KGiSL Institute of Technology

(Approved by AICTE, New Delhi; Affiliated to Anna University, Chennai)

Recognized by UGC, Accredited by NBA (IT)
365, KGiSL Campus, Thudiyalur Road, Saravanampatti, Coimbatore – 641035.

Department of Artificial Intelligence & Data Science

Name of the Faculty : Mrs.M.Akilandeeswari

Subject Name & Code : CCS344 ETHICAL HACKING

Branch & Department : B.Tech & AI&DS

Year & Semester : 2023 / VI

Academic Year :2023-24

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 1

UNIT I INTRODUCTION 6
Ethical Hacking Overview - Role of Security and Penetration Testers. - Penetration-Testing Methodologies- Laws of the Land -
Overview of TCP/IP- The Application Layer - The Transport Layer - The Internet Layer - IP Addressing. - Network and
Computer Attacks - Malware - Protecting Against Malware Attacks. - Intruder Attacks - Addressing Physical Security
UNIT II FOOT PRINTING, RECONNAISSANCE AND SCANNING NETWORKS 6
Footprinting Concepts - Footprinting through Search Engines, Web Services, Social Networking Sites, Website, Email -
Competitive Intelligence - Footprinting through Social Engineering -Foot printing Tools - Network Scanning Concepts - Port-
Scanning Tools - Scanning Techniques -Scanning Beyond IDS and Firewall
UNIT III ENUMERATION AND VULNERABILITY ANALYSIS 6
Enumeration Concepts - NetBIOS Enumeration – SNMP, LDAP, NTP, SMTP and DNS Enumeration - Vulnerability Assessment
Concepts - Desktop and Server OS Vulnerabilities -Windows OS Vulnerabilities
UNIT IV SYSTEM HACKING 6
Hacking Web Servers - Web Application Components- Vulnerabilities - Tools for Web Attackers and Security Testers Hacking
Wireless Networks - Components of a Wireless Network –War driving- Wireless Hacking - Tools of the Trade –
UNIT V NETWORK PROTECTION SYSTEMS 6
Access Control Lists. - Cisco Adaptive Security Appliance Firewall - Configuration and Risk Analysis Tools for Firewalls and
Routers - Intrusion Detection and Prevention Systems - NetworkBased and Host-Based IDSs and IPSs - Web Filtering - Security
Incident Response Teams –Honeypots.

2
TEXTBOOKS

1. Michael T. Simpson, Kent Backman, and James E. Corley, Hands-On Ethical Hacking and

Network Defense, Course Technology, Delmar Cengage Learning, 2010.

2. The Basics of Hacking and Penetration Testing - Patrick Engebretson, SYNGRESS,

Elsevier, 2013.

3. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Dafydd

Stuttard and Marcus Pinto, 2011.

REFERENCES

1. Black Hat Python: Python Programming for Hackers and Pentesters, Justin Seitz , 2014

3
SYLLABUS

UNIT III ENUMERATION AND VULNERABILITY ANALYSIS

6

Enumeration Concepts - NetBIOS Enumeration – SNMP, LDAP, NTP, SMTP and

DNS Enumeration - Vulnerability Assessment Concepts - Desktop and Server OS

Vulnerabilities -Windows OS Vulnerabilities

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 4

Course Outcomes

COURSE OUTCOMES:

At the end of this course, the students will be able:

CO1: To express knowledge on basics of computer based vulnerabilities

CO2: To gain understanding on different foot printing, reconnaissance and scanning methods.

CO3 To demonstrate the enumeration and vulnerability analysis methods

CO4: To gain knowledge on hacking options available in Web and wireless applications.

CO5: To acquire knowledge on the options for network protection.

CO6: To use tools to perform ethical hacking to expose the vulnerabilities.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 5
Enumeration:

• Enumeration is the process of establishing an active connection to the target host, where

sensitive information is collected and assessed

• Windows enumeration, NetBIOS, LDAP,SNMP are some of the types of enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 6

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 7

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 8

3.1 Enumeration NetBIOS (Network Basic Input Output System)

• NetBIOS is a Windows programming interface that allows computers to communicate across

a local area network (LAN).

• Most Windows OSs use NetBIOS to share files and printers.

• NetBIOS listens on UDP ports 137 (NetBIOS Name service) and 138 (NetBIOS Datagram

service) and TCP port 139 (NetBIOS Session service).

• File and printer sharing in Windows also requires an upper-level service called Server

Message Block (SMB), which runs on top of NetBIOS.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 9
3.1 Enumeration NetBIOS

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 10

3.1 Enumeration

• The computer names you assign to Windows systems are called NetBIOS names and have a limit of

16 characters;

• the last character is reserved for a hexadecimal number (00 to FF) that identifies the service running

on the computer.

• Therefore, you can use only 15 characters for a computer name, and NetBIOS adds the last

character automatically to identify the service that has registered with the OS.

• For example, if a computer named SALESREP is running the Server service, the OS stores this

information in a NetBIOS table.

• A NetBIOS name must be unique on a network.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 11
3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 12

3.1 Enumeration

NetBIOS Null Sessions

•One of the biggest vulnerabilities of NetBIOS systems is a null session, which is an
unauthenticated connection to a Windows computer that uses no logon and password values.
•Many of the enumeration tools, establish a null session to gather information such as logon
accounts, group membership, and file shares from an attacked computer.
•This vulnerability has been around for more than a decade and is still present in Windows XP.
Null sessions have been disabled by default in Windows Server 2003, although administrators can
enable them if they’re needed for some reason.
• In Windows Vista and Server 2008, null sessions aren’t available and can’t be enabled, even by
administrators CW3551/DIS/III AI&DS/V SEM/KG-KiTE 13
3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 14

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 15

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 16

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 17

3.1 Enumeration

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 18

3.1 Enumeration

Types Of Enumeration:

NetBIOS(Network Basic Input Output System) Enumeration:

• NetBIOS allows applications on different computers to communicate over LANs

• Currently uses TCP/IP
• Gives each computer a NetBIOS name along with normal IP address

NBT is a protocol that allows legacy applications that rely on NetBIOS to be used on modern TCP/IP networks
• NBT implements a Name Service that records all name registrations

NetBIOS provides three basic services:

• NAME SERVICE • The name service provides name registration and resolution for clients
• SESSION SERVICE • The session service provides connection-oriented communication
• DATAGRAM SERVICE • The datagram serviceCW3551/DIS/III
providesAI&DS/V
for a SEM/KG-KiTE
connectionless communication 19
3.1 Enumeration

SNMP(Simple Network Management Protocol) Enumeration:

•Simple Network Management Protocol (SNMP) is an application layer protocol that runs on

UDP and maintains and manages IP network routers, hubs, and switches.

•SNMP agents run on networking devices in Windows and UNIX networks.

•SNMP is a widely used protocol that is enabled on a wide range of operating systems, Windows

Server, Linux servers, and network devices such as routers and switches.

•On a target system, SNMP enumeration is used to list user accounts, passwords, groups, system
CW3551/DIS/III AI&DS/V SEM/KG-KiTE 20
names, and devices.
3.1 Enumeration

SNMP Enumeration is made up of three major parts:

Managed Device: A managed device is a device or a host (technically referred to as a node)
that has the SNMP service enabled. These devices include routers, switches, hubs, bridges,
computers, and so on.
Agents: An agent is a software component that runs on a managed device. Its primary
function is to convert data into an SNMP-compatible format for network management via the
SNMP protocol.
Network Management System (NMS) : NMS are software systems that are employed to
monitor network devices.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 21

3.1 Enumeration

LDAP Enumeration:
•Lightweight Directory Access Protocol is an Internet Protocol for getting to dispersed
registry administrations.
•Registry administrations may give any coordinated arrangement of records, regularly in a
hierarchical and sensible structure, for example, a corporate email index.
•A customer starts an LDAP meeting by associating with a Directory System Agent on TCP port
389 and afterward sends an activity solicitation to the DSA.
•Data is sent between the customer and the worker utilizing Basic Encoding Rules.
•Programmer inquiries LDAP administration to assemble information such as substantial
usernames, addresses, division subtleties, and so on that can be additionally used to perform
assaults. CW3551/DIS/III AI&DS/V SEM/KG-KiTE 22
3.1 Enumeration

NTP Enumeration:

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 23

3.1 Enumeration

DNS Enumeration using Zone Transfer:

•It is a cycle for finding the DNS worker and the records of an objective organization.

•A hacker can accumulate significant organization data, for example, DNS worker names, hostname, machine names,

usernames, IPs, and so forth of the objectives.

•In DNS Zone Transfer enumeration, a hacker tries to retrieve a copy of the entire zone file for a domain from the

DNS server.

•In order to execute a zone transfer, the hacker sends a zone transfer request to the DNS server pretending to be a

client; the DNS then sends a portion of its database as a zone to you. This zone may contain a ton of data about the

DNS zone organization.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 24