"ETHICAL HACKING"

Submitted in partial fulfilment of the requirement for the

Award of the degree of
Bachelor of Computer Applications

SUBMITTED BY
SHIVAM KUMAR

Ambedkar Institute of Technology

Shakarpur Delhi-110092

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 ACKNOWLEDGEMENT

It is clear that result of all efforts whatever form they take is a

direct outcome of not just an individual’s thinking but represents
the organization. The same view holds good for this seminar
report and we will try our best to emphasize this point at the
very outset. The report couldn’t be finished without the help of
experienced and versatile personality. First of all we pay heartfelt
regards to Dr. Monica Rajput (FACULTY) For his invaluable
guidance, help and support at each stage of our project.
We are extremely grateful to our teachers for their incessant
and perpetual cooperation and encouragement.

SHIVAM KUMAR

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 CONTENTS
• Ethical Hacking

• Type Of Hackers

• History

• Footprinting

• Scanning

• Windows Hacking

• System Hacking

• Steganography

• Cryptography

• Virus / Trojan

• Social Engineering

• Mobile Hacking

• SQL Injection

• Reference

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 INTRODUCTION
Ethical hacking as the term denotes is used for ethical, legal or good reasons. Ethical Hackers
work similarly to any other black hat hacker or cracker but their aim is to provide complete
security to any system to prevent other black hat hackers. They find out the loopholes in any
operating systems and apply complete security to it so that other hackers would not able to
attack the system.

Black hat hackers are actually the cyber criminals and ethical hackers are the cyber police.
Both had weapons with them but one is using it protect others and other one is using it for
damage others. Ethical Hackers do have sound knowledge as what measures that a black
hat hacker can take to damage the systems, therefore they applied the security to the
system accordingly and thus make the system of any organization completely safe and
secure.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 Type Of Hackers

1. White Hat Hackers

2. Black Hat Hackers

3. Gray Hat Hackers

4. Script Kiddies

5. Hacktivists

6. State Sponsored Hackers

7. Spy Hackers

8. Suicide

9. C.P Hackers

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 HISTORY OF HACKING

1960's : Hacking is not limited to computers. The real meaning of hacking is to expand the
capabilities of any electronic device; to use them beyond the original intentions of the
manufacturer. As a matter of fact, the first hackers appeared in the 1960's at the
Massachusetts Institute of Technology (MIT), and their first victims were electric trains. They
wanted them to perform faster and more efficiently.

1970's (PHREAKS OR PHONE HACKERS) : During the 1970's, a different kind of hacker
appeared: the phreaks or phone hackers. They learned ways to hack the telephonic system
and make phone calls for free. Within these group of people, a phreaker became famous
because a simple discovery. John Draper, also known as Captain Crunch, found that he could
make long distance calls with a whistle. He built a blue box that could do this and the
Esquire magazine published an article on how to build them

1980's(BULLETIN BOARD SYSTEMS) : During the 1980's, phreaks started to migrate to

computers, and the first Bulletin Board Systems (BBS) appeared. BBS are like the yahoo
groups of today, were people posted messages of any kind of topics. The BBS used by
hackers specialized in tips on how to break into computers, how to use stolen credit card
numbers and share stolen computer passwords.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
1990's: During the 1990's, when the use of the internet widespread around the world,
hackers multiplied, but it wasn't until the end of the decade that system's security became
mainstream among the public.

1998’s (MILITARY SATELLITE SYSTEM): Hackers claim to have broken into a Pentagon
network and stolen software for a military satellite system. They threaten to sell the
software to terrorists.

2001 (I LOVE YOU): The "I Love You" virus debuts on the Internet in May, appearing first
in the Philippines, then spreading across the globe in a matter of hours. It causes an
estimated $10 billion of damage globally in lost files and computer downtime before a
solution is found.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 ROLE OF ETHICAL HACKERS

• There can lots of roles and responsibilities for an ethical hacker, but to summarize
their roles and responsibilities a White hat hacker can do the following for an
organization

• They can find out the vulnerabilities and loopholes in any IT system.

• Ethical Hackers can also suggest the list of steps that should be taken to prevent the
risk on a system and can also provide the system complete security.

• They can recommend any organization about the detailed report and analysis
related to security of any IT system.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 FOOTPRINTING

WHAT IS FOOTPRINTING ?

Footprinting is the first and most convenient way that hackers use to gather information.
about computer systems and the companies they belong to. The purpose of footprinting to.
learn as much as you can about a system, it's remote access capabilities, its ports and.
services, and the aspects of its security.

IDENTIFY VULNERABILITIES:

It allows attacker to identify Vulnerabilities in the target system in order to select

appropriate exploits.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 OBJECTIVES OF FOOTPRINTING

 Domain Name

 Internal Domain Name

 Network Blocks

 IP Address Of The reachable System

 Rough website / Private Website

 TCP & UDP services Running

 Access Control Mechanisms and ACL’s

 Networking Protocols

 VPN Points

 IDSes Running Analog/Digital Telephone number

 Authentication Mechanisms

 System enumeration

COLLECT SYSTEM INFORMATION

• User and group names

• System banners

• Routing tables

• SNMP information

• System architecture

• Remote system type

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 • System names

• Password

COLLECT ORGANIZATION’S INFORMATION

• Employee details

• Organization’s Website

• Company directory

• Location details

• Address and phone numbers

• Comments in HTML Source Code

• Security policies implemented

• Web Server links relevant to the organization

• Background of the organization

• News articles

• Press release

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 SCANNING

Scanning is the second phase of hacking

BY SCANNING WE CAN FIND OUT:

• Which all servers are alive (AKA)

• Specific IP address

• Operating system

• System architecture

• Service running on each system

TYPES OF SCANNING:

• Port Scanning

• Network Scanning

• Vulnerability Scanning

PORT SCANNER

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
Port scanner is an application designed to probe a server or host for open ports. This is often
used by administrators to verify security policies of their networks and by attackers to
identify services running on a host and exploit vulnerabilities.

NETWORK SCANNER

Network scanning is a procedure for identifying active hosts on a network; Scanning

procedures, such as ping sweeps and port scan s , return information about which IP
addresses map to live hosts that are active on the Internet and what services they offer.

VULNERABILITIES SCANNING:

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
The automated process of proactively identifying vulnerabilities of computing systems in
a network in order to determine if and where a system can be exploited or
threatened; Vulnerability scanning typically refers to the scanning of systems that are
connected to the Internet

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 SYSTEM HACKING

PASSWORD HACKING:

TYPES OF PASSWORD HACKING:

There are of four types of password attack

1.passive online attack

2.Active online attack

3.Offline attack

4. Non technical attack

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
PASSIVE ONLINE ATTACK:

In passive online attacks an attacker don’t contact with authorizing party for stealing
password, in other words he attempts password hacking but without communicating with
victim or victim account. Types of passive online attacks includes wire sniffing, Man in the
middle attack and reply attack.

ACTIVE ONLINE ATTACK:

This type of attack can be directly termed as password guessing. An attacker tries number of
passwords one by one against victim to crack his/her password.

OFFLINE ATTACK:

Offline password attacks are performed from a location other than the actual computer
where the password reside or were used. Offline attacks requires physical access to the
computer which stores password file, the attacker copies the password file and then tries to
break passwords in his own system. Offline attacks include, dictionary attacks, hybrid
attacks, brute force attack, precomputed hash attacks, syllable attacks, rule based attacks
and rainbow attacks.

NON TECHNICAL ATTACK:

This type of attacks does not require any technical knowledge hence termed as non-
technical attacks. This kind of attacks may include, social engineering, shoulder surfing,
keyboard sniffing and dumpster diving

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 STEGANOGRAPHY

The art and science of hiding information by embedding messages within other, seemingly
harmless messages. Steganography works by replacing bits of useless or unused data in
regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits
of different, invisible information. This hidden information can be plain text, cipher text, or
even images.

Steganography sometimes is used when encryption is not permitted. Or, more commonly,
steganography is used to supplement encryption. An encrypted file may still hide
information using steganography, so even if the encrypted file is deciphered, the hidden
message is not seen.

TYPES OF STEGANOGRAPHY:

 Text Steganography

 Image Audio Steganography

 Video Steganography

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 Cryptography

WHAT IS CRYPTOGRAPHY ?

Techniques used for deciphering a message without any knowledge of enciphering details.

PLAINTEXT: A message in its natural format readable by an attacker.

CIPHERTEXT: Message altered to be unreadable by anyone except the intended

recipients.

KEY: Sequence that controls the operation and behavior of the cryptographic algorithm.

ENCRYPTION: The process of converting the plaintext to ciphertext is encryption.

DECRYPTION: The reveres process of restoring the plaintext from the ciphertext is
decryption

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 VIRUS / TROJAN

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software.
Trojans can be employed by cyber-thieves and hackers trying to gain access to users'
systems. Users are typically tricked by some form of social engineering into loading and
executing Trojans on their systems.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 SOCIAL ENGINEERING

PHISHING:

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and
credit card details (and sometimes, indirectly, money), often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication.

EMAIL TRACKING & BOMBING:

Email tracking is a method for monitoring the email delivery to intended recipient. Most
tracking technologies use some form of digitally time-stamped record to reveal the exact
time and date that an email was received or opened, as well the IP address of the recipient.

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 MOBILE HACKING

Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by
accessing the voicemail messages of a mobile phone without the consent of the phone's
owner.

TOOLS OF MOBILE HACKING:

 Droidjack hack
 Spy Phone Hack
 Hash Suite Droid

DROIDJACK HACK:

SPY PHONE HACK:

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
HASH SUITE DROID:

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 SQL INJECTION

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute
malicious SQL statements (also commonly referred to as a malicious payload) that control a
web application's database server (also commonly referred to as a Relational Database
Management System – RDBMS).

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR
 REFERENCE

 www.iitca.co.in

 https://www.eccouncil.org

 http://www.cyberlawsindia.net
 Wikipedia.org

https://www.linkedin.com/inshivam-kumar-0933a3134
SHIVAM KUMAR