A REPORT ON ETHICAL HACKING

PRATYUSH JHA
19STUCHH010313

Department of English
Icfai Tech(Deemed to be university)
HYDERABAD
APRIL,2021

ETHICAL HACKING

i
(Report submitted for Professional Communication Course,
Swathi MULINTI)

(PRATYUSH JHA)
(19STUCHH010313)

Department of English
IcfaiTech (Deemed to be university)
HYDERABAD
APRIL,2021

ii
 ACKNOWLEDGEMENT
The completion of any task is reward to not only persons actively involved in accomplishing
it but also the people involved in guiding and helping.

I express my heartfelt gratitude to my respected faculty Miss Swathi Mulinti for her kind and
inspiring advice which helped me to understand the subject and it’s semantic significance.
She enriched with her valuable suggestions regarding my topic and presentation issues.

Completing this report in such a short time especially with so little initial knowledge was a
task impossible enough for me but the help I received from faculty is very much appreciable.

Hence I am really very much indebted to everyone who helped me in completion of this
report.

Pratyush Jha

iii
 ABSTRACT
Today more and more software’s are developing and people are getting more and more
options in their software’s. However, as more and more organizations become partially or
completely dependent on the internet, computer security and the serious threat of computer
criminals come to the foreground. The explosive growth of internet has brought many good
things like e-commerce, email, and new avenues for advertising and information distribution,
to name a few.

As with most technical advances , there is also a dark side: criminal hackers. Government,
companies and private citizens around the world are anxious to be a part of this revolution,
but they are afraid that some hacker will break into their web server and can hamper their
privacy. With this concern, ethical hackers come to rescue.

Unfortunately, most organizations across the globe continue to remain oblivious of the threat
posed by the computer criminals, corporate espionage and cyber terrorism. Ethical Hacking
attempts to pro-actively increase security protection by identifying and patching known
security vulnerabilities on systems owned by other parties.

iv
 KEYWORDS

1. Hacker
2. Vulnerability
3. Phishing
4. SQL
5. Stumbler
6. SNIFFING
7. Payroll
8. Intruders
9. Cryptography
10. Contrary
11. DDOS
12. Exploitation
13. Ciphertext
14. Threat
15. Forensic
16. Legitimate
17. URL
18. HTTP
19. Unix
20. GNU

v
 Contents

Table Of Contents Page No.

ACKNOWLEDGEMENT---------------------------------------------------------iii
ABSTRACT--------------------------------------------------------------------------iv
KEYWORDS------------------------------------------------------------------------v

Chapter I: INTRODUCTION-------------------------------------------------------1-2

1.1 SECURITY AND INTEGRITY ----------------------1

1.2 NEED FOR SECURITY ----------------------2

Chapter II: HACKING BASICS-----------------------------------------------------3-8

2.1 HACKING AND HACKERS---------------------------------3

2.2 TYPES OF HACKERS-----------------------------------------3

2.2.1 White Hat Hackers----------------------------------------3

2.2.2 Black Hat Hackers----------------------------------------4

2.2.3 Grey Hat Hackers-----------------------------------------4

2.3 BENEFITS OF ETHICAL HACKING--------------------------4

2.4 TYPES OF ETHICAL HACKING--------------------------------4-5

2.4.1 Web Application Hacking-----------------------------------5

2.4.2 System Hacking-----------------------------------------------5

2.4.3 Web Server Hacking------------------------------------------5

vi
 2.4.4 Hacking Wireless Networks----------------------------------5

2.4.5 Social Engineering----------------------------------------------5

2.5 SKILLS REQUIRED---------------------------------------------------6-8

2.5.1 Computer Networking----------------------------------------6

2.5.2 Computer Skills------------------------------------------------6

2.5.3 Linux Skills------------------------------------------------------6

2.5.4 Programming Skills----------------------------------------------7

2.5.5 Basic Hardware Knowledge--------------------------------------7

2.5.6 Reverse Engineering------------------------------------------------7

2.5.7 Cryptography Skills------------------------------------------------8

2.5.8 Database Skills------------------------------------------------------8

2.5.9 Problem Solving Skills---------------------------------------------8

Chapter III: TOOLS AND TECHNIQUES 9-14

3.1 TOOLS------------------------------------------------------------9-11

3.1.1Nmap-----------------------------------------------------9

3.1.2 Metasploit------------------------------------------------9

3.1.3 Burp Suit--------------------------------------------------10

3.1.4 Cain And Abel-------------------------------------------10

3.1.5 Net Stumbler---------------------------------------------11

3.2 TECHNIQUES--------------------------------------------------11-14

vii
 3.2.1 Sniffing-------------------------------------------------11

3.2.2 SQL Injection----------------------------------------12

3.2.3 Information Gathering---------------------------13

3.2.4 Vulnerability Scanning--------------------------13

3.2.5 Exploitation---------------------------------------13

3.2.6 Pen Testing-----------------------------------------14

Chapter IV: ROLES , RESPONSIBILITIES AND CHALLENGES OF ETHICAL

HACKERS------------------------------15-16

4.1 THEIR ROLES AND RESPONSIBILITY------15

4.2 CHALLENGES ---------------------------------15-16

Chapter V: WHAT’S NEXT-----------------------------------------17

5.1 CAREER OPPORTUNITIES---------------------17

Chapter VI: FAQs----------------------------------------------------18-19

Chapter VII: Conclusion-----------------------------------------------20

viii
REFERENCES-------------------------------------------------------------21

APPENDICES---------------------------------------------------------------22-34

APPENDIX-I - MEANING OF KEYWORDS----------------------------22-25

APPENDIX-II – HACKING TERMINOLOGIES--------------------------26-29

APPENDIX-III – FACTS RELATED TO HACKING----------------------30-34

CHAPTER-I

INTRODUCTION

Ethical Hacking also known as penetration testing or white hat hacking , involves the same
tools and tricks that hackers use. The major difference is that Ethical Hacking is legal. Ethical
Hacking is performed with target permission. The intent of Ethical Hacking is to discover
vulnerabilities from a hacker’s viewpoint so system can be better secured. This type of
Hacking also ensures that vendor claims about security of their products are legitimate.

1.1 SECURITY AND INTEGRITY

It is the condition of being protected from danger or loss. Generally , security is a concept
similar to safety. With reference to networks, it is called Information Security, meaning

ix
protecting information and information systems from unauthorized access, use, disclosure,
disruption, modification or destruction. Usually, it is defined in terms of CIA Triads. The
CIA are the basic principles of security in which C denotes the confidentiality, I represents
integrity, and A represents availability. For example, in case of a credit card transaction, the
authorized person should see the credit card number and he should see the data. Nobody
could see that data as they may use it for some other activities. Thus the confidentiality is
very important. Confidentiality is necessary for maintaining the privacy of people whose
personal information of a system holds.

INTEGRITY

It means data cannot be modified without authorization. This means that the data seen by the
authorized persons should be correct or he data should maintain the property of integrity.
Integrity is violated when a computer virus infects a computer like when someone is able to
cast a large number of votes in online poll, an employee is able to modify his own salary in a
payroll database and so on. In such cases the data is modified and we can say that there is a
breach in security.

1.2 NEED FOR SECURITY

Computer security is required because most organizations can be damaged by hostile

software or intruders. Moreover security is directly related to business. This is because if a
company loses a series of credit card numbers of it’s customers then many customers would
be hesitant to go back to the same company. It will result to company losing it’s customers
and business. Several damages can also be done by some intruders. Hence the security is
absolute necessary.

x
 CHAPTER-II

HACKING BASICS

2.1 HACKING AND HACKERS

The activity of using a computer to access information stored on another computer system
without permission, or to spread a computer virus.

Ethical Hacking: An authorized attempt to gain unauthorized access to computer system ,

application or data

OR

It is also called penetration testing. It is legally breaking into computers and devices to test an
organization’s defences.

Hacker: Person who uses computer to gain unauthorized access to a computer.

xi
2.2 TYPES OF HACKERS

Hackers are of different types and are named based on their intent of the hacking system.

a) White Hat Hackers

b) Black Hat Hackers
c) Grey Hat Hackers

2.2.1 White Hat Hacker

Ethical Hackers or White Hat Hackers do not intend to harm the system or organization but
they do so , officially , to penetrate and locate the vulnerabilities, providing solutions to fix
them and ensure safety. Companies like Facebook , Microsoft and Google use white hat
hackers.

2.2.2 Black Hat Hacker

Contrary to an ethical hacker , Black Hat Hackers or non-ethical hackers perform hacking to
fulfil their selfish intentions to collect monetary benefits.

2.2.3 Grey Hat Hacker

They are the combination of white and black hat hackers. They hack without any malicious
intent for fun. They perform hacking without any approval from the targeted organization.

2.3 BENEFITS OF ETHICAL HACKING

xii
The primary benefit of ethical hacking is to prevent data from being stolen and misused by
malicious attackers , as well as,

i) Discovering vulnerabilities from an attackers POV so that weak points can be

fixed.
ii) Implementing a secure network that prevent security breaches.
iii) Defending national security by protecting data from terrorists.
iv) Gaining the trust of customers and investors by ensuring the security of their
products and data
v) Helping protect network with real world assessments.

2.4 TYPES OF ETHICAL HACKING

It is no big secret that any system , process, website, device can be hacked.

Types of Ethical Hacking are as follows

2.4.1 Web Application Hacking

It refers to exploitation of applications via HTTP which can be done by manipulating

application via it’s graphical web interface, tampering the URL or tampering HTTP elements
not contained in the URL.

2.4.2 System Hacking

It is defined as the compromise of computer systems and software to access the target
computer and steal or misuse their sensitive information.

2.4.3 Web Server Hacking

Web content is generated in real time by a software application running at server side. Sp
hackers attack on the web servers to access passwords, etc., by using DDOS attacks , port
scan and social engineering attacks.

2.4.4 Hacking Wireless Networks

xiii
Wireless networks are accessible to anyone within the router’s transmissions radius. This
makes them vulnerable to attacks.

2.4.5 Social Engineering

It is the art of exploiting human psychology , rather than technical hacking techniques to gain
access to systems , building or data.

2.5 SKILLS REQUIRED

2.5.1 Computer Networking Skills

The computer network is nothing but the interconnection of multiple devices, generally
termed as Hosts connected using multiple paths to send/receive data or media.
Understanding networks like DHCP, Superwetting, Subnetting, and more will provide
ethical hackers to explore the various interconnected computers in a network and the
potential security threats that this might create, as well as how to handle those threats .

2.5.2 Computer Skills

Computer skills are knowledge and ability which allow one to use computers and related
technology. Typically, basic computer skills include data processing, managing computer
files, and creating presentations. Advanced computer skills include managing databases,
programming, and running calculations in spreadsheets. Some of the most essential

xiv
computer skills are MS Office, Spreadsheets, Email, Database Management, Social Media,
Web, Enterprise systems, etc. An ethical hacker needs to be a computer systems expert.

2.5.3 Linux Skills

Linux is a community of open-source Unix like operating systems that are based on the
Linux Kernel. It is a free and open-source operating system and the source code can be
modified and distributed to anyone commercially or non commercially under the GNU
General Public License. The main reason to learn Linux for an ethical hacker is, in terms of
security, Linux is more secure than any other operating system. It does not mean that Linux
is 100 percent secure it has some malware for it but is less vulnerable than any other
operating system. So, it does not require any anti-virus software.

2.5.4 Programming Skills

Another most important skill to become an ethical hacker is Programming Skills. So what
does the word programming in the computer world actually means? It means, “The act of
writing code understood by a computational device to perform various instructions.” So, to
get better at programming, one will be writing a lot of code! Before one writes code he/she
must choose the best programming language for his/her programming. Here is the list of
programming languages used by ethical hackers

1. Python
2. SQL
3. C++
4. Java
5. C
6. PHP
7. Ruby

xv
 8. Pearl

2.5.5 Basic Hardware Knowledge

Computer hardware comprises the physical parts of a computer, like the central processing
unit (CPU), monitor, mouse, keyboard, computer data storage, graphics card, sound card,
speakers and motherboard, etc.

2.5.6 Reverse Engineering

Reverse Engineering is a process of recovering the design, requirement specifications, and

functions of a product from an analysis of its code. It builds a program database and
generates information from this. The objective of reverse engineering is to expedite the
maintenance work by improving the understandability of a system and to produce the
necessary documents for a legacy system. In software security, reverse engineering is
widely used to ensure that the system lacks any major security flaws or vulnerabilities.

2.5.7 Cryptography Skills

Cryptography is the study and application of techniques for reliable communication in the
presence of third parties called adversaries. It deals with developing and analyzing
protocols that prevent malicious third parties from retrieving information being shared
between two entities thereby following the various aspects of information security.
Cryptography deals with converting a normal text/message known as plain text to a non-
readable form known as ciphertext during the transmission to make it incomprehensible to
hackers. An ethical hacker must assure that communication between different people within
the organization does not leak.

2.5.8 Database Skills

DBMS is the crux of creating and managing all databases. Accessing a database where all
the information is stored can put the company in a tremendous threat, so ensuring that this

xvi
software is hack-proof is important. An ethical hacker must have a good understanding of
this, along with different database engines and data schemas to help the organization build
a strong DBMS.

2.5.9 Problem Solving Skills

Problem-solving skills help one to determine the source of a problem and find an effective
solution. Apart from the technical skills pointed above, an ethical hacker also must be a
critical thinker and dynamic problem solver. They must be wanting to learn new ways and
ensure all security breaches are thoroughly checked. This requires tons of testing and an
ingenious penchant to device new ways of problem-solving.

CHAPTER-III

TOOLS AND TECHNIQUE

3.1 TOOLS

3.1.1 Nmap

It stands for Network Mapper. It is an open source tool that is used widely for network
discovery and security auditing. Nmap was originally designed for large networks but it can
work equally well for single hosts.

Nmap uses raw IP packets to determine −

 what hosts are available on the network,

 what services those hosts are offering,

 what operating systems they are running on,

xvii
  what type of firewalls are in use, and other such characteristics.

Nmap runs on all major computer operating systems such as Windows, Mac OS X, and
Linux.

3.1.2 Metasploit

Metasploit is one of the most powerful exploit tools. It’s a product of Rapid7 and most of its
resources can be found at: www.metasploit.com. It comes in two versions
− commercial and free edition. Metasploit can be used with command prompt or with Web
UI.

With Metasploit, you can perform the following operations −

 Conduct basic penetration tests on small networks

 Run spot checks on the exploitability of vulnerabilities

 Discover the network or import scan data

 Browse exploit modules and run individual exploits on hosts

3.1.3 Burp Suit

Burp Suite is a popular platform that is widely used for performing security testing of web
applications. It has various tools that work in collaboration to support the entire testing
process, from initial mapping and analysis of an application's attack surface, through to
finding and exploiting security vulnerabilities.

Burp is easy to use and provides the administrators full control to combine advanced manual
techniques with automation for efficient testing. Burp can be easily configured and it
contains features to assist even the most experienced testers with their work.

3.1.4 Cain and Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It helps in easy
recovery of various kinds of passwords by employing any of the following methods −

xviii
  sniffing the network,

 cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis

attacks,

 recording VoIP conversations,

 decoding scrambled passwords,

 recovering wireless network keys,

 revealing password boxes,

 uncovering cached passwords and analyzing routing protocols.

Cain & Abel is a useful tool for security consultants, professional penetration testers
and everyone else who plans to use it for ethical reasons.

3.1.5 Net Stumbler

Network stumbler is a Wi-Fi scanner and monitoring tool for Windows. It allows network
professionals to detect WLANs. It is widely used by networking enthusiasts and hackers
because it helps you find non-broadcasting wireless networks.

Network Stumbler can be used to verify if a network is well configured, its signal strength or
coverage, and detect interference between one or more wireless networks. It can also be used
to non-authorized connections.

3.2 TECHNIQUES

3.2.1 Sniffing

xix
Sniffing is the process of monitoring and capturing all the packets passing through a given
network using sniffing tools. It is a form of “tapping phone wires” and get to know about the
conversation. It is also called wiretapping applied to the computer networks.

In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected.
In the right conditions and with the right protocols in place, an attacking party may be able
to gather information that can be used for further attacks or to cause other issues for the
network or system owner.

3.2.2 SQL Injection

SQL injection is a set of SQL commands that are placed in a URL string or in data structures
in order to retrieve a response that we want from the databases that are connected with the
web applications. This type of attacks generally takes place on webpages developed using
PHP or ASP.NET.

An SQL injection attack can be done with the following intentions −

 To dump the whole database of a system,

 To modify the content of the databases, or

 To perform different queries that are not allowed by the application.

xx
This type of attack works when the applications don’t validate the inputs properly, before
passing them to an SQL statement. Injections are normally placed put in address bars, search
fields, or data fields.

The easiest way to detect if a web application is vulnerable to an SQL injection attack is to
use the " ‘ " character in a string and see if you get any error.

SQLMAP

SQLMAP is one of the best tools available to detect SQL injections. It can be downloaded
from http://sqlmap.org/

It comes pre-compiled in the Kali distribution. You can locate it at − Applications →

Database Assessment → Sqlmap.

3.2.3 Information Gathering

Information Gathering is the act of gathering different kinds of information against the
targeted victim or system. It is the first step or the beginning stage of Ethical Hacking,
where the penetration testers or hackers (both black hat or white hat) performed this stage;
this is a necessary and crucial step to be performed. The more the information gathered
about the target, the more the probability to obtain relevant results. Information gathering is
not just a phase of security testing; it is an art that every penetration-tester (pen-tester) and
hacker should master for a better experience in penetration testing. There are various tools,
techniques, and websites, including public sources such as Whois, nslookup that can help
hackers gather information. This step is necessary because you may need any information

xxi
(such as his pet name, best friend's name, age, or phone number to perform password
guessing attack or other kinds of attacks) while performing attacks on any target.

3.2.4 Vulnerability Scanner

Vulnerability scanners allow you to connect to a target system and check for such
vulnerabilities as configuration errors and system vulnerabilities. A popular vulnerability
scanner is the freely available open source tool Nessus. Nessus is an extremely powerful
network scanner that can be configured to run a variety of scans. While a Windows graphical
front-end is available, the core Nessus product requires Linux to run.

3.2.5 Exploitation

Exploitation is a piece of programmed software or script which can allow hackers to take
control over a system, exploiting its vulnerabilities. Hackers normally use vulnerability
scanners like Nessus, Nexpose, OpenVAS, etc. to find these vulnerabilities.

3.2.6 Pen Testing

Penetration Testing is a method that many companies follow in order to minimize their
security breaches. This is a controlled way of hiring a professional who will try to hack your
system and show you the loopholes that you should fix.
Before doing a penetration test, it is mandatory to have an agreement that will explicitly
mention the following parameters −
 what will be the time of penetration test,
 where will be the IP source of the attack, and
 what will be the penetration fields of the system.

xxii
Penetration testing is conducted by professional ethical hackers who mainly use commercial,
open-source tools, automate tools and manual checks. There are no restrictions; the most
important objective here is to uncover as many security flaws as possible.

Types of Penetration Testing

We have five types of penetration testing −

 Black Box − Here, the ethical hacker doesn’t have any information regarding the
infrastructure or the network of the organization that he is trying to penetrate. In
black-box penetration testing, the hacker tries to find the information by his own
means.
 Grey Box − It is a type of penetration testing where the ethical hacker has a partial
knowledge of the infrastructure, like its domain name server.
 White Box − In white-box penetration testing, the ethical hacker is provided with all
the necessary information about the infrastructure and the network of the
organization that he needs to penetrate.
 External Penetration Testing − This type of penetration testing mainly focuses on
network infrastructure or servers and their software operating under the
infrastructure. In this case, the ethical hacker tries the attack using public networks
through the Internet. The hacker attempts to hack the company infrastructure by
attacking their webpages, webservers, public DNS servers, etc.
 Internal Penetration Testing − In this type of penetration testing, the ethical hacker
is inside the network of the company and conducts his tests from there.
Penetration testing can also cause problems such as system malfunctioning, system crashing,
or data loss. Therefore, a company should take calculated risks before going ahead with
penetration testing. The risk is calculated as follows and it is a management risk.
RISK = Threat × Vulnerability

CHAPTER-IV
ROLES , RESPONSIBILITIES AND CHALLENGES OF ETHICAL
HACKERS

5.1 ROLES AND RESPONSIBILITIES

xxiii
Ethical hackers are similar to penetration testers, but the role of an ethical hacker is broader
and involves a greater range of duties. Like penetration testers, ethical hackers break into
systems legally and ethically. However, ethical hackers are also responsible for fixing the
vulnerabilities they identify. Responsibilities of ethical hackers include:

 Find open ports and implement corrective measures to prevent potential

attacks
 Evade intrusion prevention systems, intrusion detection systems, firewalls, and
honeypots to ensure they are effective and reinforced when necessary
 Search digital trash bins and other deep corners of a network to find any
passwords or other sensitive information that could be used to attack an
organization
 Identify and fix sniffing networks, cracked wireless encryption, hijacked web
servers, and hijacked web application
 Ensure patch installations are up to date
 Help handle issues related to online employee fraud and digital information
theft

5.2 CHALLENGES

The professional issues of ethical hacking include possible ineffective performance on the
job. Ethical hacking may be limited by the sensitivity of information involved in the client
organization. Clients tend to impose requirements and limits on the activities of the ethical
hacker.

For the ethical hacker to perform properly, access to the entire system or network might be
needed. Because of the need for professionalism, the ethical hacker must not violate the limits
imposed by the client so that professional issues are minimized.

CHAPTER-V

WHAT’S NEXT

5.1 CAREER OPPRTUNITIES

xxiv
 Source: Google Trends

Growing at a rate that is outpacing all other areas of IT, cybersecurity has emerged as a high-
growth-field of 2017, and possibly of the entire decade. During the 5 years between 2012 and
2017, listings for cybersecurity jobs increased by a whopping 75% according to the analysis
made by the Bureau of Labor Statistics. This has led to a lot of unfilled positions so jobs are
plenty and they pay well too.

How much money does an ethical hacker make?

Certified ethical hackers make an average annual income of $80,074, according to PayScale.
The average starting salary for a certified ethical hacker is $95,000, according to EC-Council
senior director Steven Graham. The founder of NoWiresSecurity , Eric Geier, estimates a
more conservative $50,000 to $100,000 per year in the first years of work depending on
your employer, experience and education. Those with a few years of experience can
pull $120,000 and upwards per year, particularly those who work as independent
consultants.

CHAPTER-VI

FAQs

Q1. How much time it takes to break into a system?

xxv
Ans: The average time it took ethical hackers to get to the internal network was four days,
but in one case it was possible in just thirty minutes.

Q2. What is the difference between ethical hackers and hackers ?

Ans: Ethical hacking is conducted by hackers as well but their intention behind hacking is not
for malicious purposes. Ethical hackers are referred to as White Hats, who end up provide
protection from the Black Hats who are the unethical hackers. Ethical hacking is adopted by
many almost every organization.

Q3. Role of Ethical Hackers in Government Agencies.

Ans: The government jobs for ethical hackers in different organizations basically require the
hacker to make use of hacking tools, tactics and techniques to breach the existing security
protocols by finding small loopholes, assessing the security of these networks/ website/
application and to execute the measures that can prevent such unwanted intrusions. They test
and develop security systems. Jobs as Network Security Administrator, Chief Information
Security Officer, Application Security Tester, Chief Application Security Officer, etc. offer
exciting prospects. They can work in Defense organizations, law enforcement organizations,
forensic organizations, detective companies, investigative organizations, etc.

Q4. Areas where ethical hackers are employed.

Ans: They Help In Educating The Other Employees

Skilled ethical hackers are aware of the actions on the part of employees which creates
vulnerabilities. Thus, they can warn employees against vulnerable actions while using
company computing systems. An aware and educated workforce acts as a fence to secure the
network of the organization.

xxvi
 Chapter-VII

CONCLUSION

Hacking has both its benefits and risks. Hackers are very diverse. They may bankrupt a
company or may protect the data, increasing the revenues for the company. The battle

xxvii
between the ethical or white hat hackers and the malicious or black hat hackers is a long war,
which has no end. While ethical hackers help to understand the companies’ their security
needs, the malicious hackers intrudes illegally and harm the network for their personal
benefits. which may allow a malicious hacker to breach their security system. Ethical
Hackers help organizations to understand the present hidden problems in their servers and
corporate network.[3] Ethical Hacking is a tool, which if properly utilized, can prove useful
for understanding the weaknesses of a network and how they might be exploited.[2]This also
concludes that hacking is an important aspect of computer world. It deals with both sides of
being good and bad. Ethical hacking plays a vital role in maintaining and saving a lot of
secret information, whereas malicious hacking can destroy everything. What all depends is
the intension of the hacker. It is almost impossible to fill a gap between ethical and malicious
hacking as human mind cannot be conquered, but security measures can be tighten [3].

So the conclusion is this that we can use Artificial Intelligence to prevent hackers to access
our network either it is a computer network or Internet of Things. In this process we need to
taught AI that “How to prevent Hacker to bypass our network”. Besides making our life
comfortable networks can also be used to compromise it so, it depends upon how smartly and
securely we use it because doesn’t matter what it is nothing is unhackable.

References

[1] Wikipedia.

[2] C. Palmer, "Ethical Hacking," IBM Systems, vol. 40, no. 3, pp. 769-780, 2001.
[3] K. Utkarsh, "System Security and Ethical Hacking".

xxviii
[4] G. K.Juneja, "Ethical Hacking:A technique to enhance information security,"
International Journals of Computer Applications, vol. 2, no. 12,december 2013, p. 3297,
2007.
[5] Y. W. D. D. Smith B, Ethical Hacking : The Security Justification Redux in Technology
and soceity, 2002.

APPENDIX-I

Meaning of keywords

xxix
Ciphertext- ciphertext or cyphertext is the result of encryption performed on plaintext using
an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information
because it contains a form of the original plaintext that is unreadable by a human or computer
without the proper cipher to decrypt it.

Contrary- opposite in nature, direction, or meaning.

Cryptography- the art of writing or solving codes.

DDOS- Distributed Network Attacks are often referred to as Distributed Denial of Service
(DDoS) attacks. This type of attack takes advantage of the specific capacity limits that apply
to any network resources – such as the infrastructure that enables a company’s website.

Exploitation- The action or fact of treating someone unfairly in order to benefit from their
work.

Forensic- relating to or denoting the application of scientific methods and techniques to the
investigation of crime.

GNU-an operating system similar to Unix with a collection of compatible software,

developed and distributed as a free alternative to commercial systems.

xxx
Hacker- a person who uses computers to gain unauthorized access to data.

HTTP-The Hypertext Transfer Protocol is an application protocol for distributed,

collaborative, hypermedia information systems that allows users to communicate data on the
World Wide Web

Intruder- someone who is in a place or situation where they are not wanted

Legitimate- allowed by law

Payroll- a list of the people employed by a company showing how much each one earns

Phishing-an attempt to trick someone into giving information over the internet or
by email that would allow someone else to take money from them, for example by
taking money out of their bank account

Sniffing-to speak in an unpleasant way, showing that you have a low opinion of something

SQL-SQL is a domain-specific language used in programming and designed for managing

data held in a relational database management system, or for stream processing in a relational
data stream management system.

Stumbler-a walker or runner who trips and almost falls

xxxi
Threat- an expression of intention to inflict evil, injury, or damage

Unix- Unix is a family of multitasking, multiuser computer operating systems that derive
from the original AT&T Unix, whose development started in the 1970s at the Bell Labs
research center by Ken Thompson, Dennis Ritchie, and others

URL-A Uniform Resource Locator (URL), colloquially termed a web address, is a

reference to a web resource that specifies its location on a computer network and a
mechanism for retrieving it.

Vulnerability-In computer security, a vulnerability is a weakness which can be exploited by a

threat actor, such as an attacker, to cross privilege boundaries within a computer system. To
exploit a vulnerability, an attacker must have at least one applicable tool or technique that can
connect to a system weakness.

All definitions in this appendix has been referred from:

1. https://www.wikipedia.org/
2. https://dictionary.cambridge.org/

xxxii
 APPENDIX-II

Hacking Terminologies

Following is a list of important terms used in the field of hacking.

 Adware − Adware is software designed to force pre-chosen ads to display on your
system.

xxxiii
 Attack − An attack is an action that is done on a system to get its access and extract
sensitive data.

 Back door − A back door, or trap door, is a hidden entry to a computing device or
software that bypasses security measures, such as logins and password protections.

 Bot − A bot is a program that automates an action so that it can be done repeatedly at
a much higher rate for a more sustained period than a human operator could do it.
For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create
objects at a higher rate.

 Botnet − A botnet, also known as zombie army, is a group of computers controlled

without their owners’ knowledge. Botnets are used to send spam or make denial of
service attacks.

 Brute force attack − A brute force attack is an automated and the simplest kind of
method to gain access to a system or website. It tries different combination of
usernames and passwords, over and over again, until it gets in.

 Buffer Overflow − Buffer Overflow is a flaw that occurs when more data is written
to a block of memory, or buffer, than the buffer is allocated to hold.

 Clone phishing − Clone phishing is the modification of an existing, legitimate email

with a false link to trick the recipient into providing personal information.

 Cracker − A cracker is one who modifies the software to access the features which
are considered undesirable by the person cracking the software, especially copy
protection features.

 Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious

attempt to make a server or a network resource unavailable to users, usually by
temporarily interrupting or suspending the services of a host connected to the
Internet.

 DDoS − Distributed denial of service attack.

 Exploit Kit − An exploit kit is software system designed to run on web servers, with
the purpose of identifying software vulnerabilities in client machines communicating
with it and exploiting discovered vulnerabilities to upload and execute malicious
code on the client.

xxxiv
 Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands
that takes advantage of a bug or vulnerability to compromise the security of a
computer or network system.

 Firewall − A firewall is a filter designed to keep unwanted intruders outside a

computer system or network while allowing safe communication between systems
and users on the inside of the firewall.

 Keystroke logging − Keystroke logging is the process of tracking the keys which are
pressed on a computer (and which touchscreen points are used). It is simply the map
of a computer/human interface. It is used by gray and black hat hackers to record
login IDs and passwords. Keyloggers are usually secreted onto a device using a
Trojan delivered by a phishing email.

 Logic bomb − A virus secreted into a system that triggers a malicious action when
certain conditions are met. The most common version is the time bomb.

 Malware − Malware is an umbrella term used to refer to a variety of forms of hostile

or intrusive software, including computer viruses, worms, Trojan horses,
ransomware, spyware, adware, scareware, and other malicious programs.

 Master Program − A master program is the program a black hat hacker uses to
remotely transmit commands to infected zombie drones, normally to carry out Denial
of Service attacks or spam attacks.

 Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out
legitimate-looking emails, in an attempt to gather personal and financial information
from recipients.

 Phreaker − Phreakers are considered the original computer hackers and they are
those who break into the telephone network illegally, typically to make free
longdistance phone calls or to tap phone lines.

 Rootkit − Rootkit is a stealthy type of software, typically malicious, designed to hide

the existence of certain processes or programs from normal methods of detection and
enable continued privileged access to a computer.

 Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in
unpatched or poorly configured software.

xxxv
 Social engineering − Social engineering implies deceiving someone with the purpose
of acquiring sensitive and personal information, like credit card details or user names
and passwords.

 Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a
large number of recipients without their consent.

 Spoofing − Spoofing is a technique used to gain unauthorized access to computers,

whereby the intruder sends messages to a computer with an IP address indicating that
the message is coming from a trusted host.

 Spyware − Spyware is software that aims to gather information about a person or

organization without their knowledge and that may send such information to another
entity without the consumer's consent, or that asserts control over a computer without
the consumer's knowledge.

 SQL Injection − SQL injection is an SQL code injection technique, used to attack
data-driven applications, in which malicious SQL statements are inserted into an
entry field for execution (e.g. to dump the database contents to the attacker).

 Threat − A threat is a possible danger that can exploit an existing bug or

vulnerability to compromise the security of a computer or network system.

 Trojan − A Trojan, or Trojan Horse, is a malicious program disguised to look like a

valid program, making it difficult to distinguish from programs that are supposed to
be there designed with an intention to destroy files, alter information, steal
passwords or other information.

 Virus − A virus is a malicious program or a piece of code which is capable of

copying itself and typically has a detrimental effect, such as corrupting the system or
destroying data.

 Vulnerability − A vulnerability is a weakness which allows a hacker to compromise

the security of a computer or network system.

 Worms − A worm is a self-replicating virus that does not alter files but resides in
active memory and duplicates itself.

xxxvi
  Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications. XSS enables attackers to inject
client-side script into web pages viewed by other users.

 Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that is being

used anonymously as a soldier or 'drone' for malicious activity, for example,
distributing unwanted spam e-mails.

Information in this appendix has been referred from

https://www.tutorialspoint.com/ethical_hacking/

APPENDIX-III

FACTS RELATED TO HACKING

xxxvii
1. 95% of breached records came from only three industries in 2016

Government, retail, and technology. The reason isn’t necessarily because those industries are
less diligent in their protection of customer records. They’re just very popular targets because
of the high level of personal identifying information contained in their records.
2. There is a hacker attack every 39 seconds

A Clark School study at the University of Maryland is one of the first to quantify the near-
constant rate of hacker attacks of computers with Internet access— every 39 seconds on
average, affecting one in three Americans every year —and the non-secure usernames and
passwords we use that give attackers more chance of success.

3. 43% of cyber attacks target small business

64% of companies have experienced web-based attacks. 62% experienced phishing & social
engineering attacks. 59% of companies experienced malicious code and botnets and 51%
experienced denial of service attacks. small organizations (those with fewer than 500
employees) spend an average of $7.68 million per incident.

xxxviii
4. The global average cost of a data breach is $3.9 million across SMBs

For most businesses this is sum is crippling – not only monetarily but in reputation. For
public companies, the cost is much greater since more is at stake, on average a data breach
at a publicly-traded company would cost $116 million.

5. Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes

As if a pandemic wasn’t scary enough, hackers leveraged the opportunity to attack vulnerable
networks as office work moved to personal homes. As of this summer, they recorded 12,377
Covid-related scams.
6. 9.7 Million Records healthcare records were compromised in September 2020 alone
According to the HIPAA Journal, “83 breaches were attributed to hacking/IT incidents and
9,662,820 records were exposed in those breaches”.

7. Human intelligence and comprehension is the best defense against phishing attacks

According to Cofense thwarting phishing attempts comes down to user behavior and
understanding is the best way to protect your business against some of the most common
hacking methods.

xxxix
8. Approximately $6 trillion is expected to be spent globally on cybersecurity by 2021

Organizations need to make a fundamental change in their approach to cybersecurity and

reprioritize budgets to align with this newly defined reality of our modern society.
9. Connected IoT devices will reach 75 billion by 2025

The IoT market is due to reach 31 billion connected devices this year in 2020 and by 2025 it
will be roughly 75 billion IoT devices.

10. Unfilled cybersecurity jobs worldwide is already over 4 million

More than 500,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over
the past five years. Of those jobs, cybersecurity engineers are some of the highest-paid
positions started at $140K annually on average.
11. 95% of cybersecurity breaches are due to human error

Cyber-criminals and hackers will infiltrate your company through your weakest link, which is
almost never in the IT department.

xl
12. More than 77% of organizations do not have a Cyber Security Incident Response
plan

What’s worse? An estimated 54% of companies say they have experienced one or more
attacks in the last 12 months.
13. Most companies take nearly 6 months to detect a data breach, even major ones

Equifax, Capital One, and Facebook just to name a few. Information such as passwords,
credit card details, and social security numbers may already be compromised by the time
you’re notified.

14. Share prices fall 7.27% on average after a breach

The lowest point occurring up to 14 market days after a breach. Finance and payment
companies saw the largest drop in share performance post-breach according to Comparitech.

xli
15. Total cost for cybercrime committed globally will reach $6 trillion by 2021

Cybercrime is one of the greatest threats. Don’t think that all that money comes from hackers
targeting corporations, banks or wealthy celebrities. Individual users like you and me are also
targets. As long as you’re connected to the Internet, you can become a victim of cyberattacks.

All these information, figures has been taken from:

https://www.cybintsolutions.com/cyber-security-facts-stats/

xlii