cing (MU-T.Y_B.Se-Comp-Sem-6) .se-Comp Some) Tote ot Coto rc OT Table Of Contents eps ng aT eseconpseng) 2 ee 124, Nmap Command Swiches vet ae. cea Gee +29 Ss CHAPTER 1 : Introduction lini rw. 123 1.4 lnrodueton 29 le ve 1.44 Teminglogy 4.90 FIN Soans tot 412. Hacking Technology Types. 131 Anonymier 125 13. tic Hacking Phases 3 fgg HTTP Tunneling Techniques 125 14 Hacktvism 51.331 Spooting Techniques, 126 eee 419. SNMP Enumeration 127 1.6 Skis Required for an Ethical Hacker. ee aceon nae eae to 1.7 Vulnerabity Research . 18 Weysto Condit Eten Hocking 7 Kir 19° Foolpining — 1.10 Information Gathering Methodology. vy PACHAPTER 2 : System Hijacking 2-10. 2-25 1.11 CompatveIttigonc 221 Inradition to Sytem Hacking 24 4.12 ONS Enumeration. 2.1.1 Password-Crackng Technique at 1.49. Whois and ARIN Lookups. S22 Typesof Passwords 22 1.14. Types of DNS Records 1) 28 Keyloggers and other Spyware Technologies. 22 1.15 Traceroute in Footpning. 18 24 Escalating Prviegos 24 116 EMail Tracking 138 25 Introduction to Sirs 24 1.47 nteduction o Soda Engineering 18 2.541 Protccals Susceptible to Sing 2a 1.17.1 Common Types of tacks 148 28 Aatve and Passive Snitin, 28 1.18 Intodction Sanning and Enumeration 138 27 RP Poisoning 25 1.19 Port Scanning 27.4 ARP Posoning 25 1.20 Network Scanning Be Fsocing ie 1.21 Vulnerability Scanning | apatites Be 1.22, CEH Scaning Methodology. "Bit eaten Dealt Svs = 4.28 Ping Sweep Techniques 1 pee cscs ame eeneat 21 219 21 215 236 2a7 (ew Sabus we aati yer 23 Ty. [Link]-Comp Serf) 9 Tele Working of DoS Attack OTSBOTNETs ‘Smut Atak, SYN Foodng ‘DoSiDD0s Countermeasures Inroduction to Session Hiackng 2471 Session 2.172 Session Miacking, “Types ot Session Hacking 2.181 Methods of Session Hijacking. ‘Steps in Session Miacking 12.191 Preventonin Session Hacking Spacing vs Hiacking, 2201 Spoeting 2202 Hiaskng vost te Hacking Web S26... 221.1 Hacking 2212 Web Server, 221.3 Hacking Wab-Servers Web Server Vunerabities, 222.1 Vuerabites. 2.282 Web Server Vuhnerabiites. Types of Vlperabitis, 2.231 Common Types of Web Server Vulnerabitis. Anacksaganet Web Servers, 2.242 Anacks Against Web Servers. Patch Management Techniques 2.251 Patch 2252 Patch Managemont, 2255 Types of Patches incuso. Web Server Hardening i 218) Ul senna nh Mury OSecompsens_4 cet ecg “ovis of Contents CHAPTER 3 : Web Application Vulnerabilities 3:1 to 3-22 ‘31 _Inivoducton to Web Applicaton Vunerabaites aA 34.1 Web Aapicaton a 8.1.2. Web Appcaton Vusnerabites 32 8.4.8. Web Appleton Hacking 32 8.4.4 Phasos of Web Application Hacking 32. 3.2 Web Applecation Treats. oa 321 Thveats. 33 322 Web Appicaton Threats 33 323. Types of Web Agpicaton Threats Evy 833 Google Hacking 35. 34 Countermeasures 36 35 Introduction to Web-Based Password Cracking Tecrgu@s oo... 97 35:1. Password Cracking 37 352. Web-Based Password Cracking Techniques 7 38 Authentication Types 38 36.1 Authentication 38 962 Authentication Types 29 97. Password Cracking 39 38 Countermeasures 310 39 Introduction to SOL injection. 310 89.1, SQL injection 310 892 Steps Inove in SAL inecton on 8.10 SQL Server Vunerabiles, an 8.11 Countermeasures an 8412 noducton 1 Buttor Overtiows 32 9.12.1 Butter 312 3.122 Butter Overtow 349 3.1233 Types of Butter Overtow 343 ew Sibu wat wacom year 23-24 (8-18) Ht ibaeS eee BH rene rueatonsEthical Hack stack Based Butler Overtons tation Techniques. Wireless Hacking WEP (Wited Equivalent Privacy) 313 an 315 316 aa 318 319 320 sat 322 WPA Authentication Mechanism. Cracking Techniques Wires Snir. Rogue Access Points Securing Witloss Network. Intoduction to Penetration Testing Methodologies 3.22.1 Penetration Testing = Metnodologies Automated Too's = 3241 Tools Used in Penetration Testing > Chapter Ends. 323 324 ava Bl recreoraicte” (ew Syabus wef acadeic year 2.26 (14) Introduction CHAPTER 1 University Prescribed Syllabus Introduction : Terminology, Hacking Teckrology Types, Ethical Hacking Phases, Hacktvism, Hacker Classes, Skils Reguiod for an Ethical Hacker, Vunerabily Research, Ways to Conduct Ethical acon Footprinting Definition, Infomation Gathering Methodology, CCompettiveInioligence, ONS Enumeration, Whois and ARIN Lookups, “Types of DNS Records, Traceroute in Footpning, E-Mail Tracking ‘Social Engineering : Common Types Of Attacks Scanning and Enumeration : Pon Scanning, Network Scansing, Vuinerabilty Scanning, CEH Scancing Methodology, Ping Sweep ‘Techniques, Nmap Command Switches, SYN, Stealth, XMAS, NULL, IDLE, FIN Scans, Anonymizers, HTTP Tunneling Techniques, IP Spooting Techniques, SNMP Enumeration, Steps involved in Enumeration Syllabus Topic : Introduction DH 1.1 _ INTRODUCTION % 1.1.1 Terminology ‘GQ. "Define the term: (a) Ethical Hacking. (6) Keyloggers, 146Q. _ Explain the types of Ethical Hacking.ntroduetion)..Page no (1-2) hia acing MT ¥_B.SeCome SOUS) (a) Ethical Hacking + thieal hacking i breaches and hazards ty. The system security network permits such Security engineers in mnt hacker ke Hat A_ malignant jown as ethical hackers, + White Hat hackers, often kn ile their abilities for good rather than harm. They contribute to system security by discovering and repairing flaws. + Grey Hat These are hackers who fall somewhere in the riddle between white and black hats. They frequently bbohave without malice, but for their own amusement and ‘without authorization + Phishing is a technique used by hackers to get sensitive information (such as usernames and passwords). It is accomplished by convincing the user to open an email, instant message, or text message. + A firewall is @ mechanism that protects a private network against unwanted access. + Encryption is the process of transforming data into @ cede in order to provent unwanted access, + VPN (Virtual Private Network) This technology gives Protection to both private and public networks, such as ‘WiFi Hotspots and the Internet. ‘a means of identifying possible dat = ‘etwork by circumventing firm that controls the system op operations to be performed by Cyber rier to test the system's defenses that compromises A virus is piece of harmful software that can harm your computer, Worms aze malicious programs that multiply themselves in order to infect other computers, * Trojans are viruses that appear to be innocent but have destructive intentions, WerSateeestaatmeyer2006%9 Rannen esc tical Hacking (MU-.Y, 8 S-Comp-Sem6 Lrroduction..Page no) + Spyware is software that allows a person to gain secret information about another's computer activity by secretly sending data from their hard drive, (b) Keyloggers + Keyloggers are computer programs that record every keystroke made by a computer user, typically in order to obtain unauthorized access to passwords and other sensitive information, + Ransomware is a sort of malicious software that is ‘meant to prevent access to a computer system until a certain amount of money is paid. + Two-Factor Authentication (2FA) is a security method in which the user gives two separate authentication factors to better secure themselves, ‘+ Brute Force Attack A trial-and-error approach employed by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, rather than using intellectual tactics, * SQL Injection This is a code injection method used by attackers to introduce malicious SQL statements into input fields for execution, allowing the attacker to dump. the database contents. + DDoS (Distributed Denial of Service) An effort to make an online service inaccessible by flooding it with traffic from many sources. DM 1.2 “HACKING TECHNOLOGY TYPES TAZ HACKING TECHNOLOGY TYPES {SQ _ Explain Hacking Technology and its types in deta Hacking can be categorized into different types based on what isbeing hacked. Here are some of them () Network hacking is the illegal access t0 a network infrastructure. It ean involve operations such as notwork __snilfing, spoofing, or hijacking s New Syiatus mat academe yaer29.29 (80:1) Kal rech to Pestonsrotucbon).Pago no (14 en acing (UT BCom SOO a website or wel ing is the illegal access 10 (2) Website hacking iste es ae ing XSS), an application, SOU. ine y (CSRF) are all common Crose-Site Request Forgery (C approaches. (@) Computer hacking i system. Exploiting wea jnetalled software, or utilizing trojans, are examples of techniques : sess of retrieving passwords from 4 Password recovery The proc transferred over data stored in a computer system 0 Somork, Brute force assaults, dictionary attacks, and key Jogging are all common ways. (6) Email hacking is geting unauthorized access to an email account or intercepting emails while they are being sent Phithing, spoofing, and the deployment. of malware sare examples of techniques. (6) Phishing In this style of hacking, hackers attempt to obtain sensitive information from users such as account passwords credit car information, and s0 on. (Viruses These are introduced by the hacker into the websites filters when they aovess it, The goal is to ruin the website's information or resources 1s the illegal access to a computer iknesses in the operating system or ‘malware such as viruses and (8) UI Redress In this approach, the hacker constructs a false interface and directs the user to a different website when they click with the aim of going to a specific website. (9) Cookie Theft Hackers get access to a website using malicious code and steal cookies including tips, login passwords, and other information, (0) Distributed Denial-of Serviee (DDoS) This hacking tacti¢ sims to take down a website, preventing users from accessing itor delivering ther services (1D DNS spoofing is the use of caching data from a website of domain that the user may have fo may have forgotten to keep up with. It then sends the data to another malicious website. nial Hacking MU-TY. BS-Comp Sem Losin. Page 7915 (12) Social engineering is an effort to trick you into sharing personal information by mimicking a trustworthy source. D1. ETHICAL HACKING PHASES wis veh pas odoin tha ting oan ‘ detail ' Ethical hacking, also known as penetration testing, is a systematic process that involves identifying vulnerabilities and weaknesses in systems or networks. It is carried out by white hat backers with the aim of improving system security ‘The process of ethical hacking can be divided into five phases. (W) Reconnaissance : This is the initial phase in which the hacker attempts to gather as much information ubyul the target as possible. It entails identifying the target, determining the target's IP Address Range, Network, DNS information, and so on. @ Scanning : During this phase, tools such as dialers, port scanners, network mappe ‘and vulnerability scanners are used. Hackers are looking for any information sweepers, that will assist them in carrying out attacks, such as machine names, IP addresses, and user accounts, (@) Gaining Access : During this step, the hacker creates a Diueprint of the target's network using the data gathered in Phases 1 and 2, (®) Maintaining Access : After gaining access, the hacker attempts to keep it by safeguarding their exclusive connection via backdoors and root kits. () Covering Traces : Once an objective is achieved, hackers hhide their traces to prevent discovery by security staff removing any logs and proof of ilegal activity. ow Sits wet acadomicyear2024)(80-14) [a reorsteo Petcare(niroguction)..Page no erica Hocking ([Link]-Comp-Sen-) 6 ig _wacenise to manifest it : 16) Define Racks nd expan w ‘J Hackuviem is a phrase that combines the words “hacking with “activism.” Ht refers to the use of computer-based tactics och as hacking to promote a political agenda or social change as.a kind of civil disobedience. + Hacktivism is frequently taken out by people oF organizations secking to draw attention to a cause of issue, notably ones concerning free expression, human rights, or information freedom. + Hacktivists techniques might differ greatly. Some hacktivists ray develop new tools or use ones that are already available on the internet. + They may work anonymously, sometimes in groups, and sometimes as a lone wolf with multiple eyber-personas all related to one activist + Hacktiviem can manifest itself in a variety of ways, including Dut not limited to 1. Denial-of service attacks 2. Doxing 3. Website defacement. D115 HACKER CLASSES Hackers are divided into numerous kinds based on their aim the legality oftheir eanduct, and whether or not they are employed Here ae afew examples af the most prevalnt types (2) Black Hat Hackers : These are the ‘nasty people who obtain illegal acess o networks for personal benefit (2) White Hat Hackers : Also known as ethical hackers, these individuals put their expertise to good use, They undertake (New Syebur we acadoncyeu23.24)(8¢-1 Ral rec-aoPubiatons ca! aching (M.Y. B.S Comp Sem) penetration testing, vulnerability assessments, and help to harden systems in general Litodueson)_Page no (1-7) (a) Grey Hat Hackers : These people cannot be defined as either good or evil. They frequently engage in legally ambiguous behavior. (@) Script Kiddies : These are untrained persons who attack computer systems and networks using scripts or programs written by others, (6) Red Hat Hackers : Similar to white hat hackers, they have excellent intentions when it comes to computer security, but they use tactics without regard for legal ramifications (6) Blue Hat Hackers : Individuals who audit a system for vulnerabilities before it is made public (D Blue Hat Hackers : People that check a system for vulnerabilities before making it public, DH_1.6 SKILLS REQUIRED FOR AN ETHICAL HACKER is required to become an ethieal hacker. Here are some of the essential talents needed, GQ) Computer Network Skills : Understanding networks such as DHCP, Subnetting, and others can enable ethical hackers to investigate the numerous interconnected machines in a network and the possible security dangers that this may cause. ) Computer Skills : Data processing, maintaining computer files, and making presentations are examples of basic computer abilities. Advanced computer abilities include database management, programming, computation, and spreadsheet (8) Linux Skills + Linux is the most secure operating system available. As a result, no anti-virus software is required (Now sabes wet scadonicyear2520 (60-14) Breen nonPuteatis(introduction). Page no ea Hacking MULY, 28e-Comp Sam) introduction) ..Page no (1 (&) Programming Skills : Ethical hackers must be proficient in programming, (6) Understanding of Sy’ ; hhackers must be well-versed in system and networ! (6) Knowledge of Hardware and Cryptography ‘Understanding hardware components and cryptography is also required. @) Strong problem-solving abilities are required since ethical hackers are frequently required to discover inventive solutions to security issues, ‘stem and Network Security : Ethica| k security. DW_1.7 VULNERABILITY RESEARCH Research and several key Vulnerability research is a eritical aspect of eyber socurity and involves several key activities: (1) Vulnerability Research and Software Development : ‘This entails identifying key flaws in software and hardware as part of continuing research and development activities. This research’s findings are utilized to better understand, leverage, and strengthen operating system and application security. (2) Threat Analysis : Teams reverse engineer threat vectors to better understand how samples obtained in the field are currently exploited, hidden, and evaded. They ean attempt to establish the intended goal, author's skill level, place of origin, and/or link to other previously examined malware by examining a wide range of complex threats, (B) Security evaluation : is assisting clients in defending their IT infrastructure by adopting an offensive attitude and identifying ways to acquire unwanted network access Penetration testers and system administrators with extensiv’ experience decide if a company’s security procedures a! posture can resist a sophisticated assault (ew Sylabus we acadomic year 2-24) (0-14) tech Neo Pubs? thal Hacking [Link]-Com-Sem6) ere DH_1.8 WAYS TO CONDUCT ETHICAL HACKING 156Q. What are the ways to conduc Ethical Hacking , Ethical hacking, often known as penetration testing, is a method of detecting vulnerabilities and flaws in systems ot networks. White hat hackers carry it out with the goal of increasing system security. Here are some examples of ethical hacking. (2) Respect the Law : Ethical hacking is only ethical ifyou have authorization to conduct a security audit on the system you're hacking. @) Establish the Scope : Collaborate with the target to establish the scope of their actions, which must not be exceeded unless otherwise agreed upon. (8) Reconnaissance hacker attempts to gather as much information about the target as possible. (A) Scanning : During this phase, tools such as dialers, port sweepers, and vulnerability ‘This is the initial phase in which the scanners, network mappers, ‘scanners are used. ©) Gaining Access : During this step, the hacker creates @ blueprint of the target's network using the data gathered in Phases 1 and 2 (©) Maintaining Access : attempts to keep it by safeguarding their exclusive conneetion via backdoors and rootkits. Covering Traces : ed, hackers hide their traces to prevent discovery by security staff, removing any logs and proof of illegal activity: After gaining access, the hacker Once an objective is achie |New Sylabus we academe yar 20-24) (60-14) Tech eo Puttssion) Page 9 (1-10) tia avg MUT.Y, 8 Se-Comg Sem) tntoucion).Page 9 (1-10, ‘Syllabus Topic : Footprinting errr—“—iORSN ‘H1.9 FOOTPRINTING ‘often known as reconnaissance, is a method of computer systems and the + Footprinting, acquiring information on organizations to which they belong. «I is the process of gathering data over time in order to launch a targeted eyberattack, ‘+ This information is the hacker's initial step toward breaking into a system. ‘+ Footprinting is the process of obtaining information about a target typically information about its network architecture, systems, and users without actually executing an attack ‘+ Active footprinting and passive footprinting are the two forms of footprinting. + Active footprinting entails executing footprinting directly on the target machine. Passive footprinting refers to gathering information about a system that is placed at a great distance from the attacker. D_1.10 INFORMATION GATHERING METHODOLOGY. UQ. _ plain the methods to perform Information Gathering, ' Gathering information, often known as reconnaissance, is an important stage in ethical hacking. It entails gath $ much ering as’ much ‘Knowledge on the target system or network as feasible. The fllowing are some phases in th process ) Gather Initial Information : This is the inital phase it Bint Uteke tempis to earn more about the target. Ths in information such as the domain name, IP network architecture, and so on, oma " ¢ information gathering (New Slabs wt caso year 23-24) 00.14) Dea) rech-eo Puntoair ial Hacking MU-T. [Link]-Conp-Sam-6) Linroduction._ Pape ne (1-11) (2) Determine the Network Range : the target network's IP range. (8) Identify Active Machines : Once the network range has been determined, the following step is to identify active ‘machines inside that range (4) Find Open Ports and Access Points : This entails locating ‘open ports and aecess points on active computers, ingerprinting the Operating System tablishing the operating system the target is using, () Discover Services on Ports : This entails determining whether services are running on any open ports, (D Map the Network : The final stage is to ereate a map of the target network infrastructure, his entails determining o entails DH_1.11_ COMPETITIVE INTELLIGENCE + Competitive intelligence, also known as corporate intelligence, is the capacity to gather, evaluate, and use information gathered about rivals, consumers, and other market elements that contribute to a company's competitive edge. + It is significant because it assists firms in understanding their competitive environment, as well as the possibilities and problems that it brings. * Businesses examine data in order to develop effective and efficient business operations. + Competitive intelligence is characterized as myopic, tactical, or long-term focused strategie intelligence. Data and information gathering is more complicated than a simple Internet search, Competitive intelligence, by definition, collects actionable information from a variety of published and unpublished sources in an efficient and ethical manner. (ew satus mat scademyor 2320 (06-14) Ev racrneo Pearsical Hacking MUL. 8 Se-Comp Ser) treaveton..Page no (1-12) y itive intelligence successfully Ideally, a company uses competitive intel by creating a thorough enough image of the market to predict ‘and respond to difficulties and issues before they happen. Competitive intelligence goes beyond the basic adage "know ‘your enemy.” Rather, it is a deep dive activity in which organizations learn about their rivals’ business plans, ineluding the clients they service and the markets in which they operate, ‘Competitive intelligence also investigates how a wide range of ‘events affect competing firms. It also demonstrates how distributors and other stakeholders may be affected, as well as how new technology may swiftly render every assumption Dy 1.12 DNS ENUMERATION 1 GQ. _ What is DNS Enumeration in Ethical Hacking + DNS enumeration is the process of identifying all of an organization's DNS servers and their accompanying entries, + A corporation may have both internal and external DNS servers that can provide data like as users, computer names. and IP addresses of possible target systems. + There are several tools available for DNS Enumeration; you ‘may learn more about them by conducting a simple online search for DNS Enumeration tools. (1) Dig + This command aids in DNS enumeration by searching prominent DNS servers. (2) Host : This command is used to determine the IP addres associated with any given domain name. (9) DNSenum : This isa fantastic seript created particularly for DNS recon activities. It is writen in Per (@ Nmap is a utility for discovering hosts and services that are currently active on a computer network, Nm? includes a comprehensive Script called dns-nsec-enut. Teeh-Neo Pubcato™ (New Syatus wet academe year25:24) (06-14) ical Hacting (MU-TY. 832 Conp-Son) Ioootctony Page ro 1-19 Dy_1.13 WHOIS AND ARIN LooKUPs ae $RRMIERA roses it csapnoad + Whois and ARIN lookups are methods for” gathering information on internet resources including IP auldemoee Autonomous System Numbers (ASNs), and domain names + Whois is a query and response protocol used to query databases containing registered users or assignees of an Internet resource. It is frequently referred to as "port 43" in reference to the TCP port number granted to the Whois Protocol by the Internet granted Numbers Authority (IANA) * ARIN (American Registry for Internet Numbers) makes Internet resource registration data available to the public through a variety of services, including Whois ‘+ ARIN's Whois service provides access to information on IP umber resources, companies, Points of Contact (POCs), customers, and other entities. ARIN's public Whois only Publishes organizational information, including Point of Contact (POC) data, linked with an Internet number resource + ARIN® also offers a WhoivRDAP (Registration ‘Access Protocol) service, which allows users to get information from ARIN and other Regional Internet Registries (RIRs), Internet Routing Registries (IRs), and registries that implement RDAP. + DAP, unlike conventional Whois services, allows search for and acquire information about resources handled not just by ARIN, but also by other RIRs, domain name registries, and registrars. * To utilize ARIN's WhoivRDAP from the ARIN homepage, put the information you wish to search Whois for into the search box (labeled Search Site or Whois). ARIN submits your query to [Link], which offers results depending on the type of search it believes you were attempting. rere cee (ow Sylabus [Link] academe year 2028) (80-14)1.8 Se-Comp San) todo) Pag no (34 ical Hacking MU 8 SO W114 TYPES OF DNS RECORDS Va wena sain Name’ Sytem veords oferta amt or ost, mon notably is erent sf pula DNS records DNS. informatio IP address. Here are some exam) (1) A Record (Address Mapping record) : This record connects ‘a domain to the physical IP address of a machine that hosts the services ofthat domain. AAA Record (IP Version 6 Address Record) : Like an a record, but with IPv6 addresses. Canonical Name Record (CNAME) : This record makes one domain name an alias for another. The aliased domain inherits all of the original domain's sub domains and DNS information, ‘The MX Record (Mail Exchange Record) directs mails to ‘the appropriate mail server. NS Record (Name Server record) : This record instructs» DNS zone to utilize the authoritative name servers specified, PTR (Pointer Record) : This records the domain name associated with an IP address. ® ® w o o (1 SOA Record (Beginning of Authority) : This record contains information such as the name of the server that ‘contributed the data for the zone, the zone administrator, the current version ofthe data file, and so on, 1.15 TRACEROUTE IN FOOTPRINTING vmand-line application that i Traceroute is popular om secesible om practi the whole oftime (or ly every operating system, It display ath to a given address. It also displays the amov! Aelays) between intermediary routers (ew Stabs w9$ academe yor 2524 (86-14) UB [Link] Puiest® eee eee cerca Haching (MU-TY.©.Se-Comp Som) lotro Page 9 (1-18) 1+ Traceroute is a network tool for tracing a path between a user and @ destination system. This makes it evident where « ‘request is being routed and which devices are involved ‘Traceroute transmits a large number of packets to the destination. The initial set of packets are delivered in such a way that they are lost by the first intermediate hop, and a control message is received from the first intermediate node to ‘got the first hop's time estimation, ‘The second batch of packets is transmitted in such a way that the second intermediate hop drops them, and a control message is received from the second intermediate node to ‘obtain the time estimate for the frst hop, ‘Traceroute does this by utilizing the TTL (Time to Live) field. ‘The TTL is set to one for the first packets), two for the next, and so on until the destination is reached. ‘When a packet is lost, the router returns to the souree sith an ICMP Time Exceeded report, That is how the source calculates the total time. D116 E-MAIL TRACKING 18, _ Define &-Mail Tracking and explain its working ‘The technique of monitoring activities made on sent emails is known as email tracking Email openings and clicks are the most often observed metrics1. Most email monitoring solutions report on the dates and times of events collected, and some also report on location. mail tracking is a technique for determining whether or not ‘an email message is viewed by the intended recipient. Most tracking solutions employ some type of digitally time stamped record to identify the precise time and date when an email is received or accessed, as well as the recipient's IP address, Oem Syabut wet academic year2320) (86-8) [Teen neoPubiestoneical Hacking (MUT.Y. B Se-Comp Sem) ivrodution)_Page no 14 email tracking solutions available ‘a a free, unlimited email tracking toy) ik that includes real-time notifications + ‘There are various Mailtrack, for example, for Gmail and Outloo and link tracking. “s MaifTracker, another application, provides a comprehensive ‘mail monitoring plugin for Chrome as well as a free version of their email tracker, ‘Syllabus Topic : Social Engineering WH 1.17 INTRODUCTION TO SOCIAL ENGINEERING 1.17.1 Common Types of Attacks 1 GQ. What are the common ypes of Attacks. Social engineering attacks are a form of cyber security assault that rely on psychological manipulation of human behavior to get sensitive data, exchange credentials, gain access to a personal device, or undermine their digital security in other ways. Here are some examples of frequent social engineering attacks 1. Phishing 2. Whaling 3. Baiting 4. Diversion Theft 5. Business Email Compromise (BEC) 6. Smishing 7. Honeytrap SEP SIrenesseee Syllabus Topic : Scanning and Enumeration ——————— Dy 1.18 INTRODUCTION SCANNING AND ENUMERATION. 6Q._Defne the terms In ethical hacking and eyber security, enumeration are two ae two crucial procedures, (New Syllabus wo ac ew Shabana wader year 20.24) (80-14) Tech-Noo Publica Ethical Hacking ([Link]-Comp Ser.) troduction) Page n {117 Scanning is a procedure that can assist detect vulnerabilities to some extent, It entails employing a variety of tools and strategies to gather data on how the target system or network responds to various intrusion attempts. The purpose is to identify potential entry points and analyze the system's susceptibility + Enumeration, on the other hand, is a procedure that allows us to discover all of the facts about users, groups, and even system-level details like routing table, + Enumeration is the extraction of legitimate users, machine names, network resources, and other services from a system, It is an important part of ethical hacking and penetration testing since it provides attackers with a lot of information that may be utilized to exploit vulnerabilities, ‘© It may also be characterized as gathering thorough knowledge fon the target systems, such as operational and network infrastructure specifications. DH_1.19 PORT SCANNING 1 Ga) "bend port Sain wih oarmpe + Port scanning is a technique for identifying accessible ports and services on network hosts + Security engineers frequently use it to sean machines for ‘weaknesses, while hackers use it to target vietims. + Sending ICMP echo-request packets with appropriate Mags set in the packet headers that identify the sort of message being, Aotivered ean be used to do port scanning. ‘Vanilla, in which the seanner attempts to connect to all 65.535 ports, is one type of port sean employed by hackers. Sweep, in Which the seanner pings an identical port on many computers to determine whether one is active; FTP Bounce, in which the scanner passes via an PTP server in arder to hide the source; Stealth, in which the scanner secures scanned computer enya watacwimeyee 729 001) Branteoranaonsceasing MUL 8 Se Comp Som trvacseion.. Page no (1-14 Zenmap, Advanced Por © Nmap, Angry IP Sean, Neteat, Seoner, and programs used in ‘Scanner, and MASSCAN are some of the port scanning While port scanning can give vital insights into the security of your network, it is critical to follow privacy laws and regulations while utilizing these technologies. eee DA_1,20 NETWORK SCANNING fea brit note on Network Scanning + Network scanning is a network research technique that is used to discover the systems that are linked to a company’s network. + It describes the available systems, services, and resources on target system. + Wentifying these activities’ principal purpose is to target application usage. ‘+ The point in the system assists ethical hackers in locating system vulnerabilities, and hackers can penetrate the network or system by exploiting these flaws, + Ethical hackers and penetration testers routinely employ network scanning techniques to identify vulnerabilities that bad hackers can exploit. network Network scanning is an essential component of a penetration test's presatack phase, Network scanning may be classed into several forms based on the type of information discovered, Network scanning is used to identify the spots in the system from which @ black hat hac Following security ker may access the network ‘that, the separate teams seek to improve network New Satu me seas yer 23.24) (86-14) Wbreensoo rate tical acing (MU-TY. 8 Se-Camp Sor.8) [Link] (1-19) D121 VULNERABILITY SCANNING ‘A critical stage in et : vulnerability seanning, I hacking and cybersecurity. is It entails the use of automated techniques to discover flaws that ean be used to plan assaults + The main purpose of vulnerability scanning is to find possible points of access into a network or system. + Sending packets with specified flags set in the packet headers that identify the sort of communication being delivered ean be used to do vulnerability seanning, ‘+ Complete scans on wireless networks to detect vulnerabilities, application seans to test all portals and mobile applications for vulnerabilities, and database scans to scan all databases for possible flaws are all types of vulnerability seans performed by: hackers ‘+ Firewall, password, logical bombing, and web hijacking are examples of vulnerability models in ethical hacking. Dy_1.22, CEH SCANNING METHODOLOGY 16Q "Explain CEH Scanning Methodology in bret A hacker searches the network using the Certified Ethical Hacker (CEH) Scanning Methodology. It guarantees that no system or vulnerability is neglected, and that the hacker has fathered all of the information required to carry out an attack. The following are the the CEH Scanning Methodology () Cheek for Live Systems : Ping scan checks for the presence of active systems by issuing ICMP echo request packets. Ifa system is alive, it answers with an ICMP echo reply packet comprising information such as TTL, packet size, and s0.0n, (2) Check for Open Ports : Port scanning allows us to diseover open ports, serviees operating on them, and their versions steps in (ew Stabus wet cademe yer 20.20 06-4) Ral recheo Pabieatinsical Mackng([Link] Comp Sem) 470 (1-20 ‘among other things. Nmap is a strong tool that is mostly use {or this purpose. Banner Grabbing : Banner grabbing is the process of gathering information such as operating system data, the nname of the service being used and its version number, and ‘Vulnerability Scanning : Automated technologies are mostly utilized for this purpose. These automated scanners sean the target to identify vulnerabilities or weaknesses in the target organization that attackers ean exploit. (5) Draw Network Diagrams : Using the information acquires the attacker may create a network diagram that will provide him with knowledge about the target organization's network and architecture, allowing him to quickly identify the target. Prepare Proxies : Proxies can be used to maintain th: attacker's anonymity by concealing the IP address, o o o Dy_1.23 PING SWEEP TECHNIQUES 5 6Q. _ What are the ping Sweep Techniques and define isa Ping Sweep is a network scanning method used to detec: which IP addresses belong to live hosts, It is also known IOMP sweep or ping sean, 1 entails simultancously issuing ICMP (Internet Contrul Message Protocol) ECHO queries to various hosts. Ia system is alive, it answers with an ICMP echo reply packet ‘comprising information such as TTL, packet size, and so on. Here are several Ping Sweep approaches and tools Manual Ping Sweep : This ca operating system's comman example, in be done manually in a” id line interface. In Windows, for as Shine vetansmesw2seniaciy BEbonannsam ‘ical Hacking (MU-T.Y. 8 Se-Como-Sen6) rtrosuton) Page no (1-21) 2. Automated Tools : Several automated solutions are available that can execute a ping sweep on a large number of I addresses at once. Fping, Nmap, Zenmap, ICMPEnum, and SuperScan are a few of these tools, 11.24 NMAP COMMAND SWITCHES {G__ What ae the Kimop Command Swiches, i Nimap is a robust network scanning program that allows you to customize seans using command-line arguments, ‘+ Here are some useful Nmap command switches. © -h : Generate a help summary page.1 © “Ss: Sean the TCP SYN port © -sU: Runa UDP port scant © -8V Probe open ports for serviee/version information © ~O = Allow OS detection @ -v Allows for verbosity. You may even choose the amount of verbosity: -vv: Verbosity level 2. The recommended minimal degree of verbosity. -vi: ‘Verbosity level 3. You may always determine the amount of verbosity by entering a number like this, @) -0A : The same Nmap output in ‘normal’, XML, and grepable forms, You can, however, define the format of your choosing with: -oN: Redirect normal output to a specified filename, -oX Generate output in a clean, XML format and save it to a specified file. -0G: Generate “grepable” output and save it to file. Deprecated format, as consumers are inereasingly relying on XML. outputs @ a Allows for “aggressive” scanning. This allows for OS detection (-0), version seanning (-sV), script scanning (-sC), and traceroute (traceroute) at the : moment. (Mom Sits wet acadomcyea2528)(8¢-14) [Ral een eo Pubiesionstroduction). Page no (1-2 tice Hacking (MU-T.Y.B Se-Comp Sem {introduction} Page 00 (1-22) we Indicates which ports to scan. It might be a singlc port or a group of ports. (6) -F_ + Fast port scan (100 ports) (G) -top-ports : Port scan the top x ports 1.25 SYN opin how SYN is geting used to transfer the connection in Ethical | ee SYN is a TCPMP network packet used to establish a connection between two hosts in the context of ethical hacking. + This is part of the TCP three-way handshake procedure, which creates a data transfer connection, +A dovice sends a SYN (synchronization) packet to another device to start the process. After that, the receiving devie: sends a SYN/ACK (synchronization acknowledged) packe buck. Finally, the initiating device sends an ACK (acknowledged) packet, completing the connection, ‘+ Inthe context of ethical hacking scanning techniques, a hacker sends a SYN packet to the victim, and if a SYN/ACK frame i received back, the target completes the connection and the port is ready to listen, + Ithe target returns a RST (reset), itis presumed that the port is closed or not active. * This technique is also known as a “halfopen” sean or SYN ee DH 1.26 STEALTH 1 6Q. "Define teat hat allow a hacker to stay unnoticed i & system in the context of ethics! + “Stealth refers to tactics ‘when scanning or attac hacking. + The objective isto av administrators abou oi rising ay aero nforming it the hacker's activity, 2 Glow Siete wet academe year23-29)0c-14) [Ral raen tao Puc Ethical Hacking (MU-T.Y. 8 Se-Comp-Sem6) roducton._Page no (1-29) + A ‘stealth sean” or “haltopen scan” is a frequent stealth method. This form of scan is used to find open ports on a Lanse ‘machine without going through the entire TCP}, process, + By failing to complete the handshake, the sean might frequently miss being reported by the target system, making detection more difficult. shake + To evade detection by intrusian detection systems, another stealth strategy includes carefully timing and limiting the pace of scan packets, TO D127 XMAS dbs 2. ee {SQ _ Explain how XMAS Scanning technique i used in thal cr + An XMAS sean is a sort of port scanning technique used in ethical hacking, + It transmits a packet with the flags URG (urgent, FIN inish), and PSH (push). + There will be no response if the port is open; however, if the port is closed, the target will answer with a RSTACK message. * XMAS scans are another covert scanning technique that seldom appears in monitoring logs since they make use of FIN Packets: packets sent by a server or client to terminate a TCP connection. ‘+ XMAS scans send packets to a server that include all required TOP flags such as SYN and ACK. ‘What isthe term NULL defines in Ethical Hacking : “null” frequently refers to a form of sean known as a “null Scan” in the context of seanning and enumeration in ethical hacking. (ew Sans wot atone yas7 248616) [Benen Petotroetion..Pagen0 (24 tical Hacking MU-TY_B SeComp-Sen-$) ‘To do a null scan, send a TCP header with no flag bit set. I'no answer is received, the port is open. «The reception of « RST message indicates that the port has been closed. “+ Furthermore, in the SMB enumeration process, which is a rnultipart process in which we enumerate the host or target ratem for various information such as hostnames, list shares, hull eessions, checking for vulnerabilities, and so on, “null might refer to checking for null sessions, enn 11.29 IDLE inp the ole of DLE Sean in thal Hacking : ‘© Inthe domain of ethical hacking, the term “IDLE” frequently refers to a scanning technique known as a “IDLE Scan.” + An IDLE scan sends the SYN packet to the target using a spoofed or fake IP address. This is accomplished by calculating ‘the port scan response and IP header sequence number. + The port is considered to be open or closed based on the sean’s result. + In some penetration testing settings when subtlety is ‘essential, this sort of scan might be beneficial D_1.30_FIN SCANS ea, Explain FIN Scans and irl in Ethical Hacking (1) A FIN sean is a port seanning technique commonly employed in ethical hacking. During a FIN sean, packets containing the FIN flag are forwarded to the server. (2) The FIN flag is frequently used to terminate formed session (8) The gutens response might ani understanding the nicaee : : ot act frmtnno the eran cel sly a previously the attacker it and providing (New Satu we cade rewe2n acy Ralrecn eo Puiet" tia Hacking IMUT.Y_B S-Comp Som (rrouction)Pape ro.) |) ‘The server ignores the FIN flag ifthe port is open; however, it the port is closed, the server responds with a RST flag set 15) This scan is particularly successful since it attempts to circumvent the methods used to detect SYN scans. 16) It is vital to note that this strategy will not function in environments where particular packet filters have been implemented. 17) Once an open port has been located, hackers ean target it for attacks. 4.31 ANONYMIZERS 1 6Q. _ Whatare the anonyiizers in Ethical Hacking, ' + Anonymizers are technologies used in ethieal hacking and cybersecurity to protect the user's anonymity. + They function by concealing the user's original IP address, ‘making it impossible to track the user's activity back to them. + Proxy servers, VPNs, and TOR networks are all examples of ‘anonymizers. ‘+ These programs route your internet traffic via many servers across the world, concealing your original IP address and ‘making it look as if the traffic is originating from somewhere else ‘+ These technologies are critieal in ethical hacking because they allow ethical hackers to conduct their actions without disclosing their identities, shielding them from retaliatory assaults, They must, however, be utilized carefully and ethically. ae 1.32 HTTP TUNNELING TECHNIQUES 1.8Q. "What ave the HTTP Tunneng Tecnnguesin ical ckng. | + HYTP tunneling is an ethical hacking technique in which communications utilizing multiple network protocols are _Wrapped using the HTTP protocol. (im yar wot academic your 20-28) (06-14) Teen Pinosnical aking UY, B Se-Gomp-Ser4) [Link] no ag ‘The network protocols in question are often members of TTCPAP protocol family ‘As a result, the HTTP protocol serves as a wrapper for hannel via which the network protocol being tunnel communicates. Because HTTP traffic is usually always allowed, this strate can be especially beneficial in cases when some forms « ‘communication are restricted by network firewalls. ‘An ethical hacker can circumvent these constraints and faquire access to resources that would otherwise by “unavailable by tunneling other protocols within HTTP. While HTTP tunneling may be used for legal objectives sueh ss testing and strengthening network security, bad hackers can also use it to gain unauthorized access to networks, D4_1.33 IP SPOOFING TECHNIQUES { 8Q. What are the Spoofing Techniques in Ethical Hacking if png wd tha bekry ely Wo cesta sso tem The oe TP = Th on af IP ying a ‘Soest cer arund 50 The vor soe Sig wg a Spoofing : Based on the implementation of the IP ba ler, hackers can change the direction that an IP packet Ay vil nro th Fhe It dees nd avr tp had The tne fh he re gi nd enon er then mimic another host's IP address on the network and sn chs apcar tee hah TCP Sequence oe TEP Seen Mambo Precton hs sck ee extimate the sequence amber that is used to identify packet ip TC? com ia ae Sec Pak tnd hee ey tetwork Tete ha ne oe a8 No means of knowing that thes reed packets are coming from a hostile host. —_ Whrecrneorinest a ® (ow Sabie wat ace Habe cada our 23.24 (8-14) etic! Macting([Link]-Comp Sor-6) Lrtoucton..Page no (127) (3) Manipulation of the Source information in the 1 Header : The attacker ean spoof IP addresses by altering the source” information in the IP header of the packets being transmitted. This makes determining the genuine source of the traffic difficult for the vietim and allows the avoid detection and carry out the assault tacker to 111.34 SNMP ENUMERATION Explain SNMP Enumeration in deta Fee «SNMP (Simple Network Management Protocol) isan ‘application layer protocol that maintains and manages routers, hubs, switehes, and other network devices on an IF network by utilizing the UDP protocol SNMP is a widely used protocol that is enabled on a wide range of operating systems, including Windows Server, Linux, ‘and UNIX servers, as well as network devices such as routers and switches. (On a target system, SNMP enumeration is used to list user system names, and devices. It is accounts, passwords, groups, ‘made up of three primary parts () A managed device is a device or a host (offically referred to as a node) that has the SNMP service activated. These devices might include routers, switches, hubs, bridges, PCs, and s0 on. Agents : An agent is picce of software that operat controlled device. Its principal function is to transform information into SNMP compliant format for network ‘administration using the SNMP protocol st Systems (NMS) are software devices. @ (@) Network Management systems that are used to monitor network Every SNMP device will have an agent that provides read and write access to a database. ‘Bhrer moron (Now Syabus wt academic yor 23-2) (20-14)ical ackng UT. 8. Comp Ser Qrivoduction) Page no (1.24 «s "The database is known as the management information b; (MMB), and it is a virtual database that contains @ form deseription of all network objects designated by 8 specifi object identifier (OID) that can be handled using SNMP. Community strings are classified into two type (1) Only read : This mode allows you to query the device an, view the information, but it does not allow you to make ‘any changes to the setup. The “public” community string i the mode's default. (2) Read Write : Changes to the device are authorized in thi, ‘mode; 50, if we connect with this community string, » may even edit the distant device's settings. Th community string for this mode is “private” by default DA_1.35_ STEPS INVOLVED IN ENUMERATION 16Q._ What are the steps involved in Enumeration. Enumeration is an important phase in the ethical hackins process since it aids in identifying security flaws in a network. ‘The following are the steps involved in enumeration (1) Port Scanning is the process of sending client queries to a of server port numbers on a host in order to locate an act port. @) Service identification entails determining which servic: are operating on open ports, User Enumeration is the process of determining legitims" usernames or user groups that may be used to get access ‘certain systems, @ (® Enumeration of Machine Names : Identifying the names! ‘computers in a network, (5) Enumeration of Shared ‘identifying shared resources printers, Names : This is the process ‘ 8 on a network, such as fil (Mow Sab 2 ease a: 23268014) settings, that Ethical Hacking MU-TY_B.5e Comp Sen) decten Page (1:29 (6) Enumeration of Directory Names : Th "6 : This entails findiny directory names that may contain sensitive informatica (D) Enumeration of Printer Names : printers that are linked to the network (8) Enumeration of Web Server Details : This entails ‘identifying information about web servers, such as software versions and settings, that might possibly he abused Enumeration of Web Server Details: This entails identifying information about web servers, such as software versions andl This entails recognizing, nt possibly be abused Chapter Bnd gaaSystem cHaPTER2 _ Hijacking University Prescribed Syllabus System Hacking : Password-Cracking Techniques, Types of Passwords, Keyloggers and Other Spyware Technologies, Escalating Privileges, Rootkits Sniffers : Protocols Susceptible to Sniffing, Active and Passive Sniffing ARP Poisoning, MAC Flooding, DNS Spoofing Techniques, Sniffing Countermeasures Denial of Service : Types of DoS Attacks, Working of DoS Attacks, BOTS/BOTNETs, “Smurf” Attack, “SYN’ Flooding, DoS/DDoS Countermeasures Session Hijacking : Spoofing vs. Hijacking, Types, Sequence Prediction, Steps, Prevention Hacking Web Servers : Web Server Vulnerabilities, Attacks against Web Servers, Patch Management Techniques, Web Server Hardening. ooo Syllabus Topic : System Hacking eS 42.1 INTRODUCTION TO SYSTEM HACKING %\ 2.1.1 Password-Cracking Technique GQ. __ Define Password-Cracking and their techniques ' GQ. __ Define the term : (a) Brute Force (t of recovering or guessing ist a user in ing is the proce Passwords. It can be properly used to 2 recovering a lost password or by system administrators in checking for weak passwordssyste Hjacking)_.Page no 22, cnc agg ou. 7.Y.0 Socom Sores) a: | However, attackers frequentiy utilize it maliciously to obs, Tinauthorized access to systems and resources 1 eracking methods. |. Here are some popular password eS th entails testing ore mack Tis are Ch Brotefore aia nations unl the Fit pass. iad time-consuming yet effectiv: is discovered. It is particularly against weak oF PO (2) Password guessing is an on! attacker employs numerous combina ular passwords. Tine approach in which aa Hone of characters in a cal and error procedure aap approach an atacker attempts to decode plntes Tsewords fom encrypted forms Phishing isthe practic of fling # person into givin Tie pusowords ually through fraudulent emails «> websites (4) Using Trojans, spyware, and key loggers : These a tmaligous programs that secretly record Keystrokes ther data without the user's awareness, (6) LLMNRINBENS Poisoning is a method in whi attacker poisons the nobwork environment inorder to credentials DA 2.2 TYPES OF PASSWORDS {cq “europe” @ Passwords are a unique colletion of characters used a © security precaution to authenticets usr identification and preven! unautlrze aces to personal data o system access They are typically classified as either weak or powerful Weak pass Weak passwords are casy to guess, frequntly contain dat sndare scaly nivel essnords pacers Sorat: Phrases, and dates are examples of be! me of the worst passwords ‘might include you" name, the name of a comm birthday. won object or animal, or you (ew Syabus wet academic yor 28.24) (06-14) (ew Syabus wet academic year 2-24) (80-14) » Strong passwords, on the other hand, are more difficult to squcss, They are classified into three major eategoris 4 Alphanumeric passwords are made up of @ combination letters (both uppercase and lowercase} and numbers «These passwords are created at random and do not follow any pattern. = Pattern-based passwords These passwords follow a certain pattern, making them casier to remember but yet difficult to guess. DH 2.5 KEYLOGGERS AND OTHER SPYWARE TECHNOLOGIES Both Keyloggers and spyware are forms of harmful software that can compromise your priva “© Keyloggers are a sort of malware that records every keystroke you make on your keyboard, usually invisibly so you are unaware your actions are heing recorded. This includes any including. instant y and security at any tim information you write messaging, emails, and other information. * The keylogger’s log file can then be forwarded to a specific recipient. Some keylogger apps will also capture your email ‘addresses and internet URLs. Spyware, on the other hand, is intended to track user behavior ‘and cullect personal information Spyware may gather 2 variety of data kinds, including browser history and personal information, whereas keyloggers only eapture typed data. Spyware is installed without the user's knowledge led by the device owner for bat keyloggers are frequently installé 00d reasons,spetwork attack is one that is used Se od eet Oe ee vt Sie gaining unauthorized access 10 Fesourc ted to the application o user by exploiting ‘vulnerability, design fault, configuration vol in an operating system or application, Jation attacks 1A privilege escalation acquit perimeterl. Tt enta that are normally limit programming eFF0r, ‘oversight, or access cont ‘There are two kinds of privilege escal Horizontal Privilege Escalation occurs when an attacker tequires access to a normal user account with lower-eve Tights, The intruder may steal an employee's login and password, giving him or her access to email, files, and an ‘online applications or sub networks to which they an assigned, Vertical Privilege Escalation : An attacker gains higher-leve access by exploiting @ design defect or oversight in the operating system or application, ® —_RE Oo ‘Syllabus Topic : Sniffers DA_2.5 INTRODUCTION TO SNIFFERS 25.1 Protocols Susceptible to Sniffing Several proteus, particularly those that transport data in 2° unenerypted manner, are vulnerable to sniffing attacks12, Her area few examples, HITPAHyper‘Text Transfer Protocol) POP Post Office Protocol SMTP(Simple Maal Transfer Protool) IMAPAInternt M lessage Access Pro TELENET = _ + _FIPGle Transfer Protocol (New Syabus we academe year 2524 (86-14) Tectv eo Publcato® system Higcking).P090 no 24 chica vocing (UT psc CompSea-e) WH TA ESCALATING PRIVILEGES rca Hacdng [Link]-Sem6) System jacking) _Pape no (5) WL_2.6 ACTIVE AND PASSIVE SNIFFING Dene Active ana Passive ning, Sniffing is a network assault in which an attacker grabs packets sent via a wired or wireless connection It is divided into two types Ty Active and (2) Passive smell (1) Aetive Sniffing + The attacker Tmeracts with the target computer directly by sending packets and getting answers ‘This sniffing is accomplished by a switch, The attacker attempts to poison the switch by transmitting a false MAC ‘address in this case. Active sniffer techniques include ARP spoofing, MAC Mooding, HTTPS and SSH spoofing, DNS spoofing, and so on. (2) Passive Sniffing : The attacker does not engage with the target in this kind. He or she simply eonneets to the network and collects packets sent and received by the network, as well ‘as packets exchanged between two devices. This sniffing is done through a hub, An attacker uses his or her PC to connect to the hub. Hub-based networks and wireless networks are examples of passive sniffing DH_2.7_ RP POISONING 2.7.1 ARP Poisoning Explain ARP Poisoning in Detail ieee (ARP Potsoning, also Known as ARD spoofing or cache poisoning, iz a sort of cyber attack that uses Address Resolution Protocol (ARP) flaws to interrupt, reroute, eavesdrop on network trafic The Address Resolution Protacel (ARP) was developed to support the Iayered approach that has boon utilized from the carly days of computer networking Babrecrs @ (ow Syiabus wo academic year 23-24 (BC-14)(System Hijack) Age Me (26) mcal Hocking (MU-TY_ 8 Se-Come SoS) "ARP function sto convert between data link layer addres, ae as MAC addresses, and network layer adresses, ich address are commonly IP. ik involves an attacker sending fake soning attad AP oie jevice ona local network in order to deccivy AP message 0 device RD moss the ntacker® MAC adress wih ali Padre 4 This onciabe Bonuse seul : when ARP was launched in 1982, therefore the protocol's Vuthors never incorporated authentication procedures to validate ARP packets, 6) The precise steps of an ARP Poisoning attack might. vary. however they usually include at least the following. (7) The Assailant Selects a Victim Machine or Machines: The first stage in planning and carrying out an ARP Poisoning attack is to choose a target. This might be an individual network ‘endpoint, a set of network endpoints, or a network object such asa router. Attacker delivers fraudulent ARP messages: A hacker sends bogus ARP packets that link the attacker's MAC address to the IP address of another computer on the LAN. (9) Attacker modifies the company’s ARP table: Following successful ARP spoofing, a hacker modifies the company's ARP table to include fabricated MAC mappings. 6 DH 2.8 MAC FLOODING 1 6Q. _ Define WAC Flooding and gol ofthis attack t + MAC flooding is a form of network attack that attacks network switch security. The attack operates hy delivering several Ethernet packets to the switch, each with a distinct source MAC address (ew Sanus wat academic year2524) (80-14) [al rech:Noo Puthestor enon Hooking QIU Y BSS Come Ser 8) Sistem Hiaceng Page no ‘The purpose is to use the switeh MAC address table. ime men 4 The goal of this tack so deve valid MAC aden the MAC nes abl sling nage soe frames flooding out on ll ports. The MAC fost en derives its name from this flooding characteristic : Aflor succesfully exiting «MAC feeding. aac analicous usr ean utilize a packet analyzer tele sonra data being exchanged between ather computers ther woud de acoasbe iTe eth wes moray seal «After switches recover from the original MAC foeding assault, the attacker may follow up with an ARP spoofing attack t0 ‘maintain access to privileged data DH_2.9 DNS SPOOFING TECHNIQUES DNS spoofing, also known as DN attack in which an attacker modifies DNS records in order to redirect consumers to a false website. Here are some typical DNS spoofing techniques: (1) Compromising a DNS Server : attacker acquires access to the DNS server and mi records, redirecting traffic to a phony website @) DNS Cache Poisoning : This is accomplished by inserting tainted DNS data into the DNS resolver cache, Users are led to a bogus website when they seek the IP address of « certain website. (3) Man-in-the-Middle (MITM) Attack : This approsel. — ‘ache poisoning, isa sort of In this approach, the odifis ite intercepting user connections with @ D! redirecting them toa different or malicious 1P address enneo Pseaions Codnanverenmnenarenec — Beerica Hacking [Link]- Comp SETS) Jes, numerous solutions data to prevent it from being munications. such 2, Virtual Private Network (VP! sour connectivity from packet sniffers 5. Antivirus and Firewall Software : Ensure that al machines on a network have proper antivirus and firewall software protection, 4. Network Monitoring Tools : Make use of network monitoring tools to monitor traffie and detect any strange 5. Intrusion Detection Systems (IDS) : Install and use IDS to identify and block illegal access 6. Limit Physical Access : To prevent unauthorized users from installing packet sniffers, limit physical access to network ‘equipment, 7. Use Static ARP Tables/IP Addresses : This ean help avoid AARP poisoning, which is a popular technique used in sniffing attacks, 8. Use IPv6 : IPV6 is more secure and difficult to forge than Tees, ® Disable Network Identification Broadcasts : This «i! make it more dificult for attack ult for attackers to locate targets om U0 networks. ca ete 10 Safe Protocols: For se connect such as SSH, IPSec, and SSL/TLS, : uuse secure protoce!* ow Subs wt seam yor 2.24 (614) ect wo Pubic entical Hacking (MU-T.Y_B.Sc-Comp-Som-6) Syllabus Topic : Denial of Services 2:11 INTRODUCTION TO DENIAL OF seRvices ot HAL OF SERVICES YS _ZA LA Types of DoS Attacks Sten acing Pape no 29 Detine the Terms a) Dos tac 3S attacks are efforts to disrupt th rapt the operations of or network by flooding it with traffic. Here sr : a website Here are a few examples of DoS attacks () Browser redirection occurs when you attempt to access a webpage but instead access another page with a different URL, @) Closing Connections : There can be no communication between the sender (server) and the receiver client) when the connection is closed, (B) Data Destruction : When a hacker destroys « resource, becomes inaccessible (A) Exhaustion of Resources : This occurs when a hacker repeatedly seeks access to a resource, eventually overloading the web application, D212 WORKING OF DOS ATTACK oq. ‘A DoS attack is a sort of cyber attack in which a actor attempts to make a computer or other device inaccessible to its intended users by interfering with the device's regular operation. + Overwhelming the Target : The fundamental goal of a DoS assault is to overwhelm the capacity of a targeted system, resulting in a denial of service to subsequent requests, DoS attacks generally work by bombarding a targeted system with requests until regular traffic is unable to be handled, resulting in denial of service to further users Explain the working of Dos attack in deta (New Satis wot scacemic yor 2324)(8¢13) lA eerneo raters¥.BSe-CompSers ‘tical Hacking (MU-TY, 8 SOs tation : A sort of attack in which , en eo oy i. ir can over saturate serv, + Buffer Overflow Exploit capacity by 7 volume of packets, resulting Tod attacks need the bad actor to have more availa: bandwidth than the target DH 2.13 BOTS/BOTNETS ‘J Bote Gubote) are software applications that, when given instructions, conduct automated activities to imitate or repla: humans. Bots account for more than half of all online trafic and the vast majority of them are malicious, Bots may do automated online jobs since many of them are repetitive and programmed. ‘+ Botnet, on the other hand, are groups of infected computer ‘They are networks made up of remote-controlled computers, ot “bots,” infected with malware that allows them to be controll remotely. Some botnets have hundreds of thousands, ifm nillions, of computers + Bots and botnets are intended to spread, coordinate, and accelerate a hacker's ability to earry out more severe assaults ‘These rogue programs may be disseminating spam. * These malicious programs might be sending spam o! Participating in a distributed denial of service (DDoS) assst! that takes down entire websites Botnets are classified accord ‘ according to their Channel, For exam? {he Internet Relay Chat (IRC) Botnet employs IRC as ‘ammand and Control (C&C) Channel, where bots reet* __otders from a centralized IRC server (New Srabus we academe year 2324) (86-14) Tech-Neo Publica Ethical Hacking (MU-T.¥.[Link]-Comp-Som-6) «Another kind is a Peer-to-Peer (Pap, by combining P2P protocols and nodes, +s crucial to remember that, while bo hile bots can be dang they can slo bo ual Sar engin een bots to browse the weh and catogrian content fon agen 2.14 SMURF ATTACK EE ” Botnet, which is ereated 4 decentralized network of GQ. _ Explain Smurf Attack in deta with ox ‘+ Smurfattacks are types of distributed denial-ofserviee Dbes) attacks that happen at the network layer. The assoul i alld aller the software DDoS Smurf, hich allows hackers to cary it out, Heeause of their capacity to take dow lnger faa To working together, the assaults are also named after the cartoon characters The Smurfs + Large quantities of Internet Control Message Protocol (ICMP) packets with the faked source IP ofthe intended victim are broadcast to a computer network using an IP broadeast address in a Smurf attack + Most network devices wil, by default, respond by sending a reply to the originating IP address If there ae a significant number of devices on the network that recive and reply to these packets, the victim's + Dan Mosehuk (alias TFreak) created the fist Smurf in 19972 One ofthe earliest assaults to employ this strategy occurred in 1998, and it first targeted the University of Minnesota + The eyber assault resulted in a exber trafic bottleneck that Also impacted the Minnesota Regional Network, a statewide internet service provider (ISP). It caused computers throughout the state to shut doven, hindered networks, and contributed to data loss en classified into two types: basic and ‘Smurf assaults are oft sophisticated, Bhrenseorrctors (Wow Syabus wot academic your 22:28) (80-14)