Professional Documents
Culture Documents
Industry Internship Summary Report
Industry Internship Summary Report
Industry Internship Summary Report
SUMMARY REPORT
BACHELOR OF TECHNOLOGY
in
Submitted by
1
BONAFIDE CERTIFICATE
2
CERTIFICATE
I hereby certify that the work which is being presented in the Internship project report
entitled “Ethical Hacking“in partial fulfillment for the requirements for the award of the degree of
Bachelor of Technology in the School of Computing Science and Engineering of Galgotias
University , Greater Noida, is an authentic record of my own work carried out in the industry.
To the best of my knowledge, the matter embodied in the project report has not been
submitted to any other University/Institute for the award of any Degree.
This is to certify that the above statement made by the candidate is correct and true to the
best of my knowledge.
3
TABLE OF CONTENTS
1 Introduction
1.1 Objective of the project
1.2 Problem statement and research objectives
1.3 Description of Domain
1.4 A brief introduction about an organization.
2 Technical Description
3 System Design
3.1 General Architecture
3.2 Design Phase
3.2.1 Data flow diagram
3.2.2 UML Diagrams
3.3 Methodology
4 System Implementation
5 Results and Discussions
6 Conclusion and Future Work
7 Appendices-
7.1 Source Code
7.2 Learning Experiences
8 References
4
ABSTRACT
Computer hacking is the practice of altering computer hardware and software to carry out a goal outside
of the creator‘s original intention. People who slot in computer hacking actions and activities are often
entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to
identify the fact that criminals and hackers are two entirely unrelated things. Media is liable for this.
Hackers in realism are good and extremely intelligent people, who by using their knowledge in a
constructive mode help organizations, companies, government, etc. to secure credentials and secret
information on the Internet. Years ago, no one had to worry about Crackers breaking into their computer
and installing Trojan viruses, or using your computer to send attacks against others. Now that thing have
changed, it's best to be aware of how to defend your computer from damaging intrusions and prevent black
hat hackers. Rampant hacking is systematically victimizing computers around the world. This hacking is not
only common, but is being executed without a flaw that the attackers compromise a system, steal
everything of value and entirely rub out their pathway within 20 minutes
5
CHAPTER 1
INTRODUCTION
The Art of exploring various security breaches is termed as Hacking. Computer Hackers have
been around for so many years. Since the Internet became widely used in the World, We have
started to hear more and more about hacking. Only a few Hackers, such as Kevin Mitnick, are well
known. In a world of Black and White, it’s easy to describe the typical Hacker. A general outline
of a typical Hacker is an Antisocial, Pimple-faced Teenage boy. But the Digital world has many
types of Hackers. Hackers are human like the rest of us and are, therefore, unique individuals,
so an exact profile is hard to outline. The best broad description of Hackers is that all Hackers
aren’t equal. Each Hacker has Motives, Methods and Skills. But some general characteristics can
help you understand them. Not all Hackers are Antisocial, Pimplefaced Teenagers. Regardless,
Hackers are curious about Knowing new things, Brave to take steps and they are often very Sharp
Minded.
Hacker
Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers
enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to
work electronically.
Recently, Hacker has taken on a new meaning — someone who maliciously breaks into systems
for personal gain. Technically, these criminals are Crackers as Criminal Hackers. Crackers break
They do it for Personal gain, Fame, Profit and even Revenge. They Modify, Delete and Steal
6
Hacking has a lot of meanings depending upon the person’s knowledge and his work intentions.
Hacking is an Art as well as a Skill. Hacking is the knowledge by which one gets to achieve his
Most people associate Hacking with breaking law, therefore calling all those guys who engage in
hacking activities to be criminals. We agree that there are people out there who use hacking
techniques to break the law, but hacking is not really about that. In fact, hacking is more about
following the law and performing the steps within the limits.
Many articles have been written about the difference between Hackers and crackers, which
attempt to correct public misconceptions about hacking. For many years, media has applied the
word Hacker when it really means Cracker. So the public now believe that a Hacker is someone
who breaks into computer systems and steal confidential data. This is very untrue and is an insult
There are various points to determine the difference between Hackers and crackers
Definition - A Hacker is a person who is interested in the working of any computer Operating
system. Most often, Hackers are programmers. Hackers obtain advanced knowledge of operating
systems and programming languages. They may know various security holes within systems and
the reasons for such holes. Hackers constantly seek further knowledge, share what they have
discovered, and they never have intentions about damaging or stealing data.
Definition - A Cracker is a person who breaks into other people systems, with malicious
intentions. Crackers gain unauthorized access, destroy important data, stop services provided by
the server, or basically cause problems for their targets. Crackers can easily be identified because
Whatever the case, most people give Hacker a negative outline. Many malicious Hackers are
electronic thieves. Just like anyone can become a thief, or a robber, anyone can become a
7
Hacker, regardless of age, gender, or religion. Technical skills of Hackers vary from one to
another. Some Hackers barely know how to surf the Internet, whereas others write software that
Types of Hacker
Coders
The Real Hackers are the Coders, the ones who revise the methods and create tools that are
available in the market. Coders can find security holes and weaknesses in software to create their
own exploits. These Hackers can use those exploits to develop fully patched and secure systems.
Coders are the programmers who have the ability to find the unique vulnerability in existing
software and to create working exploit codes. These are the individuals with a deep
Admins
Admins are the computer guys who use the tools and exploits prepared by the coders. They do
not develop their own techniques, however they uses the tricks which are already prepared by
the coders. They are generally System Administration, or Computer Network Controller. Most of
the Hackers and security person in this digital world come under this category.
Admins have experience with several operating systems, and know how to exploit several
existing vulnerabilities. A majority of Security Consultants fall in this group and work as a part of
Security Team.
Script Kiddies
Next and the most dangerous class of Hackers is Script kiddies, They are the new generation of
users of computer who take advantage of the Hacker tools and documentation available for free
on the Internet but don’t have any knowledge of what’s going on behind the scenes. They know
just enough to cause you headaches but typically are very sloppy in their actions, leaving all sorts
8
of digital fingerprints behind. Even though these guys are the teenage Hackers that you hear
about in the news media, they need minimum skills to carry out their attacks.
Script Kiddies are the bunnies who use script and programs developed by others to attack
computer systems and Networks. They get the least respect but are most annoying and
dangerous and can cause big problems without actually knowing what they are doing.
A White Hat Hacker is computer guy who perform Ethical Hacking. These are usually security
professionals with knowledge of hacking and the Hacker toolset and who use this knowledge to
They are also known as an Ethical Hacker or a Penetration Tester. They focus on Securing and
Protecting IT Systems.
A Black Hat Hacker is computer guy who performs Unethical Hacking. These are the Criminal
Hackers or Crackers who use their skills and knowledge for illegal or malicious purposes. They
break into or otherwise violate the system integrity of remote machines, with malicious intent.
These are also known as an Unethical Hacker or a Security Cracker. They focus on Security
A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good will, and
sometimes not. They usually do not hack for personal gain or have malicious intentions, but may
or may not occasionally commit crimes during the course of their technological exploits.
They are hybrid between White Hat and Black Hat Hackers.
The main reason why Hackers hack is because they can hack. Hacking is a casual hobby for some
Hackers — they just hack to see what they can hack and what they can’t hack, usually by testing
9
their own systems. Many Hackers are the guys who get kicked out of corporate and government
IT and security organizations. They try to bring down the status of the organization by attacking
or stealing information.
The knowledge that malicious Hackers gain and the ego that comes with that knowledge is like an
addiction. Some Hackers want to make your life miserable, and others simply want to be famous.
Some common motives of malicious Hackers are revenge, curiosity, boredom, challenge, theft for
Many Hackers say they do not hack to harm or profit through their bad activities, which helps
them justify their work. They often do not look for money full of pocket. Just proving a point is
What can be done to prevent Hackers from finding new holes in software and exploiting them?
Information security research teams exist—to try to find these holes and notify vendors before
they are exploited. There is a beneficial competition occurring between the Hackers securing
systems and the Hackers breaking into those systems. This competition provides us with better
and stronger security, as well as more complex and sophisticated attack techniques.
Defending Hackers create Detection Systems to track attacking Hackers, while the attacking
Hackers develop bypassing techniques, which are eventually resulted in bigger and better
detecting and tracking systems. The net result of this interaction is positive, as it produces
smarter people, improved security, more stable software, inventive problem-solving techniques,
Now when you need protection from Hackers, whom you want to call, “The Ethical Hackers”. An
Ethical Hacker possesses the skills, mindset, and tools of a Hacker but is also trustworthy. Ethical
Ethical Hacking — also known as Penetration Testing or White-Hat Hacking —involves the same
Tools, Tricks and Techniques that Hackers use, but with one major difference:
10
Ethical hacking is Legal.
Ethical hacking is performed with the target’s permission. The intent of Ethical Hacking is to
discover vulnerabilities from a Hacker’s viewpoint so systems can be better secured. Ethical
Hacking is part of an overall information Risk Management program that allows for ongoing
security improvements. Ethical hacking can also ensure that vendors’ claims about the security of
As Hackers expand their knowledge, so should you. You must think like them to protect your
systems from them. You, as the ethical Hacker, must know activities Hackers carry out and how
to stop their efforts. You should know what to look for and how to use that information to thwart
Hackers’ efforts. You don’t have to protect your systems from everything. You can’t. The only
protection against everything is to unplug your computer systems and lock them away so no one
11
CHAPTER 2
TECHNICAL DESCRIPTION
An ethical hacker's evaluation of a system's security seeks answers to three basic questions: What can an
intruder see on the target systems? What can an intruder do with that information? Does anyone at the
target notice the intruder's attempts or successes? While the first and second of these are clearly
important, the third is even more important: If the owners or operators of the target systems do not
notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and
will usually eventually succeed. When the client requests an evaluation, there is quite a bit of discussion
and paperwork that must be done up front. The discussion begins with the client's answers to questions
3. How much time, effort, and money are you willing to expend to obtain adequate protection? II.
d) What if something unexpected happens during the test and brings the whole system down?
12
THE MINIMUM SECURITY POLICIES THAT AN ORGANIZATION SHOULD POSSESS
a) Information policy
b) Security policy
c) Computer use
d) User management
g) Configuration management
h) Design methodology
i) Disaster methodology
Ethical hacking is a dynamic process since running through the penetration test once gives the current set
of security issues which subject to change over time therefore penetration testing must be continuous to
ensure that system movements and installation of new applications do not introduce new vulnerabilities
Application servers
Network security
Wireless security
13
Multi layered assessment:
• An identified vulnerability at one layer may be protected at another layer minimizing the associated
14
CHAPTER 3
SYSTEM DESIGN
An attacker or an ethical hacker follows the same five-step hacking process to breach the network or
system. The ethical hacking process begins with looking for various ways to hack into the system,
exploiting vulnerabilities, maintaining steady access to the system, and lastly, clearing one’s tracks.
1. Reconnaissance
First in the ethical hacking methodology steps is reconnaissance, also known as the footprint or
information gathering phase. The goal of this preparatory phase is to collect as much information as
possible. Before launching an attack, the attacker collects all the necessary information about the target.
The data is likely to contain passwords, essential details of employees, etc. An attacker can collect the
information by using tools such as HTTPTrack to download an entire website to gather information about
an individual or using search engines such as Maltego to research about an individual through various
links, job profile, news, etc.
Reconnaissance is an essential phase of ethical hacking. It helps identify which attacks can be launched
and how likely the organization’s systems fall vulnerable to those attacks.
Vulnerabilities
Host of a network
15
Active: This footprinting method involves gathering information from the target directly using Nmap tools
to scan the target’s network.
Passive: The second footprinting method is collecting information without directly accessing the target in
any way. Attackers or ethical hackers can collect the report through social media accounts, public
websites, etc.
2. Scanning
The second step in the hacking methodology is scanning, where attackers try to find different ways to
gain the target’s information. The attacker looks for information such as user accounts, credentials, IP
addresses, etc. This step of ethical hacking involves finding easy and quick ways to access the network
and skim for information. Tools such as dialers, port scanners, network mappers, sweepers, and
vulnerability scanners are used in the scanning phase to scan data and records. In ethical hacking
methodology, four different types of scanning practices are used, they are as follows:
1. Vulnerability Scanning: This scanning practice targets the vulnerabilities and weak points of a target and
tries various ways to exploit those weaknesses. It is conducted using automated tools such as Netsparker,
2. Port Scanning: This involves using port scanners, dialers, and other data-gathering tools or software to
listen to open TCP and UDP ports, running services, live systems on the target host. Penetration testers or
attackers use this scanning to find open doors to access an organization’s systems.
3. Network Scanning: This practice is used to detect active devices on a network and find ways to exploit a
network. It could be an organizational network where all employee systems are connected to a single
network. Ethical hackers use network scanning to strengthen a company’s network by identifying
3. Gaining Access
The next step in hacking is where an attacker uses all means to get unauthorized access to the
target’s systems, applications, or networks. An attacker can use various tools and methods to
gain access and enter a system. This hacking phase attempts to get into the system and exploit
the system by downloading malicious software or application, stealing sensitive information,
16
getting unauthorized access, asking for ransom, etc. Metasploit is one of the most common tools
used to gain access, and social engineering is a widely used attack to exploit a target.
Ethical hackers and penetration testers can secure potential entry points, ensure all systems and
applications are password-protected, and secure the network infrastructure using a firewall.
They can send fake social engineering emails to the employees and identify which employee is
likely to fall victim to cyberattacks.
4. Maintaining Access
Once the attacker manages to access the target’s system, they try their best to maintain
that access. In this stage, the hacker continuously exploits the system, launches DDoS
attacks, uses the hijacked system as a launching pad, or steals the entire database. A
backdoor and Trojan are tools used to exploit a vulnerable system and steal credentials,
essential records, and more. In this phase, the attacker aims to maintain their
unauthorized access until they complete their malicious activities without the user finding
out.
Ethical hackers or penetration testers can utilize this phase by scanning the entire
organization’s infrastructure to get hold of malicious activities and find their root cause to
avoid the systems from being exploited.
5. Clearing Track
The last phase of ethical hacking requires hackers to clear their track as no attacker wants to get caught.
This step ensures that the attackers leave no clues or evidence behind that could be traced back. It is
crucial as ethical hackers need to maintain their connection in the system without getting identified by
incident response or the forensics team. It includes editing, corrupting, or deleting logs or registry values.
The attacker also deletes or uninstalls folders, applications, and software or ensures that the changed
files are traced back to their original value.
In ethical hacking, ethical hackers can use the following ways to erase their tracks:
17
CHAPTER 4
SYSTEM IMPLEMENTATION
Ethical hacking represents a wide field of responsibilities. Like every field, there are multiple
domains that can take years to master. For example, some ethical hackers focus on vulnerability
assessment (VA) while others focus on penetration testing.
In general, the following are some of the most common responsibilities that an ethical hacker
will have:
Want to learn more about the most common breaches, attacks, and vulnerabilities? Check out
our Guide to Cyber Security for an introduction.
Other than basic programming skills, there are hundreds of tools that ethical hackers use to test
sites and applications. Many of the most popular tools are open source and require advanced
programming skills. Let’s take a look at the top tools used by ethical hackers.
18
Code security and analysis: Kiuwan is a common application security too used to analyze
code and code security. For example, you can use this to create action plans for
remedying a vulnerability.
Create custom plugins: Ettercap is a cross-platform tool for creating custom plugins. This
helps with overall network security for man-in-the-middle attacks.
Port scanner: Nmap is a security and port scanner that can be used to explore networks.
It is popular for detecting hosts on a network and any packet filters.
Mimic a hacker: Netsparker is ideal for ethical hackers. It mimics a hacker’s move to
identify SQL injections and cross-site scripting.
Scan a web server: Nikto can be used to scan a web server for dangerous files, version
issues, and more. It can check for over 6,700 dangers.
Password cracker: The most popular password cracker is Jack the Ripper. It detects weak
UNIX passwords and can perform dictionary attacks.
So, we know what an ethical hacker is, and we understand what the job entails. But how do you
actually become an ethical hacker or pen tester?
19
CHAPTER 5
Ethical hacking is the gaining of unauthorised access to data in one or more computers, performed by a
company or individual to help identify potential threats on a computer or network.
An ethical hacker attempts to bypass the security of system and search for any weak points that could be
prone to exploitation by malicious hackers. This information is then used by the person or organization
that hired the ethical hacker, to improve the system security, in an effort to minimize or eliminate any
potential attacks.
Ethical hackers are also called white hat hackers and hackers with malicious intent are also called black
hat hackers.
For hacking to be considered ethical, the ethical hacker must obey the following rules:
1.Expressed and preferably written permission to hack the network and to identify potential security
risks.
2. Respect the individual's or company's privacy.
3. Close out your work, not leaving anything open for you or someone else to exploit at a later time.
4. Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in
their software or hardware, if not already known by the company.
Courses In India
To become an ethical hacker, a bachelors degree in a computer related discipline like BE in Computer
Engineering, Bachelors in Computer Applications, will help, though not mandatory.
Ethical hacking is mainly taught as certifications in India and abroad.
Certifications In India
1. Certified Ethical Hacker offered by EC-Council. (http://www.eccouncil.org/)
20
2. Certified Hacking Forensic Investigator Certifications offered by of EC-Council.
(http://www.eccouncil.org/)
3. GIAC Certified Intrusion Analyst (GCIA)
4. GIAC certified forensic analyst (GCFA)
5. GIAC Certified Penetration Tester (GPEN) offered by SAN (Security, Audit and Network)
6. NIIT (http://www.niitethicalhacking.com)
7. Indian School of Ethical Hacking (https://www.isoeh.com/) The above certifications have a duration
from few weeks to 6 months.
IT firms are the main recruiters of ethical hackers. They can also be required by financial service
providers, airlines, retail chains and hotels.
In addition, government agencies such as various wings of the military and law enforcement, defence
organisations, forensic laboratories, detective companies and investigative services offer challenging roles
for ethical hackers.
Some skilled hackers work for investigative agencies like the Central Bureau of Investigation, the National
Security Agency and the Federal Bureau of Information.
Some large organisations employ security testers and others use contractors to audit their systems.
Graduates can set up their own companies offering ethical hacking services. Companies such as Wipro,
Infosys, IBM, TCS, Tech Mahindra, HCL, Airtel, Reliance and many more are also looking for good ethical
hackers.
Designations that are used for this profile include Network Security Systems Manager, Network Security
Administrator, Systems/Applications, Security Executive, Web Security Administrator, Web Security
Manager, etc.
21
CHAPTER 6
Ethical Hacking also known as Internet Security is very different from traditional Security. Internet
security is more on a proactive basis as compared to traditional security. While traditional security is
based on catching the criminals, internet security has Ethical Hackers that try to hack into a
company/organization before an 'attack' so they are able to find any weak links. Ethical Hackers are hired
by companies to hack their own respective company and be able to identify any loopholes where an ill-
intentioned hacker could create damage so that the company can buff its security and cover the cracks.
They use their creativity and skills to make the internet world of a company a foolproof and safe place for
both the owners and the clients. These 'Cyber Cops' prevent Cyber Crimes and protect the cyber space.
The ethical hack itself poses some risk to the client: Criminal hacker monitoring the transmissions of
22
CHAPTER 7
APPENDICES
try:
Except:
quit()
Let’s write the program to compare the hashes of different words which are found in this file.
enc_wrd = word.encode(‘utf-8’)
digest = hashlib.md5(wnc-wrd.strip()).hexdigest()
Now the hash is created the next step is to compare it with all the other sort of hashes.
if digest == pass_hash:
print(“Password found”)
print(“password is “ + word)
flag=1
break
If the hash matches with the word it will print the password and breaks the loop. This will happen
only if the password is found in the list. So for the other way we need to create a flag which says
1.
if flag == 0:
23
If the flag is still set to 0 after checking the whole list the above line will be printed. Now our code
is ready. Save the program and run it.
To run the program open command prompt in the file location and start the program give the
hash name and the dictionary file name. Now the program will start comparing the list and
displays you the password.
Also, try giving the wrong hash file which will give the output as no password found. This project
is for learning purpose only never misuse it.
The most obvious benefit of learning ethical hacking is its potential to improve and inform on how a
corporate network is defended. For any organization, when it comes to Cyber Security, the primary threat
is a black hat hacker. And by learning how they operate, it can help defenders identify and prioritize
potential menaces. Practically, it is not possible to remove all the attacks from a network. But with ethical
hacking skills, Cyber Security professionals will be able to minimize the impact of the potential threat and
assign limited resources that reduce the chances of a successful attack. Training in ethical hacking can
By ethical hacking into the system, you can learn about ample security options, which otherwise might
have resulted in security breaches. With the right approach, you can know about the best security
Learning all these concepts would not only be used in your professional career but also when you decide
24
3. Helps with Development and Quality Assurance
Whenever a new product is developed, stakeholders often neglect its security testing due to a time
crunch, which at times leave the software vulnerable to theft and hacking. But if there is an ethical hacker
on board, the security testing can be performed quickly, efficiently and comprehensively with the best
industry practices. Beyond this, learning ethical hacking can help with studying tools, created by hackers
and quality assurance testers to expedite the remediation of common vulnerabilities. Moreover, by
knowing about these tools, developers can acquire knowledge about coding errors that should be
avoided.
According to INFOSEC Institute, the average salary for a Certified Ethical Hacker is $71,331 per annum. If
you learn Ethical Hacking, your chances of securing a career in Cyber Security will increase, an industry
which will be recruiting 3.5 million unfilled cybersecurity jobs globally by 2021. On top of it, the demand
for Cyber Security professionals is more than the supply. And that’s perhaps the reason why the
companies are readily paying a handsome salary to recruit for their Cyber Security team to protect their
As an ethical hacker, you have the liberty to work for whichever industry you want. You can work for one
of the Fortune 500 or even start a small venture on your own. Moreover, for those who aspire to travel
the world, ethical hacking might be the right start. The reason being that on the global scale, Cyber
attacks are on an all-time ride and are outpacing the supply of ethical hackers. Thus, there are plenty of
25
CHAPTER 8
REFERENCES
[1] http://www.articlesbase.com/security-articles/ethicalhacking-an-introduction-402282.html
[2] http://www.ehacking.net/2011/06/top-6-ethicalhacking-tools.html#sthash.nszGZw4y.dpuf
http://www.owasp.org/index.php/Web_Application_Pen e tration_Testing.
[4]http://www.corecom.com/external/livesecurity/pen test.html
[5]http://www.networkdefense.com/papers/pentest.ht ml
[7]http://www.infosecinstitute.com/blog/ethicalhacking _computer_forensics.html
[8]http://searchnetworking.techtarget.com/generic/0,2 95582,sid7_gci1083715,00.html
[9]http://www.owasp.org/index.php/Testing:_Informati on_Gathering
26