Microproject Title -

Network Hacking
 INDEX

Sr. Content Page No.

No

1 Rationale 5

2 Aim of the microproject 5

3 Course Outcomes 6

4 Literature review 6

5 Actual Methodology Followed 6

6 Actual Resources Used 7

7 Entire info of the micro project 8 to 22

8 Skills Developed 23

9 Applications 23

10 Conclusion & References 24

 Emerging Trends in Computer and Information Technology
5

Networking Hacking

1.0 Rational: -
Network hacking refers to the act of gaining unauthorized access to a
computer network and its infrastructure resources, such as devices, servers,
software, and other services. Network hacking involves gathering
information about a target network, identifying vulnerabilities, and exploiting
them to gain access. A variety of tools and techniques are used to identify
potential security threats in computer networks.
Network Hacking is gathering an information from network and computers
over the internet.

2.0 Aims and benefits of the micro project:

Network hacking is a serious threat to computer networks and systems.
It is important for individuals and organizations to understand the risks
and implement appropriate security measures to prevent unauthorized
access to their networks and data.
 Emerging Trends in Computer and Information Technology
6

3.0 Course outcomes achieved: -

 Describe Network Infrastructure Vulnerabilities
 Describe Messaging Systems
 Project Management Skills
 Creativity and Innovation

4.0 Literature review: -

The Explosive growth of the Internet has brought many good things such as
E-commerce-banking, E-mail, cloud computing, but there is also a dark side
such as Hacking, Backdoors, Trapdoors etc. Hacking is the first big problem
faced by Governments, companies, and private citizens around the world.
Hacking means reading emails of someone, stealing passwords, stealing
credit card numbers etc. An ethical hacker is one who can help the people
who are suffered by these hackings. This project describes about Network
hackers, it’s types and phases of hacking.

5.0 Actual Methodology followed: - o First, I think

about topic and then decided the topic of project. o
Did some research on the selected topic.
o We focused on the materials we needed, as well as
gathered information about Networking hacking and
its tools.
o Collecting some pictures about network hacking for
describing much better and easily.
o Prepared a report and Checked for any further
changes to be done in the project.
o Created final report of the project and submitted to
the teacher.
 Emerging Trends in Computer and Information Technology
7

6.0 Actual Resources uses: -

Sr. Name of Specifications Quantity Remarks

No Resources/material
1 Book Emerging Trends 01 -
in Information and
Technology
2 Book Network Hacking 01 -
Author
Dylan Mach
3 Website https://www.networken 01 -
cyclopedia.com
https://www.insecure.in
 Emerging Trends in Computer and Information Technology
8

Information:
1) Network Infrastructure :-
To have secure operating systems and applications, you need a secure
network. Devices such as routers, firewalls, and even generic network hosts
(including servers and workstations) must be assessed as part of the security
testing process.
There are thousands of possible network vulnerabilities, equally as many
tools, and even more testing techniques. You probably don't have the time or
resources available to test your network infrastructure systems for all possible
vulnerabilities, using every tool and method imaginable. Instead, you need to
focus on tests that will produce a good overall assessment of your network
and the tests I describe in this chapter produce exactly that.

You can eliminate many well-known, network-related vulnerabilities by

simply patching your network hosts with the latest vendor software and
firmware updates.
 Emerging Trends in Computer and Information Technology
9

2) Network Infrastructure Vulnerabilities: -

Network infrastructure vulnerabilities are the foundation for most technical
security issues in your information systems.
These lower-level vulnerabilities affect practically everything running on
your network. That's why you need to test for them and eliminate them
whenever possible.
Your focus for security tests on your network infrastructure should be to find
weaknesses that others can see in your network so you can quantify and treat
your network's level of exposure.

When you assess your company's network infrastructure security, you need
to look at the following:
 Emerging Trends in Computer and Information Technology
10

• Where devices, such as a firewall or an IPS, are placed on the network

and how they're configured
• What external attackers see when perform port scans and how they can
exploit vulnerabilities in your network hosts
• Network design, such as Internet connections, remote access
capabilities, layered defences, and placement of hosts on the network
• Interaction of installed security devices, such as firewalls, intrusion
prevention systems (IPSs), antivirus, and so on
• What protocols are in use, including known vulnerable ones such as
Secure Sockets Layer (SSL)
• Commonly attacked ports that are unprotected
• Network host configurations
• Network monitoring and maintenance

If someone exploits a vulnerability in one of the items in the preceding list

or anywhere in your network's security, bad things can happen:
▪ An attacker can launch a denial of service (DoS) attack, which can take
down your Internet connection or your entire network.
▪ A malicious employee using a network analyzer can steal confidential
information in e-mails and files sent over the network.
▪ A hacker can set up back-door access into your network.
▪ A contractor can attack specific hosts by exploiting local vulnerabilities
across the network.
▪ Test your systems from the outside in, and the inside in (that is, on and
between internal network segments and demilitarized zones [DMZS]).
▪ Obtain permission from partner networks to check for vulnerabilities on
their systems that can affect your network's security, such as open ports,
lack of a firewall, or a misconfigured router.
 Emerging Trends in Computer and Information Technology
11

3) Scanning-Ports: -
A port scanner shows you what's what on your network by scanning the
network to see what's alive and working. Port scanners provide basic views
of how the network is laid out. They can help identify unauthorized hosts or
applications and network host configuration errors that can cause serious
security vulnerabilities.
The big-picture view from port scanners often uncovers security issues that
might otherwise go unnoticed. Port scanners are easy to use and can test
network hosts regardless of what operating systems and applications they're
running. The tests are usually performed relatively quickly without having to
touch individual network hosts, which would be a real pain otherwise.
The trick to assessing your overall network security is interpreting the results
you get from a port scan. You can get false positives on open ports, and you
might have to dig deeper. For example, User Datagram Protocol (UDP) scans
like the protocol itself are less reliable than Transmission Control Protocol
(TCP) scans and often produce false positives because many applications
don't know how to respond to random incoming UDP requests.
 Emerging Trends in Computer and Information Technology
12

If your results don't match after you run the tests using different tools, you
might want to explore the issue further. If something doesn't look right such
as a strange set of open ports it probably isn't. Test again; if you’re in doubt,
use another tool for a different perspective.

Port Service Protocols

No
7 Echo UDP
19 Chargen TCP, UDP
20 FTP data (File Transfer Protocol) TCP
22 SSH TCP
23 Telnet TCP
8080 HTTP HTTP proxy TCP
443 HTTPS (HTTP over TLS) TCP

4) Ping Sweep: -

 What is Ping Sweep?

The IP address has many functionalities. Ping sweep is a term related to it.
Scanning ping is one of the most efficient ways to find network vulnerabilities
and tackle network-related discoveries. It also saves lots of time because the
procedure related to ping sweep is pretty simple. Pinging a simple service
similar to google.com gives back many results and we can learn our situation
depending on the result we get back. Pinging a network or system allows us
to determine if a host is alive or dead. This network-based utility can ping one
 Emerging Trends in Computer and Information Technology
13

simple IP or brute check a list of IPs in a single or continuous scan. In

response to pinging a host, we get back data as an echo. By calling it alive,
we can identify if the system is active and what is the network-based status
around it. And dead means the host is either inactive or non-responsive or in
shutdown mode. Hosts can be the network servers, computers, websites,
printers, or any remote network device.

 Purpose of Ping Sweep

Ping sweep is used to gain various information over the host. It has the
potential to address a range of IPs for live mapping. In regular pinging, we
have echo request and echo-response functions. It’s a way of data request and
gaining sufficient knowledge on a network device. It can also map a range of
IPs. Echo request reveals information regarding the IP we ping. Local pinging
directs via local DNS server and input has a round-trip time (RTT). But ping
sweep uses ICMP echo request. It can send packets of data to reveal in-depth
information about a host or range of hosts. Finding out live and dead Ips,
detecting bad traffic and rogue network devices, and matching only permitted
IPs on the network are a few results that can be documented by ping
sweeping. Regular pinging can be done on console command on admin
devices but ICMP echoing requires advanced software packages. Same
reason they can be manipulated any way the admin wants to achieve live
mapping a DHCP environment.
 Emerging Trends in Computer and Information Technology
14

 Best tools for Ping Sweep

Since there are many tools to map Ping Sweep, we are only highlighting the
best ones. They are simple to use and can perform all the advanced tasks
easily that an admin may require. As ping sweep requires packages and
special features, it is important to use tools. It saves time and the display
systems in tolls are well thought out. Revelling and going through data
become easier for anyone looking to find a situation of network or finding
vulnerabilities. Our top pick consists of: 1. SolarWinds IP Address Manager
(IPAM)
2. SolarWinds Engineer’s Toolset (ETS)
3. ManageEngine OpManager
4. Advanced IP Scanner
5. Paessler PRTG Network Monitor

5) Scanning SNMP: -
Simple Network Management Protocol (SNMP) is built in to virtually every
network device. Network management programs (such as HP Open View and
LANDesk) use SNMP for remote network host management. Unfortunately.
SNMP also presents security vulnerabilities.
 Emerging Trends in Computer and Information Technology
15

1. Vulnerabilities
The problem is that most network hosts run SNMP enabled with the default
read/write community strings of public/private. The majority of network
devices I come across have SNMP enabled and don't even need it.
If SNMP is compromised, a hacker may be able to gather such network
information as ARP tables, usernames, and TCP connections to attack your
systems further.

If SNMP shows up in port scans, you can bet that a malicious attacker will
try to compromise the system. Here are some utilities for SNMP enumeration:
o The commercial tools NetScan Tools Pro and Essential NetTools
o Free Windows GUI-based Getif o Free Windows text-based
SNMPUTIL

2. Countermeasures against SNMP attacks

Preventing SNMP attacks can be as simple as A-B-C:
o Always disable SNMP on hosts if you're not using it period...
o Block the SNMP ports (UDP ports 161 and 162) ut the network
perimeter.
o Change the default SNMP community read string from public and the
default community write string from private to another long and
complex value that's virtually impossible to guess. o There's technically
a "U" that's part of the solution: upgrade. Upgrading your systems (at
least the ones you can) to SNMP version 3 can resolve many of the well-
known SNMP security weaknesses.
 Emerging Trends in Computer and Information Technology
16

6) Grabbing Banners: -
Banners are the welcome screens that divulge software version numbers
and other system information on network hosts.
This banner information might identify the operating system, the version
number, and the specific service packs to give the bad guys a leg up on
attacking the network.
You can grab banners by using either good old telnet or some of the tools
I mention, such as Nmap and Super Scan.

1. Telnet

You can telnet to hosts on the default telnet port (TCP port 23) to see
whether you' represented with a login prompt or any other information. Just
enter the following line at the command prompt in Windows or UNIX:
telnet ip_address.

You can telnet to other commonly used ports with these commands:
 Emerging Trends in Computer and Information Technology
17

SMTP: telnet ip_address 25

HTTP: telnet ip_address 80

POP3: telnet ip_address 110

2. Countermeasures against banner-grabbing attacks

The following steps can reduce the chance of banner- grabbing attacks:

o If there isn't a business need for services that offer banner information,
disable those unused services on the network host. o If there isn't a
business need for the default banners, or if you can customize the banners.
configure the network host's application or operating system to either
disable the banners or remove information from the banners that could give
an attacker a leg up. Check with your specific vendor for information on
how to do this. TCP Wrappers in Linux is another solution.
 Emerging Trends in Computer and Information Technology
18

7) Analysing Network Data and Network Analyzer: -

A network analyser is a tool that allows you to look into a network and
analyse data going across the wire for network optimization, security, and/or
troubleshooting purposes. Like a microscope for a lab scientist, a network
analyser is a must-have tool for any security professional.

A network analyser is handy for sniffing packets on the wire. A network

analyser is simply software running on a computer with a network card. It
works by placing the network card in promiscuous mode, which enables the
card to see all the traffic on the network, even traffic not destined for the
network analyser's host. The network analyser performs the following
functions:

o Captures all network traffic o Interprets or decodes what is found into

a human- readable format o Displays the content in chronological order
(or however you choose to see it)

When assessing security and responding to security incidents, a network

analyser can help you:

o View anomalous network traffic and even track down an intruder.

o Develop a baseline of network activity and performance, such as
protocols in use, usage trends, and MAC addresses, before a security
incident occurs.
 Emerging Trends in Computer and Information Technology
19

1. Network analyser programs

You can use one of the following programs for network analysis:

• Savvies Omni Peek Omni Peek is available for Windows operating

systems.
• TamoSoft's COMM View (www.tamos.com/products/commview) is a
great, low cost, Windows-based alternative.
• Cain and Abel are a free multifunctional password recovery tool for
performing ARP poisoning, capturing packets, cracking passwords, and
more.
• Wireshark formerly known as Ethereal, is a free alternative. I
download and use this tool if I need a quick fix and don't have my laptop
nearby. It's not as user-friendly as most of the commercial products, but
it is very powerful if you're willing to learn its ins and outs. Wireshark
is available for both Windows and OS X.
• Ettercap is another powerful (and free) utility for performing network
analysis and much more on Windows, Linux, and other operating
systems.
 If you want to see traffic similar to what a network- based IPS sees, you
should connect the network analyzer to a hub or switch monitor port or
even a network tap on the outside of the firewall, as shown below in
Fig.This way, your testing:
• What's entering your network before the firewall filters eliminate the
junk traffic.
• What's leaving your network after the traffic passes through the firewall.
 Emerging Trends in Computer and Information Technology
20

8) MAC daddy Attack

Attackers can use ARP (Address Resolution Protocol)- running on your

network to make their systems appear as your system or another authorized
host on your network.

1. ARP spoofing:

An excessive number of ARP requests can be a sign of an ARP spoofing

attack (also called ARP poisoning) on your network.

A client running a program, such as dsniff (www.monkey.org/-

dugong/dsniff) or

Cain and Abel (www.oxid.it/cain.html), can change the ARP tables- the tables
that store IP addresses to media access control (MAC) address mappings on
network hosts. This causes the victim computers to think they need to send
traffic to the attacker's computer rather than to the true destination computer
when communicating on the network. ARP spoofing is used during man-in-
the-middle (MITM) attacks.

Spoofed ARP replies can be sent to a switch, which reverts the switch to
broadcast mode and essentially turns it into a hub. When this occurs, an
attacker can sniff every packet going through the switch and capture anything
and everything from the network.

This security vulnerability is inherent in how TCP/IP communications are

handled.

Here's a typical ARP spoofing attack with a hacker's computer (Hacky) and
two legitimate network users' computers (Joe and Bob):
 Emerging Trends in Computer and Information Technology
21

1. Hacky poisons the ARP caches of victims Joe and Bob by using dsniff,
ettercap, or a utility he wrote.

2. Joe associates Hacky's MAC address with Bob’s IP address.

3. Bob associates Hacky's MAC address with Joe's IP address.

4. Joe's traffic and Bob's traffic are sent to Hacky's IP address first.

2. Using Cain and Abel for ARP poisoning:

You can perform ARP poisoning on your switched Ethernet network to test
your IPS or to see how easy it is to turn a switch into a hub and capture
anything and everything with a network analyzer. Perform the following steps
to use Cain & Abel for ARP poisoning:

1. Load Cain and Abel and then click the Sniffer tab to enter the network
analyzer mode.

The Hosts page opens by default.

2. Click the Start/Stop APR icon (the yellow and black circle).

The ARP poison routing (how Cain and Abel refer to ARP poisoning) process starts
and enables the built-in sniffer.

3. If prompted, select the network adapter in the window that appears and then
click OK.

4. Click the blue + icon to add hosts to perform ARP poisoning on.

5. In the MAC Address Scanner window that appears, ensure the All Hosts in
My Subnet option is selected and then click OK.
 Emerging Trends in Computer and Information Technology
22

6. Click the APR tab (the one with the yellow-and- black circle icon) to load
the APR page.
7. Click the white space under the uppermost Status column heading (just
under the Sniffer tab). This re-enables the blue + icon.

8. Click the blue + icon and the New ARP Poison Routing window shows the
hosts discovered int Step 3.

9. Select your default route (in my case, 10.11.12.1). The right-hand column
fills with all the remaining. hosts.

10. CTRL click all the hosts in the right column that you want to poison.

11. Click OK and the ARP poisoning process starts,

This process can take anywhere from a few seconds to few minutes depending on your
network hardware and each hosts' local TCP/IP stack.

12. You can use Cain and Abel's built-in passwords feature to capture
passwords traversing the network to and from various hosts simply by
clicking the Password tab.
 Emerging Trends in Computer and Information Technology
23

7.0 Skill developed: -

• Problem solving approach
• Planning
• Design skill
• Logical skill
• Programming
• Testing and Troubleshooting
• Presentation
• Report writing
• Analysing the problem

9.0 Applications of the Micro-Project: -

Network hacking is a serious threat to computer networks and systems.
It is important for individuals and organizations to understand the risks
and implement appropriate security measures to prevent unauthorized
access to their networks and data.
 Emerging Trends in Computer and Information Technology

24

10.0 Conclusion:

The micro-project titled “Network Hacking” explores the realm of

unauthorized access to computer networks, emphasizing the
importance of understanding and mitigating the risks associated
with network security. The project delves into network
infrastructure vulnerabilities, various hacking techniques, and
tools employed in the process.

11.0 Reference: -
https://www.networkencyclopedia.com

https://www.campusify.co.in