3rd National Level Students' Research Conference on "Innovative Ideas and Inventions in

Computer Science & IT with Its Sustainability"

In association with International Journal of Scientific Research in Computer Science,
Engineering and Information Technology | ISSN : 2456-3307 (www.ijsrcseit.com)

Hacking and Its Vulnerabilities

Niraj Jain, Ishika Tiwari, C. H. Patil, Dheeraj Solankar, Hritwika Dubey, Kashish Roy, Arundhati Dhar
School of Computer Science, Dr.Vishwanath Karad MIT World Peace University, Pune, Maharashtra, India

ABSTRACT
Hacking can be understood as any unusual manner of accessing a system, it's easy to assume that few utilizes this
information to gain knowledge, while others use it to learn how to exploit it to delete or access data from
computer sites or servers without the owner's knowledge. As a result of the author's study, the article examines
hacking from several perspectives such as “Who are these hackers?" What motivates people to hack? Hacking's
legal concerns, as well as some financial challenges, are discussed. Following that, the study also focuses on
phishing attacks, DoS Attack (denial of service), and MiTM (Man in the Middle) attacks. The goal of this review
is to familiarize readers with the potential hazards of hacker assaults on their mobile devices, as well as potential
attacks in the upcoming wave of Internet-connected gadgets
Keywords—hacking, identity theft, extortion, phishing, measures

I. INTRODUCTION

In today's world, computers play an important role in day-to-day living. Because the digital universe is rapidly
expanding and a vast amount of data is flowing online, data security is big concern[1]. The internet has
accelerated the modernization of several operations such as online financial transactions, banking, and online
receiving and sending of numerous types of information, raising the risk of data security. Hackers are now
targeting a vast number of corporations, banks, and sites with various forms of attacks. As a results, there are
ethical hackers who assists their customers and closes the security gap. So, when it comes to system security,
these ethical hackers would utilise the same strategies that hackers do, but in a legal way, and they would not
harm the target systems or steal data. Instead, they'd analyse the target system's privacy and communicate back
to the owners with the flaws they discovered and recommendations on how to fix them[2].

II. WHAT IS HACKING

Hacking is the approach used to find weakness in computer networks and escapade it to get access to the target
computer system to gain series of confidential and private information for personal or professional
accomplishments[2]. Hacking is when unauthorized user barge into someone’s private space (specifically digital
space) and steal the desired data without them knowing[10]. Clarifying furthermore, hacking alters the computer

Copyright: © the author(s), publisher and licensee Technoscience Academy. This is an open-access article distributed under the 334
terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use,
distribution, and reproduction in any medium, provided the original work is properly cited
 Volume 8 - Issue 6 - Published : February 28, 2022 Page No : 334-339

software, hardware and certain computer networks for accomplishing illegal means. Hacking specifically is,
disruption of privacy by finding technological loopholes in a computer system or network and then withdrawing
data without consent from the authorized owner[2].

A. Types Of Hacker
The motive of a hacker's activity determines the distinct categories of hackers. We'll learn about three main
categories of hackers, each with its own goals and roles within the field of data security.
B. Black Hat Hacker
A black hat hacker is someone who breaks into a computer system and attacks security holes for financial
benefits[4]. These are those who seek to flaunt their great technical expertise by carrying out numerous
cybercrimes. They misuse users' data to commit crimes such as burglary, forgery, scam, identity theft, and more.
Because these hacktivist groups are immoral, the acts they commit are sanctioned by law[5].
C. White Hat Hacker
A hacker who has access to a system with the goal of repairing detected flaws and has authority to violate security
for valid purposes such as conducting risk evaluations [4]. White Hat Hackers utilize their talents and knowledge
to defend an institution prior malevolent or immoral hackers discover it and cause damage to it. They employ a
variety of safeguards and precautions in order to protect systems. They are allowed to do so and are referred to
as ethical hackers [3].
D. Grey Hat Hacker
Grey Hat Hackers are people who are in between White Hat Hackers and Black Hat Hackers. They have
characteristics of both. They are security professional who occasionally breaks the law but does not intend to
harm anyone[5]. They expose all security flaws and gaps of companies or agencies, and they don't inform anyone
until the problem is resolved. While some of these hackers may just alert authorities to security flaws, Others
may propose to remedy the problem for a charge[3]. As a result, they are the ones that extort money from others.
Grey hat programmers may engage in practices that appear to be less than totally legal, yet they are often
functioning for the greater good.

III. TYPE OF ATTACKS

After The main hazard in today's virtual world is hacking. There is no attack that can be carried out by simply
passing by the computer or mobile phone and hitting a single button. The attacks of hacking are either on server
or application.
A. Denial of Service (DOS)
This is the most popular sort of assault used by hackers to target web servers. There are three sorts of denial-of-
service attacks are volume assaults, procedure attacks, and application layer targets are the three types of attacks.
Surging may be conventional tactic chosen by hackers to servers that are online[17]. Hackers send in a large
amount of incorrect data at once, causing the server to crash. A large amount of traffic occurs, and the server is
forced to shut down.
B. Non-Technical Attacks
The simplest weakness within any computer or network foundation is exploits that involve managing persons,
end users, and even you. Physical assaults against data frameworks are both regular and convincing. People are

Volume 8, Issue 6, January-February-2022 | http://ijsrcseit.com 335

 Volume 8 - Issue 6 - Published : February 28, 2022 Page No : 334-339

naturally trusting, which may cause social designing exploitation. Hackers get access to buildings, computer
rooms, or other locations containing critical data or property [17]. One sort of physical assault is dumpster diving
(looking through trash jars and dumpsters for protected innovations, passwords, network blueprints, and other
data). Social engineering is defined as the abuse of people's trust in gathering information for nefarious purposes.
C. URL Parsing Approach
This attack is also known as URL poisoning. The semantics of a URL are changed to allow for an attack, as the
word indicates. During this type of attack, just the semantics of the URL are changed, but the syntax is normally
left unchanged, so the user has no idea they're accessing the wrong URL[18]. The majority of CGI-based websites
are vulnerable to attacks based on URL inference.
D. SQL Injection Attack
This form of attack is most ordinarily seen on e-commerce websites or websites that employ large databases.
Some of the URL's parameters in large databases are not validated. As a consequence, specific parameters can be
impersonated using SQL language in order to penetrate the database. When a database is compromised, the
hacker obtains access to the information of the organisation. As a result, considerable financial loss will occur[18].

IV. TOOLS USE BY HACKERS

A. Aircrack is remote password breaking software it is mainly used for 802.11 WEP and WPA layer breaking
its working is simple it gathers the packets aircrack software algorithm is used to analyze the packet once
the enough packets are collected the password is guessed [15].
B. AirSnort is wireless tool well-known for decrypting WEP encryption on an 802.11b network. It is a free
instrument that works on both Linux and Windows platforms. This instrument is not generally kept up with,
however it is as yet accessible to download from Sourceforge [15].
C. The network protocol detector is called Wireshark. Using this software one can scan and monitor the entire
network to find vulnerabilities. You may collect and examine packets in real-time. It collects packets and
allows you to inspect data at the microsecond level. It is best suited with Solaris, Mac os.
D. WIFI are protected by WPA layer to crack WIFI password we use CloudCracker which is online software
solution. This software solution is used to crack the password which are store in hash form, so this software
cracks the hash code [15]. It is easy to use user has to upload hash store file which is called as handshake file
give basic information about network like network name and click on submit.

V. ECONOMIC ASPECT OF HACKING

The Ethical hackers use hacking tools and strategies in organizations to test corporate security controls in a safe
and controlled environment.
These hacking techniques allow an ethical hacker to determine which global controls apply and which global
controls need to be updated. Data from these tests allows administrators to make informed decisions about how
and where information security can be improved and where it needs to be improved. Ethical Hackers is aware of
methods that unethical hackers can use to break into security systems. Ethical hackers can demonstrate these
strategies and skills to managers. This will help you understand outsiders, terrorists, etc. By understanding the
strategies and practices of unethical hackers, readers can protect sensitive information about their organization

Volume 8, Issue 6, January-February-2022 | http://ijsrcseit.com 336

 Volume 8 - Issue 6 - Published : February 28, 2022 Page No : 334-339

by limiting intrusion attempts and preparing to prevent unauthorized access to their systems. Also, institutions
that process sensitive data such as banks and government agencies are very vulnerable to hacking. Hackers attack
enterprises that do not have sufficient resources and security measures to stop cyberattacks. Using Ethical
Hacking technology, Ethical Hackers reveals the level of business vulnerability and the devastating impact of
cyber-attacks. The industry has become one of the most costly and effective victims of hacker attacks. Companies
are often attacked by consumer personal and business information, dissatisfied employees or simply creative
people. The industry loses $ 444.4 billion annually in hacks and other laptop hacks. In many cases, the impact of
a security breach can last years after the actual attack, so the actual cost cannot be estimated. Companies can lose
the trust of their customers and are often responsible for losing them. The cost of an attack can quickly add up
to legal costs, analytics costs, PR presentations, reputation management, customer support, and more. Companies
and more recently, customers are investing more and more money to prevent attacks before they actually occur.
In particular, the industry that stores the personal and economic information of consumers is taking more
proactive steps to protect their records.
Microsoft MSN / Windows Live Internet Group requires no intitution to store personal data without special
approval from the organization's internal security department[19]. Security assessments are often performed by
companies that hold customer records, and security teams carry out their own personal security assessments.
Another industry where technology may be further limited security is provided by external security
professionals[19]. ScanAlert.Com works with over 75,000 trusted e-commerce sites, including leading brands
such as Foot Locker, Renovation Hardware and Sony. E-commerce websites carry the "Hacker Safe" logo. It
regularly checks of the websites and effectively blocks 99.9% of hacker breaching’s. The scanned disclaimer is
much less clear. This thread is an example of comparing this web page with staff security measures. Neither this
nor any other sensitivity test can guarantee that the is still safe[19].
This actually shows that the E-Commerce Site is checking all card production pricing strategies for vulnerabilities
from remote internet servers trying to protect personal information from hackers. HACKER SAFE does not mean
protection against hackers. HACKER SAFE's warranty no longer protects data that may be sent to servers not
certified by HACKER SAFE, such as credit card networks and offline storage, and also no longer protects users
from other illegal information gathering practices[19].
Given the scale of the economic damage, policymakers and businesses must take proactive steps to prevent
cyberattacks. Fines and punishing hackers are just one way to do it, just like the use of modern technology. While
it is unlikely that disputes over access to encrypted messages related to information sharing will be resolved in
the near future, secure communication channels between governments and businesses can certainly take a step
forward.

VI. COUNTER MEASURES

To strengthen complete security in every layer of the system there are numerous types of security measures,
which reduces unnecessary attacks and hardens the overall system. Furthermore, they limit the access privileges
and adds extra security wherever required. Some of these measures are discussed in detail below.
• Sensitive data should be backed up and must be kept classified to guard them from danger.
• Counsel each and every personnel in the organization regarding data protection and confidentiality.
• Records irrespective of type should be backed up periodically.

Volume 8, Issue 6, January-February-2022 | http://ijsrcseit.com 337

 Volume 8 - Issue 6 - Published : February 28, 2022 Page No : 334-339

• Antivirus devices must be updated and checked up on a regular basis to avoid attacks due to negligence.
• Pretty good privacy (PGP)A free email security application which permits consumers to safeguard data by
encryption of files and folders. This was developed by Phil Zimmerman in 1991. This method employs the
IDEA algorithm that is international data encryption algorithm and a public-private key scheme to encrypt
files and emails [16].
• Kerberos is constituted using three components which are: A client, server and A trusted third party which
acts as a middleman It was developed by MIT. Kerberos uses private key cryptography and acts as a network
authentication protocol [16].
• Don't use public Wi-Fi to access personal or financial information, rather use a secure or a private connection.

VII. CONCLUSION

In this paper we are talking about defender and attacker of cyber space. Hacking is the great expertise yet it is
used for terrible intentions. Cybercriminals in cyberspace are easily targeting people from non - technical
background. All attackers use same methods and tools, the question arises are they black hat, white hat or grey
hat hacker? This mystery will solve with time, known intentions and how valuable data is. Most of the attacks
are never known. Nevertheless, some are known if data is corrupted. To protect pc or system framework against
any cyber-attack, opposite side should know the intention, methodology and tools.

VIII. REFERENCES

[1]. Zoran Cekerevac, Zdenek Dvorak, Ludmila Prigoda, and Petar Cekerevac, “Hacking, protection and the
consequences of hacking,” komunikacie, vol. 20 no 2, June 2018.
[2]. "Research Paper On Hacking," PaperAp.com, 07-Dec-2019. [Online]. Available: https://paperap.com/paper-
on-computer-crime-hacking/. [Accessed: 15-Feb-2022].
[3]. A. Sarangam, “Different types of hackers: Black, White, and Gray Hat,” Jigsaw Academy, 28-Dec-2020.
[Online]. Available: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-hackers-2/.
[Accessed: 15-Feb-2022].
[4]. A. Froehlich and M. Bacon, “What is a white hat hacker?,” SearchSecurity, 29-Dec-2021. [Online].
Available: https://www.techtarget.com/searchsecurity/definition/white-hat. [Accessed: 15-Feb-2022].
[5]. "What is a Grey Hat Hacker? Hacking without malice." [online] Wallarm.com. Available at:
https://www.wallarm.com/what/gray-hat-hacker [Accessed 15 February 2022].
[6]. “What is a black-hat hacker?,” www.kaspersky.com, 09-Feb-2022. [Online]. Available:
https://www.kaspersky.com/resource-center/threats/black-hat-hacker. [Accessed: 15-Feb-2022].
[7]. S. Sinha and Dr. Y. Arora, “Ethical hacking:the story of a white hat hacker,” SSRN Electronic Journal, vol.
8, no. 3, May 2020.
[8]. Vinitha K. P., “Ethical Hacking,” IJERT, vol. 4, no. 06, May 2018.
[9]. B. Sahare, A. Naik, and S. Khandey, “Study Of Ethical Hacking,” IJCST, vol. 2, no. 4, 2014.
[10]. T. P. Parikh and D. A. R. Patel, “Cyber security: Study on Attack, Threat, Vulnerability,” IJRMEET, vol. 5,
no. 6, Jun. 2017.

Volume 8, Issue 6, January-February-2022 | http://ijsrcseit.com 338

 Volume 8 - Issue 6 - Published : February 28, 2022 Page No : 334-339

[11]. D. S. Kumar and D. Agarwal, “Hacking Attacks, Methods, Techniques And Their Protection Measures ,”
IJSART, vol. 4, no. 4, Apr. 2018.
[12]. V. B. Savant, R. D. Kasar, and P. B. Savant, “A review on overview of ethical hacking,” International Journal
of Engineering Applied Sciences and Technology, vol. 6, no. 4, Aug. 2021.
[13]. Jean-Paul A., Yaacoub, H. N., Noura, O. Salman, and A. Chehab, “A SURVEY ON ETHICAL HACKING:
ISSUES AND CHALLENGES,” A Preprint, vol. 1, Mar. 2021.
[14]. P. K. Sahu and B. Acharya, “A REVIEW PAPER ON ETHICAL HACKING,” IJARET, vol. 11, no. 12, Dec.
2020.
[15]. C. Nagarani, “Ethical Hacking and Its Value to Security,” GJRA, vol. 4, no. 10, Oct. 2015.
[16]. Security countermeasure. Security Countermeasure - an overview | ScienceDirect Topics. (n.d.). Retrieved
February 16, 2022, from https://www.sciencedirect.com/topics/computer-science/security-countermeasure
[17]. Dr.Sunil Kumar and Dilip Agarwal, “Hacking Attacks, Methods, Techniques And Their Protection
Measures,” IJSART, Vol 4 Issue 4. April 2018.
[18]. Dr Amarendra K, Venkata Naresh Mandhala, SaiSri Damecharla, Praveen Gollapudi and Pavan Kumar
Ponuganti “Modern Era Hacking,” IJSTR, vol. 8 issue 12, December 2019.
[19]. M. Jumale, "Impact of ethical Hacking on Business and Government", International Research Journal of
engineering and technology, vol. 06, no. 12, 2019.

Volume 8, Issue 6, January-February-2022 | http://ijsrcseit.com 339