INDUSTRY INTERNSHIP

SUMMARY REPORT

<<<Ethical Hacking >>>

BACHELOR OF TECHNOLOGY

in

COMPUTER SCIENCE AND ENGINEERING

Submitted by

SAURABH SAKAL SINGH (17SCSE101749)

SCHOOL OF COMPUTING SCIENCE AND ENGINEERING

GREATER NOIDA, UTTAR PRADESH
Winter 2020 – 2021

1
BONAFIDE CERTIFICATE

2
 CERTIFICATE

I hereby certify that the work which is being presented in the Internship project report
entitled “Ethical Hacking“in partial fulfillment for the requirements for the award of the degree of
Bachelor of Technology in the School of Computing Science and Engineering of Galgotias
University , Greater Noida, is an authentic record of my own work carried out in the industry.
To the best of my knowledge, the matter embodied in the project report has not been
submitted to any other University/Institute for the award of any Degree.

Saurabh Sakal Singh (17SCSE10174 )

This is to certify that the above statement made by the candidate is correct and true to the
best of my knowledge.

Signature of Internship Coordinator Signature of Dean (SCSE)

Dr.N.Partheeban Dr. MUNISH SABHARWAL
Professor & IIIC Professor & Dean
School of Computing Science & Engineering School of Computing Science & Engineering
Galgotias University Galgotias University
Greater Noida. Greater Noida.

3
 TABLE OF CONTENTS

CHAPTER TITLE PAGE NO

Abstract

1 Introduction
1.1 Objective of the project
1.2 Problem statement and research objectives
1.3 Description of Domain
1.4 A brief introduction about an organization.

2 Technical Description
3 System Design
3.1 General Architecture
3.2 Design Phase
3.2.1 Data flow diagram
3.2.2 UML Diagrams
3.3 Methodology

4 System Implementation
5 Results and Discussions
6 Conclusion and Future Work
7 Appendices-
7.1 Source Code
7.2 Learning Experiences

7.3 SWOT Analysis

8 References

4
 ABSTRACT

<< Eithcal hacking of the Internship project>>

Computer hacking is the practice of altering computer hardware and software to carry out a goal outside

of the creator‘s original intention. People who slot in computer hacking actions and activities are often

entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to

identify the fact that criminals and hackers are two entirely unrelated things. Media is liable for this.

Hackers in realism are good and extremely intelligent people, who by using their knowledge in a

constructive mode help organizations, companies, government, etc. to secure credentials and secret

information on the Internet. Years ago, no one had to worry about Crackers breaking into their computer

and installing Trojan viruses, or using your computer to send attacks against others. Now that thing have

changed, it's best to be aware of how to defend your computer from damaging intrusions and prevent black

hat hackers. Rampant hacking is systematically victimizing computers around the world. This hacking is not

only common, but is being executed without a flaw that the attackers compromise a system, steal

everything of value and entirely rub out their pathway within 20 minutes

5
 CHAPTER 1

INTRODUCTION

1. Concept of Ethical Hacking Hacking

The Art of exploring various security breaches is termed as Hacking.  Computer Hackers have

been around for so many years. Since the Internet became widely used in the World, We have

started to hear more and more about hacking. Only a few Hackers, such as Kevin Mitnick, are well

known.  In a world of Black and White, it’s easy to describe the typical Hacker. A general outline

of a typical Hacker is an Antisocial, Pimple-faced Teenage boy. But the Digital world has many

types of Hackers.  Hackers are human like the rest of us and are, therefore, unique individuals,

so an exact profile is hard to outline. The best broad description of Hackers is that all Hackers

aren’t equal. Each Hacker has Motives, Methods and Skills. But some general characteristics can

help you understand them. Not all Hackers are Antisocial, Pimplefaced Teenagers. Regardless,

Hackers are curious about Knowing new things, Brave to take steps and they are often very Sharp

Minded.

Hacker

Hacker is a word that has two meanings:

Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers

enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to

work electronically.

Recently, Hacker has taken on a new meaning — someone who maliciously breaks into systems

for personal gain. Technically, these criminals are Crackers as Criminal Hackers. Crackers break

into systems with malicious intentions.

They do it for Personal gain, Fame, Profit and even Revenge. They Modify, Delete and Steal

critical information, often making other people's life miserable.

6
Hacking has a lot of meanings depending upon the person’s knowledge and his work intentions.

Hacking is an Art as well as a Skill. Hacking is the knowledge by which one gets to achieve his

Goals, anyhow, using his Skills and Power.

Most people associate Hacking with breaking law, therefore calling all those guys who engage in

hacking activities to be criminals. We agree that there are people out there who use hacking

techniques to break the law, but hacking is not really about that. In fact, hacking is more about

following the law and performing the steps within the limits.

Hacker vs. Cracker

What Is the Difference Between a Hacker and a Cracker?

Many articles have been written about the difference between Hackers and crackers, which

attempt to correct public misconceptions about hacking. For many years, media has applied the

word Hacker when it really means Cracker. So the public now believe that a Hacker is someone

who breaks into computer systems and steal confidential data. This is very untrue and is an insult

to some of our most talented Hackers.

There are various points to determine the difference between Hackers and crackers

Definition - A Hacker is a person who is interested in the working of any computer Operating

system. Most often, Hackers are programmers. Hackers obtain advanced knowledge of operating

systems and programming languages. They may know various security holes within systems and

the reasons for such holes. Hackers constantly seek further knowledge, share what they have

discovered, and they never have intentions about damaging or stealing data.

Definition - A Cracker is a person who breaks into other people systems, with malicious

intentions. Crackers gain unauthorized access, destroy important data, stop services provided by

the server, or basically cause problems for their targets. Crackers can easily be identified because

their actions are malicious.

Whatever the case, most people give Hacker a negative outline. Many malicious Hackers are

electronic thieves. Just like anyone can become a thief, or a robber, anyone can become a

7
Hacker, regardless of age, gender, or religion. Technical skills of Hackers vary from one to

another. Some Hackers barely know how to surf the Internet, whereas others write software that

other Hackers depend upon

Types of Hacker

Let’s see the categories of Hackers on the basis on their knowledge.

Coders

The Real Hackers are the Coders, the ones who revise the methods and create tools that are

available in the market. Coders can find security holes and weaknesses in software to create their

own exploits. These Hackers can use those exploits to develop fully patched and secure systems.

Coders are the programmers who have the ability to find the unique vulnerability in existing

software and to create working exploit codes. These are the individuals with a deep

understanding of the OSI Layer Model and TCP/IP Stacks.

Admins

Admins are the computer guys who use the tools and exploits prepared by the coders. They do

not develop their own techniques, however they uses the tricks which are already prepared by

the coders. They are generally System Administration, or Computer Network Controller. Most of

the Hackers and security person in this digital world come under this category.

Admins have experience with several operating systems, and know how to exploit several

existing vulnerabilities. A majority of Security Consultants fall in this group and work as a part of

Security Team.

Script Kiddies

Next and the most dangerous class of Hackers is Script kiddies, They are the new generation of

users of computer who take advantage of the Hacker tools and documentation available for free

on the Internet but don’t have any knowledge of what’s going on behind the scenes. They know

just enough to cause you headaches but typically are very sloppy in their actions, leaving all sorts

8
of digital fingerprints behind. Even though these guys are the teenage Hackers that you hear

about in the news media, they need minimum skills to carry out their attacks.

Script Kiddies are the bunnies who use script and programs developed by others to attack

computer systems and Networks. They get the least respect but are most annoying and

dangerous and can cause big problems without actually knowing what they are doing. 

Types of Hackers on the basis of activities performed by them.

White Hat Hacker

A White Hat Hacker is computer guy who perform Ethical Hacking. These are usually security

professionals with knowledge of hacking and the Hacker toolset and who use this knowledge to

locate security weaknesses and implement counter measures in the resources.

They are also known as an Ethical Hacker or a Penetration Tester. They focus on Securing and

Protecting IT Systems.

Black Hat Hacker

A Black Hat Hacker is computer guy who performs Unethical Hacking. These are the Criminal

Hackers or Crackers who use their skills and knowledge for illegal or malicious purposes. They

break into or otherwise violate the system integrity of remote machines, with malicious intent.

These are also known as an Unethical Hacker or a Security Cracker. They focus on Security

Cracking and Data stealing.

Grey Hat Hacker

A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good will, and

sometimes not. They usually do not hack for personal gain or have malicious intentions, but may

or may not occasionally commit crimes during the course of their technological exploits.

They are hybrid between White Hat and Black Hat Hackers.

Why Hackers Hack?

The main reason why Hackers hack is because they can hack. Hacking is a casual hobby for some

Hackers — they just hack to see what they can hack and what they can’t hack, usually by testing

9
their own systems. Many Hackers are the guys who get kicked out of corporate and government

IT and security organizations. They try to bring down the status of the organization by attacking

or stealing information.

The knowledge that malicious Hackers gain and the ego that comes with that knowledge is like an

addiction. Some Hackers want to make your life miserable, and others simply want to be famous.

Some common motives of malicious Hackers are revenge, curiosity, boredom, challenge, theft for

financial gain, blackmail, extortion, and corporate work pressure. 

Many Hackers say they do not hack to harm or profit through their bad activities, which helps

them justify their work. They often do not look for money full of pocket. Just proving a point is

often a good enough reward for them.

Prevention from Hackers

What can be done to prevent Hackers from finding new holes in software and exploiting them?

Information security research teams exist—to try to find these holes and notify vendors before

they are exploited. There is a beneficial competition occurring between the Hackers securing

systems and the Hackers breaking into those systems. This competition provides us with better

and stronger security, as well as more complex and sophisticated attack techniques.

Defending Hackers create Detection Systems to track attacking Hackers, while the attacking

Hackers develop bypassing techniques, which are eventually resulted in bigger and better

detecting and tracking systems. The net result of this interaction is positive, as it produces

smarter people, improved security, more stable software, inventive problem-solving techniques,

and even a new economy.

Now when you need protection from Hackers, whom you want to call, “The Ethical Hackers”. An

Ethical Hacker possesses the skills, mindset, and tools of a Hacker but is also trustworthy. Ethical

Hackers perform the hacks as security tests computer systems.

Ethical Hacking — also known as Penetration Testing or White-Hat Hacking —involves the same

Tools, Tricks and Techniques that Hackers use, but with one major difference:

10
Ethical hacking is Legal.

Ethical hacking is performed with the target’s permission. The intent of Ethical Hacking is to

discover vulnerabilities from a Hacker’s viewpoint so systems can be better secured. Ethical

Hacking is part of an overall information Risk Management program that allows for ongoing

security improvements. Ethical hacking can also ensure that vendors’ claims about the security of

their products are legitimate.

As Hackers expand their knowledge, so should you. You must think like them to protect your

systems from them. You, as the ethical Hacker, must know activities Hackers carry out and how

to stop their efforts. You should know what to look for and how to use that information to thwart

Hackers’ efforts.  You don’t have to protect your systems from everything. You can’t. The only

protection against everything is to unplug your computer systems and lock them away so no one

can touch them—not even you

11
 CHAPTER 2

TECHNICAL DESCRIPTION

What do ethical hackers do?

An ethical hacker's evaluation of a system's security seeks answers to three basic questions: What can an

intruder see on the target systems? What can an intruder do with that information? Does anyone at the

target notice the intruder's attempts or successes? While the first and second of these are clearly

important, the third is even more important: If the owners or operators of the target systems do not

notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and

will usually eventually succeed. When the client requests an evaluation, there is quite a bit of discussion

and paperwork that must be done up front. The discussion begins with the client's answers to questions

similar to those posed by Garfinkel and Spafford:

1. What are you trying to protect?

2. What are you trying to protect against?

3. How much time, effort, and money are you willing to expend to obtain adequate protection? II.

PLANNING THE TEST

Aspects that should be focused on:

a) Who should perform penetration testing?

b) How often the tests have to be conducted?

c) What are the methods of measuring and communicating the results?

d) What if something unexpected happens during the test and brings the whole system down?

e) What are the organization's security policies?

12
THE MINIMUM SECURITY POLICIES THAT AN ORGANIZATION SHOULD POSSESS

a) Information policy

b) Security policy

c) Computer use

d) User management

e) System administration procedures

f) Incident response procedures

g) Configuration management

h) Design methodology

i) Disaster methodology

j) Disaster recovery plans.

ETHICAL HACKING AS A DYNAMIC PROCESS

Ethical hacking is a dynamic process since running through the penetration test once gives the current set

of security issues which subject to change over time therefore penetration testing must be continuous to

ensure that system movements and installation of new applications do not introduce new vulnerabilities

in the system. Areas to be tested:

 Application servers

 Firewalls and security devices

 Network security

 Wireless security

13
Multi layered assessment:

Various areas of security are evaluated using a multilayered approach.

• Each area of security defines how the target will be assessed.

• An identified vulnerability at one layer may be protected at another layer minimizing the associated

risk of the vulnerability

14
 CHAPTER 3

SYSTEM DESIGN

Ethical hacking is a process of detecting vulnerabilities in an application, system, or organization’s

infrastructure that an attacker can use to exploit an individual or organization. They use this process to
prevent cyberattacks and security breaches by lawfully hacking into the systems and looking for weak
points. An ethical hacker follows the steps and thought process of a malicious attacker to gain authorized
access and test the organization’s strategies and network.

An attacker or an ethical hacker follows the same five-step hacking process to breach the network or
system. The ethical hacking process begins with looking for various ways to hack into the system,
exploiting vulnerabilities, maintaining steady access to the system, and lastly, clearing one’s tracks.

The five phases of ethical hacking are:

1. Reconnaissance

First in the ethical hacking methodology steps is reconnaissance, also known as the footprint or
information gathering phase. The goal of this preparatory phase is to collect as much information as
possible. Before launching an attack, the attacker collects all the necessary information about the target.
The data is likely to contain passwords, essential details of employees, etc. An attacker can collect the
information by using tools such as HTTPTrack to download an entire website to gather information about
an individual or using search engines such as Maltego to research about an individual through various
links, job profile, news, etc.

Reconnaissance is an essential phase of ethical hacking. It helps identify which attacks can be launched
and how likely the organization’s systems fall vulnerable to those attacks.

Footprinting collects data from areas such as:

 TCP and UDP services

 Vulnerabilities

 Through specific IP addresses

 Host of a network

In ethical hacking, footprinting is of two types:

15
 Active: This footprinting method involves gathering information from the target directly using Nmap tools
to scan the target’s network.

Passive: The second footprinting method is collecting information without directly accessing the target in
any way. Attackers or ethical hackers can collect the report through social media accounts, public
websites, etc.

2. Scanning

The second step in the hacking methodology is scanning, where attackers try to find different ways to
gain the target’s information. The attacker looks for information such as user accounts, credentials, IP
addresses, etc. This step of ethical hacking involves finding easy and quick ways to access the network
and skim for information. Tools such as dialers, port scanners, network mappers, sweepers, and
vulnerability scanners are used in the scanning phase to scan data and records. In ethical hacking
methodology, four different types of scanning practices are used, they are as follows:

1. Vulnerability Scanning: This scanning practice targets the vulnerabilities and weak points of a target and

tries various ways to exploit those weaknesses. It is conducted using automated tools such as Netsparker,

OpenVAS, Nmap, etc.

2. Port Scanning: This involves using port scanners, dialers, and other data-gathering tools or software to

listen to open TCP and UDP ports, running services, live systems on the target host. Penetration testers or

attackers use this scanning to find open doors to access an organization’s systems.

3. Network Scanning: This practice is used to detect active devices on a network and find ways to exploit a

network. It could be an organizational network where all employee systems are connected to a single

network. Ethical hackers use network scanning to strengthen a company’s network by identifying

vulnerabilities and open doors.

3. Gaining Access

The next step in hacking is where an attacker uses all means to get unauthorized access to the
target’s systems, applications, or networks. An attacker can use various tools and methods to
gain access and enter a system. This hacking phase attempts to get into the system and exploit
the system by downloading malicious software or application, stealing sensitive information,

16
 getting unauthorized access, asking for ransom, etc. Metasploit is one of the most common tools
used to gain access, and social engineering is a widely used attack to exploit a target.

Ethical hackers and penetration testers can secure potential entry points, ensure all systems and
applications are password-protected, and secure the network infrastructure using a firewall.
They can send fake social engineering emails to the employees and identify which employee is
likely to fall victim to cyberattacks.

4. Maintaining Access

Once the attacker manages to access the target’s system, they try their best to maintain
that access. In this stage, the hacker continuously exploits the system, launches DDoS
attacks, uses the hijacked system as a launching pad, or steals the entire database. A
backdoor and Trojan are tools used to exploit a vulnerable system and steal credentials,
essential records, and more. In this phase, the attacker aims to maintain their
unauthorized access until they complete their malicious activities without the user finding
out.

Ethical hackers or penetration testers can utilize this phase by scanning the entire
organization’s infrastructure to get hold of malicious activities and find their root cause to
avoid the systems from being exploited.

5. Clearing Track

The last phase of ethical hacking requires hackers to clear their track as no attacker wants to get caught.
This step ensures that the attackers leave no clues or evidence behind that could be traced back. It is
crucial as ethical hackers need to maintain their connection in the system without getting identified by
incident response or the forensics team. It includes editing, corrupting, or deleting logs or registry values.
The attacker also deletes or uninstalls folders, applications, and software or ensures that the changed
files are traced back to their original value.

In ethical hacking, ethical hackers can use the following ways to erase their tracks:

1. Using reverse HTTP Shells

2. Deleting cache and history to erase the digital footprint

3. Using ICMP (Internet Control Message Protocol) Tunnels

17
 CHAPTER 4

SYSTEM IMPLEMENTATION

What does an ethical hacker do?

Ethical hacking represents a wide field of responsibilities. Like every field, there are multiple
domains that can take years to master. For example, some ethical hackers focus on vulnerability
assessment (VA) while others focus on penetration testing.

In general, the following are some of the most common responsibilities that an ethical hacker
will have:

 Perform a VA and suggest repairs

 Sniff networks or bypass a wireless encryption
 Hijack web servers and web applications
 Attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems)
and firewalls
 Analyze patch installations
 Employ social engineering techniques, like phishing emails, to train employees with
sensitive information
 Use port scanning tools to find open ports
 Gain entry using SSH attacks, DoS attacks, MAC address spoofing, or SQL injections
 Work with a team to test a specific product using real-world invasion (called Red
Teaming)
 Cover tracks to avoid detection
 Create an in-depth report of your hacking experience
 and more

Want to learn more about the most common breaches, attacks, and vulnerabilities? Check out
our Guide to Cyber Security for an introduction.

What tools does an ethical hacker use?

Other than basic programming skills, there are hundreds of tools that ethical hackers use to test
sites and applications. Many of the most popular tools are open source and require advanced
programming skills. Let’s take a look at the top tools used by ethical hackers.

 Programming languages: As an ethical hacker, it’s important to know multiple languages.

The most popular for hacking are HTML, Java, JavaScript, Python, PHP, SQL, C/C++, and
Ruby.

18
  Code security and analysis: Kiuwan is a common application security too used to analyze
code and code security. For example, you can use this to create action plans for
remedying a vulnerability.

 Create custom plugins: Ettercap is a cross-platform tool for creating custom plugins. This
helps with overall network security for man-in-the-middle attacks.

 Port scanner: Nmap is a security and port scanner that can be used to explore networks.
It is popular for detecting hosts on a network and any packet filters.

 Mimic a hacker: Netsparker is ideal for ethical hackers. It mimics a hacker’s move to
identify SQL injections and cross-site scripting.

 Vulnerability management: Acunetix can identify over 4,500 web application

vulnerabilities. It is a web crawler that can integrate with other tools and platforms.

 Scan a web server: Nikto can be used to scan a web server for dangerous files, version
issues, and more. It can check for over 6,700 dangers.

 Password cracker: The most popular password cracker is Jack the Ripper. It detects weak
UNIX passwords and can perform dictionary attacks.

How to get certified as an ethical hacker

So, we know what an ethical hacker is, and we understand what the job entails. But how do you
actually become an ethical hacker or pen tester?

Here’s what you’ll need at a glance:

 Expert in multiple programming languages

 Solid knowledge of computer networking and system design
 UNIX/LIUX
 Understanding of cryptography
 Knowledge of operating systems and databases
 CEH Certification
 Mastery over hacking tools

19
 CHAPTER 5

RESULTS AND DISCUSSIONS

Ethical hacking is the gaining of unauthorised access to data in one or more computers, performed by a
company or individual to help identify potential threats on a computer or network.

An ethical hacker attempts to bypass the security of system and search for any weak points that could be
prone to exploitation by malicious hackers. This information is then used by the person or organization
that hired the ethical hacker, to improve the system security, in an effort to minimize or eliminate any
potential attacks.

Ethical hackers are also called white hat hackers and hackers with malicious intent are also called black
hat hackers.
For hacking to be considered ethical, the ethical hacker must obey the following rules:

1.Expressed and preferably written permission to hack the network and to identify potential security
risks.
2. Respect the individual's or company's privacy.
3. Close out your work, not leaving anything open for you or someone else to exploit at a later time.
4. Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in
their software or hardware, if not already known by the company.

Personality Traits/Skills Required

1. Interested in staying updated with the latest developments in the world of computing.
2. Ability to work with details and very keen observation.
3. Adaptable and patient, ability to take on challenges
4. Very curious to know about how things work.
5. Problem solving, analytical and logical thinking.
6. Integrity and sincerity
7. Resourceful and creative.
8. Proficiency in programming in C, C++, Perl, Python, Ruby; web applications such as Microsoft .NET and
PHP; operating systems such as Microsoft Windows, Linux; Assembly language ; TCP/IP protocols such as
SMTP, ICMP and HTTP

Courses In India
To become an ethical hacker, a bachelors degree in a computer related discipline like BE in Computer
Engineering, Bachelors in Computer Applications, will help, though not mandatory.
Ethical hacking is mainly taught as certifications in India and abroad.

Certifications In India
1. Certified Ethical Hacker offered by EC-Council. (http://www.eccouncil.org/)

20
2. Certified Hacking Forensic Investigator Certifications offered by of EC-Council.
(http://www.eccouncil.org/)
3. GIAC Certified Intrusion Analyst (GCIA)
4. GIAC certified forensic analyst (GCFA)
5. GIAC Certified Penetration Tester (GPEN) offered by SAN (Security, Audit and Network)
6. NIIT (http://www.niitethicalhacking.com)
7. Indian School of Ethical Hacking (https://www.isoeh.com/) The above certifications have a duration
from few weeks to 6 months.

Scope, Job Prospects and Sectors

Internet security and networking are the two fastest-growing industries where ethical hackers can find
employment. Ethical hackers are hired to find any vulnerability that might exist in a network and to fix
them. They can join the government as well as private organisations as cyber-security experts.

IT firms are the main recruiters of ethical hackers. They can also be required by financial service
providers, airlines, retail chains and hotels.

In addition, government agencies such as various wings of the military and law enforcement, defence
organisations, forensic laboratories, detective companies and investigative services offer challenging roles
for ethical hackers.

Some skilled hackers work for investigative agencies like the Central Bureau of Investigation, the National
Security Agency and the Federal Bureau of Information.

Some large organisations employ security testers and others use contractors to audit their systems.

Graduates can set up their own companies offering ethical hacking services. Companies such as Wipro,
Infosys, IBM, TCS, Tech Mahindra, HCL, Airtel, Reliance and many more are also looking for good ethical
hackers.

Designations that are used for this profile include Network Security Systems Manager, Network Security
Administrator, Systems/Applications, Security Executive, Web Security Administrator, Web Security
Manager, etc.

21
 CHAPTER 6

CONCLUSION AND FUTURE WORK

Ethical Hacking also known as Internet Security is very different from traditional Security. Internet

security is more on a proactive basis as compared to traditional security. While traditional security is

based on catching the criminals, internet security has Ethical Hackers that try to hack into a

company/organization before an 'attack' so they are able to find any weak links. Ethical Hackers are hired

by companies to hack their own respective company and be able to identify any loopholes where an ill-

intentioned hacker could create damage so that the company can buff its security and cover the cracks.

They use their creativity and skills to make the internet world of a company a foolproof and safe place for

both the owners and the clients. These 'Cyber Cops' prevent Cyber Crimes and protect the cyber space.

The ethical hack itself poses some risk to the client: Criminal hacker monitoring the transmissions of

ethical hacker could trap the information.

22
 CHAPTER 7

APPENDICES

Password cracker using Python Ethical hacking project

We are going to use try bock. For that, type the following:

try:

pass_file = open (wordlist, “r”)

Except:

print(“No file found”)

quit()

Let’s write the program to compare the hashes of different words which are found in this file.

for word in pass_file:

enc_wrd = word.encode(‘utf-8’)

digest = hashlib.md5(wnc-wrd.strip()).hexdigest()

Now the hash is created the next step is to compare it with all the other sort of hashes.

if digest == pass_hash:

print(“Password found”)

print(“password is “ + word)

flag=1

break

If the hash matches with the word it will print the password and breaks the loop. This will happen
only if the password is found in the list. So for the other way we need to create a flag which says
1.

if flag == 0:

print(“password/passphrase is not in the list”)

23
If the flag is still set to 0 after checking the whole list the above line will be printed. Now our code
is ready. Save the program and run it.

To run the program open command prompt in the file location and start the program give the
hash name and the dictionary file name. Now the program will start comparing the list and
displays you the password.

Also, try giving the wrong hash file which will give the output as no password found. This project
is for learning purpose only never misuse it.

Reasons why you should learn Ethical Hacking

1. Understand A Hackers Mindset

The most obvious benefit of learning ethical hacking is its potential to improve and inform on how a

corporate network is defended. For any organization, when it comes to Cyber Security, the primary threat

is a black hat hacker. And by learning how they operate, it can help defenders identify and prioritize

potential menaces. Practically, it is not possible to remove all the attacks from a network. But with ethical

hacking skills, Cyber Security professionals will be able to minimize the impact of the potential threat and

assign limited resources that reduce the chances of a successful attack. Training in ethical hacking can

help network defenders to develop this kind of mindset.

2. Know Hidden Techniques and Explore Better Ways

By ethical hacking into the system, you can learn about ample security options, which otherwise might

have resulted in security breaches. With the right approach, you can know about the best security

practices to be followed and new concepts like:

 Hacking Mobile Phone

 Windows and Linux
 ART of Hacking
 Testing Web Application Security

Learning all these concepts would not only be used in your professional career but also when you decide

to change your platform.

24
3. Helps with Development and Quality Assurance

Whenever a new product is developed, stakeholders often neglect its security testing due to a time

crunch, which at times leave the software vulnerable to theft and hacking. But if there is an ethical hacker

on board, the security testing can be performed quickly, efficiently and comprehensively with the best

industry practices. Beyond this, learning ethical hacking can help with studying tools, created by hackers

and quality assurance testers to expedite the remediation of common vulnerabilities. Moreover, by

knowing about these tools, developers can acquire knowledge about coding errors that should be

avoided.

4. Good salary package

According to INFOSEC Institute, the average salary for a Certified Ethical Hacker is $71,331 per annum. If

you learn Ethical Hacking, your chances of securing a career in Cyber Security will increase, an industry

which will be recruiting 3.5 million unfilled cybersecurity jobs globally by 2021. On top of it, the demand

for Cyber Security professionals is more than the supply. And that’s perhaps the reason why the

companies are readily paying a handsome salary to recruit for their Cyber Security team to protect their

information from black hat hackers.

Read More: Demand/Supply of Skilled Cybersecurity Professionals

5. The world is your Oyster

As an ethical hacker, you have the liberty to work for whichever industry you want. You can work for one

of the Fortune 500 or even start a small venture on your own. Moreover, for those who aspire to travel

the world, ethical hacking might be the right start. The reason being that on the global scale, Cyber

attacks are on an all-time ride and are outpacing the supply of ethical hackers. Thus, there are plenty of

opportunities for cybersecurity professionals.

25
 CHAPTER 8

REFERENCES

[1] http://www.articlesbase.com/security-articles/ethicalhacking-an-introduction-402282.html

[2] http://www.ehacking.net/2011/06/top-6-ethicalhacking-tools.html#sthash.nszGZw4y.dpuf

[3] OWASP. “Web Application Penetration Testing,

http://www.owasp.org/index.php/Web_Application_Pen e tration_Testing.

[4]http://www.corecom.com/external/livesecurity/pen test.html

[5]http://www.networkdefense.com/papers/pentest.ht ml

[6] Internet Security Systems, Network and Hostbased Vulnerability Assessment

[7]http://www.infosecinstitute.com/blog/ethicalhacking _computer_forensics.html

[8]http://searchnetworking.techtarget.com/generic/0,2 95582,sid7_gci1083715,00.html

[9]http://www.owasp.org/index.php/Testing:_Informati on_Gathering

26