✅ Unit 1 – Ethical Hacking Basics & Footprinting

1. What is Hacktivism? How is it Manifested?

Hacktivism: Use of hacking to promote political or social causes.

Ways to Manifest:

1.​ Defacing websites to deliver a message.​

2.​ Launching DDoS attacks on government sites.​

3.​ Data leaks to expose corruption.​

4.​ Redirecting traffic to protest pages.​

5.​ Blocking or altering services to raise awareness.​

2. Types of Ethical Hacking

1.​ Web Application Hacking – Attacking websites/apps for vulnerabilities.​

2.​ Network Hacking – Intercepting network traffic.​

3.​ System Hacking – Gaining access to computer systems.​

4.​ Wireless Network Hacking – Breaking Wi-Fi encryption (WEP, WPA).​

5.​ Social Engineering – Manipulating people for access.​

3. Phases of Ethical Hacking

1.​ Reconnaissance – Information gathering.​

 2.​ Scanning – Identifying active systems/ports.​

3.​ Gaining Access – Exploiting vulnerabilities.​

4.​ Maintaining Access – Creating backdoors.​

5.​ Clearing Tracks – Removing logs, hiding traces.​

4. Ways to Conduct Ethical Hacking

1.​ White-box testing – Full internal knowledge given.​

2.​ Black-box testing – No internal info, like an outsider.​

3.​ Gray-box testing – Partial knowledge of systems.​

4.​ Manual testing – Human-led exploitation.​

5.​ Automated testing – Using tools like Nessus, Metasploit.​

5. What is Footprinting? Types?

Footprinting: Gathering information about the target.

Types:

1.​ Passive Footprinting – Using public data (WHOIS, Google).​

2.​ Active Footprinting – Direct interaction (ping, traceroute).​

3.​ Competitive Intelligence – Studying rivals via online resources.​

6. Information Gathering Methods

1.​ WHOIS Lookup​

 2.​ DNS Interrogation​

3.​ Social Media Tracking​

4.​ Google Hacking​

5.​ Port Scanning​

7. DNS Enumeration – Short Note

●​ Process of locating DNS records.​

●​ Identifies hostnames, IP addresses, subdomains.​

●​ Tools: nslookup, dig, dnsenum.​

8. WHOIS & ARIN Lookups

●​ WHOIS: Finds domain owner details (registrar, name, contact).​

●​ ARIN: Finds IP address allocations (used for tracking servers/networks).​

●​ Both are used for passive reconnaissance.​

9. What is Port Scanning? Example?

●​ Technique to find open ports on a system.​

●​ Helps identify running services (HTTP, FTP).​

●​ Tool: Nmap​

●​ Example: nmap -p 1-1000 target.com​

10. What is Scanning? Vulnerability Scanning?

●​ Scanning: Actively probing systems for open ports/services.​

●​ Vulnerability Scanning: Detecting known flaws (SQLi, outdated software).​

●​ Tools: Nessus, OpenVAS.​

11. Nmap Command Switches

1.​ -sS – SYN scan​

2.​ -sU – UDP scan​

3.​ -sV – Detect service version​

4.​ -O – OS detection​

5.​ -T4 – Aggressive timing​

12. XMAS, NULL, FIN Scans

●​ XMAS Scan: Sets all TCP flags, checks for closed ports.​

●​ NULL Scan: Sends packet with no flags – stealthy.​

●​ FIN Scan: Sends FIN flag to confuse firewalls.​

13. What is IP Spoofing?

●​ Faking source IP address in packets.​

●​ Used in DDoS attacks and session hijacking.​

 ●​ Hard to trace attacker.​

14. SNMP Enumeration

●​ Gathers data from SNMP-enabled devices (routers, switches).​

●​ Reveals network layout, running services.​

●​ Tool: SNMPWalk.​

15. Steps in Enumeration

1.​ NetBIOS enumeration​

2.​ SNMP enumeration​

3.​ LDAP enumeration​

4.​ Windows User list extraction​

5.​ Port and service discovery

✅ Unit 2 – Network and System Threats

1. Password Hacking Techniques

1.​ Brute Force Attack – Trying all combinations.​

2.​ Dictionary Attack – Using a list of common passwords.​

3.​ Phishing – Tricking users into revealing passwords.​

4.​ Keylogging – Recording keystrokes.​

 5.​ Social Engineering – Manipulating users.​

2. Types of Passwords

1.​ Static Password – Remains the same.​

2.​ Dynamic Password – Changes (e.g., OTP).​

3.​ Graphical Password – Based on image patterns.​

4.​ Biometric Password – Uses fingerprints or face.​

5.​ Passphrases – Long sentences used as passwords.​

3. DNS Spoofing

●​ Faking DNS responses to redirect users to malicious sites.​

●​ Attacker alters DNS cache (DNS poisoning).​

●​ Used in phishing and malware distribution.​

4. ARP Spoofing

●​ Sends fake ARP messages to link attacker’s MAC with victim’s IP.​

●​ Allows attacker to intercept, modify, or block data.​

●​ Used in Man-in-the-Middle (MITM) attacks.​

5. Smurf Attack
 ●​ DoS attack using ICMP (ping).​

●​ Sends spoofed pings to broadcast addresses.​

●​ Causes network flood, crashes systems.​

6. Bots vs Botnets

Bots Botnets

Single infected device Group of infected devices

Can perform tasks Controlled remotely

Less dangerous Used for DDoS, spam,

alone etc.

7. DoS/DDoS Countermeasures

1.​ Use firewalls and IDS/IPS.​

2.​ Apply rate limiting.​

3.​ Use anti-DDoS services (e.g., Cloudflare).​

4.​ Monitor traffic patterns.​

5.​ Keep systems patched.​

8. Spoofing and Its Types

Spoofing: Faking identity in a network.

Types:

1.​ IP Spoofing​

2.​ ARP Spoofing​

3.​ DNS Spoofing​

4.​ Email Spoofing​

5.​ Caller ID Spoofing​

9. Hijacking: Types and Prevention

Hijacking Types:

1.​ Session Hijacking​

2.​ Clickjacking​

3.​ Email Hijacking​

4.​ Browser Hijacking​

5.​ TCP/IP Hijacking​

Prevention:

1.​ Use HTTPS​

2.​ Session encryption​

3.​ Timeout inactive sessions​

4.​ Multi-factor authentication​

10. Types of Web Server Attacks

1.​ Directory Traversal – Accessing restricted files.​

2.​ DDoS – Overloading server.​

3.​ Injection Attacks (SQL, Command)​

4.​ Misconfiguration Exploits​

5.​ Cross-Site Scripting (XSS)​

11. Web Server Hardening Steps

1.​ Disable unused services.​

2.​ Apply security patches.​

3.​ Use firewalls.​

4.​ Enforce strong authentication.​

5.​ Monitor logs and alerts.​

12. Patch Management Techniques

1.​ Inventory system components.​

2.​ Test patches before deployment.​

3.​ Apply critical patches first.​

4.​ Use automated patch tools.​

5.​ Verify and document patching.​

13. Web Server Vulnerabilities

1.​ Default passwords and configs.​

2.​ Outdated software.​

3.​ Directory listing enabled.​

4.​ Lack of input validation.​

5.​ Weak authentication.

✅ Unit 3 – Web Application & Wireless Hacking

1. What is a Web Application? Web App Vulnerabilities?

Web Application:

●​ Software accessed via browser using internet (e.g., Gmail, Amazon).​

Vulnerabilities:

1.​ SQL Injection​

2.​ Cross-Site Scripting (XSS)​

3.​ Broken Authentication​

4.​ Insecure Direct Object Reference​

5.​ Security Misconfigurations​

2. Web Application Threats and Types

1.​ Phishing – Fake websites to steal data.​

 2.​ Session Hijacking – Stealing session tokens.​

3.​ Cross-Site Request Forgery (CSRF)​

4.​ File Inclusion – Uploading malicious files.​

5.​ Clickjacking – Invisible links to trick clicks.​

3. What is Google Hacking?

●​ Using advanced Google search techniques to find sensitive info.​

●​ Example: intitle:"index of" confidential​

●​ Used to find exposed files, passwords, misconfigurations.​

4. Authentication and Its Types

Authentication: Verifying user identity.

Types:

1.​ Password-based​

2.​ Biometric​

3.​ Two-Factor Authentication (2FA)​

4.​ Token-based (OTP)​

5.​ Certificate-based​

5. SQL Injection & Its Types

SQL Injection: Injecting malicious SQL queries into inputs.

Types:

1.​ In-band SQLi – Error-based, Union-based​

2.​ Inferential SQLi – Blind SQLi (true/false or time-based)​

3.​ Out-of-Band SQLi – Data sent through different channel​

6. SQL Server Vulnerabilities

1.​ Default credentials​

2.​ Unpatched versions​

3.​ Improper input validation​

4.​ Poor configuration​

5.​ Lack of encryption​

7. Buffer Overflow & Its Types

●​ Overwriting memory by sending too much input.​

Types:

1.​ Stack-based – Most common​

2.​ Heap-based – Complex to exploit​

3.​ Integer overflow​

4.​ Format string attacks​

8. Stack-Based Buffer Overflow

 ●​ Exploit occurs in call stack.​

●​ Attacker injects shellcode to gain control.​

●​ Can crash program or run malicious code.​

9. Mutation in Ethical Hacking & Techniques

Mutation: Modifying known attacks to bypass detection.

Techniques:

1.​ Encoding payloads​

2.​ Changing IP addresses​

3.​ Slight code variation​

4.​ Obfuscation​

5.​ Randomization​

10. WEP (Wired Equivalent Privacy)

1.​ Early Wi-Fi encryption protocol.​

2.​ Uses RC4 stream cipher.​

3.​ Static keys (easily cracked).​

4.​ Replaced by WPA/WPA2.​

5.​ Tools like Aircrack-ng break WEP easily.​

11. Wireless Sniffing and Its Working

 ●​ Capturing data packets over Wi-Fi.​

●​ Tools: Wireshark, Kismet.​

●​ Attacker monitors traffic to steal passwords or cookies.​

12. Rogue Access Point & Working

●​ Fake Wi-Fi set up by attacker.​

●​ Victim connects, attacker monitors or injects data.​

●​ Used in MITM and data theft attacks.​

13. Penetration Testing Methodology

1.​ Planning and Reconnaissance​

2.​ Scanning​

3.​ Gaining Access​

4.​ Maintaining Access​

5.​ Clearing Tracks​

6.​ Reporting​

14. Pen Test Deliverables – Short Note

1.​ Executive Summary​

2.​ Detailed Vulnerability Report​

3.​ Exploitation Steps​

 4.​ Screenshots/Evidence​

5.​ Recommendations​

15. Automated Tools for Pen Testing

1.​ Metasploit – Exploitation​

2.​ Nessus – Vulnerability scanning​

3.​ Burp Suite – Web app testing​

4.​ Nikto – Web server scanning​

5.​ OWASP ZAP – Security testing​

16. Steps to Secure Wireless Networks

1.​ Use WPA3 encryption​

2.​ Change default SSID and password​

3.​ Disable WPS​

4.​ MAC address filtering​

5.​ Use firewall & IDS​