0% found this document useful (0 votes)
33 views46 pages

Sample Report

Another sample report for internship

Uploaded by

Meghana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
33 views46 pages

Sample Report

Another sample report for internship

Uploaded by

Meghana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 46

DAY TO DAY EVALUATION

DATE DAY NAME OF THE TOPIC/MODULE

08/05/2023 MONDAY INTRODUCTION TO NETWORKING


1st
09/05/2023 TUESDAY TYPES OF COMPUTER NETWORKS

WEEK 10/05/2023 WEDNESDAY EXPLAIN OSI MODELS

11/05/2023 THURSDAY DISCUSSING ABOUT IP ADDRESS

12/05/2023 FRIDAY TYPES OF IP ADDRESS

13/05/2023 SATURDAY CLASSIFICATION OF IP ADDRESS

15/05/2023 MONDAY DISCUSSING PING ON IP ADDRESS


2nd
16/05/2023 TUESDAY DISCUSSING TRACEROUTE

WEEK EXPLAINING DIFFERENCE PINGS &


17/05/2023 WEDNESDAY TRACEROUTES

18/05/2023 THURSDAY INTRODUCTION TO ETHICAL HACKING

EXPLAIN ETHICAL HACKING


19/05/2023 FRIDAY TERMINOLOGIES

20/05/2023 SATURDAY PHASES OF ETHICAL HACKING

22/05/2023 MONDAY TYPES OF ETHICAL HACKING


3rd
23/05/2023 TUESDAY MOTIVES & AIMS OF HACKERS

WEEK 24/05/2023 WEDNESDAY EXPLAIN WHO USES ETHICAL HACKERS

25/05/2023 THURSDAY EXPLAIN WHY USES ETHICAL HACKERS

26/05/2023 FRIDAY MODULES

27/05/2023 SATURDAY MODULES


SKILLS OF HACKER
29/05/2023 MONDAY 1)NETWORKING SKILLS
2)COMPUTER SKILLS

30/05/2023 TUESDAY 3) LINUX SKILLS


4) PROGRAMMING SKILLS

31/05/2023 WEDNESDAY 5) HARDWARE KNOWLEDGE


4th 6) REVERSE ENGINEERING
7) CRYPTOGRAPHY SKILLS
WEEK 01/06/2023 THURSDAY 8) DATABASE SKILLS
9) PROBLEM SOLVING SKILLS

02/06/2023 FRIDAY MODULES

03/06/2023 SATURDAY MODULES

05/06/2023 MONDAY VIRTUAL BOX INSTALLATION

06/06/2023 TUESDAY WINDOWS 7 INSTALLATION


IN VIRTUAL BOX
5th 07/06/2023 WEDNESDAY EXPLAIN REMOTE ACCESS TROJAN
WEEK
08/06/2023 THURSDAY MODULES

09/06/2023 FRIDAY VM WARE INSTALLATION


KALI LINUX INSTALLATION
10/06/2023 SATURDAY IN VM WARE

12/06/2023 MONDAY EXPLAIN TRUTHSPY TOOL

13/06/2023 TUESDAY MODULES


6th 14/06/2023 WEDNESDAY PROJECT: ANDROID HACKING
WEEK
15/06/2023 THURSDAY ANDROID HACKING USING CYPHER
RAT TOOL

16/06/2023 FRIDAY ANDROID HACKING USING MOBIHOK


TOOL

17/06/2023 SATURDAY PROJECT CHECKING


INDEX

SNO CONTENTS PAGE NO

1 INTRODUCTION TO NETWORKING 1

2 IP ADDRESS 3

3 PING AND TRACEROUTE 8

4 INTRODUCTION TO ETHICAL HACKING 10

5 TYPES OF ETHICAL HACKERS 13

6 SKILLS OF HACKERS 15

7 VIRTUAL BOX INSTALLATION 18

8 WINDOWS 7 INSTALLATION 21

9 RAT(REMOTE ACCESS TROJAN) 25

10 ANDROID HACKING USING CYPHERRAT 26

11 ANDROID HACKING USING MOBIHOK 30

12 TRUTHSPY TOOL 38

13 CONCLUSION 41
1. INTRODUCTION TO NETWORKING

Computer Networking is the practice of connecting computers together to enable


communication and data exchange between them. In general, Computer Network is a collection of
two or more computers. It helps users to communicate more easily. In this article, we are going to
discuss the basics which everyone must know before going deep into Computer Networking.
How Does a Computer Network Work?
Basics building blocks of a computer network are Nodes and Links. A Network Node can
be illustrated as Equipment for Data Communication like a Modem, Router, etc., or Equipment of
a Data Terminal like connecting two computers or more. Link in Computer Networks can be
defined as wires or cables or free space of wireless networks.
The working of Computer Networks can be simply defined as rules or protocols which help in
sending and receiving data via the links which allow Computer networks to communicate. Each
device has an IP Address, that helps in identifying a device.
Types of Enterprise Computer Networks
 LAN: A Local Area Network (LAN) is a network that covers a small area, such as an
office or a home. LANs are typically used to connect computers and other devices
within a building or a campus.
 WAN: A Wide Area Network (WAN) is a network that covers a large geographic area,
such as a city, country, or even the entire world. WANs are used to connect LANs
together and are typically used for long-distance communication.
 Cloud Networks: Cloud Networks can be visualized with a Wide Area Network
(WAN) as they can be hosted on public or private cloud service providers and cloud
networks are available if there is a demand. Cloud Networks consist of Virtual Routers,
Firewalls, etc.
These are just a few basic concepts of computer networking. Networking is a vast and complex
field, and there are many more concepts and technologies involved in building and maintaining
networks. Now we are going to discuss some more concepts on Computer Networking.
 Open system: A system that is connected to the network and is ready for
communication.
 Closed system: A system that is not connected to the network and can’t be
communicated with.
OSI Model
OSI stands for Open Systems Interconnection. It is a reference model that specifies
standards for communications protocols and also the functionalities of each layer. The OSI has been
developed by the International Organization for Standardization and it is 7 layer architecture. Each
layer of OSI has different functions and each layer has to follow different protocols. The 7 layers
are as follows:
 Physical Layer
 Data link Layer
 Network Layer
 Transport Layer

1
 Session Layer
 Presentation Layer
 Application Layer
Protocol
A protocol is a set of rules or algorithms which define the way how two entities can
communicate across the network and there exists a different protocol defined at each layer of the
OSI model. A few such protocols are TCP, IP, UDP, ARP, DHCP, FTP, and so on.
IP Address (Internet Protocol address): Also known as the Logical Address, the
IP Address is the network address of the system across the network. To identify each device in the
world-wide-web, the Internet Assigned Numbers Authority (IANA) assigns an IPV4 (Version 4)
address as a unique identifier to each device on the Internet. The length of an IPv4 address is 32
bits, hence, we have 232 IP addresses available. The length of an IPv6 address is 128 bits.
Type “ipconfig” in the command prompt and press ‘Enter’, this gives us the IP address of the
device.
MAC Address (Media Access Control address): Also known as physical address,
the MAC Address is the unique identifier of each host and is associated with its NIC
(Network Interface Card). A MAC address is assigned to the NIC at the time of
manufacturing. The length of the MAC address is: 12-nibble/ 6 bytes/ 48 bits Type
“ipconfig/all” in the command prompt and press ‘Enter’, this gives us the MAC
address.
Port: A port can be referred to as a logical channel through which data can be sent/received to an
application. Any host may have multiple applications running, and each of these applications is
identified using the port number on which they are running.
A port number is a 16-bit integer, hence, we have 216 ports available which are categorized as
shown below:
Port Types Range

Well known Ports 0 – 1023

Registered Ports 1024 – 49151

Ephemeral Ports 49152 – 65535


Number of ports: 65,536
Range: 0 – 65535
1. Other Related Concepts
DNS Server: DNS stands for Domain Name System. DNS is basically a server that
translates web addresses or URLs (ex: www.google.com) into their corresponding.

2
2. IP ADDRESS
All the computers of the world on the Internet network communicate with each other with
underground or underwater cables or wirelessly. If I want to download a file from the internet or
load a web page or literally do anything related to the internet, my computer must have an address
so that other computers can find and locate mine in order to deliver that particular file or webpage
that I am requesting. In technical terms, that address is called IP Address or Internet Protocol
Address.
Let us understand it with another example, like if someone wants to send you a mail then
he/she must have your home address. Similarly, your computer too needs an address so that other
computers on the internet can communicate with each other without the confusion of delivering
information to someone else’s computer. And that is why each computer in this world has a unique
IP Address. Or in other words, an IP address is a unique address that is used to identify computers
or nodes on the internet. This address is just a string of numbers written in a certain format. It is
generally expressed in a set of numbers for example 192.155.12.1. Here each number in the set is
from 0 to 255 range. Or we can say that a full IP address ranges from 0.0.0.0 to 255.255.255. 255.
And these IP addresses are assigned by IANA(known as Internet Corporation For Internet Assigned
Numbers Authority).
Working of IP addresses
The working of IP addresses is similar to other languages. It can also use some set of rules to send
information. Using these protocols we can easily send, and receive data or files to the connected
devices. There are several steps behind the scenes. Let us look at them
 Your device directly requests your Internet Service Provider which then grants your
device access to the web.
 And an IP Address is assigned to your device from the given range available.
 Your internet activity goes through your service provider, and they route it back to you,
using your IP address.
 Your IP address can change. For example, turning your router on or off can change your
IP Address.
 When you are out from your home location your home IP address doesn’t accompany
you. It changes as you change the network of your device.

Types of IP Address

IP Address is of two types:


1. IPv4: Internet Protocol version 4. It consists of 4 numbers separated by the dots. Each number
can be from 0-255 in decimal numbers. But computers do not understand decimal numbers, they
instead change them to binary numbers which are only 0 and 1. Therefore, in binary, this (0-255)
range can be written as (00000000 – 11111111). Since each number N can be represented
by a group of 8-digit binary digits. So, a whole IPv4 binary address can be
represented by 32-bits of binary digits. In IPv4, a unique sequence of bits is assigned
to a computer, so a total of (2^32) devices approximately = 4,294,967,296 can be
assigned with IPv4.
IPv4 can be written as:
3
189.123.123.90

Classes of IPv4 Address: There are around 4.3 billion IPv4 addresses and managing all those
addresses without any scheme is next to impossible. Let’s understand it with a simple example. If
you have to find a word from a language dictionary, how long will it take? Usually, you will take
less than 5 minutes to find that word. You are able to do this because words in the dictionary are
organized in alphabetical order. If you have to find out the same word from a dictionary that doesn’t
use any sequence or order to organize the words, it will take an eternity to find the word. If a
dictionary with one billion words without order can be so disastrous, then you can imagine the pain
behind finding an address from 4.3 billion addresses. For easier management and assignment IP
addresses are organized in numeric order and divided into the following 5 classes :
IP Class Address Range Maximum number of networks

Class A 0-126 126 (27-1)

Class B 128-191 16384

Class C 192-223 2097152

Class D 224-239 Reserve for multitasking

Class E 240-254 Reserved for Research and development

A loopback address is a distinct reserved IP address range that starts from 127.0.0.0 ends at
127.255.255.255 though127.255.255.255 is the broadcast address for 127.0.0.0/8. The loopback
4
addresses are built into the IP domain system, enabling devices to transmit and receive the data
packets. The loopback address 127.0.0.1 is generally known as localhost.
2. IPv6: But, there is a problem with the IPv4 address. With IPv4, we can connect only the above
number of 4 billion devices uniquely, and apparently, there are much more devices in the world to
be connected to the internet. So, gradually we are making our way to IPv6 Address which is a 128-
bit IP address. In human-friendly form, IPv6 is written as a group of 8 hexadecimal numbers
separated with colons (:). But in the computer-friendly form, it can be written as 128 bits of 0s and
1s. Since, a unique sequence of binary digits is given to computers, smartphones, and other devices
to be connected to the internet. So, via IPv6 a total of (2^128) devices can be assigned with unique
addresses which are actually more than enough for upcoming future generations.
IPv6 can be written as:
2011:0bd9:75c5:0000:0000:6b3e:0170:8394

Classification of IP Address

An IP address is classified into the following types:


1. Public IP Address: This address is available publicly and it is assigned by your network
provider to your router, which further divides it to your devices. Public IP Addresses are of two
types,
 Dynamic IP Address: When you connect a smartphone or computer to the internet,
your Internet Service Provider provides you an IP Address from the range of available
IP Addresses. Now, your device has an IP Address and you can simply connect your
device to the Internet and send and receive data to and from your device. The very next
time when you try to connect to the internet with the same device, your provider
5
provides you with different IP Addresses to the same device and also from the same
available

6
range. Since IP Address keeps on changing every time when you connect to the internet,
it is called a Dynamic IP Address.
 Static IP Address: Static address never changes. They serve as a permanent internet
address. These are used by DNS servers. What are DNS servers? Actually, these are
computers that help you to open a website on your computer. Static IP Address provides
information such as device is located on which continent, which country, which city,
and which Internet Service Provider provides internet connection to that particular
device. Once, we know who is the ISP, we can trace the location of the device connected
to the internet. Static IP Addresses provide less security than Dynamic IP Addresses
because they are easier to track.
2. Private IP Address: This is an internal address of your device which are not routed to the
internet and no exchange of data can take place between a private address and the internet.
3. Shared IP addresses: Many websites use shared IP addresses where the traffic is not huge and
very much controllable, they decide to rent it to other similar websites so to make it cost-friendly.
Several companies and email sending servers use the same IP address (within a single mail server)
to cut down the cost so that they could save for the time the server is idle.
4. Dedicated IP addresses: A dedicated IP Address is an address used by a single company or an
individual which gives them certain benefits using a private Secure Sockets Layer (SSL) certificate
which is not in the case of a shared IP address. It allows to access the website or log in via File
Transfer Protocol (FTP) by IP address instead of its domain name. It increases the performance of
the website when the traffic is high. It also protects from a shared IP address that is black-listed due
to spam.

IP address security threats

Each IP address is associated with virtual ports in a computer that acts as a doorway that
allows web applications or websites to send and receive data or information on your device. If after
the connection is terminated the ports remain open somehow, might allow hackers to get into your
device. Once, a hacker gets access to your device remotely through various tools and viruses, they
would be able to access all your stored files and data and your computer hardware as well, which
includes your webcam, mic, speaker, and all your browsing history, your emails and saved
passwords. These are some serious threats from which we need to be extra careful.
Various online activities can reveal your IP address from playing games or accepting bad
cookies from a trap website or commenting on a website or forum. Once, they have your IP, there
are websites that help them get a decent idea of your location. They can further use social media
websites to track your online presence and cross verify everything that they got from these sites
and use your information for their benefits or can sell these data collected on the dark web which
can further exploit you.
The worst which I have seen in my friend’s pc got infected while he was installing an application
that he downloaded from a pirated website.

Protect and hide IP address

To secure and hide your IP address from unwanted people always remember the following points:
7
 Use a proxy server.
 Use a virtual private network (VPN) when using public Wi-Fi, you are traveling,
working remotely, or just want some privacy.
 Change privacy settings on instant messaging applications.
 Create unique passwords.
 Beware of phishing emails and malicious content.
 Use a good and paid antivirus application and keep it up to date.
 It is also not recommended to use torrent or pirated websites which are a threat to your
online identity and can compromise your device or emails or any other information
about you.

8
3. PING AND TRACEROUTE

In computer networks, data is sent in small blocks known as packets. Each packet is
transmitted individually and may also follow a different route to reach the destination. Once all
these packets of the original message reach the destination, they are re-assembled to form the
original message. But, sometimes, it may happen that the webserver is down, network congestion
or some other technical glitch is there, that may prevent the message from reaching the destination.
To diagnose such congestions and network failures, we use two common programs namely Ping
and Traceroute.
Ping: It is a utility that helps one to check if a particular IP address is accessible or not. Ping works
by sending a packet to the specified address and waits for a reply. It also measures round trip time
and reports errors.
Ping is also used in checking if the computers on a local network are active. For this, the user has
to go to the command prompt and type: ping 127.0.0.1, and if the address is active, the ping would
return a message like this:
Pinging 127.0.0.1 with 32 bytes of data
Reply from 127.0.0.1: bytes=32 time<10ms TTL=32
Reply from 127.0.0.1: bytes=32 time<10ms TTL=32
Reply from 127.0.0.1: bytes=32 time<10ms TTL=32
Reply from 127.0.0.1: bytes=32 time<10ms TTL=32
The IP address 127.0.0.1 is the address of the local host and would receive a ping reply even if the
sender is not connected to the internet.
Traceroute: It is a utility that traces a packet from your computer to the host, and will also show
the number of steps (hops) required to reach there, along with the time by each step. Traceroute
works by sending the packets of data with a low survival time (Time to Live – TTL) which specifies
how many steps (hops) can the packet survive before it is returned. When a packet can’t reach the
final destination and expires at an intermediate step, that node returns the packet and identifies
itself. So, by increasing the TTL gradually, traceroute is able to identify the intermediate hosts. If
any of the hops come back with “Request timed out”, it denotes network congestion and a reason
for slow-loading Web pages and dropped connections.
The main difference between Ping and Traceroute is that Ping is a quick and easy utility to tell if
the specified server is reachable and how long will it take to send and receive data from the server
whereas Traceroute finds the exact route taken to reach the server and time taken by each step
(hop).

9
Difference between Ping and Traceroute

S.
Ping Traceroute
No.

Ping is a utility which is first developed by It enables us to locate where the data
1. Michael Muss in 1983. was unable to be sent along.

It is used to verify whether a network data The traceroute helps in providing a map
packet can reach an address without errors or of data on the internet from its source to
2. not. its destination

3. It is used to check for network errors. It helps in the packet capture.

Ping is used in video games to estimate A traceroute is used to troubleshoot the


4. latency. hop delays during video conferences.

The ping command sends a request over the


We can perform a visual traceroute to
network to a specific device that is Internet
get a visual representation of each hop.
5. Control Message Protocol.

Time-To-Live is broadcasted by
A ping packet has Time-To-Live value and
traceroute until the maximum TLL or
cannot be changed.
6. destination is reached.

It is available on virtually any operating It works by sending Internet Control


7. system with network connectivity Message Protocol (ICMP) packets

10
4.INRODUCTION TO ETHICAL

HACKING WHAT IS HACKING?

Hacking can be defined as an intrusion into someone else system ornetwork.


Hacking is done in 3 different ways
o By exploiting a vulnerability on the host
o By stealing passwords
o By gaining control over the host using remote access tools orbackdoors.
Hacking is done without the knowledge/permission of the owner. Hacking is done
mostly for the sake of fun and also to cause financialloss.

What is Ethical Hacking?


Ethical hackers are usually security professionals or network penetration testers who use
their hacking skills and toolsets for defensive and protective purposes. Ethical hackers who are
security professionals test their network and systems security for vulnerabilities using the same
tools that a hacker might use to compromise the network. Any computer professional can learn the
skills of ethical hacking.
The term cracker describes a hacker who uses their hacking skills and toolset for destructive
or offensive purposes such as disseminating viruses or performing denial-ofservice (DoS) attacks to
compromise or bring down systems and networks. No longer just looking for fun, these hackers are
sometimes paid to damage corporate reputations or steal or reveal credit card information, while
slowing business processes and compromising the integrity of the organization.
Hackers can be divided into three groups:
> White Hats -Good guys, ethical hackers
> Black Hats - Bad guys, malicious hackers
> Gray Hats -Good or bad hacker; depends on the situation
Ethical hackers usually fall into the white-hat category, but sometimes they’re former gray hats who
have become security professionals and who now use their skills in an ethical manner.
White Hats
White hats are the good guys, the ethical hackers who use their hacking skills for defensive
purposes. White-hat hackers are usually security professionals with knowledge of hacking and the
hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures.
White-hat hackers are prime candidates for the exam. White hats are those who hack with
permission from the data owner. It is critical to get permission prior to beginning any hacking
activity. This is what makes a security professional a white hat versus a malicious hacker who
cannot be trusted.
Black Hats
Black hats are the bad guys: the malicious hackers or crackers who use their skills for
illegal or malicious purposes. They break into or otherwise violate the system integrity of remote
systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital
data, deny legitimate users service, and just cause problems for their targets. Black-hat hackers and

11
crackers can easily be differentiated from white-hat hackers because their actions are
malicious. This is the

12
traditional definition of a hacker and what most people consider a hacker to be.
Gray Hats
Gray hats are hackers who may work offensively or defensively, depending on the situation.
This is the dividing line between hacker and cracker. Gray-hat hackers may just be interested in
hacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimed
ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may
want to highlight security problems in a system or educate victims so they secure their systems
properly. These hackers are doing their “victims” a favor. For instance, if a weakness is discovered
in a service offered by an investment bank, the hacker is doing the bank a favor by giving the bank a
chance to rectify the vulnerability.
Ethical Hacking Terminology
Threat - An environment or situation that could lead to a potential breach of security. Ethical
hackers look for and prioritize threats when performing a security analysis. Malicious hackers and
their use of software and hacking techniques are themselves threats to an organization’s information
security.
Exploit - A piece of software or technology that takes advantage of a bug, glitch, or vulnerability,
leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Malicious hackers are looking for exploits in computer systems to open the door to an initial attack.
Vulnerability - The existence of a software flaw, logic design, or implementation error that can
lead to an unexpected and undesirable event executing bad or damaging instructions to the system.
Exploit code is written to target a vulnerability and cause a fault in the system in order to retrieve
valuable data.
Target of Evaluation (TOE) - A system, program, or network that is the subject of a security
analysis or attack. Ethical hackers are usually concerned with high-value TOEs, systems that
contain sensitive information such as account numbers, passwords, Social Security numbers, or
other confidential data.
Attack - An attack occurs when a system is compromised based on a vulnerability. Many attacks
are perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to
an exploit because of the operating system, network configuration, or applications installed on the
systems, and to prevent an attack.
The Phases of Ethical Hacking
Organizations employ ethical hackers to simulate a real cyberattack on their systems and
networks. This attack comes in different phases. It takes a lot of skill and effort for ethical hackers
to identify all the vulnerabilities and exploit them to their full benefit. This simulated attack is used
to pinpoint all areas of weaknesses that the organization faces to work towards strengthening them.
The phases of ethical hacking are:

13
 The Reconnaissance Phase
 The Scanning Phase
 The Gaining Access Phase
 The Maintaining Access Phase
 The Covering of Tracks Phase

14
5. TYPES OF ETHICAL HACKERS

1. White Hat Hacking:

White hat hackers, also called ethical hackers, are frequently employed as security experts
by businesses or governments. They only hack systems with authorization and good intentions to
report vulnerabilities so they may be corrected. Their work is lawful because they are paid for their
services and have the organization's approval.

Where Is White Hat Hacking Used?

White hat hackers have extensive computer and networking knowledge, and almost all
businesses can benefit from the abilities and understanding of security specialists. To do various
penetration testing, bug bounty programs, and other services, ethical hackers are welcome to be
employed by IT organizations, particularly those that deal with cybersecurity.

IT professionals seeking a safer profession with lots of room for advancement should research
White Hat hacker jobs by obtaining IT Security Certification to bring a wide range of abilities to
the table.

Motives And Aims Of White Hat Hacker

These hackers' objectives include assisting corporations and a desire to find security holes
in networks. They seek to safeguard businesses and support them in the continuous conflict with
online threats. A White Hat hacker is somebody who will assist in defending the business against
increasing cybercrime. They help companies build defenses, recognize their vulnerabilities, and
fix them before other hackers do.

2. Black Hat Hackers:

Black hat hackers are renowned for purposefully breaking into computer networks. They
might also disseminate malware that steals passwords, credit card numbers, and other private data,
damages files, or seizes control of systems. Black hats are driven by selfish motives like monetary
gain, retaliation, or the desire to cause chaos.

15
Who Uses Black Hat Hackers?

Since they create malicious code and attempt to obtain unauthorized access to a system,
black hat hackers are the bad guys. Their motivations include pursuing personal or financial gain
or engaging in cyber espionage. They can introduce malware into a system and steal private
information, or they can encrypt the entire network of a business and demand ransom money to
unlock it.

Motives And Aims of black hat hackers

To break into a company's network and take money, sensitive information, or bank
information. Typically, they sell the resources they have stolen on the underground market, utilize
them for personal gain, or threaten the target company.

3. Gray Hat Hackers

The term "gray hat hacker" refers to someone who may transgress moral or ethical
guidelines without having harmful intent, like black hat hackers.

What Makes Gray Hat Hacking Unique?

White hat and black hat hackers combine to form gray hat hackers. Typically, they wander
about trying to break into systems but never do anything bad. They will inform the company of
their findings and may occasionally demand a small fee to resolve the problem. Although they
have noble intentions, they use poor tactics. Although they don't actually take advantage of any
flaws, they are breaking the law because they lack prior authorization.

Gray Hat Hacking In Industry

Some industries, especially those in the technology industry, welcome and even promote
the investigations of gray hat hackers. Of course, a hacker returns to the realm of white hat hacking
once authorization is granted. Since ethics are not always linked to legality, many gray hat hackers
nevertheless refer to themselves as ethical hackers.

16
6.SKILLS OF HACKERS
Ethical Hacking is compromising computer systems for assessing security and acting in
good faith by informing the vulnerable party. Ethical hacking is a key skill for many job roles
related to securing the online assets of an organization. The professionals working on these job
roles maintain the organization’s computers, servers, and other components of its infrastructure in
working conditions preventing unauthorized access through non-physical channels.

People believe that “hacking” means to hack any website within a minute. This concept
comes from watching movies, so they do not even know the original basic concept of what it means
to hack or how to do it. To crack passwords or to steal data? No, Ethical Hacking is much more
than that. Ethical hacking is to scan vulnerabilities and to find potential threats on a computer or
network. An ethical hacker finds the weak points or loopholes in a computer, web applications, or
network and reports them to the organization. So, let’s explore the skills required to become an
ethical hacker.

1. Computer Networking Skills

One of the most important skills to become an ethical hacker is networking skills. The
computer network is nothing but the interconnection of multiple devices, generally termed as Hosts
connected using multiple paths to send/receive data or media. Understanding networks like DHCP,
Super netting, Subnetting, and more will provide ethical hackers to explore the various
interconnected computers in a network and the potential security threats that this might create, as
well as how to handle those threats. To Learn computer networking refer Computer Network
Tutorials.

17
2. Computer Skills

Computer skills are knowledge and ability which allow one to use computers and related
technology. Typically, basic computer skills include data processing, managing computer files, and
creating presentations. Advanced computer skills include managing databases, programming, and
running calculations in spreadsheets. Some of the most essential computer skills are MS Office,
Spreadsheets, Email, Database Management, Social Media, Web, Enterprise systems, etc. An
ethical hacker needs to be a computer systems expert.

3. Linux Skills

Linux is a community of open-source Unix like operating systems that are based on the
Linux Kernel. It is a free and open-source operating system and the source code can be modified
and distributed to anyone commercially or noncommercially under the GNU General Public
License. The main reason to learn Linux for an ethical hacker is, in terms of security, Linux is more
secure than any other operating system. It does not mean that Linux is 100 percent secure it has
some malware for it but is less vulnerable than any other operating system. So, it does not require
any anti-virus software.

4. Programming Skills

Another most important skill to become an ethical hacker is Programming Skills. So what
does the word programming in the computer world actually means? It means, “The act of writing
code understood by a computational device to perform various instructions.” So, to get better
at programming, one will be writing a lot of code! Before one writes code he/she must choose the
best programming language for his/her programming. Here is the list of programming language
Python: Python Programming Language
 SQL: SQL Tutorial
 C: C Programming Language
 JavaScript: JavaScript Tutorials
 PHP: PHP Tutorials
 C++: C++ Programming Language
 Java: Java Programming Language
 Ruby: Ruby Programming Language
 Perl: Perl Programming Language

5. Basic Hardware Knowledge

Computer hardware comprises the physical parts of a computer, like the central processing
unit (CPU), monitor, mouse, keyboard, computer data storage, graphics card, sound card, speakers
and motherboard, etc. By contrast, the software is the set of instructions that can be stored
and run by hardware. For example, suppose one wants to hack a machine that is
controlled by a computer. First, he needs to know about the machine or how it works.
18
Last, he has to get access to the computer that controls the machine. Now, the
machine will have a very good software security system; however, hackers don’t care about
hardware security, so he can play with the hardware if he can access it. If one doesn’t know about
hardware, then how will he/she know how the motherboard works, how USBs to transfer data, or
how CMOS or BIOS work together, etc.? So one must have basic hardware knowledge also to
become an ethical hacker.

6. Reverse Engineering
Reverse Engineering is a process of recovering the design, requirement specifications, and
functions of a product from an analysis of its code. It builds a program database and generates
information from this. The objective of reverse engineering is to expedite the maintenance work by
improving the understandability of a system and to produce the necessary documents for a legacy
system. In software security, reverse engineering is widely used to ensure that the system lacks any
major security flaws or vulnerabilities. It helps to make a system robust, thereby protecting it from
hackers and spyware. Some developers even go as far as hacking their system to identify
vulnerabilities–a system referred to as ethical hacking.

7. Cryptography Skills

Cryptography is the study and application of techniques for reliable communication in the
presence of third parties called adversaries. It deals with developing and analyzing protocols that
prevent malicious third parties from retrieving information being shared between two entities
thereby following the various aspects of information security. Cryptography deals with converting
a normal text/message known as plain text to a non-readable form known as ciphertext during the
transmission to make it incomprehensible to hackers. An ethical hacker must assure that
communication between different people within the organization does not leak. To learn the basics
of cryptography refer to Network Security and Cryptography.

8. Database Skills

DBMS is the crux of creating and managing all databases. Accessing a database where all
the information is stored can put the company in a tremendous threat, so ensuring that this software
is hack-proof is important. An ethical hacker must have a good understanding of this, along with
different database engines and data schemas to help the organization build a strong DBMS. To learn
DBMS refers to database management system(DBMS).

19
7. IRTUAL BOX INSTALLATION
Virtual Machine abstracts the hardware of our personal computers such as CPU, disk
drives, memory, NIC (Network Interface Card), etc, into many different execution environments as
per our requirements, hence giving us a feeling that each execution environment is a single
computer. For example, VirtualBox.
We can create a virtual machine for several reasons, all of which are fundamentally related to the
ability to share the same basic hardware yet can also support different execution environments, i.e.,
different operating systems simultaneously.

Downloading and Installing VirtualBox

To download VirtualBox, go to the official site virtualbox.org and download the


latest version for windows.

Beginning with the Installation:


 Getting Started:

 Select Installation Location:


20
 Creating Entries and Shortcuts:

 Ready to Install:

 Installing Files and packages:

21
 Installing Certificates:

 Finished Installation:

22
8. WINDOWS 7 INSTALLATION IN VIRTUALBOX

As you probably know, Microsoft released the much awaited Windows 7 operating system
few hours back to public. The new operating system is very stable and also very fast.

In case, if you are not ready use it as primary OS for some reasons, you can still use this beautiful
operating system with your present operating system (XP or Vista) using virtual applications like
Microsoft Virtual PC 2007, Virtual Box, and VM Ware. Into Windows has already showed how to
install Windows 7 on Microsoft Virtual PC (VPC) 2007.

In this guide, we will show you how to install Windows 7 on your XP or Vista using Virtual Box.

Steps to install Windows 7 on VirtualBox

1. First, you need to download Virtual Box (it’s free) and also Windows 7 RC (download Windows
7 RC).

2. Just follow the onscreen instructions to install Virtual Box (it’s very simple).

3. Run the Virtual Box program to see the Virtual Box Registration dialog. Here you can enter your
name and e-mail if you wish. If you don’t like to provide your name and e-mail, just click Cancel
button.

4. In Sun VirtualBox window, click on New button to launch the New Virtualization Machine
Wizard.

5. Click Next and enter a name for the new virtual machine, select the type of the operating system
as Microsoft Windows, and select the version as Windows 7. Click Next to proceed further.
23
6. Here you need to allocate the memory to the new (Windows 7) virtual machine. Depending on
the amount of RAM installed on your system, you need to select the memory size. Since Microsoft
recommends minimum of 1GB RAM for Windows 7, enter 1024 MB in the right-side box. Again,
click Next.

7. On the following screen, you need to create a new hard disk by selecting Create new hard
disk option. Clicking on Next button will open Create New Virtual Disk Wizard. Click Next.
Select Dynamically expanding storage as this storage initially occupies a very small amount of
space on your physical hard disk. It will grow dynamically (up to the size specified) as the
Guest OS claims disk space.

Alternatively, you can also select Fixed-size storage. As the name indicates, fixed size storage
doesn’t grow. Once again, click Next button.

8. Select the size of the virtual hard disk. By default 20 GB is allocated. Since Microsoft
recommends 16 GB of free disk space for 32-bit & 20 GB for 64-bit Windows 7, let’s use the
default 20 GB as the virtual disk size. However, you can change it if you don’t have enough free
space. But make sure that you have allocated 16+ GB. Click Next and then Finish to finish virtual
disk setup.

24
9. To begin the next step, make sure that you have downloaded Windows 7 RC ISO.

10. Select Windows 7 RC in the left pane, & click Settings to start configuring Windows 7 settings
like RAM and disk space further.

11. Click Start button to begin Windows 7 RC installation on Virtual Box. You will see a message
about the host key. Just read it carefully and click ok to see the First Run Wizard.

12. Select the media you would like to use for installation purpose. Select Image file option as
media source as you are using Windows 7 ISO file to install. If you have Windows 7 DVD, select
Host Drive letter as your DVD drive. Click Next and then finish to begin the installation procedure.

25
13. Windows 7 installation process will start in a few seconds. Just follow the onscreen
instruction to finish the installation procedure.

14. You have now installed Windows 7 on VirtualBox. Have fun with Windows 7!

26
9. RAT (Remote access Trojan)

What is a RAT (remote access Trojan)?


A RAT (remote access Trojan) is malware an attacker uses to gain full administrative
privileges and remote control of a target computer. RATs are often downloaded along with
seemingly legitimate user-requested programs -- such as video games -- or are sent to their target as
an email attachment via a phishing email.

Once the host system is compromised, intruders use a backdoor to control the host, or they may
distribute RATs to other vulnerable computers and establish a botnet.

Belonging to the family of Trojan horse viruses, RATs are specifically designed to disguise
themselves as

A RAT is typically deployed as a malicious payload using exploit kits, such as Metasploit. Once
installed, the RAT gets connected to the command-and-control server, which the hackers control.
The hackers achieve this connection by compromising an open TCP port on the target device.

A RAT can also be installed through phishing emails, download packages, web links or torrent files.
Users are duped into downloading malicious files through social engineering tactics, or the RAT is
installed by threat actors after they gain physical access to a victim's machine, such as through an
evil maid attack.

During the fourth step in a targeted spear phishing attack, a RAT is installed on the target system.

 s out further attacks or blackmail users into some type of agreement, such as providing
ransom money or top-secret data.

 Crypto Mining. It's common for threat actors to use RATs to mine Bitcoin and
other cryptocurrencies on victims' computers. Attackers can generate significant
earnings by spreading RATs across numerous devices.

27
10. ANDROID HACKING USING CYPHER RAT

28
29
30
31
11. ANDROID HACKING USING MOBIHOK

32
33
34
35
36
37
38
39
12. TRUTHSPY TOOL

Start Spying from Anywhere at anytime !

The Truth Spy is a mobile spying app that helps you to track any type of Android devices. This app
comes with more than ten free advance features that you can use for tracking phone activities.

Monitor GPS locations, text messages, live calls, social media accounts, and more, all for free trial.
Undetectable and can be installed on almost any smartphone and table…

Track GPS Location


The Truth Spy will tell you to view the location of your target in real time via Google Maps.
Moreover, you will know your target's date, address, time, longitude, and latitude. An additional
feature to check the previous location; can help determine whether your kids went to the school or
snuck out.
Spy Call Recording
This feature helps you record all the calls you receive or make from your phone. Once Truth
Spy is installed, this feature can be used readily. As soon as the call is made, this feature will duly
register it. Also, if you don't have the time to listen to the recordings promptly, you can save and
download the recordings to listen to them later on.
SMS Tracking
This important feature helps you keep tabs on all messages sent and received from a phone.
Using this feature, you got to know the content of both sent and received messages. SMS Tracking
lets you know messages' content, time
stamps, and dates. Besides checking messages, you can also view the media and files exchanged
over SMS.
Call Spying
The main function of this program is the spy Call functionality. Call records on the phone
can be tracked via a spy call. You may view information about every incoming, outgoing, and
missed call. Additionally, you will receive thorough details regarding each call's duration, time,
contact details, etc. You can configure alerts to notify you whenever a call is made from a particular
number.
WhatsApp Spying
In addition to SMS spying, users can use this tool to break into WhatsApp installed on any
device. All your target's WhatsApp activities will be tracked and put on a dashboard. In addition,
you can also listen to the calls taking place via WhatsApp using this feature. Lastly, this feature also
enables users to read and record previous WhatsApp conversations.
40
Live Audio Recording
Audio recording lets you take control of the mic of the target phone. The Truth Spy lets you
take control of the mic so you can record the voices near the phone. Similarly, you can remotely
control the microphone and turn it on and off whenever possible. This means you can record the
conversations whenever you want. Afterward, you can listen to the recorded conversations saved on
your other device.
Facebook Spy
Facebook spy is another great feature of The Truth Spy. This feature lets you stay abreast of
your target's Facebook activities. You can check the messages sent using Facebook messenger
along with the timestamps and dates of the messages. Moreover, you can also view the activity that
occurs on the profile of your target.

Snapchat Spy
Snap spying works just like Facebook spying. However, in Snapchat's case, you can track all
other activities occurring on Snapchat besides checking messages. All other media sent as snaps can
also be viewed and saved. All the data you check is available with date, timestamps, and other
information. Besides media, you can read and save the content of the messages.
Viber Spy

Suppose you want to safely spy on Viber without anyone's knowledge. The Truth Spy
allows you to spy on all the calls sent and received on the targeted phone. Like other social media
apps, you can also view and save the content of the Viber messages. On Viber, you can also scroll
through call logs to see who's called on the phone.
Keylogger

A Key Logger is crucial to The Truth Spy's spying package. You can record every keystroke
entered on the phone with this tool. These keystrokes are captured so you can watch as the person
types in real time. Using the app's tracking feature, you can keep track of passwords. Keylogger is
by far the best feature many users have appreciated for its functionality and utility.
Multimedia Files

You may also examine all of the shared multimedia files on the phone. This way, you can
check out all the photos and videos kept on the phone by opening the gallery. Besides, you can also
check and track the files saved on other apps like File Manager. Additionally, you can review the
screenshots and save the media to view later.
Browsing History

The phone's browsing history can likewise be tracked. Additionally, the phone browser will provide
information on all the websites the phone has visited. You may look up the date, time, and name of
the website that was viewed. You may also monitor internet use and the duration of time spent on
41
each website. Using this feature, you can keep yourself updated on the type of content your kid
watches or interacts with

42
13. CONCLUSION

Android Hacking Conclusion


After working on the Android hacking minimal project, several important conclusions can be drawn:

Android Security Vulnerabilities: The project highlighted the presence of various security
vulnerabilities in the Android operating system. These vulnerabilities can be exploited by attackers
to gain unauthorized access to user data, compromise device integrity, or execute malicious code. It
underscores the need for robust security measures in Android applications and devices.

Importance of Secure Development Practices: The project emphasized the significance of following
secure development practices while creating Android applications. Developers should adhere to
security guidelines, perform thorough code reviews, and implement encryption, authentication, and
authorization mechanisms to mitigate potential risks.

User Awareness and Education: The project revealed the necessity of educating Android users
about potential security threats and best practices to protect their devices. Users should be cautious
while downloading apps, granting permissions, and connecting to public Wi-Fi networks to avoid
falling victim to hacking attempts.

Ethical Considerations: The project shed light on the importance of ethical hacking practices. It is
crucial to conduct hacking activities for legitimate purposes, with proper authorization, and in
compliance with applicable laws and regulations. Ethical hacking can contribute to enhancing
system security and identifying vulnerabilities before malicious actors exploit them.

Continuous Monitoring and Updates: The project demonstrated the need for regular monitoring of
Android devices and applications for security updates and patches. Both users and developers
should stay vigilant and promptly install security updates provided by device manufacturers and
software developers to protect against newly discovered vulnerabilities.

Collaboration and Information Sharing: The project highlighted the significance of collaboration
and information sharing among security researchers, developers.

43

You might also like