stream

3. What is Trojan? Explain the working of Trojan and Backdoor.

A. Trojan is a malicious application developed for the specific purpose. It is a small
program or script which runs hidden or anonymously in a system. With the effect of
Trojan, an attacker may access to many credentials and sensitive information like stored
passwords, account details from the trojaned target.
• In the trojaned target, an attacker is able to perform several actions like reading the data,
showing up a message or change several possible things.
• An attacker may transfer files from target system to attacking system and can harm the
target to a very great extent.
• Generally this phase is used after gaining the access into the system.
• Once the attacker gain access into the system, he installs the Trojan or backdoors to
further maintain the access and for the future access in system.
Working of a Trojan :
Trojan horse, is a type of malicious software (malware) that disguises itself as something
legitimate or benign but, once activated, performs malicious activities on a computer
system without the user's knowledge or consent.
1. When the trojaned system comes online i.e. when the trojaned system is on active
connection, an attacker can access to that system.
Hence, it is must that target system is on active connection in order to have access of it.
2. Access enables attacker to deploy various attacks on the trojaned target. ATTACKER
Active Connection Trojaned Target.
Disguise and Delivery:
Trojans often masquerade as harmless or even desirable software. They may be
distributed through email attachments, malicious websites, or bundled with seemingly
legitimate programs.
Installation:
Once the user executes the Trojan by opening a file or running a program, the malicious
payload is installed on the system. This can happen without the user's awareness.

4. What is virus? Explain the working of virus.

A. Virus can be defined as the weakness of the system. Virus makes a system more
vulnerable to the attacker. Viruses are made to threaten the target system. Virus is a kind
of malicious program which is used to harm the target system. When virus is executed
into the target system, generally it replicates itself in many copies and infects the target
system.
Working of a Virus
1. An Attacker manages to let the virus executed into the system without any permission
and can replicates itself.
2. Once the virus is deployed into system, it starts infecting the system. Infecting includes
replicating the virus, hiding inside data and making system quite slower.
3. Once system is infected and comes under control of the virus, it starts attacking on the
target system. It makes the system slower and corrupts the data. Some viruses allow the
attacker to gain remote access of the system. At last the private and personal information
is under risk of being disclosed to the attacker.
4. A working of virus may vary according the intention of the developer. There are many
viruses which are used to defeat the security and compromise companies and take over
the data of business personals whereas some viruses are used for fun and prank purposes
and are quite harmless.
5.Give the characteristics of virus attacks. Mention the threats from a virus
attack.
A. Characteristics of a Virus Attack:
1. System take more time while booting, this is because some viruses are designed in such
a way that they enables some process during start up and this result into slower booting of
systems.
2. If a software application takes more time in executing than in general, sometimes
viruses are bind with particular executable file and when target opens that time, firstly
virus gets executed and this slower the execution of original application.
3. Freezing or unresponsive behaviour of system is one of the main characteristics of the
virus. Virus makes the system unresponsive and corrupts the system.
4. Unresponsive behaviour of hardware drives like disk-drive or usb ports may be a result
of virus attacks.
5. Some viruses infect the hardware which is used in daily activities like usb ports.
6. Data loss or sudden disappearance of files from the system is characteristics of virus
attack.
7. Sometimes shortcut folders are created as subfolders in the main folder which also
represents virus attack.
8. Unresponsive bios and booting issues.
9. Unwanted application starts running in background or foreground. These are some
commonly shown characteristics by each and every computer virus.
Threats from a Virus Attack:
Viruses are one of the powerful weapons used by an attack to compromise the target
system. A computer virus effects both hardware and software part. The corruption of
system and failure of hardware is the ultimate effect of virus on hardware.
1. Effect on Software Part :
• Slows down the system.
• Unresponsive behaviour of application.
• Increased system usage.
• Delay in booting the system.
• Unwanted deletion of data.
• Unauthorized activities in the system.
And in many other ways a virus may affect the computer software.
1. Data Manipulation.
2. Software Malfunction.
3. File and Program Corruption.
4. Backdoor Installation.
5. Resource Exploitation.
6. Propagation Through Software Vulnerabilities.
7. Disruption of Software Updates.
8. Encryption of Files (Ransomware).
9. Network Communication Interference.

2. Effect on Hardware part:

• Sudden power cuts or due to high system usage there may be damage to the hardware.
• Unwanted keystrokes and typo errors or change keyboard layout.
• Drives like USB drivers etc. became unresponsive. d. Unwanted crash of usb drives.
• Damage of data stored in removable media.
And in many other ways a virus may affect the Hardware.
1. Overutilization of Resources.
2. Reduced System Performance.
3. Hardware Damage due to Overheating.
4. Increased Wear and Tear.
5. Interrupted Power Supply.
6. Firmware Exploitation.
7. Interference with Peripheral Devices.
8. Propagation Through Removable Media.
9. Disruption of Hardware Communication.
10. Compromised Network Devices.

6. Differentiate amongst Trojan, virus, worm and attack.

A. Difference Between Virus, Worm, and Trojan Horse
Feature Virus Worm Trojan Horse
Definition A software that A standalone software A disguised
attaches itself to that replicates to software that steals
other programs to spread across information.
harm. systems.
Replication Replicates by Self-replicates Does not replicate
attaching to other without attaching to itself.
programs. other programs.
Remote control Can’t be controlled Can be controlled Can be controlled
remotely. remotely. remotely.
Spread Rate Moderate Fast Slow
Objective Modify or delete Consume system Steal sensitive
information. resources and slow information.
down systems.
Execution via infected via through deceptive
Method executable files. system vulnerabilities. software.
System Impact Can corrupt or Can cause significant an cause
delete files. slowdowns and significant
network congestion. slowdowns and
network
congestion.
 Infection Method Often spread Commonly spread Typically spread
through infected through network through downloads
files and email connections and and phishing
attachments. vulnerabilities. emails.
Detection Often detectable More difficult to Often hidden in
by antivirus detect as they exploit legitimate-looking
software. system vulnerabilities. software.
Damage Can cause loss of Can overload system Can steal personal
data and corruption resources and network and financial
of programs. bandwidth. information.

7. Draw the lifecycle of virus? give the classification of virus.

A. The lifecycle of a computer virus involves several stages, from its creation to its
execution on a host system.

1. Development:
The first phase is development of virus which can perform the desired tasks in the target
system. For the development of self - controlled virus whose behaviour can be changed as
per requirement, one should have sufficient knowledge of programming languages like
assembly, bash, c++ etc. .
There are some virus constructions kits are also available, which can create a virus with
pre-fixed features. Thousand varieties of viruses can be created using virus construction
kits.
2. Deployment & Replication:
Once the virus is developed, the main challenge is to deploy it into the target systems.
Virus may be sent within an attachment or can be transferred with a file shared or by
other direct or indirect means.
Once the virus gets deployed into the system, it starts replicating itself. A virus have
tendency to replicate itself. It replicates itself until it completely spread and infects the
target system.
3. Execution & Attack:
After the replication, the virus spreads in the target system and completely infects the
target system without any prior knowledge to the target. Now with the specified classes,
when user performs or starts something, it automatically activates and launches the virus.
Now the virus starts attacking into the system causing the unwanted behaviour of system.
Attacker virus performs specified attacks such as corrupting the data, freezing the system
or system failure. This is the main phase where the work of the virus is done and system
and information may get vanished.
4. Detection & Removal:
When the target notices about the unwanted activities and unresponsiveness, target starts
detecting the root cause. By using anti-viruses or anti-thefts targets starts hunting for the
root cause and tries to get rid of it.

8. Write a short note on virus construction kit.

A. Virus Construction Kit :
Virus construction kit is a tool for creating a virus having fixed attack or possibilities.
There are many virus construction kits are available over the internet. There is no need of
knowledge of any programming knowledge. It’s easy to use and construct viruses.
A. JPS Virus Maker:
DOWNLOAD :- http://sh3ll-h4ck3r.blogspot.in/2011/08/createyour-own-virus-with-jps-
virus.html
Using JPS (Virus Maker 3.0)
• JPS Virus Maker is a virus construction kit. It is freeware and no coding knowledge is
required to use it.
• There are many options like disable registry, hide services, clear windows XP etc. which
are basically the functions that virus will have.
• Tick all the function you want. Name the virus and click on create virus. Executable
virus file will be created.
• Now send this executable file to your target, sit back and enjoy.

9. Explain password cracking in detail. What countermeasures need to be taken

to withstand with password cracking?
A. Password cracking refers to the process of attempting to discover or guess a password
used to access a computer system, network, application, or account without the owner's
permission or knowledge.
• Password cracking techniques are used to recover passwords from computer systems.
• Attackers use password cracking techniques to gain unauthorized access to the
vulnerable system.
• Most of the password cracking techniques are successful due to weak or easily
guessable passwords.
Password-Cracking Countermeasures:
1. Min length for passwords 12 recommended.
2. Windows: SYSKEY (128bit) encryption
3. Linux: shadow passwords
4. Don’t use anything obvious
5. Polices to force changes, complex, and lockout
6. Monitoring
7. Use CAPTCHA: challenge/response test to ensure that the response is not generated by
a computer;
10. Write short notes on Keyloggers and describe how do they affect the system?
A. Keyloggers are specially designer software or hardware which are used to track
keystroke activities of the target system. Keylogger may also track every activity of the
target system depending upon the keylogger’s construction.
Keyloggers can be used for legitimate purposes, such as monitoring computer activity,
analyzing user behavior, or diagnosing technical issues. However, they can also be
misused for malicious purposes, such as stealing sensitive information like passwords,
credit card numbers, or personal messages.

Keyloggers are of two types :

1.Software Keyloggers:
• Software keyloggers are programs or scripts that are installed on a computer to capture
keystrokes.
• They can be installed deliberately by system administrators, parents, or individuals to
monitor computer usage.
• Malicious software keyloggers can be installed by hackers or attackers to capture
sensitive information without the user's consent.
2.Hardware Keyloggers:
• Hardware keyloggers are physical devices that are connected between the keyboard and
the computer.
• They capture keystrokes as they are entered and store them in internal memory.
• Hardware keyloggers can be more difficult to detect than software keyloggers because
they don't require software installation on the target system.
Using Refog keylogger :-
1. Download refog keylogger from following link :
2. Install it into the target system and allows it to run in background.
3. Tick the details which should be tracked by the keylogger like keystroke, websites
visited, etc.
4. Provide the email to which attacker need to receive the data stored by keylogger
keylogger.

11. What are the various ways in which a system can be hacked? Explain them.
A. Various ways of Hacking
Hacking is something from which you’ve to protect yourself and can solely be done by
anticipating how a hacker might think to get into the system.
 1. Phishing –In this type of hacking, the hacker intends to steal critical information
of users like account passwords, MasterCard details, etc.
2. Virus –These are triggered by the hacker entering the filters of the website once
they enter the website filters it. The purpose is to corrupt the information or
resources on the net website.
3. Cookie theft –Hackers access the net websites exploiting malicious codes and
stealing cookies that contain tips, login passwords, etc. Get access to your account
then will do any factor besides your account.
6. Distributed Denial-of-service(DDoS) –This hacking technique is aimed at taking
down a website so that a user cannot access it or deliver their service.
7. DNS Spoofing –This essentially uses the cache knowledge of an internet website
or domain that the user might have forgotten to keep up to date. It then directs the
data to a distinct malicious website.
8. Social Engineering --Social engineering is an attempt to manipulate you to share
personal info, sometimes by impersonating a trustworthy supply.
9. Cracking Password –Hackers will get your credentials through a technique
known as keylogging.

12. Explain the infection techniques of Trojan.

A. Infection Techniques
The target can be infected from the Trojan by the following ways :
1. Freeware Software & Games: Freeware software & games downloaded from the
untrusted websites are bind with Trojans, which on installing them automatically gets
executed in the background. Hence this is one of the easiest way to deploy the Trojan into
any system.
2. Attachments: Attachments in the emails or from various medium contains Trojan bind
with them. When the target opens the file, Trojan automatically get executed in the
background.
3. Instant messaging and social media: Trojan might be spread over the Instant
messaging and social media. From the study, it is concluded that attacker send some
malicious content or links to the target over IM’s and Social media which in turn contains
Trojans.
4. Browser & Extensions: Web browser and its extensions are sometimes infected with
Trojan. There are many extensions available which anonymously install the Trojans into
the system.
5. Untrusted websites: Trojan may get transmitted from the untrusted websites.
6. File Sharing and physical access: Physical access to the system or during file sharing,
attacker can transfer the Trojan into target system. Trojan automatically execute itself
without being detected.
7. Email Attachments: Malicious emails may contain attachments that appear to be
harmless documents (e.g., PDFs, Word documents) but actually contain a Trojan payload.
Opening these attachments can initiate the infection process.
8. USB Drives and Removable Media: Trojans can spread through infected USB drives
or other removable media. When users connect an infected device to their computer, the
Trojan may execute and spread to the host system.
9. Man-in-the-Middle (MitM) Attacks: Trojans can be delivered through MitM attacks,
where an attacker intercepts and manipulates communication between two parties. This
can be done to inject malicious content into legitimate downloads or updates.
10. Social Engineering: Trojans often rely on social engineering tactics to trick users into
executing malicious files. This can include deceptive emails, fake websites, or messages
that prompt users to download and run seemingly harmless files.
 UNIT – IV
1. What are various tools available for session hijacking? Give their features.
A. SESSION HIJACKING: An attacker tries to access the remote session of a target by
stealing the session id of the target. If the attacker is able to get the valid session id of
target system, he can easily access the active remote session of target. Using a session id,
an attacker can get access into the target system and take over the data.
SESSION HIJACKING TOOLS:
Hamster: Hamster is a powerful side-jacking tool.
Hamster comes preinstalled in kali linux. Session Hijacking Using Hamster:
1. Run Kali Linux.
2. Navigate to applications > Sniffing & Spoofing and open Hamster.
3. Hamster will start and it will show the proxy listing details (shown in first screenshot).
4. Open a new terminal and type “ apt-get install ferret”, to install the ferret.
5. Now open the browser and visit to the ip –address along with the configured port.
For ex : 127.0.0.1:1234
6. Hamster configuration window will open. Now there are some steps given to configure
the hamster for side jacking.
7. In the very first step, click on adapter menu and click on start sniffing.
8. Wait for few seconds and check whether packets are receiving or not.
9. Now wait till the target appears. Once the target appears click on the clone its session
to perform the cookie stealing.
10. Follow all the steps shown in hamster configuration window to perform a successful
side jacking attack.

2. What is the difference between data theft and identity theft? Explain with an
example (or) Explain identity theft in detail. Give its implications.
A. Data theft and identity theft are related but distinct concepts:
Data Theft:
- Unauthorized access, copying, or removal of sensitive data.
- Includes theft of:
- Personal identifiable information (PII).
- Financial information (credit card numbers, passwords).
- Confidential business data (trade secrets, intellectual property).
- Sensitive government data.
- Motivation: Financial gain, competitive advantage, or malicious intent.
- Examples: Hacking into databases or systems, Insider threats
Identity Theft:
- Unauthorized use of someone's personal identifiable information (PII) to:
- Impersonate the victim.
- Commit financial fraud.
- Includes theft of:
- Names.
- Social Security numbers.
- Driver's license numbers.
- Passport information.
- Credit card information.
- Motivation: Financial gain, personal benefit, or malicious intent.
- Examples: Opening credit accounts in someone else's name, Applying for loans or jobs
using stolen identities.

Prevention strategies:
1. Secure data storage and transmission.
2. Implement robust access controls.
3. Monitor accounts and credit reports.
4. Use strong passwords and 2FA.
5. Educate individuals on safe online practices.

3.Discuss human based and computer based social engineering techniques. (or)
Differentiate between human based social engineering and computer based
social engineering.
A. Social engineering is an art of human exploitation. Exploiting the human itself to gets
sensitive information. Social engineering play very big role in the hacking and
penetration testing.

HUMAN BASED SOCIAL ENGINEERING TECHNIQUES:

1. Phone Call:
A phone call is used for social engineering, an attacker owns a fake identity and tries to
get information from the target. An attacker behaves like or sounds in such a manner to
gain trust of the target over phone call. Now once the attacker succeeds in manipulating
the target, gaining information is not a big deal.
For Ex: Person A receive a phone call stating I am from XYZ University and this is to
inform you that your documents are missing or misplaced by the staff. Please provide
your following information to keep you admission secure.
2. Message:
Fake messages are sent to users to gain their personal and sensitive information. Those
messages seem very real and trust worthy but actually there is a hand of attacker behind
them.
For Ex: Person A receive a message, stating thank you for being the customer of XYZ,
you are our today’s lucky customer and have won a prize. Please provide your
information to confirm your prize. Now the person A thinks that the message is from
company and there is now harm in providing the information and hence replies back with
the asked information.
3. Dumpster Diving:
Looking for sensitive information in garbage or dumps is known as dumpster diving.
Sometimes, attacker may find a piece of paper or some important important documents
from which sensitive information can be retrieved. When penetration testing or hacking is
performed each and every possible aspect of gathering information is taken into
consideration.
4. Shoulder Surfing:
Looking at shoulder or guessing the password by viewing a person typing or indirectly
seeking into his hand movement to get password. Sometimes it provides quite sensitive
information.
5. Eavesdropping:
An attacker can look for the information without the permission and knowledge of the
target. Eavesdropping might be happened when someone is doing sort of transitions or at
any possible area where the information can be obtained by simply looking secretly.
Attacker sometime hears the verbal conversation of its target to gain some information.
COMPUTER BASED SOCIAL ENGINEERING:
1. E-Mail:
E-mails are widely used for the information exchange. Hence it is a major way by which
social engineering can be done. An attacker can send malicious files like Trojans or
viruses and which can exploit the target. Generally spammers send infected emails or
email containing infected files to the target
For Ex: A receives an email with an attachment, now the email seems to be from a
reputed company and hence A opens the mail. Now there is an attachment which is
named x.docs or maybe of any type. A download and opens the attachment for viewing.
In the background, a malicious application gets executed and now tracks every activity of
A’s system.
2. Ads and Pop-up screen:
While surfing over internet, user generally sees some sort of ads like discount on cloths or
mobiles. There are some strategies which are used to make user fool and gain their
personal information.
While downloading or visiting a website, sometimes popup window occurs showing
some interesting things which attract the user to follow the pop-up and ultimately they
end up with giving their information to the attacker. More or less, again there is a huge
chance of identity theft.
3. Phishing:
Phishing is one of the oldest but working techniques of social engineering. In the phishing
generally an attacker creates a fake webpage or fake login page which looks exactly same
as the original page.
Now-a-days, phishing has been extended. Phishing can be done by making fake pages, by
fake e-mail or fake applications.
For Ex:
A person receives an email that XYZ Company (reputed one) is launching an
Application. Apply for the beta-tester of the application and there is a link present to login
and download the application. User generally gets happy by seeing that he got a chance to
test the application for everyone.
Now, once he opens the link and register successfully, the page shows some message like
“ ooppss.. !! You missed the chance, We have already closed beta-tester application”.

4.What is sniffing? Compare active with passive sniffing techniques. (or) What
are various types of sniffing? Explain some active sniffing techniques
A. Sniffing is the process of intercepting the exchange of information between two hosts.
In sniffing, attacker intercepts the information which is exchanged in the form of packets
from the communication between HOST A and HOST B or simply client and server.
1. Active Sniffing:
In the active sniffing, sniffing is done through switch. An attacker tries to poison the
switch using fake or spoofed mac address. The ultimate aim is to poison the switch and
intercept every packets passing through it. In this, switch acts as intermediate. Now the
switch looks each and every mac address and sends the information on the connected

ports.
1. Packet Injection
2. Detection Risk
3. Use in Network Troubleshooting
4. Security Analysis
5. Malicious Use
6. Promiscuous Mode
Active sniffing may get detected easily and hence it is not efficient way of sniffing.
2. Passive Sniffing:
In the passive sniffing, sniffing is done through HUB. An attacker directly gets connected
to the hub and starts sniffing. This type of sniffing is often used for network analysis,
troubleshooting, and monitoring purposes. As the attacker is directly connected to the
hub, it is difficult to detect the sniffing and there are less chances of being caught. Passive
sniffing is quite easy as compared to the active sniffing. In the passive sniffing, hub acts

as an intermediate.
In the passive sniffing, hub acts as an intermediate. The packets are intercepted easily and
analysis process became smooth.
5.How packet analysis does causes a threat to user community? Explain.
A. PACKET ANALYSIS: Traffic monitoring and packet analysis is widely adopted by
corporates to stay away from security threats. Sometimes, packets transferred are infected
or contains malicious information.

In this case monitoring each and every incoming and outgoing packet is necessary.
1. Capture: Packet capture involves intercepting data packets as they travel through a
network. This can be done using hardware or software tools, such as network analyzers,
packet sniffers, or intrusion detection systems.
2. Inspection: Once captured, the individual packets are inspected to gather information
about their contents. This includes details such as source and destination IP addresses,
source and destination port numbers, protocol used (e.g., TCP, UDP), payload data, and
more.
3. Analysis: The captured packet data is analyzed to gain insights into network activity,
performance, and potential issues. Network administrators, security analysts, and
researchers use packet analysis to identify patterns, anomalies, and potential threats. They
can also use it to troubleshoot network problems, optimize network performance, and
ensure compliance with network policies.
4. Diagnosis and Troubleshooting: Packet analysis can help diagnose network issues
such as latency, packet loss, and connection problems. By examining the sequence of
packets exchanged between devices, analysts can pinpoint the source of problems and
take corrective actions.
5. Security Monitoring: Packet analysis is a crucial tool for monitoring network security.
It allows security professionals to detect suspicious activities, such as unauthorized access
attempts or data exfiltration, by examining the content and patterns of network traffic.
6. Forensics: In the event of a security breach or network incident, packet analysis can be
used for forensic investigation. Analysts can reconstruct the sequence of events leading
up to an incident by examining captured packets.
7. Performance Optimization: Network engineers can use packet analysis to optimize
network performance by identifying bandwidth-intensive applications, network
bottlenecks, and inefficient communication patterns.
8. Protocol Analysis: Packet analysis helps in understanding how different network
protocols are being used. It's especially useful when diagnosing issues related to specific
protocols, like HTTP, DNS, or VoIP.

6.What types of social engineering attacks can be simulated via social

engineering tools? Explain with examples
A. Social engineering tools can simulate various types of attacks to test an
organization's defenses and employee awareness. Here are some common types of
social engineering attacks that can be simulated:
1. Phishing Attacks:
- Email-based attacks that trick users into revealing sensitive information or clicking
malicious links.
- Example: Simulating a phishing email that appears to come from a CEO, asking
employees to update their login credentials.
2. Spear Phishing Attacks:
- Targeted phishing attacks on specific individuals or groups.
- Example: Simulating a spear phishing email that appears to come from a colleague,
asking for sensitive information.
3. Whaling Attacks:
- Targeted phishing attacks on high-level executives or decision-makers.
- Example: Simulating a whaling email that appears to come from a government
agency, requesting sensitive information.
4. Pretexting Attacks:
- Attacker creates a fake scenario to gain trust and extract information.
- Example: Simulating a pretexting call from a "tech support" representative, asking
for login credentials.
5. Baiting Attacks:
- Attacker leaves a malicious device or storage media for the victim to find.
- Example: Simulating a baiting attack by leaving a USB drive with malicious
software in a public area.
6. Quid Pro Quo Attacks:
- Attacker offers a service or benefit in exchange for sensitive information.
- Example: Simulating a quid pro quo email that offers a "free" security scan in
exchange for login credentials.
7. Smishing Attacks:
- SMS-based phishing attacks.
- Example: Simulating a smishing text message that appears to come from a bank,
asking for account information.
8. Vishing Attacks:
- Voice-based phishing attacks.
- Example: Simulating a vishing call that appears to come from a bank, asking for
account information.
Social Engineering Tools:
1. Phishing simulation tools: KnowBe4, PhishMe
2. Social engineering frameworks: Social Engineer's Toolkit (SET)
3. Penetration testing tools: Metasploit, Burp Suite
4. Email security testing tools: Email Security Grader

7. What is phishing? Mention some types of phishing attacks.

A. PHISHING PROCESS:
1. First an attacker creates the replica of original website and check whether there is
anything which can be easily detected. After the successful creation, sometimes attacker
runs the phishing site on local host using the software like “xampp”.
2. Once the phishing site runs with zero error on the local host, attacker register for a fake
domain and fake hosting provided fake information. Attacker tries to keep the domain
look similar to the original one.
For ex : original domain – xoxox.zxv . Now attacker tries to keep fake domain like :
x0x0x.zxv etc. which is not easily noticed by the user.

3. Once the phishing site is live, now attacker targets the users and send phishing link via
mail or over the chats in such a way that user get manipulated and opens the link. Once
user login to the link, his credentials are recorded.
Types of phishing Attacks:
1. Man in the middle attack (MITM): In MITM, Attacker sits between the source and
destination. Attacker monitors and sniffs the activities of the target and tries to get the
credentials. MITM can be performed over http as well as https. Generally the user is
redirected to a proxy server and real proxy is not used which makes this attack more

successful.
2. Cross site scripting (XSS): XSS attack is generally performed by injecting code
injection in the url parameters or input data field. Generally xss is carried out by url
formatting. Xss may be persistence or DOM based

3. URL Redirection: Attacker shares a link to the target user which on opening redirects
to the phishing page. Attacker tries to keep the link as similar as the original so that there
are less chances of being caught. This is one of the traditional methods of performing the
phishing attack.
4. Site cloning : Site cloning is generally performed directly by the Social Engineering
Toolkit (SET) which comes pre-installed in kali linux. It creates the clone of site on the
local ip of the attacker. When the target & attacker both share the same network, site
cloning is useful.
5. Keylogger or Malware Based : Attacker can inject malware into the target system by
the means of e-mail or any method or installs the keylogger which tracks every activity of
the target and anonymous sends the data record to the attacker when target system goes
online.

8. Describe the step by step procedure to be followed in session hijacking.

A. SESSION HIJACKING: An attacker tries to access the remote session of a target by
stealing the session id of the target. If the attacker is able to get the valid session id of
target system, he can easily access the active remote session of target. Using a session id,
an attacker can get access into the target system and take over the data.
Steps Involved in Session Hijacking:
1. An attacker sits between the two communicating hosts, i.e. tries to sniff the
communication packets.
2. Attacker intercepts the packets and analyse every packet.
3. Now attacker exploits the target’s active session once he analysed and found required
tcp packets.
4. Attacker disconnects the target from its current session and takes over the session of
the target host.
5. Now attacker tries to exploit the target host by injecting the infected packets into the
target host.

9. Elaborate on various types of session hijacking? Give their merits and

demerits.
A. Types of Session Hijacking:
1. Active :
In active session hijacking, an attacker is able to manage stealing active and valid session
id of the target user. Attacker disconnects the target from the active session and takes over
that active session.
How active session hijacking typically works:
Session Token or Cookie-When a user login to a website, they assign a session token or
cookie.
Interception- The attacker intercepts the session token or cookie.
Use of Stolen Token-They use it to impersonate the legitimate user.
Unauthorized Access-The attacker can perform actions of criminal activities as
malicious attack.
2. Passive :
In the passive session hijacking, an attacker sits between two communicating host and
analyse their communication packets traffic.
➢ Passive session hijacking, also known as session eavesdropping, is an attack in which
an unauthorized party monitors and intercepts communications
➢ After getting the session id or valid cookie, attacker hijacks the session but doesn’t
perform any exploit.

How passive session hijacking typically occurs:

1. Monitoring Communication: The attacker secretly monitors the communication
between a user and a system, such as a website or an application.
2. Capturing Session Data: The attacker captures data exchanged during the session,
including session tokens, cookies, or other authentication credentials.
3. Analyzing Captured Data: Once the data is captured, the attacker analyzes it to
extract sensitive information, such as session identifiers or authentication tokens.
4. Unauthorized Access: With the information obtained through passive session
hijacking, the attacker may gain unauthorized access to the user's account or system.

10. How does identity theft differ from financial fraud? Give a case study.
A. Difference between identity theft vs identity fraud
Identifying different kinds of identity thefts and identity fraud provides better
understanding on how the victims of fraud can protect themselves and take preventive
measures.
Identity theft
• Unsecure browsing:
Most websites use SSL encryption to protect customer information. But if you use any
website that isn’t protected, hackers could access your information easily.
• Dark web:
Hackers often use the dark web where their browsing and other online activity remain
hidden. If your information is sold on the dark web by hackers, it’s unclear how that
information will be utilised.
• Malware activity:
By tricking you into installing a malware, hackers can access your system or network and
even provide backdoor access to a third party.
• Phishing and spam:
Phishing is a message or an email that appears to be from a legitimate business. The goal
is to make you enter your information and make purchases.
• Wi-Fi hacking:
Many people don’t use an updated firewall or a VPN while conducting online
transactions. Every time you connect your system to a public network, you could be at
risk.

Identity financial fraud

• Credit card identity theft:
This is one of the most common thefts where a hacker steals your credit card information
to make purchases, duplicate cards, or sell the information for profit.
• Mobile phone theft:
From banking to online purchases and emails, everything happens on a mobile phone.
Stealing a smartphone is perhaps the easiest way to access all the accounts.
• Credit/debit card skimming:
This involves a fake credit card machine installed in ATMs or fuel stations that copies
your details and helps the hackers create duplicate cards.
• Tax ID theft:
Hackers could file taxes in your name and collect the refund. They can even fill in
inflated figures to claim a higher refund.
• Data breaches:
It happens when fraudsters access the database of a company without legitimate
authorisation. They could target credit card information, full names, and social security or
national identification numbers.

11. Explain the process of social engineering with a neat diagram.

A. Social engineering is an art of human exploitation. Exploiting the human itself to gets
sensitive information. Social engineering play very big role in the hacking and
penetration testing.
Process of Social Engineering:
1. Analysis: Analysis is one of important factor at any stage of life as well as in
penetration testing. If an attacker wants to perform social engineering attack at any
corporate structure, first requirement is to analyse the human behaviour of employees and
officers. Hence before targeting any random human, an attacker needs to analyse the
whole target structure.
2. Selection: After careful assessment, now attacker selects the most vulnerable human
with which he can perform social engineering and can get some sensitive information.
While selecting sometimes attacker choose medium or least vulnerable person if the
position of that person is higher. Hence for successful attack, an attacker needs to choose
the target person very carefully.

3. Maintain relationship: Once attacker knows his target, he tries to make good
relationship with the target. Directly or indirectly attackers comes into contact with the
target and tries to take his faith and trust. In this phase, the motive of attacker is to gain
trust of the target. Once target starts believing in attacker, it becomes quite easy to
perform social engineering attacks.
4.Attack: This is the ultimate phase, in this phase an attacker performs attack which may
be in-person or live attack. Attacker tries to gain sensitive information from the target by
the sake of faith and trust. If the attacker is able to maintain good relationship, he can
easily exploit and gain access to the sensitive information.
These are the simple process which is followed by an attacker while performing.

12.Discuss the social Engineering tool kit (SET) merits and demerits.
A. Social engineering toolkit is one of the powerful packages which contain tons of social
engineering tools. SET comes pre-installed in kali linux. Set can be downloaded into
other operating systems too. SET is an open source framework which is freely available.
Social Engineering toolkit have ability to perform various attacks like tabnapping, site
cloning, etc.
Site Cloning using Social Engineering Toolkit :
1. Run kali linux and search social engineering toolkit.
2. Open Social engineering toolkit and agree the licence agreement.
3. 6 options will be shown up illustrating various kind of attack methods.
4. Select (1) which is Social-Engineering Attacks.
5. 10 options will be shown up illustrating various kinds of attack vectors.
6. Select (2) which is Website Attack Vectors.
7. 8 options will be shown up illustrating various kinds of attack vectors.
8. Select (4) which is Tabnapping Attack Method.
9. 3 options will be shown up illustrating various kinds of attack vectors.
10. Select (2) which is Site Cloner.
11. It will ask for IP Address on which the Site will be cloned, Provide the ip address of
kali machine.
12. Now, it will ask for the URL of the website to clone. Input the desired website.
13. This will starts cloning.If the service is’nt on, it will ask for turning it on. Input with
‘y’to turn on.
14. Now send the ”ip address”. Remember, target and attacker needs to be on same
network.
15. Passwords will stored in directory named “VAR/WWW “in the log file.
 UNIT – V
1.Explain vulnerability assessment in detail.
A. “vulnerability is weakness present in any system. Vulnerability gives attacker
advantage to use it to exploit the target system.”
➢ Vulnerability is also termed as loophole or bug. A bug is a technical error due to
which a system or service became vulnerable.
➢ Researcher finds the bug and reports them so that the vulnerability might get
patched and the security of service increase.
➢ Vulnerability may be due to human error or due to missing lines of codes or
improper development.
➢ Vulnerability is a sign of danger, more the vulnerability are associated with the
system, less security is associated. Vulnerability is of many types.

A Newly discovered vulnerability is known as ZERO-DAY. Zero-day is fresh

vulnerability.
If a system is vulnerable, exploitation could be done.
Generally the penetration testing and vulnerability assessment is done in following:
1. Web Application Penetration testing
2. Network and Server Side Penetration testing
3. Android Application Penetration testing
4. IOS Application Penetration testing
5. Client Side Penetration testing
There are many big giant like Microsoft, Google, Facebook, etc. who runs their own bug
bounty program every year. Top vulnerability list is defined by the OWASP.

2. How does watermarking safeguard data? Describe.

A. Watermarking: Watermarking Is a similar process to the steganography, which is
used for the protection of the documents by keeping a copyright of the owner. Its primary
goal is not to be destroyed or extracted. Watermarking is generally used with multimedia
files to protect the intellectual property rights. Watermarks are also used with documents
which are visible watermarks. It may be used to make information temper proof by using
as fingerprint to the information for detection of changes.
3.Describe the use of hash functions in cryptography and ethical hacking
A. Hash Functions:
Hash functions are also defined as one-way cryptography. A hash function is a
mathematical function that takes an input and produces a fixed-size string of characters,
which is typically a hash value or hash code. The output, often referred to as the hash
digest, is a unique representation of the input data. In the hash functions there is no
involvement of the key during the encryption process. The plain text information is
converted into hash by the suitable algorithm.
Fixed Output Size: A hash function produces a fixed-size output regardless of the size of
the input. For example, the SHA-256 hash function always produces a 256-bit (32-byte)
hash value.
Deterministic: For the same input, a hash function will always produce the same output.
This property is crucial for consistency and reliability.
Efficient: Hash functions should be computationally efficient, allowing for quick
calculation of the hash value.

Practical:
1. True Crypt:
TrueCrypt was known for providing on-the-fly encryption, allowing users to create
encrypted virtual disk drives or encrypt entire storage devices such as hard drives or USB
flash drives.
2. Online MD5 Encryption :
1. Open your web browser and visit to www.md5encryption.com.
2. Input message which you want to encrypt and click on encrypt it.
For Ex: Hello
3. The MD5 hash will be generated.
For Ex: f814893777bcc2295fff05f00e508da6
3. Using SHA-1 :
Open your browser and go to “ www.sha1-online.com ” . z Now it will open a website
from where you can convert your simple text into sha-1 hash.
for ex : in below fig. text is “I want to be a hacker of ethics” and click on hash button.
Now you can have your sha1 hash. It is alphanumeric hash.
4.Elaborate on the steganography methods and attacks.
A. “Steganography is an art of hiding the information within the files”.
Methods:
1. Traditional Methods
a. Hidden Tattoos:
This method involves embedding information by slightly altering the pixels of an image.
The changes are not perceptible to the human eye, but can be detected by steganography
s/w.
b. Using wax paper:
In this method, information is written with invisible ink on a piece of paper, which is then
covered with wax. The message becomes visible when the wax is removed.
c. Using the news articles by highlighted text method :
This method involves sending a seemingly innocuous text, like a news article, where
certain words or letters are highlighted.
d. Microdots and symbolic communication:
Microdots are tiny dots printed with text that are too small to be seen by the naked eye.
These microdots can be hidden within printed text or images.
2. Modern Methods
Plain Text:
In plain text steganography, hidden information is embedded within a regular text
document. Plain text steganography can be done by using the letters present in a
paragraph or sentence
Hyper Text:
Hyper Text steganography involves hiding data within HTML documents. Generally the
message is hidden within the file using the comments which is generally not visible to a
normal user and hence can be viewed by the inspection of source code and hence might
be used for steganography
Image:
Digital images are a common carrier for hidden data. Techniques like LSB (Least
Significant Bit) insertion altering the least significant bits of the pixel values in an image
to encode hidden information
Video:
Videos can be used to hide information by manipulating frames, changing pixel values
audio.Video steganography methods aim to embed data within the video frames without
causing noticeable changes to the video quality.
Audio:
Similar to image steganography, audio steganography involves hiding data within audio
files. Techniques like LSB manipulation can be applied to audio samples or channels to
embed hidden information.
Executable Files:
Steganography can be applied to executable files by modifying specific portions of the
file without affecting its functionality. This method involves embedding data within the
binary code of executable files.
Network Packets:
Steganography in network packets involves concealing data within the headers or payload
of network packets. This technique is often used for covert communication over a
network, where the hidden information is transmitted within seemingly normal network
traffic.
Steganalysis Attacks:
1. Stego-Only Attack :
In this type of attack only the stego file is available to the attacker. It means that an
attacker can only access the stego file to retrieve the hidden message.
Detecting the presence of hidden information in the stego-object and extracting the
hidden data without knowledge of the original cover object present significant challenges,
especially if strong steganographic techniques have been employed to ensure the hidden
data is imperceptible and difficult to detect.
2. Cover Attack :
In cover attack, an attacker compares the original file with stego file to detect the pattern
differences. For ex : an original and stego image is compared to know the pattern variance
in that to find whether the steganography is done or not.
3. Visual Detection :
Steganography can also be detected by using visual lookup. Sometimes the unusual
variance and patterns can lead to the failure and detection of the steganography. Generally
due to lack of proper encrypting within the image, it is detected by viewing the image.
Specially, in case when the steganography is done using colour variance.

5. Discuss the role of digital signatures in cryptography.

A. Digital Signature:
Digital signature is used for defining the authenticity of the digital documents. It is based
upon private key encryption because the user locks the document by using his digital
signature.
Digital signature is an electric signature of the user which is used for secure digital
purposes and used for authenticating confidential information.
To generate a random private key, a key generation algorithm is used which select a
random key from the possible keys.

Generated private key and information is combined by using the signing algorithm.
➢ Key Generation Algorithms: Digital signature is electronic signatures, which assure
that the message was sent by a particular sender.
➢ Signing Algorithms: To create a digital signature, signing algorithms like email
programs create a one-way hash of the electronic data which is to be signed.
➢ Signature Verification Algorithms : Verifier receives Digital Signature along with
the data. It then uses Verification algorithm to process on the digital signature and the
public key and generates some value.
6. Give the features of The Open Web Application Security Project (OWASP).
(or) What services are provided through OWASP? What tool does OWASP
provide that can be used to find vulnerabilities?
A. THE OPEN WEB APPLICATION SECURITY PROJECT (OWASP)
OWASP is an international open source foundation. Owasp declares the list of top
vulnerabilities on the basis of threat level and risk factor. This list is known as OWASP
TOP 10.
OWASP Top 10 vulnerabilities are recognized as the standard vulnerability list. Threat
from these vulnerabilities is very high and cause potential damage to the web application.
OWASP also declares the list for Mobile vulnerability with the name of OWASP Mobile
Security Project.
OWASP Zed Attack Proxy (ZAP) is one of the open source tool used for penetration
testing.
OWASP Zap is available online for free. It helps the user to automatically find security
vulnerabilities in the target website.
This is mostly useful when you want to test developing web applications. OWASP ZAP
is also used for manual penetration testing and generally used by professionals for manual
testing. OWASP ZAP comes pre-installed in kali linux.
OWASP TOP 10 (2013):
➢ OWASP TOP 10 is a flagship project of OWASP foundations. It is the list of 10
most threatening vulnerabilities which are found in web applications.

➢ All the penetration tester and bug bounty hunters follows OWASP TOP 10
Vulnerability standard while testing web applications.

➢ OWASP Projects are open source and for awareness purpose.

➢ OWASP TOP 10 will be revised By 2016 end or in 2017.

➢ Following are the top 10 vulnerabilities:
➢ 1. Injection.
➢ 2. Broken Authentication and Session Management.
➢ 3. Cross-Site Scripting (XSS).
➢ 4. Insecure Direct Object References.
➢ 5. Security Misconfiguration.
➢ 6. Sensitive Data Exposure.
➢ 7. Missing Function Level Access Control.
➢ 8. Cross-Site Request Forgery (CSRF).
➢ 9. Using Components with Known Vulnerability.
➢ 10. Un-validated Redirects and Forwards.

7.Describe the process of steganography with a neat sketch.

A. Steganography is an art of hiding the information within the files.
Steganography Process:
1.The target message is first encrypted and then combined with the target file by the
means of special tools which have permissions to modify the files.
2.The encrypted data is appended with the target file by using special algorithms which
makes the data hidden into the file and makes it invisible to naked eyes.
3.The information is visible to the some special exceptional programs which are designed
for steganography analysis

8.How Damn Vulnerable Web Application (DVWA) is installed and tested? (or)
What are the merits and demerits of DVWA?
A. DAMN VULNERABLE WEB APPLICATION (DVWA):
Damn Vulnerable Web Application (DVWA) is a specially designed vulnerable web
application which is used to learn real time vulnerability assessment.
DVWA contains most of the vulnerabilities. A tester can perform testing on it. It is
completely open source project.
Download DVWA: http://www.dvwa.co.uk/
Installing DVWA on Local Host:
1.Download the DVWA package from its website.
2.Download XAMPP to run DVWA on local host. Download XAMPP:
https://www.apachefriends.org/download.html
3.Install and Run the XAMPP Control Panel.
4.Install Apache and MySql Server from XAMPP control panel and allow them through
firewall. 5.Extract the DVWA archive downloaded and put the folder into “
C:\xampp\htdocs”.
6.Now DVWA will run on your local host.
7.Open your browser and type “ 127.0.0.1” or “localhost” to open the local host server.
This is generally used for the testing web application on local server.
8.Navigate to “127.0.0.1/dvwa/login.php” or “localhost/dvwa/ login.php”. Username :
admin Password : password.
9.A MySql error will be encountered. Now navigate to : “C:\
xampp\htdocs\dvwa\config\config.inc.php”.
10.Open this file using any text editor and find the line : “$ DVWA[’db
password’]=’p@ssw0rd’ “
11.Change this line to the following :“ $ DVWA[’db password’]= ‘ ’ ” 12. Now again
visit to the dvwa login page and this time no error would be encountered.
9.What are the requirements of watermark? Give its limitations.
A. Requirements of Digital Watermarking:
1. Transparency: Watermark should be imperceptible to the human eye.
2. Robustness: Watermark should resist various attacks (e.g., compression, scaling).
3. Security: Watermark should be difficult to remove or tamper with.
4. Capacity: Watermark should carry sufficient information (e.g., ownership).
5. Perceptual Quality: Watermarked data should maintain original quality.
6. Unambiguous Ownership: Watermark should clearly identify owner.
7. Efficient Detection: Watermark detection should be fast and accurate.
8. Scalability: Watermarking scheme should work with various data types.

Limitations of Digital Watermarking:

1. Capacity constraints: Limited amount of data can be embedded.
2. Robustness issues: Watermarks may not survive all transformations.
3. Detection complexity: Watermark detection can be computationally expensive.
4. False positives: Incorrect detection of watermarks.
5. Security vulnerabilities: Watermarks can be compromised.

10.List and explain the major challenges of Steganography.

A. Steganography, the practice of hiding secret information within non-secret data, faces
several challenges:
Technical Challenges:
1. Capacity: Limited capacity to hide large amounts of data.
2. Security: Vulnerability to detection by steganalysis techniques.
3. Robustness: Resistance to data degradation or manipulation.
4. Data Integrity: Maintaining original data's integrity.
5. Compression: Difficulty hiding data in compressed files.
Real-World Challenges:
1. Legal and Ethical Issues: Balancing security with privacy concerns.
2. Standardization: Lack of standardized steganography protocols.
3. Integration: Incorporating steganography into existing systems.
4. User Awareness: Educating users about steganography.
5. Forensic Analysis: Detecting and analyzing steganography in digital forensics.

11.What are the five types of vulnerability assessments? What questions need to
be asked during vulnerability assessment?
A.Vulnerability assessment is the process of identifying the threats or weaknesses in
computer systems, networks, and software, along with the inherent risks they introduce.
Vulnerability Assessment Types
Several types of vulnerability assessments can be conducted, including:
1. Network-Based Vulnerability Assessment
A network-based vulnerability assessment identifies vulnerabilities in network devices
such as routers, switches, firewalls, and other network infrastructure components. The
primary goal of a network-based vulnerability assessment is to identify weaknesses in the
network that attackers could exploit to gain unauthorized access, steal data, or launch
attacks.
2. Application-Based Vulnerability Assessment
An application vulnerability assessment is a process of reviewing security weaknesses in
software applications(Layer 7) including websites, mobile apps and APIs. It examines if
the apps are susceptible to known vulnerabilities and assigns severity/criticality levels to
those vulnerabilities, recommending remediation or mitigation if and whenever needed.
3. API-Based Vulnerability Assessment
API vulnerability assessment is conducted to identify and mitigate potential security risks
in APIs. The goal is to ensure that the API is secure, reliable, and resilient to attacks.
4. Host-Based Vulnerability Assessment
A host-based vulnerability assessment identifies vulnerabilities in individual host
systems, including servers, workstations, and laptops. Host-based vulnerability
assessments can be performed using both automated and manual methods.
5. Wireless Network Vulnerability Assessment
A wireless network vulnerability assessment focuses on identifying vulnerabilities in
wireless networks, including Wi-Fi networks. These assessments typically involve testing
the wireless network for common vulnerabilities, such as weak encryption, default
passwords, and rogue access points.
6. Physical Vulnerability Assessment
A physical vulnerability assessment identifies vulnerabilities in physical security
measures, such as locks, surveillance cameras, and access control systems.
7. Social Engineering Vulnerability Assessment
A social engineering vulnerability assessment identifies vulnerabilities in human
behaviour, such as phishing attacks and other social engineering techniques.
8. Cloud-Based Vulnerability Assessment
A cloud-based vulnerability assessment identifies vulnerabilities in cloud infrastructure
and services, such as Amazon Web Services (AWS) and Microsoft Azure.
During a vulnerability assessment, the following questions should be asked to
identify potential security risks:
1. What are the network architecture and topology?
2. Are firewalls and intrusion detection/prevention systems (IDPS) in place?
3. Are network devices (routers, switches, etc.) securely configured?
4. Are VPNs and remote access protocols securely implemented?
5. Are network services (DNS, DHCP, etc.) securely configured?

12.What techniques are used in steganography? Explain them

A. Steganography is a means of concealing secret information within an otherwise
mundane, non-secret document or other media to avoid detection.
Steganography Techniques Explained
1.Secure Cover Selection
Secure Cover Selection involves finding the correct block image to carry malware. Then,
hackers compare their chosen image medium with the malware blocks. If an image block
matches the malware, the hackers fit it into the carrier image, creating an identical image
infected with the malware. This image subsequently passes quickly through threat
detection methods.
2.Least Significant Bit
That phrase almost sounds like a put-down, doesn’t it? However, in this case, it refers to
pixels. Grayscale image pixels are broken into eight bits, and the last bit, the eighth one,
is called the Least Significant Bit. Hackers use this bit to embed malicious code because
the overall pixel value will be reduced by only one, and the human eye can’t detect the
difference in the image. So, no one is even aware that anything is amiss, and that the
image is carrying something dangerous within.
3.Palette-Based Technique
Like the Least Significant Bit technique, the Palette-Based Technique also relies on
images. Hackers embed their message in palette-based images such as GIF files, making
it difficult for cybersecurity threat hunters or ethical hackers to detect the attack.