A MICRO-PROJECT REPORT

ON

“Study of Ethical Hacking”

In the partial fulfilment of the requirement for the Diploma

In

Computer Technology

Submitted By

Name Enrollment No
Kolhe Kajal Rajendra 2100800283
Naik Vaishnavi Raju 2100800284
Kawade Rutuja Dipak 2100800509

Under the Guidance of Mr.Bhabad.V.M

Amrutvahini Sheti and Shiksha Vikas Sanstha’s

Amrutvahini Polytechnic, Sangamner

2023-2024
 Amrutvahini Sheti and Shiksha Vikas Sanstha’s

Amrutvahini Polytechnic, Sangamner

Department of Computer Technology

CERTIFICATE

This is to Certify that,

Name Enrollment No
Kolhe Kajal Rajendra 2100800283
Naik Vaishnavi Raju 2100800284
Kawade Rutuja Dipak 2100800509

Has satisfactorily carried out and completed the microproject entitled:

“Study Of Ethical Hacking”

As prescribed by MSBTE, Mumbai, as part of syllabus for the
partial fulfilment of Diploma in Computer Technology
For the academic year 2023-24

Prof- Ms. Bhabad.V.M Prof- Mr. Kale. G. B

(Guide) (HOD)
 Annexure – II
Micro-Project Report

“ Study of Ethical Hacking ”

1.0 Rationale:
To crack passwords or to steal data? No, it is much more than that. Ethical hacking is to scan
vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds
the weak points or loopholes in a computer, web applications or network and reports them to the
organization. So, let’s explore more about Ethical Hacking step-by-step.
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit
the security to gain access to personal data or business data. An example of computer hacking
can be: using a password cracking algorithm to gain access to a computer system.

2.0 Aims/Benefits of the Micro-Project:

Ethical hacking provides several benefits, including identifying and fixing security vulnerabilities,
improving overall system and network security, safeguarding sensitive data, and enhancing the
trustworthiness of digital environments. It allows organizations to proactively address potential threats
and strengthen their defenses against cyber attacks.

3.0 Course Outcomes Addressed:

CI604.1 Describe2 Artificial Intelligence, Machine Learning and Deep Learning.
CI604.2 Interprete3 IOT concept.
CI604.3 Summarize4 models of Digital Forensic Investigation.
CI604.4 Discuss2 Evidence handling Procedures.
CI604.5 Describe2 Ethical Hacking Process and its types also identify vulnerabilities in Network,
Operating System and application.

4.0 Literature Review:

Ethical hacking, also known as penetration testing or white-hat hacking, involves the authorized and
legal use of hacking techniques to identify and address vulnerabilities in computer systems and
networks. This literature review aims to provide an overview of relevant studies and resources related
to ethical hacking for a micro project.
1. Ethical Hacking Methodologies:
- Various ethical hacking methodologies such as the Open Source Security Testing Methodology
Manual (OSSTMM), Penetration Testing Execution Standard (PTES), and National Institute of
Standards and Technology (NIST) Special Publication 800-115 provide structured approaches for
conducting ethical hacking assessments.
2. Tools and Techniques:
- Ethical hackers utilize a wide range of tools and techniques to assess the security posture of
systems, including network scanning tools like Nmap, vulnerability scanners like Nessus, and
exploitation frameworks like Metasploit.
3. Legal and Ethical Considerations:
- Ethical hacking must adhere to legal and ethical guidelines, including obtaining proper
authorization, respecting privacy laws, and ensuring that hacking activities do not cause harm to
systems or data.

5.0 Actual Methodology Followed:

1. Information Gathering: - Collect publicly available information about the target. - Use passive
reconnaissance techniques to identify potential vulnerabilities.
2. Scanning and Enumeration: - Perform network scanning to identify live hosts and open ports. -
Enumerate services and applications to gather detailed information.
3. Vulnerability Assessment: - Utilize automated tools to scan for known vulnerabilities. - Manually
verify and validate vulnerabilities to reduce false positives
4. Exploitation: - Attempt controlled exploitation of identified vulnerabilities. - Prioritize critical
vulnerabilities and assess potential impact.
5. Post-Exploitation: - Evaluate the extent of compromise if exploitation is successful. - Document
findings and provide recommendations for remediation.
6. Password Cracking: - Conduct password strength analysis and attempt password cracking. -
Provide recommendations for strengthening authentication mechanisms.
7. Social Engineering: - Simulate social engineering attacks to assess human vulnerabilities. - Raise
awareness and provide training based on observed weaknesses.
8. Wireless Network Assessment: - Analyze the security of wireless networks. - Identify and mitigate
potential risks related to unauthorized access.
9. Documentation and Reporting: - Document all steps, tools used, and findings during the ethical
hacking process. - Generate a comprehensive report highlighting vulnerabilities and suggested
remediation steps

6.0 Actual Resources Used:

Sr. Name of
Specifications Quantity Remarks
No. Resource/material
Computer System with broad
1. Zenith PC 2GB RAM
specifications

2. Operating System Windows 1

3. Software Microsoft Word

7.0 Outputs of the Micro-Project:
 Introduction:
To crack passwords or to steal data? No, it is much more than that. Ethical hacking is to scan
vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds
the weak points or loopholes in a computer, web applications or network and reports them to
the organization. So, let’s explore more about Ethical Hacking step-by-step.

Hacking is the activity of identifying weaknesses in a computer system or a network to exploit

the security to gain access to personal data or business data. An example of computer hacking
can be: using a password cracking algorithm to gain access to a computer system.

Computers have become mandatory to run a successful businesses. It is not enough to have
isolated computers systems; they need to be networked to facilitate communication with
external businesses. This exposes them to the outside world and hacking. System hacking
means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing
corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every
year. Businesses need to protect themselves against such attacks.

 Who is a Hacker?
A Hacker is a person who finds and exploits the weakness in computer systems and/or network to gain
access. Hackers are usually skilled computer programmers with knowledge of computer security.

 Need of ethical hacking:

We hear that attackers are hacked the big companies and big systems. Sometimes ago, a hacker hacked
the Uber website. Due to this, the important information of around 50 million users was exposed. Many
big companies like Google, Yahoo, Instagram, Facebook, Uber, they hire hackers. The hackers try to
hack their systems. After hacking the system, they tell all the places where they found the weakness so
that the company can fix it. Many companies also perform bug bounty programs. In this program, all the
hackers around the world try to hack the website or web of that company. If the hacker finds any bug, the
company will pay them a reward for the bug.Ethical hacking is used to secure important data from
enemies. It works as a safeguard of your computer from blackmail by the people who want to exploit the
vulnerability. Using ethical hacking, a company or organization can find out security vulnerability and
risks.
 Types of Ethical Hacking:

●Web application hacking

●Social engineering
●System hacking
●Hacking wireless networks
●Web server hacking

1.Web Application Hacking:

Web Applications acts as an interface between the users and servers using web pages that consist
of script code that is supposed to be dynamically executed. One can access web applications with
the help of the internet or intranet. Web hacking in general refers to the exploitation of
applications via Hypertext Transfer Protocol (HTTP) which can be done by manipulating the
application through its graphical web interface, tampering the Uniform Resource Identifier (URI)
or exploiting HTTP elements.

2.Social Engineering:

In the context of information security, social engineering is the psychological manipulation of people
into performing actions or divulging confidential information. This differs from social engineering
within the social sciences, which does not concern the divulging of confidential information. . A type
of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a
traditional "con" in that i is often ne of many steps in a more complex fraud scheme.

3.System Hacking:

System hacking is a vast subject that consists of hacking the different software-based
technological systems such as laptops, desktops, etc. System hacking is defined as the
compromise of computer systems and software to access the target computer and steal or misuse
their sensitive information. Here the malicious hacker exploits the weaknesses in a computer
system or network to gain unauthorized access to its data or take illegal advantage.

4.Hacking wireless networks:

Cracking a wireless network is defeating the security of a wireless local-area network (back-jack
wireless LAN). A commonly used wireless LAN is a Wi-Fi network. Wireless LANs have inherent
security weaknesses from which wired networks are exempt.
Wireless cracking is an information network attack similar to a direct intrusion. Two frequent types of
vulnerabilities in wireless LANs are those caused by poor configuration, and those caused by weak or
flawed security protocols.

5.Web Server Hacking:

Over the past decade, more individuals have access to the internet than ever before. Many
organizations develop web-based applications, which their users can use to interact with them.
But improper configuration and poorly written codes in web servers are a threat and can be used
to gain unauthorized access to the servers' sensitive data.This article tries to give an overview on
Web Servers. We will be covering some topics which include working of a server, top web
servers in the industry,web server vulnerabilities, web server a tacks, to ls and some counter
measures to protect against such attacks.

 Types of Ethical Hackers:

Hackers can be classified into different categories such as white hat, black hat, and grey hat,
based on their intent of hacking a system. These different terms come from old Spaghetti
Westerns, where the bad guy wears a black cowboy hat and the good guy wears a white h
1.White Hat Hackers
2.Black Hat Hackers
3.Grey Hat Hackers
4.Miscellaneous Hackers

1) White Hat Hackers:

White Hat hackers are also known as Ethical Hackers. They never intent to harm a system, rather they
try to find out weaknesses in a computer or a network system as a part of penetration testing and
vulnerability assessments.Ethical hacking is not illegal and it is one of the demanding jobs available in
the IT industry. There are numerous companies that hire ethical hackers for penetration testing and
vulnerability assessments.

2) Black Hat Hackers:

Black Hat hackers, also known as crackers, are those who hack in order to gain unauthorized access to
a system and harm its operations or steal sensitive information.Black Hat hacking is always illegal
because of its bad intent which includes stealingcorpora e data, vi lating privacy, damaging the
system, blocking network communication, etc.

3) Grey Hat Hackers:

Grey hat hackers are a blend of both black hat and white hat hackers. They act without malicious
intent but for their fun, they exploit a security weakness in a computer system or network without the
owner’s permission or knowledge. Their intent is to bring the weakness to the attention of the owners
and getting appreciation or a little bounty from the owners.

4) Miscellaneous Hackers:
Apart from the above well-known classes of hackers, we have the following categories of hackers
based on what they hack and how they do it –

1.Red Hat Hackers:

Red hat hackers are again a blend of both black hat and white hat hackers. They are usually on
the level of hacking government agencies, top-secret information hubs, and generally anything that
falls under the category of sensitive information.

2.Blue Hat Hackers:

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a
system prior to its launch. They look for loopholes that can be exploited and try to close these gaps.
Microsoft also uses the term BlueHat to represent a series of security briefing events.

3.Elite Hackers:

This is a social status among hackers, which is used to describe the most skilled. Newly discovered
exploits will circulate among these hackers.

4.Script Kiddie:

script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated
tools written by others, usually with little understanding of the underlying concept, hence the term
Kiddie.

5.Neophyte:

A neophyte, "n00b", or "newbie" or "Green Hat Hacker" is someone who is new to hacking or
phreaking and has almost no knowledge or experience of the workings of technology and hacking.

6.Hacktivist:

Hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political
message. In general, most hacktivism involves website defacement or denialof-service attacks.

 List of Top 10 Best Professional Hackers in India

●Vivek Ramachandran

●Benild Joseph
 ●Ankit Fadia

●Sunny Vaghela

●Falgun Rathod

●Anand Prakash

●Koushik Dutta

●Pranav Mistry

●Trishnit Arora

●Rahul Tyagi

 Conclusion:
In conclusion, ethical hacking is not a criminal activity and should not be considered as such. While it
istrue that malicious hacking is a computer crime and criminal activity, ethical hacking is never a
crime. Ethicalhacking is in line with industry regulation and organizational IT policies. Malicious
hacking should be prevented while ethical hacking which promotes research, innovation, and
technological breakthroughs should be encouraged and allowed.

8.0 Skill Developed / Learning outcomes:

• Analyzing the problem
• Problem solving approach
• Planning
• Design skill
• Logical skill
• Programming
• Testing and Troubleshooting
• Presentation
• Report writing

9.0 Applications of the Micro-Project:

1. Security Auditing: Ethical hackers assess the security posture of an organization's systems and
networks to identify weaknesses and potential areas of improvement.

2. Vulnerability Assessment: By conducting thorough assessments, ethical hackers can pinpoint

vulnerabilities in software, hardware, and network infrastructure before malicious hackers exploit
them.

3. Security Testing: Ethical hackers perform various types of testing, such as penetration testing, to
simulate real-world cyberattacks and determine the effectiveness of security measures.
4. Incident Response: In the event of a security breach, ethical hackers can assist in identifying the
cause, mitigating the damage, and implementing measures to prevent future incidents.

5. Compliance Testing: Ethical hacking helps organizations meet regulatory requirements and
industry standards by ensuring that their systems and networks adhere to security guidelines.

6. Security Awareness Training: Ethical hackers educate employees and stakeholders about common
security threats, best practices for maintaining security, and how to recognize and respond to potential
attacks.

7. Product Evaluation: Companies may hire ethical hackers to evaluate the security of their software,
hardware, or products before they are released to the market, ensuring that they are resistant to
exploitation.

8. Red Team Exercises: Ethical hackers engage in simulated attacks against an organization's
defenses to test its resilience and preparedness to withstand real-world cyber threats.

Teacher Signature
(Mr.Bhabad.V.M)