Upload
srikanta-sen
View
219
Download
0
Embed Size (px)
Citation preview
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 1/172
STUDENT GUIDE
Ethical HackingLevel 0
By SRIKANTA SEN
Certified Ethical Hacker
This book does not teach you ethical hacking, but you can't learn ethical
hacking without having the knowledge of these basic topics.Level 0 is a term used in Data structure [Computer Science], which means
the root or the starting point, this book will drop you at the starting point
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 2/172
2
About the Author
Srikanta Sen is an EC-Council certified Ethical hacker, penetration
tester, python code developer, Data analyst professional and an
independent cyber security researcher. His research interest is
"use of big data analytics in cyber security".
Srikanta Sen presently teaching in a college affiliated to Maulana
Abul Kalam Azad University of Technology in Westbengal, India.
He has more than decades of experience in teaching computer
related subjects at university level. He is also working in cyber
security domain for last 5 years.
Srikanta Sen lives in Kolkata, India with his wife and son. He loves
traveling, reading.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 3/172
3
Thanks to Team
Special Thanks To
Mr. Sandeep Sengupta
Mr. Abir Atarthy
For Their Constant Inspiration
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 4/172
4
Copyright Notice
THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE
COPIED OR REPRODUCED UNLESS SPECIFIC PERMISSIONS
HAVE BEEN GIVEN TO YOU BY THE AUTHOR SRIKANTA
SEN.
ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR
ANY PART OF THIS BOOK IS STRICTLY DISCOURAGED.
Liability Disclaimer
THE TERM “HACKING” SHOULD BE READ AND
UNDERSTOOD AS “ETHICAL HACKING”.
“ETHICAL HACKING” AND “PENETRATION TESTING” ARE
INTERCHANGEABLY USED IN THIS BOOK.
AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY
ORGANIZATION OR COUNTRY.
NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR
ORGANIZATION’S BUSINESS POLICY BY THE AUTHOR.
THE INFORMATION PROVIDED IN THIS EBOOK IS FOR
EDUCATIONAL PURPOSES ONLY.
THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY
MISUSE OF THE INFORMATION PROVIDED.
THE INTENTION OF THIS EBOOK IS TO MAKE YOU AWARE
ON ETHHICAL HACKING.
WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE
ABOUT THE SOURCE INFORMATION OF PICTURE AND
CONTENT.
Any words can be mailed to [[email protected]]
Date:01-jan-2016
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 5/172
5
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 6/172
6
Contents at a Glance
--------------------------------------------------------------------------------
Introduction.....................................................................07-09
Ethical Hacking Concepts..............................................10-15
Penetration Testing Concepts........................................16-16
Basics of Communications.............................................17-20
OSIRM ..........................................................................21-33
Protocols and Ports........................................................34-34
Computer Systems Architectures.................................35-39
Proxy...............................................................................40-42
Basics of Wireless and Mobile Communications........43-47
Command Line Basics for Ethical Hacking................48-52
Virtualization.................................................................53-75
HTTP and HTTPS........................................................76-79
Password........................................................................80-84
Cryptography and Encryption....................................85-91
Steganography..............................................................92-96
Malware........................................................................97-102
Google Hacking..........................................................103-117
HTML.........................................................................118-128
JAVASCRIPT...........................................................129-136
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 7/172
7
Contents at a Glance
--------------------------------------------------------------------------------
Python........................................................................137-148
Server-Side Programming.......................................149-156
Relational Algebra and SQL...................................157-169
Join a Ethical Hacking School.................................170-170
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 8/172
8
Introduction
If a report is to be believed, released by software security services
provider, Norton around 42 million people in India have become
victims of cyber crimes in 2012. As many as 500,000 U.S. jobs are
lost each year from costs associated with cyber espionage, accordingto the report, released by the security firm McAfee and the Center
for Strategic and International Studies. The report also says that
hacking costs the overall U.S. economy as much as $100 billion each
year. U.S. companies spend millions of dollars securing their
networks, buying insurance and repairing their reputations after
getting hacked.
According to Nasscom India will require at least 77,000 ethicalhackers every year, whereas we are producing only 15,000 in a year.
India faces a dearth of 450,000 “cyber army” where demand will be
around 500,000 in the near future.
In India news appears in paper that thousands of graduate engineers
are jobless. According to news published in Times of India July
only 18% engineering grads are employable. If we consider the
extended report; out of 6 lakh engineers that graduate annually, only18.43% of them are employable for the software engineer-IT
services role, while just 3.95% are appropriately trained to be
directly deployed on projects. For core jobs in mechanical,
electronics/electrical and civil jobs, only a mere 7.49% are
employable. OMG, I don’t think India will ever be able to fill the
skill gap in cyber security sector.
In spite of the huge contribution of Indian students in various sectors
of world education over the centuries, this "cyber security domain"
may be overlooked by them. We find in one sector there is a huge
demand for professions and in the other side unskilled jobless
graduate engineers, I think something is wrong with the system.
Educationalist can answer it better.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 9/172
9
Ethical hacking, also known as penetration testing, intrusion testing
or red teaming whatever you call it, can be a very good career
option, but most of the students don’t know how to choose it as a
career. Some go to Google learn some tricks, show it to their friend
and become popular as hacker, some go to learn ethical hackingfrom ABCD institute and learn only what they are told in just 40-80
hours of course, and finally they are certified ethical hacker. Many
organizations working on cyber security training in India are really
doing very well, but they are helpless with throughput until the mass
awareness is created in cyber security learning.
This book do not teach you ethical hacking, but trust me you cannot
learn ethical hacking without knowing these basic topics discussedin this book.
There is no fast (measured in hours) or easy way to become an
ethical hacker. Ethical hacking requires lots of skill set, which is
categorized into 6 domains.
Networking Domain
Programming knowledge DomainDatabase Domain
Operating system Domain
Ethical hacking tools Domain
Big data analytics Domain
An ethical hacker also should have a basic understanding Data
communication network theory and devices, details of TCP/IPprotocols such as SMTP, ICMP and HTTP. Knowledge of various
operating systems like (Microsoft Windows, various versions of
Linux, backtrack etc) is important. Knowledge on Python, java
programming language, also the knowledge of web programming
platform, like HTML, JavaScript, Microsoft .NET and PHP is
crucial. Basic concept of database is also vital.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 10/172
10
Big data is the new inclusion, In ethical hacking we try to protect
data or information and you will be astonished to know that
90% of the data produced by civilization ,is generated in last 2-3
years alone and more is going to generate at exceptional speed.Big data analytics will soon be incorporated into cyber security
domain, with the arrival of “Internet of Things” and IPV6
things will be more complicated for cyber security professionals
in next 2-3 years. Last one is the knowledge of Ethical hacking
tools, latest tools are very powerful and can produce fantastic
reports, Ethical hackers should know, how to use the tools and how
to understand the reports produced by these automated tools.
Level 0 is a term used in Data structure in computer science, which
means the root or the starting point, this book will drop you at the
starting point, but you should know more about the topics discussed
in this book from various sources. With this book, my aim is to teach
ethical hacking concepts to ”neophyte” or “noob” and Experts can
recommend this book to juniors for startup.
I am working on “Ethical Hacking Level 1” and “Ethical HackingLevel 2” books, which will be out soon, depending on the response
of this book.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 11/172
11
Ethical Hacking Concepts
What is hacking
Hacking is the process of exploring the features of a system beyondthe thoughts of the developer, in order to achieve some extrabenefits.
Who is a hacker
The person who is involved in hacking activities, is knownas hacker. They try to find and explore the weakness in computer
systems and/or networks to gain access. Hacker's are exceptionalprogrammers' with vast knowledge of computer science domain.
What is ethical hacking ,Who is ethical hacker
Ethical hacking and ethical hacker are terms used todescribe hacking performed by a company or individual to help
identify potential threats on a computer or network. An ethicalhacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. Thisinformation is then used by the organization to improve the systemsecurity, in an effort to minimize or eliminate any potential attacks.
What constitutes ethical hacking?
For hacking to be deemed ethical, the hacker must obey thefollowing rules:
1. Expressed (often written) permission to probe the network and attempt to identify potential security risks.
2. You respect the individual's or company's privacy.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 12/172
12
3. You close out your work, not leaving anything open foryou or someone else to exploit at a later time.
4. You let the software developer or hardware manufacturerknow of any security vulnerabilities you locate in their
software or hardware, if not already known by thecompany. [source: computerhope.com]
Types of Hackers
Ethical Hacker (White hat): They hack for a good motive and
always report the weakness to the developer team or to the team, that
deployed themselves to find weakness. The best thing is that they
have a face, I mean they don't disclose their identity.
Cracker (Black hat): They hack for a bad motive and gain
unauthorized access to computer systems. They hide their face and
don't come in front of public.
Grey hat: Sometimes they are White hat, Sometimes Black hat
depending on situation.
Script kiddies: They don't have in depth knowledge of hacking,basically non-skilled person who gains access to computer systems
using already available tools.
Suicide Hackers: The concept of suicide hackers is the same assuicide bombers. They hack, they caught and get punishmentaccording to law.
Phreak: It is a person who tries to intrude systems for fun ormalicious personal activities. Mostly they are children of age 12-15
who don't even know wrong consequences of hacking.
Hacktivist: They hack for a purpose, in order to send any social,
religious or political messages.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 13/172
13
.Hacktivism: Hacktivism is the act of hacking, or breaking into a
computer system, for a politically or socially motivated purpose. The
individual who performs an act of hacktivism is said to be
a hacktivist
Elite hacker or 1337: They are the best in business and use theirown tool for hacking purpose. 1337 was a port number used by a
group of hackers to communicate between themselves without
anyone knowledge.
Skill Profile of an Ethical Hacker
• Strong knowledge of computer networking.
• Knowledge of programming Language, specially web
programming.
• Good knowledge of various operating system.
• Knowledge of hardware.
• Good knowledge of hacking tools.
• Basic knowledge of virtualization.
• Good knowledge Wireless protocol.
Essential Terminology
• Threat - An action or event that is a concern regardingsecurity. A threat is a potential violation of security.
• Vulnerability - Weakness in the system, that can becompromised
• Target of Evaluation - An IT system, product, or componentthat will be evaluated by security professional
• Attack - An attack is any action that attempts to or violates
security.• Exploit - A defined way to breach the security of an IT
system through vulnerability.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 14/172
14
Confidentiality, Integrity, and Availability (CIA Triad)
CIA triad, is a model designed to guide policies for informationsecurity within an organization. The model is also sometimesreferred to as the AIC triad (availability, integrity andconfidentiality) to avoid confusion with the Central IntelligenceAgency. The triad are considered the three most crucial componentsof security.
Confidentiality is a set of rules that limits access to
information, Integrity is the assurance that the information istrustworthy and accurate, and Availability is a guarantee of reliableaccess to the information by authorized people.
Phase of Ethical Hacking
• Reconnaissanceo Active / passive
• Scanning• Gaining access
o Operating system level / application levelo Network levelo Denial of service
• Maintaining accesso Uploading / altering / downloading programs or data
• Covering tracks
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 15/172
15
Reconnaissance : It means collect as much as information possible
about the target of evaluation. Passive reconnaissance involves
gathering information about target without their knowledge. Active
reconnaissance involves directly connect to the target and collect
information
Scanning: Attacker uses the details gathered during reconnaissance
to identify specific vulnerabilities. Tools that a hacker may employduring the scanning phase can include dialers, port scanners,
network mappers, sweepers, and vulnerability scanners.
Gaining access: This is the phase where the real hacking takes place
and hacker takes control of the system.
Maintaining access: Once a hacker has gained access, they want to
keep that access for future exploitation and attacks. Attackers, whochoose to remain undetected
>Remove evidence of their entry
>Install a backdoor or a Trojan to gain repeat access
>Install root kits at the kernel level to gain full administrator access
to the target compute
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 16/172
16
Covering tracks: Attackers will usually attempt to erase all
evidence of their actions.
What is called a cyber crime
• website defacing
• child pornography• data breach
• E-mail bombing
• Computer Hacks
• Network Hacks
• Data diddling
• usage of virus, worms, Trojans
• Harassment through mails and chats
• spoofing- email, sms, call• defamation
• software piracy
• spamming etc
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 17/172
17
Penetration Testing Concepts
According to techtarget.com "Penetration testing (also called pen
testing) is the practice of testing a computer system, network or Web
application to find vulnerabilities that an attacker could exploit."
Types of Penetration testing:
There are primarily two types of penetration tests, a) Black Box Test
b)White Box Test
Black Box Test : The pen tester has very little or no knowledge
about the systems to be tested (except the IP address ranges or a
domain name). The penetration tester collects all information and
perform the test. This is costly and takes much time.
White Box Test : In a white‐box penetration test, the penetration
tester is usually provided with a complete knowledge about the
network or systems to be tested, including the IP address schema,
source code, OS details. This is popular and fast compared to Black
Box Test.
Steps in Penetration testing:
Ethical hacking and penetration testing relation
Pen testing is often confused with hacking, but there is a substantial
difference that have to understand, while “hacking” is
exploratory and unstructured, penetration testing is based on a
scientific and structured method.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 18/172
18
Basics of Communications
Data refers to the raw facts that are collected while information
refers to processed data
Data Communication is a process of exchanging data or informationbetween two devices over a transmission medium.
The data can flow between the two devices in the following ways
1. Simplex: One way communication.
2. Half Duplex: Two way communication, but not simultaneously.Example: A walkie-talkie
3. Full Duplex: Two way communication and simultaneously.Example: mobile phones.
source : ni.com
Categories of Network
Networks are categorized on the basis of their size. The three basiccategories of computer networks are:
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 19/172
19
A. Local Area Networks (LAN) is usually limited to a fewkilometers of area. It may be privately owned example is network consisting of the computers in a college lab.
B. Wide Area Network (WAN) is made of all the networks in a
(geographically) large area. Example is the network in the entirestate.
C. Metropolitan Area Network (MAN) is of size between LAN &WAN.Example is entire network in a “CITY OF JOY”.
DATA
Data can be of two types:Analog data refers to information that is continuous;example: human voiceDigital data refers to information that has discrete states.
SIGNALS
Signals can be of two types:1. Analog Signal: They have infinite values in a range.
2. Digital Signal: They have limited number of defined values.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 20/172
20
Categories of transmission media
Network topology: It is the arrangement of the various elements
(links, nodes, etc.) of a computer network. Essentially, it is the
topological structure of a network and may be depicted physically
or logically. [source en.wikipedia.org/]
[source www.conceptdraw.com]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 21/172
21
Digital modulation
Modulation of digital signals known as Shift Keying
Amplitude ShiftKeying (ASK): Binarybit stream is 101, 1 isrepresented by signal, 0is represented by nosignal.
Frequency ShiftKeying (FSK): Binarybit stream is 101, 1 isrepresented by one kindof signal, 0 isrepresented by different
kind of signal.
Phase Shift Keying(PSK): Binary bitstream is 101, See thephase change from 1 to0 and then from 0 to 1.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 22/172
22
OPEN SYSTEMS INTER CONNECTION REFERENCE
MODEL (OSIRM )
The Open Systems Interconnection (OSI) Model was developed
by International Organization for Standardization (ISO).This
model describe how data is transmitted over a network.. It wasdeveloped to allow systems with different platforms to
communicate with each other. It address hardware, software and
data transmission.
It is a hierarchical model that groups its processes into layers.
It has 7 layers as follows: (Top to Bottom) . Each layer has specific
functions it is responsible for All layers work together in the correct
order to move data around a network. In summary the function of each layer is given.
7. Application Layer :Data generation
6. Presentation Layer: Encryption and formatting
5. Session Layer: Establish connection
4. Transport Layer: Delivery and sequencing
3. Network Layer: Routing to destination
2. Data Link Layer: Local network host delivery1. Physical Layer: Access to media
Some protocol associated with this OSI layer model
[source: https://infosys.beckhoff.com]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 23/172
23
OSI Model Layer Mnemonics
Top to bottom – All People Seem To Need Data Processing.
Bottom to top – Please Do Not Throw Sausage Pizza Away
How Data Is Referred to in the OSI Model
Data Application, Presentation, and Session layers
Segment Transport layer
Packet Networking layer
Frame Data Link layer
Bits Physical layer
AS data moves from level to level header starts attaching to data
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 24/172
24
Explanation of these SEVEN distinct layers
In the Open Systems Interconnect model, which allows dissimilarcomputers to transfer data between themselves, there are.
7. Application LayerProvides Applications with access to network services.
6. Presentation LayerDetermines the format used to exchange data amongnetworked computers.
5. Session LayerAllows two applications to establish, use and disconnect a
connection between them called a session. Provides forname recognition and additional functions like securitywhich are needed to allow applications to communicateover the network.
4. Transport LayerEnsures that data is delivered error free, in sequence andwith no loss, duplications or corruption. This layer also
repackages data by assembling long messages into lots of smaller messages for sending, and repackaging the smallermessages into the original larger message at the receivingend.
3. Network LayerThis is responsible for addressing messages and data sothey are sent to the correct destination, and for translatinglogical addresses and names (like a machine name
FLAME) into physical addresses. This layer is alsoresponsible for finding a path through the network to thedestination computer.
2. Data-Link LayerThis layer takes the data frames or messages from theNetwork Layer and provides for their actual transmission.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 25/172
25
At the receiving computer, this layer receives the incomingdata and sends it to the network layer for handling.
2. The Data-Link Layer also provides error-free delivery of data between the two computers by using the physicallayer. It does this by packaging the data from the Network Layer into a frame that includes error detectioninformation. At the receiving computer, the Data-Link Layer reads the incoming frame, and generates its ownerror detection information based on the received framedata. After receiving all of the frame, it then compares itserror detection value with that of the incoming frames, andif they match, the frame has been received correctly.
A frame looks like,
The Data-Link Layer actually consists of two separateparts, the Medium Access Control (MAC) and Logical
Link Control Layer (LLC). Example MAC layers areEthernet 802.3 and Token Ring 802.5
Bridges are an example of devices which works at theMAC layer.
1. Physical LayerControls the transmission of the actual data onto thenetwork cable. It defines the electrical signals, line statesand encoding of the data and the connector types used. Anexample is 10BaseT. Repeaters are an example of devicesthat work at the Physical Layer.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 26/172
26
TCP/IP MODEL
It is also called as the TCP/IP protocol suite. It is a collection of
protocols. It existed even before the OSI model was developed.
Transmission Control Protocol (TCP) and Internet Protocol (IP) are
the two most important lower-level protocols enabling Internetconnectivity. IP is responsible for moving packets of data from one
connection point to the next, while TCP verifies the integrity of data
traveling between two endpoints. TCP and IP work together so much
that the two protocols are commonly referred to as TCP/IP.
Originally it had four layers (bottom to top):
1. Network Interface Layer
2. Internet Layer
3. Transport Layer
4. Application Layer
• The Application layer of the TCP/IP Model encompasses the samefunctions as theApplication, Presentation, and Session layers of the OSI Model.
• The Transport layer of the TCP/IP Model functions the same as theTransport layer in OSI Model and part of Session layer.
• The Internet layer of the TCP/IP Model Performs the same
functions as the OSI Model Network layer and many of the functionsof the LLC sub layer of the OSI Model Data Link layer.
• The Network Interface layer of the TCP/IP Model performs much
of the job of the MAC portion of the Data Link and Physical layers
of the OSI Model.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 27/172
27
Mapping of OSI and TCP-IP layer
[source www.hardwaresecrets.com]
TCP/IP Model and its Relation to Protocols of the TCP/IP Suite
Layer Protocols
Application HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP
Transport TCP, UDP
Internet IP,IGMP, ICMP, ARP, RARP
Network
interface
Ethernet, Token Ring, FDDI, X.25, Frame
Relay, RS-232, v.35
Application layer protocol
The Hypertext Transfer Protocol (HTTP) is used to transfer files
that make up the Web pages of the World Wide Web.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 28/172
28
The File Transfer Protocol (FTP) is used for interactive file transfer.
The Simple Mail Transfer Protocol (SMTP) is used for the transfer
of mail messages and attachments.
Telnet, a terminal emulation protocol, is used for logging onremotely to network hosts.
The Domain Name System (DNS) is used to resolve a host name to
an IP address.
The Simple Network Management Protocol (SNMP) is used
between a network management console and network devices
(routers, bridges, intelligent hubs) to collect and exchange network management information.
Transport layer protocol
TCP is a reliable connection-oriented, reliable protocol. i.e. a
connection is established between the sender and receiver before
the data can be transmitted.
It divides the data it receives from the upper layer into segments
and tags a sequence number to each segment which is used at
the receiving end for reordering of data.
UDP is an unreliable, connectionless protocol that provides data
transport with lower network traffic overheads than TCP. UDP is
used when the amount of data to be transferred is small (such as thedata that would fit into a single packet), or when the overhead of
establishing a TCP connection is not desired or when the
applications or upper layer protocols provide reliable delivery. UDP
does not error check or offer any flow control, this is left to the
application process
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 29/172
29
Internet layer protocol
The Internet Protocol (IP) is a routable protocol responsible for IPaddressing, routing, and the fragmentation and reassembly of
packets.
The Address Resolution Protocol (ARP) is responsible for the
resolution of the Internet layer address to the Network Interface
layer address such as a hardware address.
The Internet Control Message Protocol (ICMP) is responsible forproviding diagnostic functions and reporting errors due to the
unsuccessful delivery of IP packets.
The Internet Group Management Protocol (IGMP) is responsible for
the management of IP multicast groups.
(RARP) Reverse Address Resolution Protocol. It is used by a
device on the network to find its Internet address when it knowsits physical address.
Network interface
The Network Interface layer (also called the Network Access layer)is responsible for placing TCP/IP packets on the network mediumand receiving TCP/IP packets off the network medium. TCP/IP wasdesigned to be independent of the network access method, frameformat, and medium. In this way, TCP/IP can be used to connectdiffering network types. These include LAN technologies such asEthernet and Token Ring and WAN technologies such as X.25 andFrame Relay. Independence from any specific network technologygives TCP/IP the ability to be adapted to new technologies such asAsynchronous Transfer Mode (ATM).
[source technet.microsoft.com]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 30/172
30
Comparison OSI and TCP/IP
OSI TCP/IP
It has 7 layers It has 4 layers
OSI model has separate
presentation layer
TCP/IP does not have a separate
presentation layer
In OSI model the transport layer
guarantees the delivery of
packets
In TCP/IP model the transport
layer does not guarantees
delivery of packets.
OSI provides layer functioningand also defines functions of all
the layers.
TCP/IP model is more based onprotocols.
What is Internet Protocol?
Internet Protocol is a set of technical rules that defines how
computers communicate over a network. There are currently two
versions: IP version 4 (IPv4) and IP version 6 (IPv6).
IPv4 is 32-bit addressing scheme. In IPv4 232 (4,294,967,296)
addresses available. When IP was first standardized in Sep 1981,
each system attached to the IP based Internet had to be assigned a
unique 32-bit address. This 32-bit IP addressing scheme involves a
two level addressing hierarchy.
Network Number prefix Host number
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 31/172
31
There are two notations to show an IPv4 address:
a) Binary notation
The IPv4 address is displayed as 32 bits. ex. 11000001 1000101100011111 11001111
b) Dotted decimal notation
To make the IPv4 address easier to understand, it is usually
written in decimal form with a decimal point (dot) separating the
bytes. Each byte (octet) is 8 bits hence each number in dotted-
decimal notation is a value ranging from 0 to 255.
Ex. 192.168.11.239
IP addresses are divided into 5 categories:
Class A: uses first octet for network addresses and last three octets
for host addressing
Class B: uses first two octets for network addresses and last two for
host addressingClass C: uses first three octets for network addresses and last one
for host addressing
Class D: provides flat IP addressing scheme in contrast to
hierarchical structure for above three.
Class E: Reserved for future use.
[Source: ccnablog.com]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 32/172
32
[source: tcpipguide.com]
Number of networks and host in each class is given below
Problem with IPv4
In 1981,the number of addresses 232 = ~4,294,967,296 was enough,
but with the penetration with internet, it seems that, a large number
in 1981 is actually a small number in 2015.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 33/172
33
Another problem with IPv4 is that the IPv4 header length is variable.
It is acceptable when routing was done by software. But now routers
are built within hardware, and processing the variable length headers
in hardware is hard. The large routers that allow packets to go all
over the world are having problems coping with the load. Clearly, a
new scheme was needed with fixed length headers.
IP version 6 (IPv6)
IPv6 is a newer numbering system that provides a much larger
address pool. than IPv4. It was deployed in 1999 and should meet
the world’s IP addressing needs well into the future. Here Address
Size is 128-bit number.IPv6 addresses are so much larger than IPv4
addresses and even representing them in decimals is difficult. Hencethe IPv6 addresses are represented in hexadecimal numbers,
separated by a colon.
for example 3FFE:F200:0234:AB00:0123:4567:8901:ABCD.
Total number of address possible is
2128 = ~340,282,366, 920,938,463,463,374, 607,431,768,211,456.
Comparison of IPv4 and IPv6 header
[source 343networks.wordpress.com]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 34/172
34
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 35/172
35
Protocols and ports
What is protocol
In telecommunications, a protocol is the special set of predefined rules that allow
two or more entities of a communications system to transmit information.
Protocols specify interactions between the communicating entities.
What is port
In computer hardware, a port acts as an interface between the computer and other
computers or peripheral devices. External devices are connected to a computer
using cables and ports. Ports are slots on the motherboard into which a cable of
external device is plugged in. Examples of external devices attached via ports are
mouse, keyboard, monitor, microphone, speakers etc.
Port number is a 16-bit unsigned integer, ranging from 0 to 65535. Specific port
numbers use specific services. 1024 well-known port numbers are reserved by
convention to identify specific service types on a host. [ source: wikipedia]
Common ports and respective services running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 36/172
36
Computer Systems Architectures
Centralized Systems
In Centralized Systems, several jobs are done on a particularcomputer (system)
Distributed Systems
Distributed computing is required, when the system requirement islarge and cannot be fulfilled by single machine, jobs are distributedin several processor. The processors are interconnected by acomputer network and solutions are then combined together toproduce it in front of client, as it seems to come from singlecomputer.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 37/172
37
A client is something that send a request to one computer or server.
In response the server accepts the request and sends some message
back to the client, for example at the time of checking result, your
browser acts as a client where request is your roll number.
A server is a process that provides requested services for clients. Thecomputer that stores your result is known as a server.
Client and server processes can reside in the same computer or in
different computers connected by a network.
Web clients: Mozilla Firefox, Internet Explorer, Google Chrome, etc
Web servers: Apache, Microsoft IIS, Sun Java System Web Server
etc
Physical Tiers
In 1-tier architecture all of the processing is done on a single host.Users can access such systems (mainframes) through dumbterminals, but what is displayed and how it appears is controlled bythe mainframe.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 38/172
38
2-tier architecture is used to describe client/server systems, where
clients send request and servers respond to these requests.
Picture source: pecktechdesigns.com
3-tier architecture is used to describe client/server systems consisting
of:
• Clients which request services
• Application servers whose task is to provide the requestedresources,but by calling on database servers
• Database servers which provide the application servers with thedata they require.
Picture source: tutorials.jenkov.com
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 39/172
39
N-tier architecture is used to describe client/server systems consisting of more than 3 tiers
Picture source: www.informationweek.com
Examples of Servers
Mail Server :: Allows client mail program to connect to mail serveron remote machine.
Login Server :: Allows clients to establish login sessions on remote
machine.File Servers :: Client requests to read or write part of a file. The
server might support several operations, includingread, write, open, close and seek.
Print Server:: A computer that manages one or more printers, and anetwork server is a computer that manages network traffic.
Database Server:: A computer system that processes database queries.
Peer-to-peer (P2P)
The P2P model does not have the concept of clients or servers. Allpeers are called servents, SERVENT = SERVer + cliENT. All nodesacts as both clients and servers In the P2P model, but for anycommunication session we can distinguish who is "clients" andwhich one is "servers".
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 40/172
40
Client/server P2P
It is like lecture-based learning It is like project-based learning
Eating at a restaurant Eating at home
Picture source: shareaza.sourceforge.net
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 41/172
41
Proxy
What is proxy
When an user ask for a webpage from a server, the client sends the
ip address to the website, so that the response get back to the clientip address, in this way the client keeps a stamp of the computer in
server.
A proxy or a proxy server is a computer that is placed between the
attacker and the target computer. Proxy server allow an attacker to
hide his/her identity in the network .When I say hide identity, two
things an attacker wants to hide a)IP address b)MAC address
IP address is used to find the geographic location and MAC address
is used to find the machine used (in the network) used for hacking.
How proxy is implemented
First attacker computer makes a connection with the proxy serverand then requests a connection to the target computer via the existing
connection to the proxy. The proxy server forward the requests to
the proxy, finally which is forwarded to the attackers computer. This
lets a hacker surf the Web anonymously or otherwise hide their
attack.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 42/172
42
Proxy Chaining: Proxy chaining is the use of more than 1 proxy
servers to stay anonymous. You can use as many proxy servers as
you can or want. The more you have, the more anonymous you will
be.
Why Proxy is used
• To hide the source IP address to avoid any legal trouble
• To remotely access intranets and other web resources that are
out of reach
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 43/172
43
Some popular proxy
• http://www.anonymizer.ru
• https://www.anonymizer.com/
• FoxyProxy is a plugin for your browser which automaticallyswitches an internet connection across one or more proxyservers based on URL patterns.
• AnonymoX is a plugin for your browser for anonymizationon the internet
• proxy workbench
• proxifier
• proxy switcher
• Tor
• Socks Chain
• hide me
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 44/172
44
Basics of Wireless and Mobile Communications
Concept of wireless networking
A wireless network is any type of computer network that useswireless data connections for connecting network nodes.
Wireless networking is a method by which homes,telecommunications networks and enterprise (business) installationsavoid the costly process of introducing cables into a building, or as aconnection between various equipment locations. Wirelesstelecommunications networks are generally implemented andadministered using radio communication. This implementation takesplace at the physical level (layer) of the OSI model network
structure.
Examples of wireless networks include cell phone networks, Wi-Filocal networks and terrestrial microwave networks.[Source:: Wikipedia]
Common term used in wireless networking
Wireless Local Area Network (WLAN): A short-range computer-
to-computer wireless data communications network.
Wireless: Communication between devices where wire is notpresent. Signal moves in the form of electromagnetic waves in theentire communication path.
Wireless Access point: It is a part of hardware that creates a centralpoint of wireless connectivity. It is similar to hub.
Cellular: A wireless communications network architecture thatemploys "cells" or modular coverage areas, typically serviced by a“cell site”, and usually provides hand-off capability between cellsfor roaming devices.
Attenuation: The loss or weakening of a signal through atransmission line, transmission component, or signal path.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 45/172
45
Antenna: It is important for sending and receiving radio waves,there are 2 types of antennas:
• Omni-directional antennas
• Directional antennas
Microwave: Usually referring to all radio frequencies above 1 GHz
or so.
Jamming: The typically intentional or malicious interference withanother radio signal.
SSID: The SSID (service set identifier) is a unique identifier; it isthe name of the WLAN, it acts as a single shared identifier betweenwireless access points and clients.
Bluetooth: A standard system for wireless personal area networks(PANs). Bluetooth provides speeds of up to 3 Mbps at short ranges(typically less than 10 meters). PAN technologies, such asBluetooth, are complementary to LAN technologies (like 802.11)and are typically used to connect peripheral devices, such askeyboards to computers or wireless headsets to mobile phones.
Wi-Fi hotspots: A Wi-Fi hotspot is created by installing an access
point to a connection. The access point transmits a wireless signalover a short distance which covers around 300 feet. When a Wi-Fienabled device such as a mobile, tab, laptop find a hotspot, thedevicethen connect to that network wirelessly. 802.11b is the mostcommon specification for hotspots worldwide.
Wireless standards:
The first wireless standard was 802.11
It defines 3 physical layers:
• Frequency Hopping Spread Spectrum (FHSS)
• Direct Sequence Spread Spectrum (DSSS)
• Infrared
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 46/172
46
There are several specifications in the 802.11 family:
• 802.11a
• 802.11b
• 802.11g
•
802.11i
802.11i improves WLAN security
What are the Types of Wireless Connections?
• Wireless PAN – Personal area network Wireless PersonalArea Networks
• Wireless LAN – Local Area Network
• Wireless MAN – Metropolitan Area Networks• WWANS: Wireless Wide Area Networks
What is Wi-Fi
Wi-Fi stands 802.11b are Wi-Fi (Wireless Fidelity). It is primarily alocal area networking (LAN) technology designed to provide in-house broadband coverage. Wi-Fi operates at 20 MHz in the 2.4GHz range. It has a theoretical speeds of up to 11 Mbps. It can covera distance up to 8 km in a city.
WIFI – SECURITY WEP and WPA
Wi-Fi Protected Access (WPA): An improvement to WEP, WPAadds — among other changes — a key (TKIP, or Temporal KeyIntegrity Protocol) that changes dynamically over time, whicheliminates the greatest shortcoming of WEP. WPA is the minimum
level of security you should choose, if at all possible. WPA-Enterprise adds 802.1x authentication to make the network evenmore secure.
Wi-Fi Protected Access 2 (WPA2): WPA2 adds even furtherenhancements to WPA, including AES (Advanced EncryptionStandard), which makes the encryption key almost impervious to
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 47/172
47
current cracker attacks.
Wired Equivalent Privacy (WEP): The encryption system used bywireless LANs to provide security on the network. WEP uses anencryption key (which can be 40 or 104 bits long — these keys areoften referred to as 64- and 128-bit keys because of some extra bits
used in the WEP system) to encrypt data flowing across the network.Without the WEP encryption key, unauthorized users see onlygarbled data and cannot read what is being sent across the network .
[source .dummies.com]acking echniquesWireless hacking activities are categorized as:
• Cracking encryption and authentication mechanism
• Eavesdropping or sniffing
• Access Point spoofing
• MAC spoofing
• Denial or Service
Wireless attacks
• War Driving: It is the act of locating and possibly exploiting
connections to WLANs while driving around a city orhighway.
• War Walking: Walking around to search for open wirelessnetworks
• War Flying: Searching open wireless network while flying
• War Chalking: Using chalk to identify available opennetworks
• Blue Jacking: Use of Bluetooth technology to temporarily
hijack another person's cell phone.
Wireless hacking tools
• Aircrack
• AirSnort
• Cain & Able
• Kismet
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 48/172
48
• NetStumbler
• WireShark
How to secure wireless networks
In order to minimize wireless network attacks; individual or
organization can adopt the following policies.
• Change default passwords that come with the hardware• Use of strong WEP and WPA-PSK keys, a combination of
symbols, number and characters reduces the chance of thekeys been cracking using dictionary and brute force attacks.
• Firewall software can also help reduce unauthorized access.• Change the Network’s SSID name.•
Create a unique password on router.• Reduce the Range of the Wireless Signal.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 49/172
49
Command Line Basics For Ethical Hacking
In Windows environment open command prompt and type the
following commands
mkdir::creates new folder/directory
dir:: to list the content of the folder
echo:: write some text
type:: display the text
more:: more file1.txt also displays the file content
ipconfig:: windows ip configuaration
ipconfig /all:: display more on windows ip configuaration
ipconfig /release:: release all stored ip configuaration value
ipconfig /renew::Ask dhcp server to give new ip value
netstat command:: Netstat, the TCP/IP networking utility, has asimple set of options and identifies a computer's listening ports.
along with incoming and outgoing network connections. This data
can be very helpful if you're trying to resolve a malware issue or
diagnose a security problem.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 50/172
50
-an is for all listening port in a machine.
taskmgr:: command displays windows task manager, shows all
currently running process
tasklist:: command display all running task in command prompt
to find a particular task and to kill it, you need to know the
process id.
taskkill /PID 2484/F :: kills the task [PID is process id,/F is for
forcefully]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 51/172
51
The net user is a command-line tool that was introduced in Windows
Vista and is available in Windows 8 too. This tool
can help system administrators to add or modify user accounts or
even displays user account information.
net user <new username> <new password> /ADD add a new user.
ping command is used to check the status of a target computer, ping
to send an ICMP echo request to a target host name or IP address.
The TRACERT (Trace Route) command is a route-tracing utility
used to determine the path that an IP packet has taken to reach a
destination.
BackTrack was a Linux distribution that focused on security based
on the Ubuntu Linux distribution aimed at digital forensics and
penetration testing use. In March 2013, the Offensive Security team
rebuilt BackTrack around the Debian distribution and released it
under the name Kali Linux. [source wiki]
Backtrack is the most popular among hackers or security
professionals. I cannot explain all commands but some are listed
below.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 52/172
52
You can use ls command to list out all the files or directories
available in a directory.
ls-l is long listing,d........ represent directory
to know your ip configuration use ifconfig command
wc command counts line, word and char in a file
cp command is used to copy filemv commmand rename a file
rm command delete a file
clear command clear the screen
netstat the TCP/IP networking utility
man is a help command [man ls]
ps -A //list all running task
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 53/172
53
pa -A | grep firefox //find the process id of firefox, grep is a filter
command
apt-get install packagename //install package in os
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 54/172
54
Virtualization
It is the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operatingsystems, storage devices, and computer network resources.
VMware, VirtualBox, are well known virtualization softwareproducts. Desktop virtualization software such as VMware (VMwarePlayer), Oracle VirtualBox are freely available for home users.
Desktop virtualization software give user facility to install and run
multiple Operating Systems on desktop or laptop computer in virtual
environment without disturbing the host OS. For Example host may
be XP, guest Os may be LINUX, BACKTRACK, Windows server.
Ethical Hackers need to know these softwares otherwise the host
operating system may be corrupted while performing some
experients. VMware, VirtualBox Both are powerful with negligible
difference at your level.
Oracle VM VirtualBox can be downloaded from
https://www.virtualbox.org/
VMware, Inc. is an American company that provides cloud and
virtualization software and services, VMware can be downloaded
// www.vmware.com/
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 55/172
55
Virtual box screens will come accordingly
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 56/172
56
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 57/172
57
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 58/172
58
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 59/172
59
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 60/172
60
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 61/172
61
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 62/172
62
The Setting button is important explore that.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 63/172
63
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 64/172
64
Media source is the ISO image of the OS, where the ISO file isphysically stored in hard disk.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 65/172
65
To exit from virtualbox remember the following screen
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 66/172
66
VMWARE
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 67/172
67
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 68/172
68
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 69/172
69
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 70/172
70
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 71/172
71
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 72/172
72
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 73/172
73
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 74/172
74
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 75/172
75
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 76/172
76
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 77/172
77
HTTP and HTTPS
The HTTP is a standard text based application protocol for
distributed, collaborative, hypermedia information systems. HTTP is
the most important protocol in data communication for the World
Wide Web. HTTP is a reliable protocol, where data is transferred tothe peer machine without any loss.
HTTP functions as a request-response protocol in the client-server
computing model. A HTTP client sends a request to a HTTP
server. In turn the server, returns a response message. HTTP is also
called a pull protocol; because the client pulls information from the
server. HTTP is a stateless protocol, because the current request has
no idea about the previous requests.
HTTP protocol defines a set of request methods. The methods are:
• GET: A client use the GET request for a web resource fromthe server.
• HEAD: A client can use the HEAD request to get the headerthat a GET request would have obtained.
• POST: Used to post data up to the web server.• PUT: Send some document to the server for storing purpose.• DELETE: Request the server to delete the data or object on
server.• TRACE: Ask the server to return a diagnostic trace of the
actions in the path from client to server.• OPTIONS: Ask the server to return the list of request
methods it supports.
HttpFox is a Firefox plug-in that monitors and analyzes all incomingand outgoing HTTP traffic between the browser and the web servers.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 78/172
78
With it you can not only read about all the elements that loads a webpage, but also can do the following
• The headers of requests and responses (Request and response
headers)• Cookies sent and received (Sent and received cookies)
• The parameters of the URL (query string parameters)• POST parameters (POST parameter)
• The response from the remote server
An example of HTTP header when performed onhttp://www.alahadgroup.com
HTTP Request HeaderConnect to 216.227.218.110 on port 80 ... ok
GET / HTTP/1.1[CRLF]
Host: www.alahadgroup.com[CRLF]
Connection: close[CRLF]
User-Agent: Web-sniffer/1.1.0 (+http://web-
sniffer.net/)[CRLF]
Accept-Encoding: gzip[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no-cache[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]
Referer: http://web-sniffer.net/[CRLF]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 79/172
79
The requested server returns this document with a response statuscode "200 OK". 200 OK means the request is fulfilled. HTTP/1.1 isthe http version.
Both HTTP header and HTTP response provide lots of vital
information about the server. It is used by cyber criminal’s t for
further exploitation because criminals know that data sent via port
80 (HTTP) is plain text and without any encryption.
Limitations of HTTP
• Stateless, no built-in support for tracking clients (sessionmanagement)
• No built-in security mechanisms
HTTPS
Secure Socket Layers (SSL), or Transport Layer Security (TLS) is
used over HTTP, known as HTTPS. It is designed to provide
security for network communication by means of encryption.
The HTTPS Communication Process
The process works out as follows:
1. The client browser connects to http://example.com on port 80using HTTP.
2. The server redirects the client HTTPS version of this siteusing an HTTP code 302 redirect.
3. The client connects to https://example.com on port 443.4. The server provides a certificate to the client containing its
digital signature. This certificate is used to verify the identityof the site.
5. The client takes this certificate and verifies it against its list of trusted certificate authorities.
6. Encrypted communication is developed.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 80/172
80
If the certificate validation process fails then that means the websitehas failed to verify its identity. At that point the user is typicallypresented with a certificate validation error and they can choose toproceed at their own risk, because they may or may not actually becommunicating with the website they think they are talking to.
Some Status Codes Associated with HTTP
Number Meaning200 OK301 Moved Permanently400 Bad Request401 Unauthorized403 Forbidden
404 Not Found500 Internal Server Error503 Service Unavailable
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 81/172
81
Password
What is a password
A password is an unspaced sequence of characters used to determine
the actual user of the device or the application. Passwords usually
comes with user identification. Passwords are encrypted and are not
visible at the time of typing.
In 2013, Google released a list of the most common password types,
all of which are considered insecure because they are too easy toguess (especially after researching an individual on social media):
• The name of a pet, child, family member, or significant other• Anniversary dates and birthdays• Birthplace• Name of a favorite holiday• Something related to a favorite sports team• The word "password"
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 82/172
82
Different types of password
Biometric password: Biometrics refers to metrics related to human
characteristics, like fingerprint, face recognition, iris recognition,
retina, odour/scent etc It is also used to identify individuals in groups
that are under surveillance.
Iris scanning has some benefits over fingerprint scanner, later
requires physical contact with a device, where as an eye can be
scanned from several feet away.
Typed password: Password can be typed from a keyboard or a
virtual keyboard in the computing device
Pattern based Graphical password: It stores a password in aparticular pattern, usually in pattern of (dot) example: Android
Pattern Unlock and Windows 8 Picture Password.
Entropy: The amount of uncertainty or unpredictable randomness.
Password Entropy: The amount of entropy which can be derived
from a password.
Android Pattern Unlock
• At least four points must be chosen.
• No point can be used twice.
• Only straight lines are allowed.
• Cannot jump over points not visited before
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 83/172
83
Passwords are stored in four ways
a) Stored in computing device
Windows stores its passwords in what is called the Security
Accounts Manager database, or SAM database. The Security
Account Manager (SAM) is a database file in Windows XP,
Windows Vista and Windows 7 that stores users' passwords. It canbe used to authenticate local and remote users.
b) Stored in browser
Majority of browsers will ask whether user wants to save the
password when logging into sites.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 84/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 85/172
85
• Physically isolate and protect the server.
• Monitor the server logs for brute force attacks on useraccounts.
• Include of special characters, e.g. @, #, $ etc in password.
What is Lan Manager Hash
LM hash, LanMan hash, or LAN Manager hash is a
compromised password hashing function that was the primary
hash that Microsoft LAN Manager and Microsoft Windows
versions prior to Windows NT used to store user passwords.
[source Wkipedia]
Example:Lets say your password is: '123456qwerty'.
When this password is encrypted with LM algorithm, it is firstconverted to all uppercase: '123456QWERTY'
The password is padded with null (blank) characters to make it14character length: '123456QWERTY_'
Before encrypting this password, 14 character string is split intohalf: '123456Q and WERTY_'
Each string is individually encrypted and the resultsconcatenated.'123456Q' = 6BF11E04AFAB197F'WERTY_' = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15
Note: The first half of the hash contains alpha-numeric charactersand it will take 24 hrs to crack by LOphtcrack and second half only takes 60 seconds.
[source EC council v3 slide]
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 86/172
86
Cryptography and Encryption
As a hackers, you will often face challenges with the of
cryptography and encryption. Breaking windows password to
wireless password. Many applications and protocols use encryption
to maintain confidentiality and integrity of data. To be able to crack passwords and encrypted protocols such as SSL and wireless, you
need to at least be familiar with the concepts and terminology of
cryptography and encryption.
Cryptography: Cryptography is the art of secret writing.
Cryptography enables to send information between participants in a
way that prevents others from reading it. The following are some
simple terms associated with cryptography.
•Plaintext: A message in its original form is known as plain text.
• Cipher text: The transformed information is known as cipher text.
•Encryption: The process of converting plain text into cipher text is
known as encryption.
•Decryption: The reverse of encryption is called decryption.
Decryption produces plain text from the cipher text.
•Encryption algorithm: The various substitution andtransformations are performed on plain text in cryptography by
Encryption algorithm.
•Key: some critical information used by the cipher, known only to
the sender & receiver.
•Decryption algorithm: This is the encryption algorithm run in
reverse. It takes the cipher text and the corresponding key and
produces the original plaintext.
•Cryptanalysis - the study of principles and methods of
transforming an unintelligible message back into an intelligible
message without knowledge of the key. Also called code breaking.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 87/172
87
Cryptographic systems are classified along three dimensions
1. The type of operations used for transforming plaintext to cipher
text
- substitution
- transposition
2. The number of keys used- single key, symmetric, secret key, conventional
- two keys, asymmetric, public key
3. The way in which plaintext is processed
- block cipher
- stream cipher
Simple example of cryptography:
When Julius Caesar sent messages to his generals, he didn't trust hismessengers. So he replaced every A in his messages with a D, every
B with an E, and so on through the alphabet. Only someone who
knew the “shift by 3” rule could decipher his messages.
Say you are chatting with your friend, suddenly your mother came
behind, soon you will write "POS" in the chat box, your friend
knows that you mean "Parent On Shoulder", and start chatting on
homework. "POS" is encryption of "Parent On Shoulder".
Encryption algorithm is "take first letter of each word".
Substitution and transposition cipher
Substitution ciphers are simple and operate by replacing eachcharacter with another character, for example, the letter 'A' would besubstituted for the letter 'Q' every place it occurs. Substitutionciphers are rarely used today due to the ease in breaking them with
frequency cryptanalysis.plain text HACKING become cipher text IQEAOFU.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 88/172
88
Transposition ciphers operate by moving plaintext characters to
new locations in the cipher text, rather than by substituting
individual characters. An example of a simple transposition cipher is
the word jumble or cryptogram in a newspaper. All the characters
found in the plaintext are in the cipher text, but in different relativepositions.
Cryptographic algorithms are classified into three categories
Secret Key Cryptography (SKC) : Uses a single key for bothencryption and decryption.
Secret-key cryptography is much faster than public-keycryptography and is used for ensuring the confidentiality of largepayloads.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 89/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 90/172
90
Hash Functions : A cryptographic hash function is a hashfunction which takes an input (or 'message') and returns a fixed-sizealphanumeric string, which is called the hash value (sometimescalled a message digest, a digital fingerprint, a digest or a checksum
[source:wiki]
[source voer.edu.vn]
Base 16: In base 16 Cryptographic Hash Functions,16 charactersare used to encrypt or decrypt, these 16 characters are 0-9,A-F.Mostpopular hexadecimal hash value is MD5. It accepts variable lengthmessage from the user and converts it into a fixed 128-bit messagedigest value.
Base 32: It uses 32 characters are used to encrypt or decrypt, these16 characters are A-Z , 2-7.
Base 64: It uses 64 characters are used to encrypt or decrypt, these
16 characters are A-Z ,a-z,0-9,+,/.It always ends with ==
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 91/172
91
You can use the following site for encryption and decryption
CryptoFox is an encryption or decryption plug in tool available forMozilla Firefox. It supports popularly used encryption algorithm.This add-on also comes with dictionary attack support, to crack
MD5 cracking passwords.
About this Add-on
CryptoFox supports the
following:
- AES 128-bit Encrypt
- AES 128-bit Decrypt
- AES 192-bit Encrypt
- AES 192-bit Decrypt
- AES 256-bit Encrypt
- AES 256-bit Decrypt
- ASCII to Binary
- ASCII to Hexadecimal
- Base 64 Encode
- Ceaser Encrypt
- Ceaser Decrypt
- Decimal to Binary
- Decimal to Hexadecimal
- Decimal to Octal
- DES Encrypt
- Generate CRC32 Checksum- Hexadecimal to ASCII
- Hexadecimal to Binary
- Hexadecimal to Decimal
- Hexadecimal to Octal
- HTML Entities Encode
- MD5 Dictionary attack
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 92/172
92
- Base 64 Decode
- Binary to ASCII
- Binary to Decimal
- Binary to Hexadecimal
- Binary to Octal
- Octal to Hexadecimal- Reverse
- ROT-13
- SHA1 Encrypt
- URL Decode
- MD5 Encrypt
- Morse Code Encrypt
- Morse Code Decrypt
- Octal to Binary
- Octal to Decimal
- SHA256 Encrypt- URL Encode
- XOR Encrypt
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 93/172
93
Steganography
Analyzing data is an important part of ethical hacking andpenetration testing, Data may be alphanumeric or picture, video. If Itell you a story, it will be more clear.
According to a news published in website http://arstechnica.com
".When a suspected al-Qaeda member was arrested in Berlin in Mayof 2011, he was found with a memory card with a password-protected folder — and the files within it were hidden. But, as theGerman newspaper Die Zeit reports, computer forensics expertsfrom the German Federal Criminal Police (BKA) claim to haveeventually uncovered its contents — what appeared to be apornographic video called 'KickAss.'
Within that video, they discovered 141 separate text files, containing
what officials claim are documents detailing al-Qaeda operationsand plans for future operations — among them, three entitled "FutureWorks," "Lessons Learned," and "Report on Operations."
Steganography was widely used in World War II. Consider thefollowing example of a null cipher (unencrypted messages) used bya German spy in World War II [David Kahn, The Codebreakers, TheMacmillan Company. New York, NY 1967].
Apparently neutral's protest is thoroughly discounted and ignored.Isman hard hit. Blockade issue affects pretext for embargo on byproducts, ejecting suets and vegetable oils.
The following message may be obtained by taking the second letterform each word and a little manipulation:
A pparently neutral's p rotest i s t horoughly discounted a ndi gnored. I sman h ard hit. Bl ockade i ssue a f fects p retext f ore mbargo o n b yproducts, e jecting suets a nd vegetable oils.
Pershing sails from NY June 1.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 94/172
94
So learning the basic concepts of steganography is important.
Steganography from the Greek word steganos meaning “covered”
and the Greek word graphie meaning “writing”. Steganography is
the process of hiding of a secret message within an ordinary message
and extracting it at its destination.
"Steganography is the art and science of communicating in a way
which hides the existence of the communication. In contrast to
cryptography, where the enemy is allowed to detect, intercept and
modify messages without being able to violate certain security
premises guaranteed by a cryptosystem, the goal of steganography is
to hide messages inside other harmless messages in a way that does
not allow any enemy to even detect that there is a second secret
message present.” [Markus Kuhn 1995-07-03].
Steganography vs Encryption
Encryption is the practice of systematic information scrambling so
that it may be unscrambled later.
But steganography is the practice of information hiding.
Steganography + Encryption = Big Trouble for Law Enforcement
Agencies
Steganography – Carrier Files
• bmp
• jpeg
• gif
• wav
• mp3
Steganography Tools
• MP3Stego
• S-Tools (GIF, JPEG)
• StegHide (WAV, BMP)
• Invisible Secrets (JPEG)
• JPHide
• Camouflage
• Hiderman
•Snow
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 95/172
95
Steganography can be detected by some programs, The first step in
detection is to locate files with hidden text, which can be done by
analyzing patterns in the images and changes to the color palette.
Stegdetect is an automated tool for detecting steganographic content
in images. It’s capable of detecting different steganographic methodsto embed hidden information in
JPEG images.
Hide some text in a jpg file
To retrieve the text, open "new.jpg" in notepad, last lines have the
text.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 96/172
96
Hiding data in NTFS file system
NTFS alternate File Stream(ADS) is a windows hidden stream used
to store the metadata of a file such as attributes, word count, access
and modification time etc. Hacker can add data in this hidden data
stream so that no one can see it. It is better than steganographybecause the file size remains zero.
press yes, and type some text, save and close.
File size is zero, but the text is there.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 97/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 98/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 99/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 100/172
100
The following are some indications of a virus attack:
– Increased CPU usage.
– Computer's hard drive constantly runs out of free space.
– Files have strange names which are not recognizable.
– Slow computer or web browser speeds. – Resources are used up very fast.
– Appearance of strange files, programs, or desktop icons
– Programs running, turning off, or reconfiguring themselves
(malware will often reconfigure or turn off antivirus and firewall
programs)
Picture source: Joy Chakraborty slides
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 101/172
101
Anti-Malware Program :
Anti-Malware programs are used to prevent, detect, and remove
computer viruses, worms, Trojan horses and any other type of
malware from your device
Examples of Anti-Malware program:
a) Antivirus program
What is antivirus?
Antivirus software detects, and then prevents or removes malicious
programs or 'viruses'. Antivirus doesn't offer a perfect solution to the
problem of malware, but it should be the second step to secure your
PC or laptop after the first step firewall.
Popular Antivirus programs
• ESET NOD32 Antivirus 8
• Webroot Internet Security Plus 2015
• Avira Free Antivirus 2015
• Panda Global Protection 2015
• F-Secure Safe 2014. Rating
• G-Data Internet Security 2015
• Kaspersky Total Security 2015
• McAfee LiveSafe 2015
Many more are there.
b) Anti-spyware program
What is Anti-Spyware
Anti-spyware program is designed to prevent , detect and delete
unwanted spyware program installations.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 102/172
102
Popular Anti-spyware programs
• Spyware Doctor
• AVG Anti-spyware
• STOPzilla
c) Anti-spam program
What is Anti-Spam
Anti-spam software tries to identify useless or dangerous messages
d) Firewall
A firewall is a system designed to prevent unauthorized access to orfrom a private network. Firewalls can be implemented in both
hardware and software, or a combination of both.
How antivirus identifies a virus
Virus detection techniques can be classified as follows:
Signature-based detection: All virus has a signature, The signature
may be a series of bytes in the file or cryptographic hash of the fileor its sections. Antivirus program check that signature with the
Database stored
Heuristics-based detection :This is intelligent programming, used
for detecting new malware. Like it may look for the presence of rare
instructions or junk code in the examined file
Cloud-based detection: It is not performed locally rather the
antivirus engine connect to cloud and derive patterns related to
malware characteristics and behavior by correlating data collected
from local machine.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 103/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 104/172
104
Google hacking
What is web search engine
A web search engine is a software system that is designed to searchfor information on the World Wide Web. The search results are
generally presented in a line of results often referred to as searchengine results pages (SERPs). The information may be a mix of webpages, images, and other types of files. Some search engines alsomine data available in databases or open directories. Unlike webdirectories, which are maintained only by human editors, searchengines also maintain real-time information by running an algorithmon a web crawler. [defined in en.wikipedia.org]
In simple word Search engines are programs that search some
documents specified by the keywords in the world wide web andreturns a list of the documents where the keywords were found.Typically, Web search engines work by sending out a spider to fetchas many documents as possible.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 105/172
105
Popular Search Engine Used By Hackers
In most of the time out searching starts and end with Google, bingand yahoo, but there are more web search engine, ComputationalKnowledge Engine(www.wolframalpha.com), computer searchengine (https://www.shodan.io), WayBackMachine (archive.org)
that are popularly used by hackers.
You can see the list of various search engines in the following link [http://www.ebizmba.com/articles/search-engines]
https://www.shodan.io
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 106/172
106
archive.org
Majority of the information can be obtained from Google,
around 80% and you will be astonished to know that
"facebook","twitter"," LinkedIn" are also used as a search engine
for target specific attack.
How the Google Search Engine WorksAt first Google use a "optimized algorithm" , to speed up the data
processing and a technique known as "parallel processing" to run
several different computations simultaneously. This is done by using
a network of several thousand computers. Google's search engine
consists of three main parts:
GoogleBot: The web crawler, by crawling the internet, we mean that
it sends requests to all the servers hosting web sites, downloadscopies of them, and then sends them off to the Indexer for
processing.
Indexer: sorts every word on a page, and stores the results in a
database.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 107/172
107
Query Processor : looks at your search string, compares to the
results stored by the indexer, retrieves, and presents the list of most
relevant results. Following picture explain the concept
source[http://www.brighthub.com/]
Google Hacking Database, GHDB, Google Dorks - Exploit-DB
Google hacking is a computer hacking technique that uses GoogleSearch and other Google applications to find security holes inthe configuration and computer code that websites use.
[defined in en.wikipedia.org]
A Google dork query, sometimes just referred to as a dork, is asearch string that uses advanced search operators to find informationthat is not readily available on a website.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 108/172
108
Google dork, also known as Google hacking, can return informationthat is difficult to locate through simple search queries.[http://whatis.techtarget.com]
Google Hacking Database (GHDB).Your home for "googledorks" ismaintained by offensive-security. The definition of Google Hacking
Database according to the site is as follows.
"Originally created by Johnny Long of Hackers for Charity,
The Google Hacking Database (GHDB) is an authoritative source
for querying the ever-widening reach of the Google search engine. In
the GHDB, you will find search terms for files containing
usernames, vulnerable servers, and even files containing
passwords."
https://www.offensive-security.com/community-projects/google-
hacking-database/.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 109/172
109
According to a news published in www.welivesecurity.com BY
ROB WAUGH dated 28 AUG 2014, "Google dorks – FBI warning
about dangerous ‘new’ search tool". Now I think you can imagine
the power of "google dorks". Google dork terms are widely known
to everybody, and till today google dork searching is legal.
Exploit-DB
According to the site https://www.exploit-db.com "The Exploit
Database(EDB) is a CVE compliant archive of exploits and
vulnerable software. A great resource for penetration testers,
vulnerability researchers, and security addicts alike. Our goal is to
collect exploits from various sources and concentrate them in one,
easy to navigate database".
You can check the following link to know more about Exploit-DB.
https://www.exploit-db.com/about
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 110/172
110
The contents available in this site is not for beginners, but some day
it will be required on your way to become an elite hacker.
Google as a Proxy Server to Bypass Pay walls & Download Files
Suppose you have problem in accessing a web page(say
example.com),may be the website is blocked at your workplace, or
that page happens to be behind a pay wall. Then there are a couple of
undocumented Google proxy servers that may help you in accessing
that page. When you access any page via one of these Google
proxies, the content of that page gets downloaded on Google servers
and then served to you.
a) Google Translate as a Proxy
To use Google Translate as a proxy, set the destination language as
the actual language of the page and the source language as anything.
suppose a page is written in English, set the destination language (tl)
in the translate URL as “en” and the source language (sl) as “ja” for
Japanese.
http://translate.google.com/translate?sl=ja&tl=en&u=http://example.
com
b) Google Mobilizer as a Proxy
Google has discontinued the main mobilizer service on google.com
(secure) but you can still access it through any country-specific
Google domain like google.co.in or google.ie. The URL would be:
http://www.google.ie/gwt/x?u=http://example.com/
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 111/172
111
c) Google Modules as a Proxy
The gmodules.com domain is part of the Google personalized
homepage service and is primarily used for hosting gadgets that are
available for the Google homepage. This is the only Google proxy
that will let you download files (like PDFs, .MP4 videos, etc) inaddition to viewing regular web pages.
http://www.gmodules.com/ig/proxy?url=http://example.com/
Google advance Search Operators
Operator Description
siteRestrict result to that particular domain, like site:.pk,will bring all sites with the domain "site:.pk"
intitle Restricts results to those site where title contains the
specified phrase "intitle:hack"
inurl Restricts results to sites whose URL contains the
specified phrase " inurl:hack"
filetype Restricts results to documents of the specified type,like
pdf,doc,ppt etc " intitle:java fietype:pdf "
allintext Restricts results to documents containing the specified
phrase in the
text, but not in the title, link descriptions or URLs
" allintext:java fietype:pdf "
link Restricts results to sites that have links to the specified
location " link:www.google.com "
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 112/172
112
Google queries for locating passwords
Operator Description
intitle: "Index of" pwd.db searching database password files
intitle: "index.of" passwd.bak search index backup password files
filetype: xls inurl:
"password.xls"
looking for username and password
in ms excel format
allinurl: auth_user_file.txt find files auth_user_file.txt
containing password on server
index.of passlist.txt load the page containing password
list in the clear text format
"Login: *" "password =*"
filetype: xls
searching data to the system files
that are stored in Microsoft Excel
Various Online Devices
Operator Description
inurl:axis.cgi ext:cgi Dork for all axis cams. Enjoy with
them!. These Dork is Discovered by
Rootkit Pentester.
intitle:Global Traffic
Statistics "Ntop"
View Global Traffic Statistics
inurl:printer/main.html This Dork reveals Printers Panels
inurl:/view.shtml Some Cctv came online
".git" intitle:"Index of" Shows publicly browsable .git
directories
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 113/172
113
Google queries for locating passwords
Operator Description
intitle: "Index of" pwd.db searching database password files
intitle: "index.of" passwd.bak search the index backup password
files
filetype: xls inurl:
"password.xls"
looking for username and
password in ms excel format
allinurl: auth_user_file.txt find files auth_user_file.txt
containing password on server
index.of passlist.txt load the page containing password
list in the clear text format
"Login: *" "password =*"
filetype: xls
searching data to the system files
that are stored in Microsoft Excel
Searching for personal data and confidential document
Operator Description
"not for distribution" confidential
documents containing the
confidential information
filetype:ctt "msn" MSN contacts list
"phone * * *" "address *" "e-mail"
intitle:"curriculum vitae"
ALL cv
filetype:xls inurl:"email.xls" email.xls files, potentially
containing contact information
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 114/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 115/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 116/172
116
Some popular searches
click on webcam
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 117/172
117
I want to finish this topic with a search engine named"indexeus.com".
Indexeus was developed by the Portuguese Jason Relinquo, a 23-year-old hacker which has built a searchable archivecontaining “over 200 million entries”. it retrieves all the availableinformation on user account acquired from hundreds recentlydata data breaches. The data collected includes information onmalicious hackers stolen recent hack, including Adobe and Yahoo!.Anyway Indexeus website was rapidly targeted by other hackers, afew days ago the search engine was defaced by hacker group
Pernicious Developers which also deployed a backdoor shell on thewebsite.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 118/172
118
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 119/172
119
HTML
HTML started its life in 1989, when it was designed to be thepublishing language of the newly created World Wide Web. HTML(Hyper Text Markup Language) was originally developed by a mannamed Tim Berners-Lee a physicist back in early 1989. The firstversion of HTML 1.0 was initially released as a publishing language.
HTML is a language used for describing the structure of the webpage. Using HTML markups one can create a web page. In otherwords HTML is used to create a web document. Every HTMLdocument contains three main sections the head, title and the body.All HTML file must have an htm or html file extension.
You should know HTML, because most of the websites use HTML.For a hacker analyzing the web page code is important.HTML 4 ispopularly used but, HTML5 is there with lots of new feature. We aregoing to learn both.
How to View HTML Source
To find out, simply right click on the browsers and Source or PageSource or view source. This will open a window that shows you the
actual HTML of the page.
HTML is the language of web. So first comes what is web
A web is a complex, cross platform, cross language, cross culturalmesh of servers,clients, users, databases, all talking, working, searching, viewing,accessing, downloading together.
A website is a collection of web pages (documents that are accessedthrough the Internet), A web page is what you see on the screenwhen you type in a web address, click on a link, or put a query in asearch engine.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 120/172
120
[source www.sans.org]
How to write and run HTML file
1)open notepad2)type the code3) save it with a name, say demo.html
4) click on the file demo.html, automatically open in browser.
HTML files consists of tag. A summary of tag is given below
Basic HTML Tags Tag Description<html> Defines an HTML document<body> Defines the document's body<h1> to <h6> Defines header 1 to header 6
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 121/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 122/172
122
<HTML>
<HEAD>
<TITLE>Sample Program</TITLE>
</HEAD>
<BODY><P>
Making some text <B>bold</B>
or <I>italic</I>
is a useful technique, some are<u>underline</u>
</P>
</BODY>
</HTML>
<HTML>
<HEAD>
<TITLE>
Creating table
</TITLE>
</HEAD>
<BODY>
<TABLE BORDER=2 CELLSPACING=4 align=center>
<TR>
<TD>Student Name</TD>
<TD>Student Age</TD>
<TD>Roll Number</TD>
</TR>
<TR>
<TD>AA</TD>
<TD>BB</TD>
<TD>CC</TD>
</TR>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 123/172
123
</TABLE>
</BODY>
</HTML>
<HTML>
<HEAD>
<TITLE>
list example
</TITLE>
</HEAD>
<BODY>
<P align=center>Creating a list</P>
<UL>
<LI>bca
<LI>btech
<LI>mca
</UL>
</BODY>
</HTML>
HTML Forms are required when you want to collect some datafrom the site visitor. The HTML <form> tag is used to create anHTML form and it has following syntax:
Some elements used in HTML form is explained below.
<form action="Script URL" method="GET|POST">
form elements
</form>
<html>
<head>
<title>working in a form</title>
</head>
<body>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 124/172
124
<form >
User ID : <input type="text" name="user_id" /><br>
Password: <input type="password" name="password" /><br>
<input type="checkbox" name="ice" value="on"> ICE
<input type="checkbox" name="sand" value="on"> SAND <br>
<input type="radio" name="subject" value="ice"> ICE
<input type="radio" name="subject" value="sand"> SAND <br>
<select name="dropdown">
<option value="ice" selected>ICE</option>
<option value="sand">SAND</option>
</select><br>
<input type="submit" name="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" />
<input type="button" name="ok" value="OK" />
</body>
</html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 125/172
125
HTML5
HTML5 has introduced a lot of changes one important change isform validation. Validating web forms has always been a painfultask for many developers. In html4 they have to use some scriptingcodes like JavaScript to performing client side validation.
Furthermore informing users about the validation error is a tedioustask.
HTML5 overcome these problem. There are basically five areas of improvements when it comes to form features in HTML5:
• New input types
• New attributes
•
New elements• Validation
• APIs, such as the File API
New Input Types
color Gives the end user a native color picker to choose a color.date Offers a datepicker.datetime An element to choose both date and time.
datetime-local An element to choose both date and time, with localsettings support.email A field for entering e-mail address(es).month Choose a full month.number Picking a number.range Offers a slider to set to a certain value/position.search A field for search queries.tel Choosing a telephone number.time Input a certain time.
url Entering a URL.week Picking a specific week.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 126/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 127/172
127
New Attributes
autocomplete An option to turn off automatic form completion of values for a field. Possible values are “on” and “off”.
autofocus Whether focus should be set to this field as soon as it hasloaded.
formmethod For buttons that submit a form to be able to overridethe form’s method attribute, in case a button should change the
method.list To connect with a <datalist> element by its id, to use its<option> elements as suggestions.max Maximum value for the value that can be put in.min Minimum value for the value that can be put in.multiple Allows for selection of multiple files for <inputtype=”file”> elements, and for multiple e-mail addresses separated
by a comma.pattern Declaring what pattern should be used for validating afield’s value, in the form of a regular expression.placeholder Meant to be able to display a hint to the end user whatto input.readonly If a field should be readonly.required For validation purposes, if a field is required or not.
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title>Forms Complete Example</title>
<form>
TEXT1<input type="text" autocomplete="off"><BR>
TEXT2<input type="text" autofocus><BR>
RANGE1<input type="range" max="95"><BR>
RANGE2<input type="range" min="2"><BR>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 128/172
128
ALL TEXT<input type="text" pattern="[A-Z]*"><BR>
TEXT3<input type="placeholder" name="first-name"placeholder="E.g. Srikanta sen"><BR>
TEXT4<input type="text" readonly><BR>
TEXT5<input type="text" required><BR>
</form>
</body>
</html>
New Elements
datalist Contains a number of <option> elements with values thatcan be used as suggestions for other form elements through theusage of the list attribute on them.keygen Offers a way to create a public/private key pair where thepublic key is sent with the formmeter The meter element is for displaying values on a bar, whereyou can custom control min, max and assigned value. You can also
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 129/172
129
specify low, high and optimum to set up different kind of areas of the bar.output Dedicated to output the result of a calculation in the page, forinstance sliding a <input type=”range”> back and forth.progress Meant to be used to indicate progress of any kind in a webpage, for instance file upload progress.
Explaining everything on HTML5 is not possible in this book. But Ithink this is enough to give you some idea on HTML and HTML5.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 130/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 131/172
131
side languages. These attacks also have the ability to gather datafrom account hijacking, changing of user settings, cookietheft/poisoning, or false advertising is possible. In some cases,Cross Site Scripting vulnerabilities can perform other functionssuch as scanning for other vulnerabilities and performing a Denialof Service on your web server. [defined in
www.owasp.org]
This is not the place to discuss more on xss, so we willconcentrate on basics.
JavaScript
JavaScript is a client side scripting language, meaning that it runsin the browser used by user. JavaScript, developed originally byNetscape, is a lightweight, interpreted programming languageinitially called LiveScript.
why developers use JavaScript?
• Form Validation at the client-side• Create mouseover effects, change background colour of a
document with a click of a button... interactivity!
• JavaScript can also be used to create animations and games.• Change page contents dynamically.
• JavaScript can be used to build out the entire server using
things like Node.js or Meteor (JavaScript platform).• Load content in new browser windows and frames.
• JavaScript is commonly used to write phone apps using PhoneGap and Apache Cordova. These apps can be built to run on anysmart phone with the same source code.
What JavaScript cannot do?
• It cannot touch any files on your hard drive (besides cookies)• It also cannot read/write any files on the server
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 132/172
132
Other scripting language like Javascript
JScript is Microsoft's dialect of the ECMAScript standard that isused in Microsoft's Internet Explorer. JScript is implemented asan Active Scripting engine
VBScript (Visual Basic Scripting Edition) is an Active Scriptinglanguage developed by Microsoft that is modeled on VisualBasic. It is designed as a "lightweight" language with a fastinterpreter for use in a wide variety of Microsoft environments.
[source en.wikipedia.org]
How JavaScript is written
JavaScript starts with the tag <script language="javascript"> andends with </script> .Anything between these two tags isinterpreted as javascript by the browser. It is embedded in htmlfile or can be written in a separate file with extention .js andcalled in html file.
Next few pages contain some examples, hope you will type, runand understand.
<html>
<head>
<title>This is a JavaScript example</title>
<script language="JavaScript">
<!--
document.write("Hello World!");
//--></script>
</head>
<body>
This is a part of html boy
</body>
</html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 133/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 134/172
134
onclick is a event
<html>
<head>
<script language="JavaScript">
function disp_okcan()
{
var res=confirm("Press a button"); //if u press ok, then res
variable stores true otherwise false
if (res==true)
{
document.write("You pressed OK!");
}
else
{
document.write("You pressed Cancel!");
}
}
</script>
</head>
<body>
<input type="button" onclick="disp_okcan()" value=" press" />
</body>
</html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 135/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 136/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 137/172
137
<body>
<form name="login" onsubmit="return validate()">
<p>UserID:<input type="text" size="10" name="uid"><p>
<p>Password:<input type="text" size="10"
name="password"><p>
<p>Email:<input type="text" size="20" name="email"onblur="emailcheck()">
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 138/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 139/172
139
Python 2.7.9 shell is open.
Now we learn how to save file and run.
step 1: File menu-> New file
step 2: Type code and save it
step 3:press F5
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 140/172
140
>>> 11
11
>>> 2+(3*2)
8
>>>
>>> 1 + 5 ; 6 – 2
6
4
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 141/172
141
Python treats everything as an object
>>> s = "computer"
>>> s.capitalize()
'Computer'
>>>
>>> 8**2 //** is power
64
>>> s = "hello"*3
>>> s
'hellohellohello'
>>> len("python")
6
>>> x = 16
>>> print x
6
>>> y = x * 5
>>> print y
80>>>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 142/172
142
>>> first = 5
>>> second = 6
>>> print first + second
11
>>> first = '10'
>>> second = '15'
>>> print first + second
1015
>>> name = raw_input('What is your name?\n')
What is your name?
Ss
>>> print name
Ss
x = 13
y = 15
print("The sum of", x, "plus", y, "is", x+y)
Python's ability to manipulate lists of variables and objects is
core to its programming style.
There are essentially two kinds of list objects in Python, tuples
and lists.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 143/172
143
>>> lst = [11,12,13,14,15]
>>> print lst
[1, 2, 3, 4, 5]
>>> [1,2] + [3,4]
[1, 2, 3, 4]
>>> [1,2]*4
[1, 2, 1, 2, 1, 2, 1, 2]
>>> l1 = [1,2,3]
>>> l2 = [3,2,1]
>>> l1 += l2
>>> l1
[4,4,4]
range(start, stop, step) function automatically produces lists
>>> range(4)
[0, 1, 2, 3]
>>> range(1, 4)
[1, 2, 3]
>>> range(0, 8, 2)
[0, 2, 4, 6]
>>> lst = [11,12,13,14,15] access list elements.
>>> lst[1]
12
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 144/172
144
subsections of lists can be extracted using the notation list
[lower:upper:step]
where lower gives the inclusive lower element index, upper gives
the exclusive upper index, and the optional step gives the increment
between the two.
>>> l = [1,2,3,4,5]
>>> l[0:4]
[1, 2, 3, 4]
>>> l[0:4:2]
[1, 3]
>>> l = [1,2,3,4,5]
>>> l[:4]
[1, 2, 3, 4]
>>> l[2:]
[3, 4, 5]
>>> l[::2]
[1, 3, 5]
a = raw_input(">")
a =int(a)
b = raw_input(">")
b =int(b) //if else
if a>b:
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 145/172
145
print "max = %d." % a
else:
print "max = %d." %b
a = raw_input(">")
a =int(a)
b = raw_input(">")
b =int(b)
if a>b: //if elif else
print "max = %d." % a
elif a == b:
print "equal"
else:
print "max = %d." %b
>>> first = 5
>>> second = 6
>>> print first + second
11
>>> first = '10'
>>> second = '15'
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 146/172
146
>>> print first + second
1015
>>> name = raw_input('What is your name?\n')
What is your name?
Ss
>>> print name
Ss
>>> for i in [2, "ss", 19]:
... print i
... <hit return>
2
ss
19
>>> for i in (2.1, [8, 9],{"city":"kolkata"}):
... print i
... <hit return>
2.1
[8, 9]
{"city":"kolkata"}
for i in [4, 6, 7, 8, 10]:
print i
4
6
7
8
10
>>> list = [(1, 2), (2, 3), (3, 4)]
>>> for (a, b) in list:
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 147/172
147
... print a + b
... <hit return>
3
5
7
Use of function
def happyBirthday():
print("Happy Birthday to you!")
print("Happy Birthday to you!")
print("Happy Birthday, dear ss.")
print("Happy Birthday to you!")
happyBirthday()
>>>
Happy Birthday to you!
Happy Birthday to you!
Happy Birthday, dear ss.
Happy Birthday to you!
def happyBirthday(person):
print("Happy Birthday, dear "+person)
def main():happyBirthday('ss')
happyBirthday('dm')
main()
Happy Birthday, dear ss
Happy Birthday, dear dm
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 148/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 149/172
149
Example of file readline
fh = open("file2.py","r")
content = fh.readline()
print content
write and save it with "file2.py"
file name
>>>
fh = open("file2.py","r")
>>>
Only 1st line is printed
Write text in a file
f = file("file1.txt", "w")
f.write("This is first line.")
f.write("This is 2nd line.")
f.close()
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 150/172
150
Server-side programming
Server-side programming means some programs that run on theremote web server and then returns the processed information to aclient's web browser. Some popular server side programminglanguages are Perl, PHP, Python, Ruby, Java server pages,
ASP.NET, ColdFusion etc.
Below is a comparison of popularity of server-side programming
languages for websites. PHP is used by 81.5% of all the websites.
Source http://w3techs.com
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 151/172
151
Knowledge of at least one server side programming language is very
important for a ethical hacker. Two important things should be kept
in mind .
a) PHP and JSP are scripting languages, not programming
languages.b) ASP.NET is a web framework that is made up of any .NET
language.
It is impossible for me to explain each of these all server side
programming language in this book, but I can teach you some
basics of the most popular PHP.
For a beginner running PHP is a difficult task, because you have
to know how to install a server and to configure it. But you can
run PHP codes online in [sandbox.onlinephpfunctions.com]
without knowing details of web server configuration. Many more
sites are there.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 152/172
152
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 153/172
153
The full form of PHP is Hypertext Pre-processor (PHP). It allowsweb developers to create dynamic web pages that interacts withserver
Some characteristics of PHP
>PHP is a server side scripting language; it can work alone or can beembedded in HTML file.
>It can be integrated with a number of popular databases, includingMySQL, PostgreSQL,Oracle, and Microsoft SQL Server.
>PHP supports a large number of major protocols such as POP3,IMAP, and LDAP.
>PHP Syntax is similar to C.>PHP codes are written within this block <? ? >
>To run PHP codes you need a server like XAMP (X (crossplaftorm), Apache, MySQL, PHP, Perl), WAMP ( windows,
apache, mysql, php) and a browser.>PHP is case sensitive>PHP is whitespace insensitive>PHP Statements are terminated by semicolons
A simple php code
>Open notepad
>Type the code
>Save the file with .php extention
<html><head><title>this is my first program</title></head>
<body>
<?phpecho "first program";
?>
</body></html>
Output : first program
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 154/172
154
<html><head><title>My First PHP Page</title></head><body><?phpecho "Hello World! ";echo "Hello World! ";echo "Hello World! ";?></body>
</html>Output : Hello World! Hello World! Hello World!
<?php$str1= "Hello!"; // str1 is a variable, written with $$str2= "ajit";echo $str1;echo $str2;?>Output : Hello!" ajit
<?php$addition = 5 + 6;$subtraction = 6 - 5;$multiplication = 5 * 3;$division = 15 / 3;echo "after addition: 5 + 6 = ".$addition."<br />";echo " after subtraction: 6 - 5 = ".$subtraction."<br />";echo " after multiplication: 5 * 3 = ".$multiplication."<br />";
echo " after division: 15 / 3 = ".$division."<br />";?>
Output : after addition: 5 + 6 =11after subtraction: 6 - 5 = 1after multiplication: 5 * 3 = 15after division: 15 / 3 = 5
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 155/172
155
<?php$str1= "Hello!"; // the period "." is used to add twostrings together$str2= "ajit";$str3= $str1.$str2;echo $str3;?>Output : Hello!" ajit
<?php$t1 = 10;$t2 = 12;if ($t1 < $t2) //example of if else{
echo $t1 ." less than " . $t2;}else{
echo $t2 ." more than " . $t1;}?>
Output : 10 less than 12
<?php
$color = "green";
switch ($color){
case"red":echo "Your favorite color is red!"; //example switch casebreak;
case "blue":
echo "Your favorite color is blue!";break;case "green":
echo "Your favorite color is green!";break;
default:echo "Your favorite color is neither red, blue, nor green!";
}
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 156/172
156
?>
Output : Your favorite color is green!
<?phpfor ($i = 0; $i <= 10; $i++){
echo "The number is: $x\n "; //loop syntax similar to c language}?>Output : The number is: 0
The number is: 1……………………………
<?php$play = array("cricket", "football", "baseball");
echo "I like " . $play[0] . ", " . $play[1] . " and " . $play[2] . "."; //array?>
Output : I like cricket, football and baseball.
<html> //form name home.html<body>
<form action="submit.php" method="post">//this form calling “submit.php” file
// form method is post.Name: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form>
</body></html>
<html> //file name submit.php<body>
Welcome <?php echo $_POST["name"]; ?><br>Your email address is: <?php echo $_POST["email"]; ?>
</body></html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 157/172
157
Output : Welcome srikantaYour email address is [email protected]
<html><body>
<form action="submit.php" method="get"> //this form calling “submit.php” file
// form method is getName: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form>
</body></html>
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 158/172
158
Relational Algebra and SQL
Relational algebra is a formal system for manipulating
relations. Relational algebra, first described by E.F. Codd.
Basic operations of Relational Algebra
– Selection ( α ) Selects a rows from a relation.
– Projection (π ) Select particular columns from relation.
– Cross-product ( x ) Combine two relations.
– Set-difference ( T1-T2) Tuples from relation T1, but not from T2 . – Union (T1 U T2) All Tuples from T1 and T2
– Intersection (T1 T2) All common Tuples from T1 and T2
T1
Roll Name Marks
1 Ana 20
2 devid 23
4 alen 26
T2
Roll Name Marks
2 devid 23
3 clinton 21
5 hamid 28
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 159/172
159
Selection ( α ) operation
select from T1,where marks more
than 25
Algebra: α Marks>25 (T1)
T1
Roll Name Marks
4 alen 26
select from T2,where marks more
than 23 and less than 29
Algebra: α Marks>23 and Marks<=28 (T2)
T2
Roll Name Marks
2 devid 23
5 hamid 28
Projection (π ) operation
select roll and marks from T1,where marks more than 25
Algebra: π Roll, Marks (α Marks>25 (T1))
Roll Marks
4 26
select roll and marks from T2,where marks more than 23 and less than 29
Algebra: π Roll, Marks (α Marks>23 and Marks<=28 (T2))
Roll Marks
2 23
5 28
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 160/172
160
Set-difference
Set-difference ( T1-T2)
T1-T2
Roll Name Marks
1 Ana 20
4 alen 26
Set-difference ( T2-T1)
T2-T1
Roll Name Marks
3 clinton 21
5 hamid 28
Union (T1 U T2)
Roll Name Marks
1 Ana 20
2 devid 23
4 alen 26
3 clinton 21
5 hamid 28
Intersection (T1 T2)
Roll Name Marks
2 devid 23
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 161/172
161
Cross-product (x)
T1
Roll Name Marks
1 Ana 20
2 devid 23
Cross-product (T1 x T2)
Roll Name Marks Roll Name Marks
1 Ana 20 2 devid 23
1 Ana 20 3 clinton 21
2 devid 23 2 devid 23
2 devid 23 3 clinton 21
Advance operations of Relational Algebra
– Join (Returns all rows when there is at least one match in
BOTH tables)
– Left outer Join (Return all rows from the left table, and the
matched rows from the right table)
– Right outer Join ( Return all rows from the right table, and
the matched rows from the left table )
– Full outer Join (Return all rows when there is a match in
ONE of the tables)
T2
Roll Name Marks
2 devid 23
3 clinton 21
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 162/172
162
T1
Roll Name
1 Ana
2 devid
4 alen
T2
Roll Marks
2 26
3 21
5 28
T1 T2
Roll Name Marks
2 devid 26
T1 T2
Roll Name Marks
1 Ana NULL
2 devid 26
4 alen NULL
T1 T2
Roll Name Marks
2 devid 26
3 NULL 21
5 NULL 28
T1 T2
Roll Name Marks
1 Ana NULL
2 devid 26
4 alen NULL
3 NULL 21
5 NULL 28
Relational Algebra is much more than this, but more
explanation is beyond the scope of this book
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 163/172
163
Some important concept related to DBMS and RDBMS
Data: Known facts that can be recorded and that have implicit
meaning
Field: Smallest unit of Data,e.g roll,name,marks,which can not be
broken further
T1
Roll Name Marks
Record or tuple or Row: It is a collection of Fields.
T1
Roll Name Marks
1 Ana 20 1st row
2 devid 23 2nd row
Table: It is collection of Records.T1 is a table.
T1
Roll Name Marks
1 Ana 20
2 devid 23
Database: it is collection of more than 1 table,T1,T2 together form
Database.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 164/172
164
T1
Roll Name
1 Ana
2 devid
4 alen
T2
Roll Marks
2 26
3 21
5 28
RDBMS: Codd's twelve rules are a set of rules (numbered zero to
twelve) designed to define what is required from a database
management system in order to be considered RDBMS
SQL(Structured Query Language) is a standard language for
accessing databases.SQL statements are used to perform tasks such
as insert data, delete data, search data and update data on a database.
Some common relational database management systems that use
SQL are: Oracle, Sybase, Microsoft SQL Server, Access, Ingres, etc.
This tutorial will teach you basics of ORACLE SQL.
Consider the following table
T1
Roll Name Marks
1 Ana 20
2 devid 23
4 alen 26
T2
Roll Name Marks
2 devid 23
3 clinton 21
5 hamid 28
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 165/172
165
Selection ( α ) operation
select from T1,where marks more
than 25
Algebra: α Marks>25 (T1)
SQL: select * from T1 where Marks
>25;
T1
Roll Name Marks
4 alen 26
select from T2,where marks
more than 23 and less than 29
Algebra: α Marks>23 and Marks<=28 and
(T2)
SQL: select * from T2 where
Marks >25 and Marks<=28;
* means all column
T2
Roll Name Marks
2 devid 23
5 hamid 28
Projection (π ) operation
select roll and marks from
T1,where marks more than 25
Algebra: π Roll, Marks (α
Marks>25 (T1))
SQL: select Roll, Marks
from T1
where Marks >25;
select roll and marks from
T2,where marks more than 23 and
less than 29
Algebra: π Roll, Marks (α Marks>23 and
Marks<=28 and (T1))
SQL: select Roll, Marks
from T1
where Marks >25 and Marks <=28;
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 166/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 167/172
167
Union (T1 U T2)
SQL: (select * from T1)
Union
(select * from T2);
Roll Name Marks
1 Ana 20
2 devid 23
4 alen 26
3 clinton 21
5 hamid 28
Intersection (T1 T2)
SQL: (select * from T1)
Intersect
(select * from T2);
Roll Name Marks
2 devid 23
Cross-product (x) Consider the following table
T1
Roll Name Marks
1 Ana 20
2 devid 23
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 168/172
168
Cross-product (T1 x T2)
SQL: Select * from T1, T2;
Roll Name Marks Roll Name Marks
1 Ana 20 2 devid 23
1 Ana 20 3 clinton 21
2 devid 23 2 devid 23
2 devid 23 3 clinton 21
Advance operations of Relational Algebra
– Join (Returns all rows when there is at least one match in
BOTH tables)
– Left outer Join (Return all rows from the left table, and the
matched rows from the right table)
– Right outer Join ( Return all rows from the right table, and
the matched rows from the left table )
– Full outer Join (Return all rows when there is a match in
ONE of the tables)
T2
Roll Name Marks
2 devid 23
3 clinton 21
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 169/172
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 170/172
170
SQL: (select T1.Roll,
T1.Name, T2.Marks
From T1, right outer join
T2 on T1.Roll= T2.Roll)
T1 T2
Roll Name Marks
2 devid 23
3 NULL 21
5 NULL 28
SQL: (select T1.Roll, T1.Name, T2.Marks
From T1, full outer join T2 on
T1.Roll= T2.Roll)
T1 T2
Roll Name Marks
1 Ana NULL
2 devid 23
4 alen NULL
3 NULL 21
5 NULL 28
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 171/172
171
Join a Ethical Hacking School
I hope you got some prerequisite skills before you start exploring
the world of ethical hacking or penetration testing, next step will
be obviously joining a Ethical Hacking School.
You can call me biased but my recommendation is ISOEH. The
web site is [www.isoeh.com].The corporate website is
[http://isoah.com].Let me explain, Most of the hacking institute
only teach you only hacking, but in ISOEH you can learn ethical
hacking, penetration testing, malware analysis, cyber forensics,
web application testing, computer network, network penetration
testing, secure coding, virtualization and many more. I should
definitely mention their penetration testing lab in cloud, which isthe best in India as far my observation.
I learned from team ISOEH, still today I am learning from
them. Their research team is fantastic with high volume of
resource material available.
7/23/2019 Ethical Hacking Level 0 by Srikanta Sen
http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 172/172