See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/361283096

Analysis of Cyber Security Attacks using Kali Linux

Conference Paper · April 2022

DOI: 10.1109/ICDCECE53908.2022.9793164

CITATION READS

1 2,967

5 authors, including:

Gururaj H L
Manipal Institute of Technology
115 PUBLICATIONS 428 CITATIONS

SEE PROFILE

All content following this page was uploaded by Gururaj H L on 10 November 2022.

The user has requested enhancement of the downloaded file.

 2021 IEEE Mysore Sub Section International Conference(MysuruCon)

Comprehensive Analysis of Various Cyber Attacks

Soundarya B C
Kavya Rani S R Gururaj H L
Computer Science Engineering
Computer Science Engineering Computer Science Engineering
Vidyavardhaka College of Engineering
Vidyavardhaka College of Engineering Vidyavardhaka College of Engineering
Mysuru, India
Mysuru, India Mysuru, India
soundarya.bc@vvce.ac.in
kavyarani.sr@vvce.ac.in gururaj1711@vvce.ac.in

Janhavi V
Computer Science Engineering
Vidyavardhaka College of Engineering
Mysuru, India
janhavi.v@vvce.ac.in

Be that as it may, assailants can likewise utilize similar

Abstract— Cyber attacks are malevolent undertakings to
devices for malevolent purposes.
2021 IEEE Mysore Sub Section International Conference (MysuruCon) | 978-1-6654-3888-9/21/$31.00 ©2021 IEEE | DOI: 10.1109/MYSURUCON52639.2021.9641089

damage, take or destroy fundamental corporate data,

compromise locales, and upset practical establishments. The
aggressor misuses shortcomings in the structure, acquainting a
harmful code with adjust PC code, reasoning, or data inciting
cybercrimes, similar to information and discount
misrepresentation. As associations and the clients, they serve
have come to depend upon locales and electronic applications
to make, eat up, and cooperate, the insurance and security
threats to which they are revealed every day are growing
significantly. Cyber attacks have gotten logically refined and
risky. They are as of now not put something aside for high
profile targets and can impact any affiliation that relies upon
orchestrated applications, devices, and systems.
Government associations and monetary firms stay the focal
point of numerous cyber attacks, especially those completed for
the sake of hacktivism. Be that as it may, because of the open
foundation of the Internet and the expanded accessibility of
simple to-execute assault devices, nearly anybody with the
essential abilities can do a cyber attack. This paper focuses on
comprehensive analysis of various cyber-attacks. The analysis
of cyber-attack is done using kali Linux. Many tools that are
present in the kali Linux are being explored in this paper.
Keywords— attack, cyber-crime, confidential data, email,
security and technology
I. INTRODUCTION
As of late, the number and seriousness of digital assault
have expanded quickly. As per a Symantec report, more
than 1,000,000 digital assaults happen each day [1]. These
assaults influence privately owned businesses and
governments as well as people. Thus, a compelling way
should be resolved to forestall the results of these assaults.
Regularly, assailants enter distant machines
straightforwardly or utilize noxious programming by
misusing existing weaknesses and bugs in equipment,
programming, and organizations [2]. To battle programmers
and keep a framework from being hacked, safeguards
should discover the weaknesses and bugs before the
assailants do. To achieve this, weakness ideas should be
analyzed completely, and infiltration tests should be utilized
to assess framework bugs as a potential assault vector [3,4].
To endeavor such weaknesses, on approach is to utilize
Kali Linux, which is a Debian-determined Linux
appropriation that contains more than 300 instruments. Kali
Linux incorporates such notable devices as Nmap,
Wireshark, the Metasploit system, and John the Ripper [2].
This paper consists of analysis of various cyber attacks
using kali Linux and its preventive measures.
II. RELATED WORK
Security and dependability are the basic worry of our bit
by bit life use of any affiliation. Nonetheless, with the quick
kinds of progress in network improvement, assaults are
winding up being more current than protections [5].
Ignoring the way that firewalls and switch-based bundle
sifting are key sections of a general affiliation security
geography, they are lacking disconnected. Thusly, to help
the relationship from unapproved access the opportunity of
Intrusion Detection System (IDS) and Intrusion Prevention
System (IPS) is drawing in security topic specialists [6].
This paper briefs different models in Intrusion Detection
and Prevention. To see the value in different techniques in
IDS, this paper assessments different ways of thinking
proposed by security specialists unequivocally utilizing
eminent open-source programming Snort as their IDS
gadget. Being an open-source IDS, Snort can be helpfully
arranged and passed on in any climate [7]. To evaluate the
ability, these examination papers are investigated in
different execution focuses like Detection Accuracy,
Scalability and Capability of perceiving dim assaults.
To pulverize different difficulties like low disclosure
rate, unequipped for overseeing epic traffic, unsupported
computerized tuning, and so on that are perceived during
creating audit, this paper proposes a level-based planning.
The entirely of the levels are orchestrated as consistent for
example ready for giving the best handiness and besides its
lower levels [8]. To show the value of the proposed
planning, it will overall be combined into Snort Tool
utilizing Code Refactoring. Likewise proposed a climate
intend to study the changed Snort Tool execution in future.
III. ANALYSIS OF CYBER ATTACK
An advanced attack is cognizant maltreatment of PC
systems, development subordinate endeavours, and
associations. Advanced attacks use malignant code to alter
PC code, reasoning, or data, achieving tricky outcomes that
can mull over and lead to cybercrimes, similar to

978-0-7381-4662-1/21/$31.00 ©2021 IEEE

Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
 information and discount extortion. Computerized attack is This device is for the most part introduced in kali Linux
generally called a PC network attack (CNA). appropriations, so there is no compelling reason to
unequivocally stress over it [9]. Since it is preinstalled in the
In PCs and PC affiliations, an assault is any endeavour kali linux, run setoolkits order for the instrument's GUI to
to uncover, change, cripple, destroy, take, or gain data spring up. When the order is executed, a GUI like this
through unapproved authorization to or utilize a resource. A should spring up.
cyber attack is any disagreeable move that objections PC
data structures, foundations, PC affiliations, or PC gadgets.
An assailant is an individual or cycle those endeavours to
get, as far as possible, or other limited spaces of the
framework without support, conceivably with destructive
explanation. Subject to the unique circumstance, cyber
attacks can be critical for cyber warfare or cyber terrorism.
A cyber attack can be utilized by sovereign states, people,
parties, society, or affiliations, and it might start from a dark
source. A thing that works with a cyber attack is by and
large called a cyber weapon.

A cyber attack may take, change, or demolish a

predestined objective by hacking into a feeble framework. Fig .1. Select Social-Engineering Attacks
Cyber attacks can go from familiarizing spyware on a PC
with endeavouring to wreck the foundation of whole Phishing is a social-engineering attack so enter 1 in
countries. Genuine specialists are endeavouring to restrict the terminal next to “set”. Once executed the following
the use of the term to occasions causing genuine terminal is obtained.
naughtiness, recalling that it from the more customary
information breaks and more wide hacking rehearses. Cyber
attacks have gotten constantly staggering and hazardous.

TABLE I. THE VARIOUS CYBER-ATTACKS

Sl. No Cyber Attacks Tools

[1] Phishing attack Social Engineering Toolkit [SET]

[2] Brute force attack Hydra

[3] SQL Injection attack SQLmap

[4] Trojan Horse attack Msfadmin

Fig.2. Enter 2 to select Website attack vectors
[5] Website attack vector Social Engineering Toolkit

Select 2 here to get the list of options for intended

A. phishing attack attack.
Phishing is a sort of satisfying organizing attack
consistently used to take customer data, including login
accreditations and charge card numbers [5]. It happens when
an attacker, anticipating the presence of a trusted in
substance, tricks an incident into opening an email, text, or
text. The recipient is then tricked into clicking a harmful
alliance, which can instigate the foundation of malware, the
freezing of the development as a piece of a ransomware
attack or the critical of delicate information.
An assault can have demolishing results. For people, this
wires unapproved buys, the taking of assets, or see robbery.
Fig.3. Select Credential Harvester Attack method
It is maybe the most prepared kind of cyber attacks,
following right back to the 1990s, it's yet potentially the
most endless and malignant, with phishing messages and Select 3 since the primary objective is to harvest
techniques ending up being logically mind boggling. credentials from the victim (usernames and passwords).
1) Phishing with set toolkit
Fig.4. Select Web Templates

256

Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
 Use any one of these options to carry out the attack. But
to make the objective simple, select 1 for web templates.
Fig.5. Enter IP address
Enter certain IP address to act as the bait.
Fig.6. Select Google
Once the IP address is entered, the list of templates for a
very popular login sites is obtained. Here type 2 and press
enter to select Google.
Now redirect the victim to the IP address. To make thr
URL seem authentic, shorten the link using services such as
Bit.ly or Goo.gl.
When the link is opened in some web browser, cloned
copy of the Google Login page is obtained.
Fig.7. Enter Email ID and password
Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
Now enter an Email ID and password. Sign In and see if
the tool was able to catch the credentials.
Fig.8. Credentials entered by victim is visible
As it is observed here the entered credentials can be
obtained easily.
2) Preventive measures
• Be cautious essentially all exchanges you get. On
the off chance that it has every one of the reserves of being a
phishing correspondence, don't respond. Delete it. You can
moreover propel it to the Federal Trade Commission at
spam@uce.gov.
• Do not click on any associations recorded in the
email message, and don't open any associations contained in
a questionable email.
• Do not enter singular information in a spring up
screen. Genuine associations, workplaces, and affiliations
don't demand singular information through spring up
screens.
• Install a phishing channel on your email
application and besides on your web program. These
channels will not keep out all phishing messages, anyway
they will reduce the amount of phishing tries.
B. Brute Force Attack
A Brute power attack is an experimentation system used
by application tasks to unravel mixed data like passwords or
Data Encryption Standard (DES) keys, through thorough
effort (using creature power) rather than using insightful
philosophies. Essentially as a criminal would break into, or
"break" an ensured by endeavouring various potential
blends, a monster power attacking application proceeds
257
 through all potential blends of legal characters in gathering Fig.12. Word List
[6].
A developer may use a creature power attack to get
permission to a site and record, then take data, shut the site
down, or execute another kind of attack. Creature power is
seen as a reliable, despite the fact that dreary, approach.
Animal power attacks will commonly use automated
gadgets to figure distinctive blends of usernames and
passwords until they track down the right data. The more
drawn out the mysterious expression, the extra time it will
usually bring to find the right data.
Fig.9. Implementation stage of Brute Force Attack.

The command will be as follows –

Hydra -l /usr/share/wordlists/metasploit/user -P
/user/share/wordlists/metasploit/ passwords
ftp://192.168.1.101 -V
where –V is the username and password while trying
As shown in the below, the username and password are
found which are msfadmin:msfadmin.
Hydra is a pre-introduced apparatus in Kali Linux used Fig.13. Once the command is executed the username and the password is
to animal power username and secret word to various found
administrations like ftp, ssh, telnet, MS-SQL, and so forth
It is a parallelized network login saltine worked in
different working frameworks like Kali Linux, Parrot and
other significant entrance testing conditions [7]. Hydra
works by utilizing various ways to deal with perform beast
power assaults to figure the right username and secret key
blend. Hydra is normally utilized by infiltration analyzers.
To open get started with, go to Applications →
Password Attacks → Online Attacks → hydra.
1) Preventive measures
Fig.10. Select Password Attack • Limit fizzled login endeavors
• Make the root client blocked off by means of SSH
by altering the sshd_config document
• Use Captcha
• Limit logins to a predetermined IP address or reach
• Two factor verification

C. SQL Injection Attack

It will open the terminal console, as shown below.
Fig.11. A Terminal Console is opened here
The word list has been created in kali with extension
‘list’ in the path usr\share\wordlist\metasploit.
SQL blend, regardless called SQLI, is a typical assault
vector that utilizes harmful SQL code for backend instructive
assortment control to get to data that was not had any desire
to be shown [8,9]. This data may join numerous things,
including delicate affiliation information, client records or
private client subtleties.
A useful assault may accomplish the unapproved
overview of client records, the intersection out of whole
tables and, in express cases, the aggressor getting real rights
to an information base, which are all in all altogether
unpleasant to a business.
Fig.13. Sql database query

258

Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
 In SQL infusion the information base question will be
controlled and cause it to accomplish something that it is in Get the database name that is in the web application, both
a perfect world shouldn't do. So here the SQL inquiry is the next step is to find the table name that is in the database.
controlled, a pernicious string has been infused through the Fig.16. Command to fetch tables in the database
sql question and cause it to accomplish something that it
should do. At the point when a controlled question and a
pernicious string is shipped off the information base it is
executed in the data set and its pertinent outcomes are
returned.
Fig.17. Tables names present in the database
Fig.14. Manipulation of SQL Query.

Fig.18. Commands to fetch columns in the database

1) SQL map
SQLmap is an open-source entrance testing gadget that
mechanizes the way toward seeing and mishandling SQL
Fig.19. Column names present in the database
imbuement imperfections and taking over of data base
specialists [10]. It goes with an inconceivable locale engine,
diverse strength features for a conclusive way analyzer and
a broad level of changes encountering data base
fingerprinting, over data getting from the illuminating
combination, to getting to the central narrative system and
executing orders on the functioning plan all through of-band
affiliations.
SQL map is maybe the best instrument open to
distinguish SQL injections. It comes pre-consolidated in the
Kali transport. You can discover it at − Applications → Now look for the username that is in the database
Database Assessment → Sqlmap.initial step open sqlmap accurate table user’s column uname using the following
then run the accompanying order. command.
$sudo sqlmap -U Fig.20. Command for fetching username that is in the database accurate
table user’s column uname.
testphp.vulnweb.com/artists.php?artist=1 –dbs

Fig.15. Database name of the web application

Fig.21. Username obtained

259

Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
 Now look for the username that is in the database acuart
table user’s column pass using the following command.
Fig.22. Username obtained
Now look for the username that is in the database acuart
table user’s column email using the following command.
Fig.23. Command to fetch username that is in the database accurate table
user’s column email.
Fig.24. Username obtained.
Now try to log in using the existing username and
password.
Fig.25. Login using the existing username and password.
Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
2) Preventive measures
• Say no to dynamic SQL and yes to arranged
explanations.
• Sanitize client input
• Limit data set consents
• Limit the presentation of explicit blunders
D. Trojan Horse
Trojan Horse is one of the cyber attacks. users can
receive an email from someone they know, including an
attachment that looks legitimate [11]. When the email is
opened and the malicious attachment is downloaded, the
Trojan server installs and runs automatically whenever the
infected device is turned on. The malicious file is
downloaded as shown in Figure 9. Tools can be infected by
the Trojan through social engineering techniques, which
cybercriminals use to force users to download a malicious
application [12]. A malicious file can be hidden in banner
ads, pop-up ads or links on websites. A computer infected
with Trojan malware can spread it to other computers.
However, the attachment contains malicious code that
implements and installs the Trojan on their device.
Users are often unaware that anything unpleasant is
happening, as they can continue to work normally without
any symptoms that may infect their computer. Malware is
not detected until the user takes a specific action, such as
visiting a particular website or banking application [13]. It
activates malicious code and performs the desired function
of the Trojan hacker. Depending on the type of Trojan and
how it is created, the malware may delete itself, return to the
latent state or remain active on the device.
Fig.26. A command to generate Trojan infected file.
260
 Figure 26 shows the rate in which the file
downloaded is infected with Trojan. The quality of every
file will vary.
1) Preventive Measures
• Never download or present programming from a
source you don't trust in completely.
• Never open an association or run a program
transported off you in an email from someone you haven't
the haziest.
• Keep all thing on your PC completely instructed
regarding the latest patches.
• Make sure a Trojan antivirus is presented and
running on your PC.
E. Website Attack
The SET "web assault" vector is a one-of-a-kind method
of using numerous electronic assaults to bargain the
proposed casualty. It is by a long shot the most well-known
assault vector of SET [14]. It works like program autopen
where a few (or explicit) assaults can be shipped off the
objective program. An assault vector is a route utilized by
aggressors to misuse frameworks and access the objective
framework or organization. Then again, an assault surface is
the aggregate sum of assault vectors that might be utilized to
abuse any piece of your organization, working frameworks
or the information facilitated inside.
As shown in Figure 7 Fake website will be created by
the attacker. When the victim opens that website, it will ask
to sign-in. The information entered by the victims will goes
to attacker terminal.
Fig.27. Fake Google website has been created by the attacker and sent
to the victims.
1) Prventive Measures
• Use solid passwords
• Manage your online media settings
• Keep modern on significant security breaks
• Know that fraud can happen anyplace
• Keep an eye on the children
Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
• Know what to do on the off chance that you
become a casualty.
IV. LIMITATION AND PROBLEMS OF VARIOUS
ATTACKS
In the cutting edge period of business, digital protection
isn't as large an issue as it is today. Banks are bound to get
phishing or Ransomware assaults than conventional
burglaries, and numerous workers don't have a clue what
those two expressions mean. In a time of limitless
admittance to data, a disturbing number of representatives in
organizations and organizations all throughout the planet are
inadequately outfitted to manage underground programmers
and digital aggressors who focus on their work
environments consistently. Individuals are regularly 'points
of failures in these assaults in light of the fact that most
dangers permit admittance to its organizations on the
grounds that representatives have fallen.
A. Lack of Understanding of Importance
Shockingly, in any event, when robots can perform
many errands, people are by and large pleased with being
the just animals equipped for doing as such, organizations
place extraordinary dependence on people to oversee digital
organizations and security, and to do what they feel is best if
there should be an occurrence of an online assault or
dubious experience. Many organizations don't see the
requirement for digital protection mindfulness preparing in
light of the fact that they have not yet experienced huge
scope digital assaults and are certain about their labor force
to deal with any limited scale danger. This is unadulterated
obliviousness because of absence of the board instruction -
not many standard individuals are totally established in
digital life, and most representatives need some type of
preparing to endure different assaults and programmers.
Coming get-togethers business. Along these lines, network
safety mindfulness preparing is typically futile in light of the
fact that it doesn't occur in any case, so it doesn't profit the
work environment.
B. Lack of Consistancy
If the company decides to implement cyber security
awareness training, this is a first step that will definitely
benefit employees for a while, but the information is fresh in
their minds. However, people keep going, and so do
hackers. Forget about training your staff to memorize steps
and procedures that are critical to their day-to-day work life,
while hackers find new ways to access your cyber security
system and steal your and your customers' data.
C. Lack of Rigourous Testing
Subsequent to carrying out a great deal of standard and
refreshed exercises, workers need to check what they have
realized. There is a justification utilizing tests in all
advanced education organizations: they work. An apathetic
representative can without much of a stretch endure a digital
protection mindfulness exercise each month and afterward
return to work and fail to remember everything when they
get out the entryway, yet in the event that they test what
they have realized - or 'genuine' tests, for instance network
261
 safety dangers - then, at that point they ought to really watch
out and center. Acquainting the genuine right with these
tests, and treating network safety as other significant
abilities required in work environment, will make
representatives approach digital protection more in a serious
way and they will be bound to learn - no assets, time or cash
you spend for these exercises.
CONCLUSION
The world of PC security is dynamically interconnected
and continuously large in the context of using networks to
perform essential transactions. Computerized bad behavior
is diverting each new year along with different ways and
means of security of information. While new computerized
gadgets and vulnerabilities are becoming more and more
evident, the latest and most important development
propellers are trying to secure their installation, still a
prerequisite for new stages and knowledge. There is no
optimal response to continued infringement, however, we
try to reduce our level to the best of our ability to be free
from any potential danger on the web.
REFERENCES
[1] Nithin kashyap, Hari raksha K. Malali and H. L Gururaj “Cyber
Attacks and Security” in Soft Computing: Theories and
applications(2020), 895-904.
[2] RaviTeja Gaddam and M. Nandhini “An Analysis of Various Snort
Based Techniques to Detect and Prevent Intrusions in Networks” in
International Conference on Inventive Communication and
Computational Technologies (2017), 1-15.
[3] Teddy Surya Gunawan, Muhammad Kassim Lim, Nurul Fariza
Zulkurnain and Mira Kartiwi “On the Review and Setup of Security
Audit Using Kali Linux” in Indonesian Journal of Electrical
Engineering and Computer Science (2018), 51-59.
Authorized licensed use limited to: MANIPAL INSTITUTE OF TECHNOLOGY. Downloaded on November 09,2022 at 07:13:56 UTC from IEEE Xplore. Restrictions apply.
View publication stats
[4] Most. Mithyla Zaman, Most. Mithyla Zaman and Tasnim Morium
Mukur “Internal Security Monitoring of an Organization by Scapy &
Kali Linux” in United International University Dhaka,
Bangladesh(December 2018), 1-30.
[5] Petar Cisara and Robert Pinter “Some ethical hacking possibilities in
Kali Linux environment” Journal of Applied Technical and
Educational Sciences JATES (2019), 129-149.
[6] KaliLinux, "What is Kali Linux?,"
[https://docs.kali.org/introduction/what-is-kali-linux], Retrieved on:
March 2018.
[7] G. Ahmed, M. Khan and M. Bashir, "A Linux-based IDPS using
Snort" in Computer Fraud & Security(2015),13-18.
[8] R. P. Karuparthi and B. Zhou, "Enhanced Approach to Detection of
SQL Injection Attack," in Machine Learning and Applications
(ICMLA), 2016 15th IEEE International Conference on(2016), 466-
469.
[9] R. W. Beggs, ”Mastering Kali Linux for advanced penetration
testing” in Packt Publishing Ltd( 2014), 1-5.
[10] L. Allen, T. Heriyanto, and S. Ali, “Kali Linux–Assuring security by
penetration testing” in Packt Publishing Ltd(2014), 1-12.
[11] Rupinder Cheema, Divya Bansal and Dr. Sanjeev Sofat,
“Deauthentication/Disassociation Attack: Implementation and
Security in Wireless Mesh Networks” in International Journal of
Computer Applications(2011), Volume 23, 1-15.
[12] Gururaj Harinahalli Lokesh and Goutham BoreGowda, “Phishing
Website Detection Based on Effective Machine Learning Approach”
in Journal of Cyber Security Technology(2020), 1-14.
[13] Cyberary. (2018). What Is Kali Linux and Why Do Hackers Use Kali
Linux OS - Cybrary.[online]Available at:
https://www.cybrary.it/0p3n/kali-linux-hackers-use-kali linux-os/
[Accessed 4 Dec. 2018].
[14] Netsniff-ng.org. (2018). netsniff-ng toolkit. online]
Available at: http://netsniff ng.org/ [Accessed 4 Dec. 2018].
[15] P. Services, (2018). What Is Network Security?. [online] Cisco.
Available at: https://www.cisco.com/c/en/us/products/security/what-
is-network-security.html [Accessed 4 Dec. 2018].
262