MOOC BASED SEMINAR REPORT

On

The Complete Ethical Hacking Course

Submitted in partial fulfillment of the requirement for Seminar in 3rd
Semester.
Of
BCA (3rd SEMESTER)
By

Tanisha Pant
Under the Guidance of
Dr. Bhupesh Rawat
(Assistant Professor)

SCHOOOL OF COMPUTING
GRAPHIC ERA HILL UNIVERSITY BHIMTAL

SESSION (2023-2024)
 CERTIFICATE

THIS IS TO CERTIFY THAT TANISHA PANT HAS SATISFACTORILY

PRESENTED MOOC BASED SEMINAR ON THE COURSE TITLE THE

COMPLETE ETHICAL HACKING COURSE IN PARTIAL

FULLFILLMENT OF THE SEMINAR PRESENTATION REQUIREMENT IN 3rd

SEMESTER OF BCA DEGREE COURSE PRESCRIBED BY GRAPHIC ERA

HILL UNIVERSITY DURING THE ACADEMIC SESSION

2023-2024.

MOOCS -Coordinator and Mentor HOD

Dr. Bhupesh Rawat DR.S.K.BUDHANI

SIGNATURE SIGNATURE
 ACKNOWLEDGEMENT
I take this opportunity to express my profound gratitude and deep

regards to my guide Dr. Bhupesh Rawat for his exemplary guidance,

monitoring and constant encouragement throughout the course.

The blessing, help and guidance given by him time to time helped me

throughout the project. The Success and final outcome of this course

required a lot of guidance and assistance from many people And I am

extremely privileged to have got this all along the completion of my

report. All that I have Done is only due to such supervision and

assistance and I would not forget to thank them. I am Thankful to and

fortunate enough to get constant encouragement, support and

guidance from all the People around me which helped me in

successfully completing my online course.

Tanisha Pant

2271322
ETHICAL HACKING AND PENETRATION
TESTING

WEEK I

TERMINOLOGY

WEEK II

LINUX ESSENTIAL

WEEK III

FUNDAMENTALS

WEEK IV

PHISHING AND SOCIAL ENGINEERING

WEEK V

PENETRATION TESTING
WEEK I
 CHAPTER.1
➢ TERMINOLOGY

• Types of Hackers - Black Hat Hacker

White Hat Hacker
Grey Hat Hackers

i. Black Hat Hacker –

Intent: Black hat hackers are individuals or groups who engage
in hacking activities with malicious intent. Their primary goal is
to exploit vulnerabilities in computer systems, networks, or
software for personal gain, financial profit, or to cause harm.
Activities: Black hat hackers often engage in illegal activities,
such as stealing sensitive information, spreading malware,
conducting identity theft, or disrupting computer systems. They
may also be involved in activities like ransomware attacks.

ii. White Hat Hacker –

Intent: White hat hackers, also known as ethical hackers or
security researchers, use their skills to identify and fix
vulnerabilities in computer systems. Their goal is to improve
security and protect against cyber threats.
Activities: White hat hackers work with organizations to conduct
penetration testing, vulnerability assessments, and other security
audits. They use their knowledge to strengthen security measures
and help prevent malicious activities. White hat hacking is legal
and is often done with the consent of the organization being
tested.
iii. Black Hat Hacker –
Intent: Grey hat hackers fall somewhere between black hat and
white hat hackers in terms of intent. Their actions may not be
purely malicious, but they often operate without proper
authorization.
Activities: Grey hat hackers may identify and exploit
vulnerabilities in systems without explicit permission, but they may
also inform the affected parties afterward, providing details on how
to fix the issues. While their intentions may be to help, their
methods can still be considered unethical or illegal.
 • Threats - Viruses
Worms
Ransomwares

i. Viruses –
A computer virus is a type of malware that attaches itself to
legitimate programs or files, infecting them and spreading to
other programs or files when they are executed.

Viruses often require user interaction to spread, such as opening

an infected email attachment or executing a malicious file.

ii. Worms –
Worms are self-replicating malware that can spread across
computer networks without user interaction.

Unlike viruses, worms do not need to attach themselves to

existing programs or files; they can independently execute and
spread to other systems through vulnerabilities in network
protocols or operating systems.
iii. Ransomwares –
Ransomware is a type of malware that encrypts a victim's files
or entire system, rendering them inaccessible.

Attackers demand a ransom, usually in cryptocurrency, in

exchange for providing the victim with the decryption key to
unlock their files.

Ransomware can be delivered through various means, such as

phishing emails, malicious websites, or exploiting software
vulnerabilities.
WEEK II
• LINUX ESSENTIALS –

Linux essentials encompass fundamental concepts and

skills necessary for effectively using the Linux operating
system. Here are some key Linux essentials :

▪ File System Navigation - Commands like ls, cd, pwd for

navigating and working with the file system

▪ File and Directory Operations - Basic file and directory

manipulation commands, such as cp, mv, rm, mkdir, and
rmdir.

▪ File Permissions - Understanding and setting file permissions

using commands like chmod and chown.

▪ Text Editing - Proficiency in a text editor like vi or nano for

creating and editing text files.

▪ User and Group Management - Managing users and groups

with commands like useradd, userdel, groupadd, and
groupdel.

▪ Package Management - Package management tools like apt

(used in Debian-based systems) or yum (used in Red Hat-based
systems) for installing, updating, and removing software
packages

▪ Process Management - Basic knowledge of monitoring and

managing processes using commands like ps, kill, and top.

▪ System Information - Commands such as uname, hostname,

and df to obtain information about the system.
▪ Networking - Basic networking commands like ifconfig, ping,
traceroute, and netstat for network configuration and
troubleshooting.
▪ Shell Scripting - Basic scripting skills using the shell (bash) for
automating tasks and creating simple programs.

▪ System Startup and Shutdown - Understanding how the

system boots up and shuts down, along with knowledge of
runlevels and services

▪ Security - Basics of securing the system, including setting up

firewalls (iptables), configuring user access, and understanding
security policies.
WEEK III
• Fundamentals -

i Network Fundamentals –

In ethical hacking, understanding network fundamentals is crucial

for identifying and addressing security vulnerabilities. This
includes knowledge of networking protocols, IP addressing,
subnetting, routing, switching, firewalls, wireless networks,
network scanning, packet analysis, VLANs, proxy servers, VPNs,
and DNS. Proficiency in these areas allows ethical hackers to
assess and secure networks by identifying and addressing potential
weaknesses.

ii Cryptography Fundamentals -

Cryptography fundamentals in hacking involve understanding

encryption and decryption techniques to protect or compromise
information. Key concepts include symmetric and asymmetric
encryption, hashing, digital signatures, and secure key exchange.
Ethical hackers leverage cryptographic principles to assess and
fortify systems by identifying weaknesses in encryption
implementations or exploiting vulnerabilities in cryptographic
protocols
 iii Web Fundamentals:

HTML, CSS, and JavaScript:

Understand the basics of HTML for structuring web pages.

Learn CSS for styling and layout.
Gain proficiency in JavaScript for client-side scripting.

Web Servers and Protocols:

Understand how web servers work (e.g., Apache, Nginx).

Learn about HTTP and HTTPS protocols.

Web Application Basics:

Understand the basics of web applications and how they interact

with servers.
Study common web application vulnerabilities (e.g., Cross-Site
Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL
injection).

Networking:

Learn the basics of networking, including TCP/IP, DNS, and

HTTP.
Understand how data is transmitted over the internet.

iv Python Fundamentals:

Basic Python Programming:

Familiarize yourself with Python syntax, data types, and control

structures.
Learn about functions, classes, and modules in Python.
Networking in Python:

Explore Python's socket library for network programming.

Understand how to create networked applications in Python.

Web Scraping:

Learn the basics of web scraping using libraries like requests and
BeautifulSoup.
Understand how to extract information from websites
programmatically.

Security Libraries in Python:

Explore Python libraries related to security, such as hashlib for

hashing and cryptography for encryption.

Penetration Testing Tools:

Familiarize yourself with popular penetration testing tools that use

Python, such as Metasploit.

Cybersecurity Concepts:

Gain knowledge of common cybersecurity concepts, including

encryption, authentication, and access control.
WEEK IV
• Phishing and Social Engineering –

Phishing:
Phishing involves sending fraudulent emails, messages, or
websites that appear to be from a trustworthy source. The goal is
to trick the recipient into revealing sensitive information, such
as usernames, passwords, or financial details.

Types of Phishing:

Email Phishing: Attackers send deceptive emails that may

contain links to fake websites or malicious attachments.

Spear Phishing: Targeted phishing attacks where the attacker

tailors the message to a specific individual or organization.

Vishing (Voice Phishing): Phishing attacks conducted over the

phone.

Smishing (SMS Phishing): Phishing attacks conducted via text

messages.

Social Engineering:
Social engineering is a broader concept that involves
manipulating individuals into performing actions or divulging
confidential information. It relies on psychological manipulation
rather than technical exploits.

Common Techniques:

Pretexting: Creating a fabricated scenario to obtain information

or access.
Quid Pro Quo: Offering something in exchange for
information.

Baiting: Leaving a malware-infected device or software in a

place where it's likely to be found.

Impersonation: Pretending to be someone the target knows and

trusts.
WEEK V
• Penetration Testing

Penetration testing, often referred to as ethical hacking or pen

testing, is a cybersecurity practice in which a skilled professional
simulates cyber attacks on a computer system, network, or web
application to identify vulnerabilities that could be exploited by
malicious hackers. The primary goal of penetration testing is to
assess the security of a system and provide recommendations for
strengthening its defences.

Here are some key aspects of penetration testing in hacking:

Authorization:

Penetration testing should be conducted with proper authorization.

It's essential to obtain permission from the system owner or
responsible party before conducting any tests to avoid legal
consequences.

Scope Definition:

Define the scope of the penetration test, including the systems,

networks, and applications that will be tested. This ensures that the
testing focuses on specific areas of concern and doesn't
inadvertently impact other parts of the organization.

Reconnaissance:

Gather information about the target system, such as IP addresses,

domain names, and network infrastructure. This phase involves
both passive (e.g., online searches) and active (e.g., network
scanning) techniques to collect data.
Vulnerability Assessment:

Identify and assess potential vulnerabilities in the target system.

This involves using automated tools, manual testing, and analysis
to discover weaknesses that could be exploited by attackers.

Exploitation:

Attempt to exploit the identified vulnerabilities to gain

unauthorized access to the system. This step helps to validate the
severity of the vulnerabilities and understand the potential impact
of an actual attack.

Post-Exploitation:

If successful in gaining access, the penetration tester may conduct

further actions to simulate what a real attacker might do after
compromising a system. This could include escalating privileges,
accessing sensitive data, or pivoting to other systems.

Documentation and Reporting:

Document all findings, including the vulnerabilities discovered, the

methods used, and the potential impact. A comprehensive report is
then provided to the client, along with recommendations for
mitigating the identified risks.

Remediation:

After receiving the penetration test report, the organization can use
the recommendations to address and fix the identified
vulnerabilities. This step is crucial for improving the overall
security posture.
Continuous Testing:

Security is an ongoing process. Regularly conduct penetration tests

to account for changes in the environment, new vulnerabilities, and
evolving threats. This helps maintain a proactive approach to
security.