Term Paper

On

ETHICAL HACKING

Submitted to

Amity Institute of Information Technology

Guided By: Submitted By:
Dr. Monika Sharma Yatin Sengar
A1004820014

Amity Institute of Information Technology

AMITY UNIVERSITY NOIDA, UTTAR PRADESH
 Declaration

I, Yatin Sengar, student(s) of BCA (2020-23)hereby declare that the term paper titled
“Ethical Hacking” which is submitted by me to Amity Institute of Information
Technology Amity University Uttar Pradesh, Noida, in partial fulfilment of
requirement for the award of the degree of BCA(2020-23)has not been previously
formed the basis for the award of any degree, diploma or other similar title or
recognition.

The Author attests that permission has been obtained for the use of any copy righted
material
appearing in the Dissertation / Term Paper report other than brief excerpts requiring
only
proper acknowledgement in scholarly writing and all such use is acknowledged.

Signature
Yatin Sengar
30/07/2021
Date Name and Signature ofStudent(s)
 CERTIFICATE

On the basis of declaration submitted by Yatin Sengar, student(s) of BCA(2020-23) I

hereby certify that the term paper titled “Ethical Hacking” which is submitted to
Amity Institute of information Technology, Amity University Uttar Pradesh, Noida, in
partial fulfillment of the requirement for the award of the degree of BCA(2020-23) is
an original contribution with existing knowledge and faithful record of work carried
out by him/them under my guidance and supervision.

To the best of my knowledge this work has not been submitted in part or full for
any Degree or Diploma to this University or elsewhere.

Dr. MonikaSharma
10/06/2020
Date

Name and Signature of Guide)

Amity Institute of Information Technology

Amity University Uttar Pradesh, Noida

 ACKNOWLEDGEMENT

The satisfaction that accompanies that the successful completion of any task would be
incomplete without the mention of people whose ceaseless cooperation made it possible, whose
constant guidance and encouragement crown all efforts with success. I would like to thank Prof
(Dr)AJAY RANA, Head of Department AIIT, and Amity University for giving me the
opportunity to undertake this project. I would like to thank my faculty guide Dr MONIKA
SHARMA who is the biggest driving force behind my successful completion of the project. She
has been always there to solve any query of mine and also guided me in the right direction
regarding the project. Without her help and inspiration, I would not have been able to complete
the project. Also I would like to thank my batch mates who guided me, helped me and gave
ideas and motivation at each step.

YATIN SENGAR
 AMITY UNIVERSITY

UTTAR PRADESH

Amity Institute of Information Technology

TERM PAPER

Student Name :-YATIN SENGAR

Enrollment No:-A1004820014

Program:- Bachelor of Computer Applications

Company name & Address:- Amity Institute Of Information Technology,Noida Sector-125,Uttar Pradesh

Guide Name:-Dr Monika Sharma

Designation:-Associate Professor

Contact no.:-

Fax:-

E-mail:-msharma5@amity.edu

Project Information

1) Project Duration: (26 Days)

a)Date of Summer Internship commencement (5/07/2021)

b) Date of Summer Internship Completion (31/07/2021)

2) Topic :- Ethical hacking

3) Project objective :- Hacking generally refers to unauthorized intrusion into a computer or a network. The
person engaged in hacking activities is known as a hacker. Ethical hacking involves finding weaknesses
in a computer or network system for testing purpose and finally getting them fixed. Ethical hacking
is also known as penetration testing, intrusion testing, or red teaming.

Cyber security refers to the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be
referred to as information technology security

4) Brief Summary of project:- Hackers thus have an essential function to play in modern society since they
cut down the danger of malicious attacks on computers using the exact same practices that are used by
crackers. Although you might not be a computer hacker, I am certain you know the sort of destructive
activities, these people are involved in. There will be a number of unique approaches taken much like a
true hacker would utilize. Certified Ethical Hackers are a smart investment for virtually any company
seeking to upgrade and fortify their on-line security measures. For people who are technically restrained
or financially incapable of employing a professional ethical hacker, step one is recommended since it is
very easy to carry out

Signature Signature Signature

(Student) (Industry Guide) (Faculty Guide)

s.no CONTENT OF RESEARCH page no.

1 ABSTRACT 1

2 INTRODUCTION 2

3 HACKERS 3

3.1 WHITE HAT HACKERS 4

3.2 GREY HAT HACKERS 4

3.3 BLACK HAT HACKERS 4

4 LAWS FOR HACKERS 5

4.1 LAWS FOR WHITE HAT HACKERS 6

4.2 LAWS FOR GREY HAT HACKERS 7

4.3 LAWS FOR BLACK HAT HACKERS 8

5 LAWS OF GREY HAT HACKING IS DIFFERENT FROM ETHICAL HACKING AND WHAT IS THE
9
GAPS ?(CASE STUDY)

6 PROPOSED LAWS WITH THE HELP OF ARTIFICIAL INTELLIGENCE FOR PROTECTING GREY HAT HACKERS
10
WHEN HE/SHE BREAK SYSTEM FOR SAKE OF GOOD (CASE STUDY)

7 TOOLS USED BY ETHICAL HACKERS 11

7.1 NMAPS 11

7.2 METASPLOIT 12

7.3 BURPSUIT 12

7.4 NETWORK STUMBLER 12

8 METHODOLOGY OR THE TRAIL FOLLOWED BY THE HACKERS 13

8.1 RECONNAISSANCE 14

8.2 SCANNING 14

8.3 GAINNING CONTROLL 14

8.4 LOG CLEARING 14

9 NEED OF ETHICAL HACKERS IN THE INDUSTRY 15

10 LINUX OPERATING SYSTEM 16

11 TYPE OF ATTACKS 17

11.1 PHISING 17

11.2 DENIAL OF SERVICE 17

11.3 MAN IN THE MIDDLE 17

11.4 WI-FI 17

12 METHOD UTILIZED BY HACKERS TO HACK WI-FI ROUTERS 18

13 CHALLENGES IN THE INDUSTRY OF THE ETHICAL HACKERS 19

14 PROPOSED SOLUTION 20,21

15 CONCLUSION 22

16 REFERENCES 23
 ABSTRACT
As nowadays all the data is obtainable online, an oversized number of users are accessing it, a
number of them use this information for gaining knowledge and a few use it to grasp a way to
use this information to destroyor steal the information of internet sites or databases without
the knowledge of the owner. the aim of this paper isto tell what's hacking, who are hackers,
what's ethical hacking, what's the code of conduct of ethicalhackers and what they have of
them. atiny low introduction to Linux OS is given during this paper. All the techniques are
performed on the Linux software named Kali Linux. After this, some basic hacking attacks
covered within the paper are (Man within the Middle Attack), Phishing Attack, DoS
Attack(Denial of Services Attack). Further what's Wi-Fi, what are the techniques employed in
the Wi-Fi protection, and also the methods employed by the hackers to hacks Wi-Fi passwords
are covered within the paper.

1
 INTRODUCTION
As engineering advances, it's its darker side also; HACKERS. In today's world, the dimensions of
the web is growing at a awfully fast rate, an outsized amount of information is moving online,
therefore,data security is the major issue. the net has led to the rise within the digitization of
assorted processes like banking, online transaction, online money transfer, online sending and
receiving of assorted varieties of data, thus increasing therisk of knowledge security. Nowadays
an outsized number of companies, organizations, banks, and websites aretargeted by the
assorted styles of hacking attacks by the hackers. Generally, after hearing the term hacker weall
think about the bad guys who are computers experts with bad intentions, who try and steal,
leak or destroysomeone's confidential or valuable data without their knowledge. they're the
persons with very highcomputer skills who try and forced an entry some other person security
for gaining access to their personalinformation, but all the time it's not like that. to beat the
chance of being hacked by the hackers wehave Ethical Hackers within the industry, who also
are computer experts rather like the hackers but with goodintentions or bounded by some set
of rules and regulations by the assorted organizations. These are thepersons who attempt to
protect the web moving data from the varied attacks of the hackers and keeping it safewith the
owner.

2
Hackers: -
The term HACKER in standard media is employed to explain somebody WHO breaks in to
somebody else's security exploitation bugs and exploits or use his skilled information to act
fruitfully or maliciously. Hackers ar the pc specialists in each hardware likewise as code. A
hacker may be a laptop enthusiast and master during a programming language, security, and
networks. He is kind of person WHO loves to learn numerous technologies, details of the pc
system and enhances his capability and skills. in keeping with the manner of operating or
supported their intensions HACKERS may be classified into 3 terms.

3
1. White Hat Hackers: - A white hat hacker may be a laptop security specialist that breaks
into and notice loopholes within the protected networks or the pc systems of some
organization or company and corrects them to enhance the security. White Hat Hackers use
their skills and information to safeguard the organization before malicious or dangerous
hackers notice it and build any damage to the company or the organization. White Hat Hackers
ar the approved persons within the business, though the ways employed by them or kind of like
those of dangerous hackers however they need permission from the organization or the
corporate WHO hires them to try to thus.

2. Black Hat Hackers: - A Black Hat Hacker conjointly called a “Cracker” may be a
constituent and code skilled WHO breaks into the safety of somebody with malicious intent or
dangerous intentions of stealing or damaging their necessary or secret data, compromising the
safety of massive organizations, motion down or sterilization functions of internet sites and
networks. They violate the pc security for his or her personal gain. These ar persons WHO
usually needs proves their intensive information within the computers and commits numerous
cybercrimes like identity stealing, mastercard fraud etc.

3. Grey Hat Hackers: - a gray Hat Hacker may be a laptop hacker or security skilled WHO
typically violates the laws however doesn't have any malicious intentions just like the black hat
hackers. The term gray Hat comes from the Black Hat and also the White Hat because the white
hat hackers finds the vulnerabilities within the automatic data processing system or the
networks and doesn't tells anybody till it's being mounted, whereas on the opposite hand the
black hat hackers illicitly exploits the pc system or network to search out vulnerabilities and
tells others the way to do thus whereas the gray hat hacker neither illicitly exploits it nor tells
anybody the way to do thus. gray Hat Hackers represents between the white hat hackers WHO
operate to maintain system security and also the black hat hackers WHO operate maliciously to
exploits laptop systems

4
 LAWS FOR HACKERS
LAWS FOR WHITE HAT HACKERS:-

Constitutional liability
The enlarged compass of Article twenty one of the Indian charter gives Right to Privacy to its
voters. Hacking into a person’s belongings or stealing their paintings can be a contravention in
their Right to Privacy sure to them through the charter.

Criminal liability

Section 441 of IPC: Criminal Trespass

A man or woman enters into the belongings of every other even as now no longer his
permission to be able to trouble that man or woman in playing his belongings is said to own
devoted crook trespass and may be answerable for penalty under this segment. “Websites”
have their foundation in the belongings and consequently this segment applies to that
conjointly. So, if a person accesses the net webweb page illicitly i.e. even as now no longer the
permission of the owner, this may be the case of trespass and he are responsible under this
segment.

Cyber frauds (Section 420), electronic mail spoofing (Section 463), inflicting libellous messages
through electronic mail (Section 499) etc.

5
LAWS FOR BLACK HAT HACKERS:-
Laws and consequences towards black hat hacking

U.S. regulation will penalize black hat hackers underneath form of computer crime statutes and
nation and federal legal guidelines, with consequences like being charged with absolutely
distinctive classes of misdemeanors and felonies that include fines, prison time or every. Some
splendid legal guidelines include the computer Fraud and Abuse Act and consequently the
Electronic Communications Privacy Act.

These legal guidelines commonly disallow an person from accomplishing the following acts
even as now no longer authorization:

.)having access to a blanketed computer, machine or network;

.)enhancing or revealing information persisted a computer;

.)transmitting malicious code in order to interrupt the machine or information persisted it;

.)having access to a computer with goal to defraud; and

.)trafficking computer passwords.

The time period blanketed computer is huge in scope, regarding a computer applied through, as
an example, a status quo or the U.S. authorities for trade or interstate and overseas
communication.

6
LAWS FOR GREY HAT HACKERS:-
In maximum instances, gray hats provide precious records to groups. but, the network of white
hats — and a ways of the cyber world — do not study their methods as ethical. gray hat hacking
is illegitimate, due to the fact the hacker has now no longer acquired permission from a
business enterprise to try and infiltrate their structures.

7
Is it felony for a company to prosecute a non-public for finding a
vulnerability after they on reason bad in, gray-hat style, but they
induced no damage? How isn't like moral hacking?(CASE STUDY)
.) For starters, it abundantly relies upon on but the vulnerability turned into discovered.
supported the framing here, there has been partner diploma goal to get right of entry to a ADP
machine at the a ways aspect what turned into authorized, that isn't always ethical no matter
the (apparent) loss of hurt. As partner diploma analogy, jaywalking and homicide are every
illegal, but one can be a mickle worse than the other. consequently the through desire
unauthorized get right of entry to isn't always moral, however the severity of the violation
relies upon on numerous factors.

.) One motive that this movement isn't always moral is due to the fact it's miles not possible for
the person to know, earlier, that no damage will result. His goal turned into to apply this
unauthorized get right of entry to to spread throughout the globe and depend the amount of
machines at the Internet. As a consequences of a worm in the logic, structures crashed
worldwide, causing severa bucks in losses. it is probably a blunder to endorse that this
computer virus turned into virtuously desirable at first, until the harm have become apparent.

.) Returning to the real case, arguing the intentional break-in become ok because of the reality
there was no harm is clearly utilitarian moral luck; it’s a very unsuitable premise for ethical
reasoning. The unauthorized get right of entry to become now not ethical because of the
reason to byskip other’s protection mechanisms (which they've got a right to employ) and it
posed the possibility of causing harm

.) Starting from that aspect the man or woman committed an ethical violation through manner
of way of breaching every other’s machine, does that company have an ethical argument need
to it decided on to retaliate, probable through manner of way of pressing charges? In the past,
some corporations or groups have reacted with draconian fury at the slightest breach. Others
have take a greater measured response that is commensurate to the goal; in reality, many
corporations eparticularly have computer virus bounty programs for this very reason and
welcome the disclosures. The reaction one is probably to gain can variety quite a bit and is
predicated upon on that unique company’s views on the subject.

8
.) In general, there can be little ethical help to poke spherical at random systems in an try and
discover vulnerabilities. It is tough to make the case required that there can be a compelling
public need for such attempts at discovery as is wanted with the useful resource of the usage of
Principle 2.8. Students wishing to move into this location of data safety need to are looking for
first rate mentors and academic advisors who can oversee and guide their artwork in a way that is
consistent with Principles 2.1, 2.2, 2.3, 2.4, 2.5, and 2.6). One need to continuously are
looking for permission to try and breach a machine’s safety BEFORE the attempt (Principles 1.3
and 2.2). If the enterprise or enterprise says no, recognize that desire and byskip on. If you do
now not are looking for permission earlier of time, there can be no way for an enterprise to
determine whether or not or now no longer your actions are malicious or benign, specifically if
harm does occur.

9
PROPOSED LAWS WITH THE HELP OF ARTIFICIAL INTELLIGENCE FOR PROTECTING
GREY HAT HACKERS WHEN HE/SHE BREAK SYSTEM FOR SAKE OF GOOD (CASE
STUDY).

.) When a grey hat hacker break down a system for a sake of good than is it appropriate to
imposed charges against grey hat hackers ?
I guess it is totally wrong to imposed a charges against grey hat hackers when he break down a
system for sake of good we need find some conclusion or laws for grey hat hackers to protect
them from these type of charges.
Let’s began for proposed some solution.

.)When a grey hat hacker break a system in a white hat style so there should be no charges
imposed against grey hat hackers.

.)When it is identified that the grey hat hacker doing smothing fruitful for securing a system . Than
there must be a law for protecting the rights of the grey hat hackers.

BUT BUT BUT……. The question arise is that how we find that the grey hat hacker doing a good job
and secure a system or break a system for the sake of good. Let’s draft some solution.

.)We need to make a system with the help of artificial intelligence to find that the grey hat hacker
doing a good job and secure our system there is no intention of grey hat hacker to make harm of
our system, So after filtering all these processes we need to check the grey hat hacker is guilty or
not if found not guilty than there is no charges imposed against them.

.)So it should be identified with the help of A.I bots and than accordingly action would be taken.
There should not be a punishable offend if the grey hat hacker doing for the sake of good.

.)So above points are taking into a consideration and there is a need to make a strong law for
protecting grey hat hacker when there intention is good and they break a system for the sake of
good.

10
 TOOLS USED BY ETHICAL HACKERS
NMAP:-
Nmap stands for Network plotter. it is companion open deliver device it's used huge for
community discovery and safety auditing. Nmap become in the beginning designed to
experiment big networks, but it'll paintings similarly properly for unmarried hosts. Network
administrators moreover comprehend it useful for responsibilities like community inventory,
dealing with carrier improve schedules, and remark host or carrier period.

Nmap makes use of uncooked data processing packets to see −

what hosts ar accessible at the community,

what offerings the ones hosts ar giving,

what operative structures they are jogging on,

what fashion of firewalls ar in use, and opportunity such characteristics.

Nmap runs on all important computer operative structures like Windows, Mac OS X, and Linux.

Metasploit
Metasploit is one a number of the predominant effective take advantage of equipment. It’s a
manufactured from Rapid7 and maximum of its assets is located at: World Wide
Web.metasploit.com. It is available in 2 variations − enterprise and loose edition. Matasploit is
used with digital communique or with internet UI.

With Metasploit, you will be capable of carry out the following the following

Conduct fundamental penetration assessments on little networks

Run spot assessments at the exploitability of vulnerabilities

Discover the community or import experiment data

Browse take advantage of modules and run person exploits on hosts

11
Burp Suit

Burp Suite can be a popular platform it's huge used for hobby safety trying out of net packages.
it is numerous equipment that employment collectively to aid the whole trying out technique,
from preliminary mapping ANd evaluation of an application's assault surface, thru to locating
and exploiting safety vulnerabilities.

Burp is simple to apply and presents the administrators complete control to combine superior
guide strategies with automation for reasonably-priced trying out. Burp may be truly designed
and it includes alternatives to assist even the most veteran testers with their paintings.

Network Stumbler
Network stumbler can be a neighborhood vicinity community scanner and looking device for
Windows. It lets in community experts to note WLANs. it is huge hired with the aid of using
networking fanatics and hackers because of it enables you find out non-broadcasting wi-fi
networks.

Network Stumbler may be accustomed confirm if a community is properly designed, its sign
electricity or coverage, and note interference among one or a whole lot of wi-fi networks. It
additionally may be accustomed non-legal connections.

12
Now the method or the path accompanied with the aid of using the Hackers is
as follows: -

13
Reconnaissance: - the technique of assembling information concerning the goal machine is
called reconnaissance assignment. the technique consists of locating vulnerabilities withinside
the computing machine, which suggests locating the approaches in which vicinity unit left
vulnerable. The greater technique of hacking is carried with the aid of using the hacker if the
hacker unearths any way to get entry to the machine. At the pinnacle of the reconnaissance
assignment phase the hacker functions a group of information exploitation that he's going to
assemble a promising assault at the goal machine.

Scanning: - Before the assault hacker wants to draw close what machine is up, what packages
vicinity unit used, what vicinity unit variations of the packages. In scanning, searching out of all
open, further as closed ports, is finished shows that locating a few manner to go into the
machine. It consists of getting goal’s data processing address, person debts etc. for the duration
of this phase the information amassed withinside the reconnaissance assignment phase is hired
to have a take a observe the community and equipment like Dialers, Port scanners etc. are
used. Nmap is that the in fashion, effective and freely presented equipment hired in scanning.

Gaining Controll: - that is frequently the $64000 part of the hacking method anyplace the
information amassed withinside the preceding 2 stages is hired to go into and lead of the goal
machine thru the community or physically. This phase is conjointly cited as “Owning the
System”. Adjustments withinside the machine in such a few manner that the alternative safety
non-public or the alternative hacker would not get the access into the machine into this is
hacked. that is frequently subjects for the duration of which the attacked machine is known due
to the fact the “Zombie System”.

Log Clearing: - it is the approach of putting off any leftover log documents or the alternative
styles of evidences at the hacked machine from that the hacker may be stuck. There vicinity
unit severa equipment withinside the ethical hacking strategies from that a hacker is stuck like
penetration trying out. whilst studying concerning hacking and the sun sunglasses of hackers
there have to be a few technique or a few approach of defensive the computer machine or the
computer networks kind the malicious hackers, so the terms “Ethical Hacking” and “Ethical
Hackers” got here into the trade.

14
Need Of Ethical Hackers within the Industry: -
As each organisation has its own data which might be hacked by the malicious hackers or is
broken by them so so as to guard that information the organisations heir moral hackers and
permit them to hack their own systems ethically any realize flaws or loopholes in their systems
and proper them before any hacker hacks it. currently beginning with some hacking attacks
performed by the hackers over the net. Before that there's would like of knowing UNIX system}
operating systems and what square measure their use in playacting hacking attacks.

15
 LINUX operating system :-
As the name tells it's AN OS similar to the windows and mack. AN OS is AN interface between
the user and the pc hardware, it manages all the hardware resources on the market with the
pc. In the laptop system AN OS is needed for operating of numerous applications. in contrast to
Microsoft Windows and mack operational systems the UNIX system} square measure the open
supply operating systems because it is distributed underneath open supply license. it's safer
than the windows and has terribly less range of viruses illustrious which is able to hurt UNIX
operating system OS. a number of the UNIX system} operating systems square measure
Ubuntu, Kali Linux, Fedora, UNIX operating system Mint etc.

16
 TYPES OF ATTACKS:-
Phishing: - Phishing is a cyber-attack or say a web fraud during which the hacker tries to
realize some non-public or secret data from the victim like secret, login data, mastercard
numbers, email ids, on-line banking pin numbers etc. it's done by causing faux emails or
making faux websites that appearance terribly just like the first ones.

Denial of Services(DoS): -It is a kind of cyberattack in that the attacker’s aim is to build
a machine, web site or a network resource unavailable for its finish users quickly or for
Associate in Nursing indefinite period and disrupting the services of a bunch connected to the
web. This attack is essentially done by flooding the target web site, server or the machine with
a awfully sizable amount of requests and creating it full, so the target is unable to fullfill most or
all of the requests. The DoS attacks will last for days, weeks or maybe for months. The
attacker’s speed of causing requests to the target server or the web site is extremely quick in
many hundred of mbps or gbps

Man within the Middle Attack: - the person within the middle attack is that the attack
during which the assailant tries to enter in between the language of 2the 2} parties or two
devices and may access all the data sent and received by them. In this attack, the sender ANd
the receiver assume that they square measure connected through the first affiliation however
it's not that because the assailant makes an freelance reference to each the victims, will access
the data within the middle, and may alter it. Here the MiTM attack is roofed in kali Linux
victimisation Ettercap Tool

Wi-Fi: - Wi-Fi stands for WLAN. it's a technology, that uses radio waves to produce wireless
network property to varied devices obtainable among its vary. The vary of Wi-Fi depends on the
Wi-Fi routers. Generally, it's aforesaid the vary of Wi-Fi ranges between 46m (indoor) to 92m
(outdoor). currently the 3 main techniques used for Wi-Fi protection area unit WEP (Wired
Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access 2).
The WEP is the most used technique in protective Wi-Fi, these days it's not employed in
protective Wi-Fi as a result of it's terribly weak security customary. The passwords employed in
that will simply be hacked by a computing system. that's why currently WPA and WPA2
security protocols area unit used, during this it uses a 256 bit encoding key for cover.

17
Methods utilized by hackers to hack Wi-Fi routers: -
Earlier the hackers use varied ways for hacking Wi-Fi arcanum like lexicon attack within which a
really massive file is ready containing attainable arcanum or combination of many letters,
numbers and special characters and use this file to hack the Wi-Fi arcanum by choosing every
combination from the file and putting it within the arcanum field, all this can be done by pc
software system and consumes much time and therefore the success rate is incredibly less. the
opposite attack employed by hackers is that the brute force attack within which all doable
characters in capital letter and in small letter and every one the numbers area unit given to the
pc and therefore the ADPS itself makes numerous combination and place them within the
arcanum field and tries to achieve the arcanum, however this attack is incredibly slow and it
fails within the case of special characters. Therefore, today hackers use a very new
methodology of hacking Wi-Fi passwords referred to as Wi-Fi Phishing. this method works for
hacking the arcanum of any Wi-Fi encrypting security. during this technique the hacker blocks
the Wi-Fi affiliation from the initial Wi-Fi router and creates a evil twin or a Wi-Fi hotspot with
identical name, and once the user once more tries to attach to the Wi-Fi it connects to the faux
one then a page prompts on the user screen speech that some updates area unit created within
the security and asks to enter the arcanum. because the user enters the arcanum, it directly
goes to the hacker.

18
 ETHICAL HACKING CHALLENGES
Capacity Challenges:
Another assignment is acting the vital pen trying out for you to examine thelevel of protection and
immunity of a given enterprise in opposition to cyber-assaults, particularly in phrases of
riskmanagement . The ability is primarily based totally at the confined skilled manpower, and the
to be had resources,used to carry out the pen trying out technique(s) and assault(s). Therefore,
that is some other assignment that calls for adeeper cognizance and attention.
Cost Challenges:
The fee of acting a pen trying out assault isn't always cheap. However, it's far vital to avoidany
exploitation of any vulnerability or protection gap . In fact, pen trying out is split into principal
steps.The first one calls for the identification of already present exploitable vulnerabilities which
calls for a definedcost. The subsequent step is primarily based totally at the cappotential to
provide safety features to in addition shield the system, which alsorequires a further fee.
Legal Challenges:
Many prison demanding situations additionally surround the moral hackers, together with the
moral hacking aswell. In different phrases, moral hackers do now no longer carry out their pen
trying out with out signing a prison report calledthe Non-Disclosure Agreement (NDA). This
additionally calls for notifying the specified government so their trying out isnot classified as a
cyber-crime. Therefore, with out the signing of prison processes, moral hackers threat beinglegally
prosecuted and arrested [204].
Heterogeneous Challenges:
Such heterogeneous demanding situations are primarily based totally on unique moral hacking
groupsperforming unique pen trying out assaults and brands from their views and skills [204].
Though it isimportant and vital, an exploitable vulnerability identified with the aid of using one
moral hacking team, won't beidentified with the aid of using some other moral hacking team, and
vice versa. Therefore, the selection of the proper moral hackingteam to carry out the proper and
vital pen trying out is particularly of difficult assignment and assignment.
Knowledge Challenges:
Knowledge demanding situations are primarily based totally at the cappotential of moral hackers
to carry out theirpen trying out in opposition to exploitable vulnerabilities and protection gaps.
This consists of software program bug, misconfigurationor different bugs (i.e hardware,
configuration, or coding). However, their pen trying out and understanding are primarily based
totally onthe cappotential to perceive and triumph over the handiest already present assaults. In
different phrases, pen trying out is unableto hit upon new assaults this sort of zero-day assaults [2.
This is because of those assaults being primarily based totally on exploitinga vulnerability that
became now no longer detected with the aid of using moral hackers who had been engaging in
their pen trying out. This alsoincludes the birthday assault [206,207] in a way, that's pretty just like
zero-day. This is done, in additionto the presence polymorphic malware [208] and crypting
offerings that maintain on converting their signature andbehaviour patterns. Thus, their
identification and mitigation system is turning into severely challenging. Thisis all because of their
cappotential to keep away from and prevent being detected with the aid of using intrusion
detection systems, firewalls and anti-viruses.

19
 PROPOSED SOLUTION

To start with there's no best answer but for securing some thing at the internet.
sure there are a few answers through which we will save you ourself from a few
assaults…
due to the fact there are extraordinary varieties of assaults and for those
extraordinary assaults there are extraordinary answers.
for instance in case you need to shield your self from phishing assaults then do now
no longer login anywhere with out checking carefully.
in case you need to shield your self from DoS assault then use cookies and many
others .

Diagram Which Show the proposed solution for preventing from hacking

20
 Let’s see how we protect ourself from different type of attacks.

1)Malware:-
Keep your laptop and software program updated.
Use a non-administrator account on every occasion possible.
Think two times earlier than clicking hyperlinks or downloading anything.
Be cautious approximately commencing electronic mail attachments or images.
Don't agree with pop-up home windows that ask you to down load software
program.
Limit your file-sharing.

2)Phishing:-
Be careful approximately all communications you receive. If it seems to be a
phishing communication, do now no longer respond. Delete it. You also can ahead it
to the Federal Trade Commission at
Do now no longer click on on any hyperlinks indexed withinside the e-mail message,
and do now no longer open any attachments contained in a suspicious e-mail.
Do now no longer input private statistics in a pop-up screen. Legitimate companies,
agencies, and agencies do not ask for private statistics through pop-up screens.
Install a phishing clear out out for your e-mail utility and additionally for your
internet browser. These filters will now no longer preserve out all phishing
messages, however they may lessen the quantity of phishing attempts.

3)Password attack:-
Pen test method
Use multi-Factor aunthentication(MFA)
Enforce and manage strong password
Always maintain strong password

4)Main in the middle attack:-

Use a VPN
Only visits HTTPS websites
Watch out for phishing scams

21
 Conclusion: -
The complete world is moving towards the improvement of technology, and a lot of and a lot of
conversion of the important world processes, with this the danger of security will increase.
This paper delineate the operating of malicious hackers or loco on one hand UN agency tries to
lawlessly entered the protection and on the opposite hand white hat hackers or moral hackers,
UN agency tries to keep up the protection. As within the computing system, hacking plays an
important role because it deals with either side of being smart or unhealthy. Further, this paper
tells concerning the kinds, working, and varied attacks performed by the hackers. lastly, it
should be aforementioned that moral Hacking may be a tool that once properly used will
facilitate in higher understanding of the pc systems and rising the protection techniques also.

22
 REFERENCES:-
1)https://www.researchgate.net/publication/316431977_Ethical_Hacking_and_Hacking_Attacs

2)www.ijcsit.com/docs/Volume%205/vol5issue03/ijcsit2 0140503161

3)https://www.geeksforgeeks.org/introduction-to-ethical-hacking/

4)https://www.edureka.co/blog/ethical-hacking-tutorial/

5)https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_tools.htm

6)https://www.synopsys.com/glossary/what-is-ethical-hacking.html

7)https://www.eccouncil.org/ethical-hacking/

8)https://www.udemy.com/topic/ethical-hacking/

9)https://searchsecurity.techtarget.com/definition/ethical-hacker

10)https://www.mycaptain.in/workshops/Ethical-Hacking/

11)https://www.guru99.com/ethical-hacking-tutorials.html

12)https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking

13)https://www.greycampus.com/opencampus/ethical-hacking/what-is-ethical-hacking

14)https://www.worldwidejournals.com/

15)https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3670801

23