Ethical Hacking Level 0 by Srikanta Sen

STUDENT GUIDE
Ethical Hacking
Level 0
By SRIKANTA SEN
Certified Ethical Hacker
This book does not teach you ethical hacking, but you can't learn ethical
hacking without having the knowledge of these basic topics.
Level 0 is a term used in Data structure [Computer Science], which means
the root or the starting point, this book will drop you at the starting point
About the Author

Srikanta Sen is an EC-Council certified Ethical hacker, penetration
tester, python code developer, Data analyst professional and an
independent cyber security researcher. His research interest is
"use of big data analytics in cyber security".
Srikanta Sen presently teaching in a college affiliated to Maulana

Abul Kalam Azad University of Technology in Westbengal, India.
He has more than decades of experience in teaching computer
related subjects at university level. He is also working in cyber
security domain for last 5 years.
Srikanta Sen lives in Kolkata, India with his wife and son. He loves
traveling, reading.
Thanks to Team
Special Thanks To
Mr. Sandeep Sengupta

Mr. Abir Atarthy
For Their Constant Inspiration
Copyright Notice
THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE
COPIED OR REPRODUCED UNLESS SPECIFIC PERMISSIONS
HAVE BEEN GIVEN TO YOU BY THE AUTHOR SRIKANTA
SEN.
ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR
ANY PART OF THIS BOOK IS STRICTLY DISCOURAGED.
Liability Disclaimer
THE TERM HACKING SHOULD BE READ AND
UNDERSTOOD AS ETHICAL HACKING.
ETHICAL HACKING AND PENETRATION TESTING ARE
INTERCHANGEABLY USED IN THIS BOOK.
AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY
ORGANIZATION OR COUNTRY.
NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR
ORGANIZATIONS BUSINESS POLICY BY THE AUTHOR.
THE INFORMATION PROVIDED IN THIS EBOOK IS FOR
EDUCATIONAL PURPOSES ONLY.
THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY
MISUSE OF THE INFORMATION PROVIDED.
THE INTENTION OF THIS EBOOK IS TO MAKE YOU AWARE
ON ETHHICAL HACKING.
WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE
ABOUT THE SOURCE INFORMATION OF PICTURE AND
CONTENT.
Any words can be mailed to [srikantasen@gmail.com]

Date:01-jan-2016
4
Contents at a Glance
-------------------------------------------------------------------------------Introduction.....................................................................07-09
Ethical Hacking Concepts..............................................10-15
Penetration Testing Concepts........................................16-16
Basics of Communications.............................................17-20
OSIRM ..........................................................................21-33
Protocols and Ports........................................................34-34
Computer Systems Architectures.................................35-39
Proxy...............................................................................40-42
Basics of Wireless and Mobile Communications........43-47
Command Line Basics for Ethical Hacking................48-52
Virtualization.................................................................53-75
HTTP and HTTPS........................................................76-79
Password........................................................................80-84
Cryptography and Encryption....................................85-91
Steganography..............................................................92-96
Malware........................................................................97-102
Google Hacking..........................................................103-117
HTML.........................................................................118-128
JAVASCRIPT...........................................................129-136
Contents at a Glance
-------------------------------------------------------------------------------Python........................................................................137-148
Server-Side Programming.......................................149-156
Relational Algebra and SQL...................................157-169
Join a Ethical Hacking School.................................170-170
Introduction
If a report is to be believed, released by software security services
provider, Norton around 42 million people in India have become
victims of cyber crimes in 2012. As many as 500,000 U.S. jobs are
lost each year from costs associated with cyber espionage, according
to the report, released by the security firm McAfee and the Center
for Strategic and International Studies. The report also says that
hacking costs the overall U.S. economy as much as $100 billion each
year. U.S. companies spend millions of dollars securing their
networks, buying insurance and repairing their reputations after
getting hacked.
According to Nasscom India will require at least 77,000 ethical
hackers every year, whereas we are producing only 15,000 in a year.
India faces a dearth of 450,000 cyber army where demand will be
around 500,000 in the near future.
In India news appears in paper that thousands of graduate engineers
are jobless. According to news published in Times of India July
only 18% engineering grads are employable. If we consider the
extended report; out of 6 lakh engineers that graduate annually, only
18.43% of them are employable for the software engineer-IT
services role, while just 3.95% are appropriately trained to be
directly deployed on projects. For core jobs in mechanical,
electronics/electrical and civil jobs, only a mere 7.49% are
employable. OMG, I dont think India will ever be able to fill the
skill gap in cyber security sector.
In spite of the huge contribution of Indian students in various sectors
of world education over the centuries, this "cyber security domain"
may be overlooked by them. We find in one sector there is a huge
demand for professions and in the other side unskilled jobless
graduate engineers, I think something is wrong with the system.
Educationalist can answer it better.
Ethical hacking, also known as penetration testing, intrusion testing

or red teaming whatever you call it, can be a very good career
option, but most of the students dont know how to choose it as a
career. Some go to Google learn some tricks, show it to their friend
and become popular as hacker, some go to learn ethical hacking
from ABCD institute and learn only what they are told in just 40-80
hours of course, and finally they are certified ethical hacker. Many
organizations working on cyber security training in India are really
doing very well, but they are helpless with throughput until the mass
awareness is created in cyber security learning.
This book do not teach you ethical hacking, but trust me you cannot
learn ethical hacking without knowing these basic topics discussed
in this book.
There is no fast (measured in hours) or easy way to become an
ethical hacker. Ethical hacking requires lots of skill set, which is
categorized into 6 domains.
Networking Domain
Programming knowledge Domain
Database Domain
Operating system Domain
Ethical hacking tools Domain
Big data analytics Domain
An ethical hacker also should have a basic understanding Data

communication network theory and devices, details of TCP/IP
protocols such as SMTP, ICMP and HTTP. Knowledge of various
operating systems like (Microsoft Windows, various versions of
Linux, backtrack etc) is important. Knowledge on Python, java
programming language, also the knowledge of web programming
platform, like HTML, JavaScript, Microsoft .NET and PHP is
crucial. Basic concept of database is also vital.
Big data is the new inclusion, In ethical hacking we try to protect

data or information and you will be astonished to know that
90% of the data produced by civilization ,is generated in last 2-3
years alone and more is going to generate at exceptional speed.
Big data analytics will soon be incorporated into cyber security
domain, with the arrival of Internet of Things and IPV6
things will be more complicated for cyber security professionals
in next 2-3 years. Last one is the knowledge of Ethical hacking
tools, latest tools are very powerful and can produce fantastic
reports, Ethical hackers should know, how to use the tools and how
to understand the reports produced by these automated tools.
Level 0 is a term used in Data structure in computer science, which
means the root or the starting point, this book will drop you at the
starting point, but you should know more about the topics discussed
in this book from various sources. With this book, my aim is to teach
ethical hacking concepts to neophyte or noob and Experts can
recommend this book to juniors for startup.
I am working on Ethical Hacking Level 1 and Ethical Hacking
Level 2 books, which will be out soon, depending on the response
of this book.
10
Ethical Hacking Concepts

What is hacking
Hacking is the process of exploring the features of a system beyond
the thoughts of the developer, in order to achieve some extra
benefits.
Who is a hacker
The person who is involved in hacking activities, is known
as hacker. They try to find and explore the weakness in computer
systems and/or networks to gain access. Hacker's are exceptional
programmers' with vast knowledge of computer science domain.
What is ethical hacking ,Who is ethical hacker

Ethical hacking and ethical hacker are terms used to
describe hacking performed by a company or individual to help
identify potential threats on a computer or network. An ethical
hacker attempts to bypass system security and search for any weak
points that could be exploited by malicious hackers. This
information is then used by the organization to improve the system
security, in an effort to minimize or eliminate any potential attacks.
What constitutes ethical hacking?
For hacking to be deemed ethical, the hacker must obey the
following rules:
1. Expressed (often written) permission to probe the network
and attempt to identify potential security risks.
2. You respect the individual's or company's privacy.
11
3. You close out your work, not leaving anything open for
you or someone else to exploit at a later time.
4. You let the software developer or hardware manufacturer
know of any security vulnerabilities you locate in their
software or hardware, if not already known by the
company.
[source: computerhope.com]
Types of Hackers
Ethical Hacker (White hat): They hack for a good motive and
always report the weakness to the developer team or to the team, that
deployed themselves to find weakness. The best thing is that they
have a face, I mean they don't disclose their identity.
Cracker (Black hat): They hack for a bad motive and gain
unauthorized access to computer systems. They hide their face and
don't come in front of public.
Grey hat: Sometimes they are White hat, Sometimes Black hat
depending on situation.
Script kiddies: They don't have in depth knowledge of hacking,
basically non-skilled person who gains access to computer systems
using already available tools.
Suicide Hackers: The concept of suicide hackers is the same as
suicide bombers. They hack, they caught and get punishment
according to law.
Phreak: It is a person who tries to intrude systems for fun or
malicious personal activities. Mostly they are children of age 12-15
who don't even know wrong consequences of hacking.
Hacktivist: They hack for a purpose, in order to send any social,
religious or political messages.
12
.Hacktivism: Hacktivism is the act of hacking, or breaking into a

computer system, for a politically or socially motivated purpose. The
individual who performs an act of hacktivism is said to be
a hacktivist
Elite hacker or 1337: They are the best in business and use their
own tool for hacking purpose. 1337 was a port number used by a
group of hackers to communicate between themselves without
anyone knowledge.
Skill Profile of an Ethical Hacker
Strong knowledge of computer networking.
Knowledge of programming Language, specially web
programming.
Good knowledge of various operating system.
Knowledge of hardware.
Good knowledge of hacking tools.
Basic knowledge of virtualization.
Good knowledge Wireless protocol.
Essential Terminology
Threat - An action or event that is a concern regarding

security. A threat is a potential violation of security.
Vulnerability - Weakness in the system, that can be
compromised
Target of Evaluation - An IT system, product, or component
that will be evaluated by security professional
Attack - An attack is any action that attempts to or violates
security.
Exploit - A defined way to breach the security of an IT
system through vulnerability.
13
Confidentiality, Integrity, and Availability (CIA Triad)
CIA triad, is a model designed to guide policies for information

security within an organization. The model is also sometimes
referred to as the AIC triad (availability, integrity and
confidentiality) to avoid confusion with the Central Intelligence
Agency. The triad are considered the three most crucial components
of security.
Confidentiality is a set of rules that limits access to
information, Integrity is the assurance that the information is
trustworthy and accurate, and Availability is a guarantee of reliable
access to the information by authorized people.
Phase of Ethical Hacking
Reconnaissance
o Active / passive
Scanning
Gaining access
o Operating system level / application level
o Network level
o Denial of service
Maintaining access
o Uploading / altering / downloading programs or data
Covering tracks
14
Reconnaissance : It means collect as much as information possible

about the target of evaluation. Passive reconnaissance involves
gathering information about target without their knowledge. Active
reconnaissance involves directly connect to the target and collect
information
Scanning: Attacker uses the details gathered during reconnaissance
to identify specific vulnerabilities. Tools that a hacker may employ
during the scanning phase can include dialers, port scanners,
network mappers, sweepers, and vulnerability scanners.
Gaining access: This is the phase where the real hacking takes place
and hacker takes control of the system.
Maintaining access: Once a hacker has gained access, they want to
keep that access for future exploitation and attacks. Attackers, who
choose to remain undetected
>Remove evidence of their entry
>Install a backdoor or a Trojan to gain repeat access
>Install root kits at the kernel level to gain full administrator access
to the target compute
15
Covering tracks: Attackers will usually attempt to erase all

evidence of their actions.
What is called a cyber crime
website defacing
child pornography
data breach
E-mail bombing
Computer Hacks
Network Hacks
Data diddling
usage of virus, worms, Trojans
Harassment through mails and chats
spoofing- email, sms, call
defamation
software piracy
spamming etc
16
Penetration Testing Concepts

According to techtarget.com "Penetration testing (also called pen
testing) is the practice of testing a computer system, network or Web
application to find vulnerabilities that an attacker could exploit."
Types of Penetration testing:
There are primarily two types of penetration tests, a) Black Box Test
b)White Box Test
Black Box Test : The pen tester has very little or no knowledge
about the systems to be tested (except the IP address ranges or a
domain name). The penetration tester collects all information and
perform the test. This is costly and takes much time.
White Box Test : In a whitebox penetration test, the penetration
tester is usually provided with a complete knowledge about the
network or systems to be tested, including the IP address schema,
source code, OS details. This is popular and fast compared to Black
Box Test.
Steps in Penetration testing:
Ethical hacking and penetration testing relation

Pen testing is often confused with hacking, but there is a substantial
difference that have to understand, while hacking is
exploratory and unstructured, penetration testing is based on a
scientific and structured method.
17
Basics of Communications
Data refers to the raw facts that are collected while information
refers to processed data
Data Communication is a process of exchanging data or information
between two devices over a transmission medium.
The data can flow between the two devices in the following ways
1. Simplex: One way communication.
2. Half Duplex: Two way communication, but not simultaneously.
Example: A walkie-talkie
3. Full Duplex: Two way communication and simultaneously.
Example: mobile phones.
source : ni.com
Categories of Network
Networks are categorized on the basis of their size. The three basic
categories of computer networks are:
18
A. Local Area Networks (LAN) is usually limited to a few

kilometers of area. It may be privately owned example is network
consisting of the computers in a college lab.
B. Wide Area Network (WAN) is made of all the networks in a
(geographically) large area. Example is the network in the entire
state.
C. Metropolitan Area Network (MAN) is of size between LAN &
WAN.
Example is entire network in a CITY OF JOY.
DATA
Data can be of two types:
Analog data refers to information that is continuous;
example: human voice
Digital data refers to information that has discrete states.
SIGNALS
Signals can be of two types:
1. Analog Signal: They have infinite values in a range.
2. Digital Signal: They have limited number of defined values.
19
Categories of transmission media
Network topology: It is the arrangement of the various elements

(links, nodes, etc.) of a computer network. Essentially, it is the
topological structure of a network and may be depicted physically
or logically. [source en.wikipedia.org/]
[source www.conceptdraw.com]
20
Digital modulation
Modulation of digital signals known as Shift Keying
Amplitude Shift
Keying (ASK): Binary
bit stream is 101, 1 is
represented by signal, 0
is represented by no
signal.
Frequency Shift
Keying (FSK): Binary
bit stream is 101, 1 is
represented by one kind
of signal, 0 is
represented by different
kind of signal.
Phase Shift Keying

(PSK): Binary bit
stream is 101, See the
phase change from 1 to
0 and then from 0 to 1.
21
OPEN SYSTEMS INTER CONNECTION REFERENCE

MODEL (OSIRM )
The Open Systems Interconnection (OSI) Model was developed
by International Organization for Standardization (ISO).This
model describe how data is transmitted over a network.. It was
developed to allow systems with different platforms to
communicate with each other. It address hardware, software and
data transmission.
It is a hierarchical model that groups its processes into layers.
It has 7 layers as follows: (Top to Bottom) . Each layer has specific
functions it is responsible for All layers work together in the correct
order to move data around a network. In summary the function of
each layer is given.
7.
6.
5.
4.
3.
2.
1.
Application Layer :Data generation

Presentation Layer: Encryption and formatting
Session Layer: Establish connection
Transport Layer: Delivery and sequencing
Network Layer: Routing to destination
Data Link Layer: Local network host delivery
Physical Layer: Access to media
Some protocol associated with this OSI layer model
[source: https://infosys.beckhoff.com]
22
OSI Model Layer Mnemonics

Top to bottom All People Seem To Need Data Processing.
Bottom to top Please Do Not Throw Sausage Pizza Away
How Data Is Referred to in the OSI Model
Data
Application, Presentation, and Session layers
Segment
Transport layer
Packet
Networking layer
Frame
Data Link layer
Bits
Physical layer
AS data moves from level to level header starts attaching to data
23
Explanation of these SEVEN distinct layers
In the Open Systems Interconnect model, which allows dissimilar

computers to transfer data between themselves, there are.
7. Application Layer
Provides Applications with access to network services.
6. Presentation Layer
Determines the format used to exchange data among
networked computers.
5. Session Layer
Allows two applications to establish, use and disconnect a
connection between them called a session. Provides for
name recognition and additional functions like security
which are needed to allow applications to communicate
over the network.
4. Transport Layer
Ensures that data is delivered error free, in sequence and
with no loss, duplications or corruption. This layer also
repackages data by assembling long messages into lots of
smaller messages for sending, and repackaging the smaller
messages into the original larger message at the receiving
end.
3. Network Layer
This is responsible for addressing messages and data so
they are sent to the correct destination, and for translating
logical addresses and names (like a machine name
FLAME) into physical addresses. This layer is also
responsible for finding a path through the network to the
destination computer.
2. Data-Link Layer
This layer takes the data frames or messages from the
Network Layer and provides for their actual transmission.
24
At the receiving computer, this layer receives the incoming

data and sends it to the network layer for handling.
2. The Data-Link Layer also provides error-free delivery of
data between the two computers by using the physical
layer. It does this by packaging the data from the Network
Layer into a frame that includes error detection
information. At the receiving computer, the Data-Link
Layer reads the incoming frame, and generates its own
error detection information based on the received frame
data. After receiving all of the frame, it then compares its
error detection value with that of the incoming frames, and
if they match, the frame has been received correctly.
A frame looks like,
The Data-Link Layer actually consists of two separate

parts, the Medium Access Control (MAC) and Logical
Link Control Layer (LLC). Example MAC layers are
Ethernet 802.3 and Token Ring 802.5
Bridges are an example of devices which works at the
MAC layer.
1. Physical Layer
Controls the transmission of the actual data onto the
network cable. It defines the electrical signals, line states
and encoding of the data and the connector types used. An
example is 10BaseT. Repeaters are an example of devices
that work at the Physical Layer.
25
TCP/IP MODEL
It is also called as the TCP/IP protocol suite. It is a collection of
protocols. It existed even before the OSI model was developed.
Transmission Control Protocol (TCP) and Internet Protocol (IP) are
the two most important lower-level protocols enabling Internet
connectivity. IP is responsible for moving packets of data from one
connection point to the next, while TCP verifies the integrity of data
traveling between two endpoints. TCP and IP work together so much
that the two protocols are commonly referred to as TCP/IP.
Originally it had four layers (bottom to top):
1.
2.
3.
4.
Network Interface Layer

Internet Layer
Transport Layer
Application Layer
The Application layer of the TCP/IP Model encompasses the same

functions as the
Application, Presentation, and Session layers of the OSI Model.
The Transport layer of the TCP/IP Model functions the same as the
Transport layer in OSI Model and part of Session layer.
The Internet layer of the TCP/IP Model Performs the same
functions as the OSI Model Network layer and many of the functions
of the LLC sub layer of the OSI Model Data Link layer.
The Network Interface layer of the TCP/IP Model performs much
of the job of the MAC portion of the Data Link and Physical layers
of the OSI Model.
26
Mapping of OSI and TCP-IP layer
[source www.hardwaresecrets.com]
TCP/IP Model and its Relation to Protocols of the TCP/IP Suite
Layer
Protocols
Application
HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP
Transport
TCP, UDP
Internet
IP,IGMP, ICMP, ARP, RARP
Network
interface
Ethernet, Token Ring, FDDI, X.25, Frame

Relay, RS-232, v.35
Application layer protocol
The Hypertext Transfer Protocol (HTTP) is used to transfer files

that make up the Web pages of the World Wide Web.
27
The File Transfer Protocol (FTP) is used for interactive file transfer.
The Simple Mail Transfer Protocol (SMTP) is used for the transfer
of mail messages and attachments.
Telnet, a terminal emulation protocol, is used for logging on
remotely to network hosts.
The Domain Name System (DNS) is used to resolve a host name to
an IP address.
The Simple Network Management Protocol (SNMP) is used
between a network management console and network devices
(routers, bridges, intelligent hubs) to collect and exchange network
management information.
Transport layer protocol
TCP is a reliable connection-oriented, reliable protocol. i.e. a

connection is established between the sender and receiver before
the data can be transmitted.
It divides the data it receives from the upper layer into segments
and tags a sequence number to each segment which is used at
the receiving end for reordering of data.
UDP is an unreliable, connectionless protocol that provides data
transport with lower network traffic overheads than TCP. UDP is
used when the amount of data to be transferred is small (such as the
data that would fit into a single packet), or when the overhead of
establishing a TCP connection is not desired or when the
applications or upper layer protocols provide reliable delivery. UDP
does not error check or offer any flow control, this is left to the
application process
28
Internet layer protocol
The Internet Protocol (IP) is a routable protocol responsible for IP

addressing, routing, and the fragmentation and reassembly of
packets.
The Address Resolution Protocol (ARP) is responsible for the
resolution of the Internet layer address to the Network Interface
layer address such as a hardware address.
The Internet Control Message Protocol (ICMP) is responsible for
providing diagnostic functions and reporting errors due to the
unsuccessful delivery of IP packets.
The Internet Group Management Protocol (IGMP) is responsible for
the management of IP multicast groups.
(RARP) Reverse Address Resolution Protocol. It is used by a
device on the network to find its Internet address when it knows
its physical address.
Network interface
The Network Interface layer (also called the Network Access layer)
is responsible for placing TCP/IP packets on the network medium
and receiving TCP/IP packets off the network medium. TCP/IP was
designed to be independent of the network access method, frame
format, and medium. In this way, TCP/IP can be used to connect
differing network types. These include LAN technologies such as
Ethernet and Token Ring and WAN technologies such as X.25 and
Frame Relay. Independence from any specific network technology
gives TCP/IP the ability to be adapted to new technologies such as
Asynchronous Transfer Mode (ATM).
[source technet.microsoft.com]
29
Comparison OSI and TCP/IP

OSI
TCP/IP
It has 7 layers
It has 4 layers
OSI model has separate

presentation layer
TCP/IP does not have a separate

presentation layer
In OSI model the transport layer

guarantees the delivery of
packets
In TCP/IP model the transport

layer does not guarantees
delivery of packets.
OSI provides layer functioning

and also defines functions of all
the layers.
TCP/IP model is more based on

protocols.
What is Internet Protocol?

Internet Protocol is a set of technical rules that defines how
computers communicate over a network. There are currently two
versions: IP version 4 (IPv4) and IP version 6 (IPv6).
IPv4 is 32-bit addressing scheme. In IPv4 232 (4,294,967,296)
addresses available. When IP was first standardized in Sep 1981,
each system attached to the IP based Internet had to be assigned a
unique 32-bit address. This 32-bit IP addressing scheme involves a
two level addressing hierarchy.
Network Number prefix
Host number
30
There are two notations to show an IPv4 address:

a) Binary notation
The IPv4 address is displayed as 32 bits. ex. 11000001 10001011
00011111 11001111
b) Dotted decimal notation
To make the IPv4 address easier to understand, it is usually
written in decimal form with a decimal point (dot) separating the
bytes. Each byte (octet) is 8 bits hence each number in dotteddecimal notation is a value ranging from 0 to 255.
Ex. 192.168.11.239
IP addresses are divided into 5 categories:
Class A: uses first octet for network addresses and last three octets
for host addressing
Class B: uses first two octets for network addresses and last two for
host addressing
Class C: uses first three octets for network addresses and last one
for host addressing
Class D: provides flat IP addressing scheme in contrast to
hierarchical structure for above three.
Class E: Reserved for future use.
[Source: ccnablog.com]
31
[source: tcpipguide.com]
Number of networks and host in each class is given below
Problem with IPv4

In 1981,the number of addresses 232 = ~4,294,967,296 was enough,
but with the penetration with internet, it seems that, a large number
in 1981 is actually a small number in 2015.
32
Another problem with IPv4 is that the IPv4 header length is variable.
It is acceptable when routing was done by software. But now routers
are built within hardware, and processing the variable length headers
in hardware is hard. The large routers that allow packets to go all
over the world are having problems coping with the load. Clearly, a
new scheme was needed with fixed length headers.
IP version 6 (IPv6)
IPv6 is a newer numbering system that provides a much larger
address pool. than IPv4. It was deployed in 1999 and should meet
the worlds IP addressing needs well into the future. Here Address
Size is 128-bit number.IPv6 addresses are so much larger than IPv4
addresses and even representing them in decimals is difficult. Hence
the IPv6 addresses are represented in hexadecimal numbers,
separated by a colon.
for example 3FFE:F200:0234:AB00:0123:4567:8901:ABCD.
Total number of address possible is
2128 = ~340,282,366, 920,938,463,463,374, 607,431,768,211,456.
Comparison of IPv4 and IPv6 header
[source 343networks.wordpress.com]
33
34
Protocols and ports

What is protocol
In telecommunications, a protocol is the special set of predefined rules that allow
two or more entities of a communications system to transmit information.
Protocols specify interactions between the communicating entities.
What is port
In computer hardware, a port acts as an interface between the computer and other
computers or peripheral devices. External devices are connected to a computer
using cables and ports. Ports are slots on the motherboard into which a cable of
external device is plugged in. Examples of external devices attached via ports are
mouse, keyboard, monitor, microphone, speakers etc.
Port number is a 16-bit unsigned integer, ranging from 0 to 65535. Specific port
numbers use specific services. 1024 well-known port numbers are reserved by
convention to identify specific service types on a host. [ source: wikipedia]
Common ports and respective services running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
35
Computer Systems Architectures

Centralized Systems
In Centralized Systems, several jobs are done on a particular

computer (system)
Distributed Systems
Distributed computing is required, when the system requirement is

large and cannot be fulfilled by single machine, jobs are distributed
in several processor. The processors are interconnected by a
computer network and solutions are then combined together to
produce it in front of client, as it seems to come from single
computer.
36
A client is something that send a request to one computer or server.

In response the server accepts the request and sends some message
back to the client, for example at the time of checking result, your
browser acts as a client where request is your roll number.
A server is a process that provides requested services for clients. The
computer that stores your result is known as a server.
Client and server processes can reside in the same computer or in
different computers connected by a network.
Web clients: Mozilla Firefox, Internet Explorer, Google Chrome, etc
Web servers: Apache, Microsoft IIS, Sun Java System Web Server
etc
Physical Tiers
In 1-tier architecture all of the processing is done on a single host.
Users can access such systems (mainframes) through dumb
terminals, but what is displayed and how it appears is controlled by
the mainframe.
37
2-tier architecture is used to describe client/server systems, where

clients send request and servers respond to these requests.
Picture source: pecktechdesigns.com

3-tier architecture is used to describe client/server systems consisting
of:
Clients which request services
Application servers whose task is to provide the requested

resources,
but by calling on database servers
Database servers which provide the application servers with the

data they require.
Picture source: tutorials.jenkov.com
38
N-tier architecture is used to describe client/server systems consisting of

more than 3 tiers
Picture source: www.informationweek.com

Examples of Servers
Mail Server :: Allows client mail program to connect to mail server
on remote machine.
Login Server :: Allows clients to establish login sessions on remote
machine.
File Servers :: Client requests to read or write part of a file. The
server might support several operations, including
read, write, open, close and seek.
Print Server:: A computer that manages one or more printers, and a
network server is a computer that manages network
traffic.
Database Server:: A computer system that processes database queries.
Peer-to-peer (P2P)
The P2P model does not have the concept of clients or servers. All
peers are called servents, SERVENT = SERVer + cliENT. All nodes
acts as both clients and servers In the P2P model, but for any
communication session we can distinguish who is "clients" and
which one is "servers".
39
Client/server
It is like lecture-based learning
Eating at a restaurant
P2P
It is like project-based learning
Eating at home
Picture source: shareaza.sourceforge.net
40
Proxy
What is proxy
When an user ask for a webpage from a server, the client sends the
ip address to the website, so that the response get back to the client
ip address, in this way the client keeps a stamp of the computer in
server.
A proxy or a proxy server is a computer that is placed between the
attacker and the target computer. Proxy server allow an attacker to
hide his/her identity in the network .When I say hide identity, two
things an attacker wants to hide a)IP address b)MAC address
IP address is used to find the geographic location and MAC address
is used to find the machine used (in the network) used for hacking.
How proxy is implemented

First attacker computer makes a connection with the proxy server
and then requests a connection to the target computer via the existing
connection to the proxy. The proxy server forward the requests to
the proxy, finally which is forwarded to the attackers computer. This
lets a hacker surf the Web anonymously or otherwise hide their
attack.
41
Proxy Chaining: Proxy chaining is the use of more than 1 proxy

servers to stay anonymous. You can use as many proxy servers as
you can or want. The more you have, the more anonymous you will
be.
Why Proxy is used

To hide the source IP address to avoid any legal trouble
To remotely access intranets and other web resources that are
out of reach
42
Some popular proxy

http://www.anonymizer.ru
https://www.anonymizer.com/
FoxyProxy is a plugin for your browser which automatically
switches an internet connection across one or more proxy
servers based on URL patterns.
AnonymoX is a plugin for your browser for anonymization
on the internet
proxy workbench
proxifier
proxy switcher
Tor
Socks Chain
hide me
43
Basics of Wireless and Mobile Communications

Concept of wireless networking
A wireless network is any type of computer network that uses
wireless data connections for connecting network nodes.
Wireless networking is a method by which homes,
telecommunications networks and enterprise (business) installations
avoid the costly process of introducing cables into a building, or as a
connection between various equipment locations. Wireless
telecommunications networks are generally implemented and
administered using radio communication. This implementation takes
place at the physical level (layer) of the OSI model network
structure.
Examples of wireless networks include cell phone networks, Wi-Fi
local networks and terrestrial microwave networks.
[Source:: Wikipedia]
Common term used in wireless networking
Wireless Local Area Network (WLAN): A short-range computerto-computer wireless data communications network.
Wireless: Communication between devices where wire is not
present. Signal moves in the form of electromagnetic waves in the
entire communication path.
Wireless Access point: It is a part of hardware that creates a central
point of wireless connectivity. It is similar to hub.
Cellular: A wireless communications network architecture that
employs "cells" or modular coverage areas, typically serviced by a
cell site, and usually provides hand-off capability between cells
for roaming devices.
Attenuation: The loss or weakening of a signal through a
transmission line, transmission component, or signal path.
44
Antenna: It is important for sending and receiving radio waves,

there are 2 types of antennas:
Omni-directional antennas
Directional antennas
Microwave: Usually referring to all radio frequencies above 1 GHz
or so.
Jamming: The typically intentional or malicious interference with
another radio signal.
SSID: The SSID (service set identifier) is a unique identifier; it is
the name of the WLAN, it acts as a single shared identifier between
wireless access points and clients.
Bluetooth: A standard system for wireless personal area networks
(PANs). Bluetooth provides speeds of up to 3 Mbps at short ranges
(typically less than 10 meters). PAN technologies, such as
Bluetooth, are complementary to LAN technologies (like 802.11)
and are typically used to connect peripheral devices, such as
keyboards to computers or wireless headsets to mobile phones.
Wi-Fi hotspots: A Wi-Fi hotspot is created by installing an access
point to a connection. The access point transmits a wireless signal
over a short distance which covers around 300 feet. When a Wi-Fi
enabled device such as a mobile, tab, laptop find a hotspot, the
device
then connect to that network wirelessly. 802.11b is the most
common specification for hotspots worldwide.
Wireless standards:
The first wireless standard was 802.11

It defines 3 physical layers:
Frequency Hopping Spread Spectrum (FHSS)
Direct Sequence Spread Spectrum (DSSS)
Infrared
45
There are several specifications in the 802.11 family:
802.11a
802.11b
802.11g
802.11i
802.11i improves WLAN security
What are the Types of Wireless Connections?
Wireless PAN Personal area network Wireless Personal

Area Networks
Wireless LAN Local Area Network
Wireless MAN Metropolitan Area Networks
WWANS: Wireless Wide Area Networks
What is Wi-Fi
Wi-Fi stands 802.11b are Wi-Fi (Wireless Fidelity). It is primarily a
local area networking (LAN) technology designed to provide inhouse broadband coverage. Wi-Fi operates at 20 MHz in the 2.4
GHz range. It has a theoretical speeds of up to 11 Mbps. It can cover
a distance up to 8 km in a city.
WIFI SECURITY WEP and WPA
Wi-Fi Protected Access (WPA): An improvement to WEP, WPA
adds among other changes a key (TKIP, or Temporal Key
Integrity Protocol) that changes dynamically over time, which
eliminates the greatest shortcoming of WEP. WPA is the minimum
level of security you should choose, if at all possible. WPAEnterprise adds 802.1x authentication to make the network even
more secure.
Wi-Fi Protected Access 2 (WPA2): WPA2 adds even further
enhancements to WPA, including AES (Advanced Encryption
Standard), which makes the encryption key almost impervious to
46
current cracker attacks.

Wired Equivalent Privacy (WEP): The encryption system used by
wireless LANs to provide security on the network. WEP uses an
encryption key (which can be 40 or 104 bits long these keys are
often referred to as 64- and 128-bit keys because of some extra bits
used in the WEP system) to encrypt data flowing across the network.
Without the WEP encryption key, unauthorized users see only
garbled data and cannot read what is being sent across the network.
[source .dummies.com]
acking echniques
Wireless hacking activities are categorized as:
Cracking encryption and authentication mechanism

Eavesdropping or sniffing
Access Point spoofing
MAC spoofing
Denial or Service
Wireless attacks
War Driving: It is the act of locating and possibly exploiting
connections to WLANs while driving around a city or
highway.
War Walking: Walking around to search for open wireless
networks
War Flying: Searching open wireless network while flying
War Chalking: Using chalk to identify available open
networks
Blue Jacking: Use of Bluetooth technology to temporarily
hijack another person's cell phone.
Wireless hacking tools
Aircrack
AirSnort
Cain & Able
Kismet
47
NetStumbler
WireShark
How to secure wireless networks
In order to minimize wireless network attacks; individual or
organization can adopt the following policies.
Change default passwords that come with the hardware

Use of strong WEP and WPA-PSK keys, a combination of
symbols, number and characters reduces the chance of the
keys been cracking using dictionary and brute force attacks.
Firewall software can also help reduce unauthorized access.
Change the Networks SSID name.
Create a unique password on router.
Reduce the Range of the Wireless Signal.
48
Command Line Basics For Ethical Hacking

In Windows environment open command prompt and type the
following commands
mkdir::creates new folder/directory
dir:: to list the content of the folder
echo:: write some text
type:: display the text
more:: more file1.txt also displays the file content
ipconfig:: windows ip configuaration

ipconfig /all:: display more on windows ip configuaration
ipconfig /release:: release all stored ip configuaration value
ipconfig /renew::Ask dhcp server to give new ip value
netstat command:: Netstat, the TCP/IP networking utility, has a
simple set of options and identifies a computer's listening ports.
along with incoming and outgoing network connections. This data
can be very helpful if you're trying to resolve a malware issue or
diagnose a security problem.
49
-an is for all listening port in a machine.
taskmgr:: command displays windows task manager, shows all

currently running process
tasklist:: command display all running task in command prompt
to find a particular task and to kill it, you need to know the
process id.
taskkill /PID 2484/F :: kills the task [PID is process id,/F is for
forcefully]
50
The net user is a command-line tool that was introduced in Windows

Vista and is available in Windows 8 too. This tool
can help system administrators to add or modify user accounts or
even displays user account information.
net user <new username> <new password> /ADD add a new user.
ping command is used to check the status of a target computer, ping
to send an ICMP echo request to a target host name or IP address.
The TRACERT (Trace Route) command is a route-tracing utility

used to determine the path that an IP packet has taken to reach a
destination.
BackTrack was a Linux distribution that focused on security based

on the Ubuntu Linux distribution aimed at digital forensics and
penetration testing use. In March 2013, the Offensive Security team
rebuilt BackTrack around the Debian distribution and released it
under the name Kali Linux.
[source wiki]
Backtrack is the most popular among hackers or security
professionals. I cannot explain all commands but some are listed
below.
51
You can use ls command to list out all the files or directories
available in a directory.
ls-l is long listing,d........ represent directory

to know your ip configuration use ifconfig command
wc command counts line, word and char in a file

cp command is used to copy file
mv commmand rename a file
rm command delete a file
clear command clear the screen
netstat the TCP/IP networking utility
man is a help command [man ls]
ps -A //list all running task
52
pa -A | grep firefox //find the process id of firefox, grep is a filter

command
apt-get install packagename //install package in os
53
Virtualization
It is the act of creating a virtual (rather than actual) version of
something, including virtual computer hardware platforms, operating
systems, storage devices, and computer network resources.
VMware, VirtualBox, are well known virtualization software
products. Desktop virtualization software such as VMware (VMware
Player), Oracle VirtualBox are freely available for home users.
Desktop virtualization software give user facility to install and run
multiple Operating Systems on desktop or laptop computer in virtual
environment without disturbing the host OS. For Example host may
be XP, guest Os may be LINUX, BACKTRACK, Windows server.
Ethical Hackers need to know these softwares otherwise the host
operating system may be corrupted while performing some
experients. VMware, VirtualBox Both are powerful with negligible
difference at your level.
Oracle VM VirtualBox can be downloaded from
https://www.virtualbox.org/
VMware, Inc. is an American company that provides cloud and
virtualization software and services, VMware can be downloaded
//www.vmware.com/
54
Virtual box screens will come accordingly
55
56
57
58
59
60
61
The Setting button is important explore that.
62
63
Media source is the ISO image of the OS, where the ISO file is
physically stored in hard disk.
64
To exit from virtualbox remember the following screen
65
VMWARE
66
67
68
69
70
71
72
73
74
75
76
HTTP and HTTPS

The HTTP is a standard text based application protocol for
distributed, collaborative, hypermedia information systems. HTTP is
the most important protocol in data communication for the World
Wide Web. HTTP is a reliable protocol, where data is transferred to
the peer machine without any loss.
HTTP functions as a request-response protocol in the client-server
computing model. A HTTP client sends a request to a HTTP
server. In turn the server, returns a response message. HTTP is also
called a pull protocol; because the client pulls information from the
server. HTTP is a stateless protocol, because the current request has
no idea about the previous requests.
HTTP protocol defines a set of request methods. The methods are:
GET: A client use the GET request for a web resource from
the server.
HEAD: A client can use the HEAD request to get the header
that a GET request would have obtained.
POST: Used to post data up to the web server.
PUT: Send some document to the server for storing purpose.
DELETE: Request the server to delete the data or object on
server.
TRACE: Ask the server to return a diagnostic trace of the
actions in the path from client to server.
OPTIONS: Ask the server to return the list of request
methods it supports.
HttpFox is a Firefox plug-in that monitors and analyzes all incoming

and outgoing HTTP traffic between the browser and the web servers.
77
With it you can not only read about all the elements that loads a web
page, but also can do the following
The headers of requests and responses (Request and response
headers)
Cookies sent and received (Sent and received cookies)
The parameters of the URL (query string parameters)
POST parameters (POST parameter)
The response from the remote server
An example of HTTP header when performed on
http://www.alahadgroup.com
HTTP Request Header

Connect to 216.227.218.110 on port 80 ... ok
GET / HTTP/1.1[CRLF]
Host: www.alahadgroup.com[CRLF]
Connection: close[CRLF]
User-Agent: Web-sniffer/1.1.0 (+http://websniffer.net/)[CRLF]
Accept-Encoding: gzip[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no-cache[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]
Referer: http://web-sniffer.net/[CRLF]
78
The requested server returns this document with a response status

code "200 OK". 200 OK means the request is fulfilled. HTTP/1.1 is
the http version.
Both HTTP header and HTTP response provide lots of vital
information about the server. It is used by cyber criminals t for
further exploitation because criminals know that data sent via port
80 (HTTP) is plain text and without any encryption.
Limitations of HTTP
Stateless, no built-in support for tracking clients (session
management)
No built-in security mechanisms
HTTPS
Secure Socket Layers (SSL), or Transport Layer Security (TLS) is
used over HTTP, known as HTTPS. It is designed to provide
security for network communication by means of encryption.
The HTTPS Communication Process
The process works out as follows:
1. The client browser connects to http://example.com on port 80
using HTTP.
2. The server redirects the client HTTPS version of this site
using an HTTP code 302 redirect.
3. The client connects to https://example.com on port 443.
4. The server provides a certificate to the client containing its
digital signature. This certificate is used to verify the identity
of the site.
5. The client takes this certificate and verifies it against its list of
trusted certificate authorities.
6. Encrypted communication is developed.
79
If the certificate validation process fails then that means the website
has failed to verify its identity. At that point the user is typically
presented with a certificate validation error and they can choose to
proceed at their own risk, because they may or may not actually be
communicating with the website they think they are talking to.
Some Status Codes Associated with HTTP
Number
200
301
400
401
403
404
500
503
Meaning
OK
Moved Permanently
Bad Request
Unauthorized
Forbidden
Not Found
Internal Server Error
Service Unavailable
80
Password
What is a password
A password is an unspaced sequence of characters used to determine
the actual user of the device or the application. Passwords usually
comes with user identification. Passwords are encrypted and are not
visible at the time of typing.
In 2013, Google released a list of the most common password types,

all of which are considered insecure because they are too easy to
guess (especially after researching an individual on social media):
The name of a pet, child, family member, or significant other

Anniversary dates and birthdays
Birthplace
Name of a favorite holiday
Something related to a favorite sports team
The word "password"
81
Different types of password

Biometric password: Biometrics refers to metrics related to human
characteristics, like fingerprint, face recognition, iris recognition,
retina, odour/scent etc It is also used to identify individuals in groups
that are under surveillance.
Iris scanning has some benefits over fingerprint scanner, later
requires physical contact with a device, where as an eye can be
scanned from several feet away.
Typed password: Password can be typed from a keyboard or a
virtual keyboard in the computing device
Pattern based Graphical password: It stores a password in a
particular pattern, usually in pattern of (dot) example: Android
Pattern Unlock and Windows 8 Picture Password.
Entropy: The amount of uncertainty or unpredictable randomness.
Password Entropy: The amount of entropy which can be derived
from a password.
Android Pattern Unlock
At least four points must be chosen.

No point can be used twice.
Only straight lines are allowed.
Cannot jump over points not visited before
82
Passwords are stored in four ways

a) Stored in computing device
Windows stores its passwords in what is called the Security
Accounts Manager database, or SAM database. The Security
Account Manager (SAM) is a database file in Windows XP,
Windows Vista and Windows 7 that stores users' passwords. It can
be used to authenticate local and remote users.
b) Stored in browser
Majority of browsers will ask whether user wants to save the
password when logging into sites.
83
c) Stored in application: The password is hard written in the code

and cannot be changed during use.
d) Stored in database: This is the best way to store your password,
like your Gmail, facebook password is stored in database.
Types of Password Attacks
Dictionary attack:
A dictionary attack is a method of breaking into a passwordprotected computing device or server by systematically
entering every word in a dictionary as a password
Brute force attack:
In a brute force attack, an automated software is used to
generate a large number of consecutive guesses as a password
that match the desired data.
Hybrid attack:
A hybrid attack is a mixture of both a dictionary and brute
force attack
Social engineering:
Social engineering is a non-technical method used by hackers.
It relies heavily on human interaction and use the data
collected from conversation to break normal security
procedures.
Shoulder surfing:
Shoulder surfing refers to observing a person's shoulder, to
obtain information like PIN number at an ATM machine.
Dumpster diving: dumpster diving is a technique used to
retrieve information from recycle bin, garbage can etc
Countermeasures
Password hardening is any one of a variety of measures taken to
make it more difficult for an intruder to crack.
Enforce more than 6 character alpha-numeric passwords.
Set the password change policy to 30 days.
The use of both upper- and lower-case letters (case
sensitivity)
84
Physically isolate and protect the server.

Monitor the server logs for brute force attacks on user
accounts.
Include of special characters, e.g. @, #, $ etc in password.
What is Lan Manager Hash
LM hash, LanMan hash, or LAN Manager hash is a
compromised password hashing function that was the primary
hash that Microsoft LAN Manager and Microsoft Windows
versions prior to Windows NT used to store user passwords.
[source Wkipedia]
Example:
Lets say your password is: '123456qwerty'.
When this password is encrypted with LM algorithm, it is first
converted to all uppercase: '123456QWERTY'
The password is padded with null (blank) characters to make it
14
character length: '123456QWERTY_'
Before encrypting this password, 14 character string is split into
half: '123456Q and WERTY_'
Each string is individually encrypted and the results
concatenated.
'123456Q' = 6BF11E04AFAB197F
'WERTY_' = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15
Note: The first half of the hash contains alpha-numeric characters
and it will take 24 hrs to crack by LOphtcrack and second half
only takes 60 seconds.
[source EC council v3 slide]
85
Cryptography and Encryption

As a hackers, you will often face challenges with the of
cryptography and encryption. Breaking windows password to
wireless password. Many applications and protocols use encryption
to maintain confidentiality and integrity of data. To be able to crack
passwords and encrypted protocols such as SSL and wireless, you
need to at least be familiar with the concepts and terminology of
cryptography and encryption.
Cryptography: Cryptography is the art of secret writing.
Cryptography enables to send information between participants in a
way that prevents others from reading it. The following are some
simple terms associated with cryptography.
Plaintext: A message in its original form is known as plain text.
Cipher text: The transformed information is known as cipher text.
Encryption: The process of converting plain text into cipher text is
known as encryption.
Decryption: The reverse of encryption is called decryption.
Decryption produces plain text from the cipher text.
Encryption algorithm: The various substitution and
transformations are performed on plain text in cryptography by
Encryption algorithm.
Key: some critical information used by the cipher, known only to
the sender & receiver.
Decryption algorithm: This is the encryption algorithm run in
reverse. It takes the cipher text and the corresponding key and
produces the original plaintext.
Cryptanalysis - the study of principles and methods of
transforming an unintelligible message back into an intelligible
message without knowledge of the key. Also called code breaking.
86
Cryptographic systems are classified along three dimensions

1. The type of operations used for transforming plaintext to cipher
text
- substitution
- transposition
2. The number of keys used
- single key, symmetric, secret key, conventional
- two keys, asymmetric, public key
3. The way in which plaintext is processed
- block cipher
- stream cipher
Simple example of cryptography:
When Julius Caesar sent messages to his generals, he didn't trust his
messengers. So he replaced every A in his messages with a D, every
B with an E, and so on through the alphabet. Only someone who
knew the shift by 3 rule could decipher his messages.
Say you are chatting with your friend, suddenly your mother came
behind, soon you will write "POS" in the chat box, your friend
knows that you mean "Parent On Shoulder", and start chatting on
homework. "POS" is encryption of "Parent On Shoulder".
Encryption algorithm is "take first letter of each word".
Substitution and transposition cipher
Substitution ciphers are simple and operate by replacing each
character with another character, for example, the letter 'A' would be
substituted for the letter 'Q' every place it occurs. Substitution
ciphers are rarely used today due to the ease in breaking them with
frequency cryptanalysis.
plain text HACKING become cipher text IQEAOFU.
87
Transposition ciphers operate by moving plaintext characters to

new locations in the cipher text, rather than by substituting
individual characters. An example of a simple transposition cipher is
the word jumble or cryptogram in a newspaper. All the characters
found in the plaintext are in the cipher text, but in different relative
positions.
Cryptographic algorithms are classified into three categories

Secret Key Cryptography (SKC) : Uses a single key for both
encryption and decryption.
Secret-key cryptography is much faster than public-key

cryptography and is used for ensuring the confidentiality of large
payloads.
88
A stream cipher is a type of symmetric-key encryption algorithm

that transforms a plaintext bit by bit into cipher text data.
A block cipher is a type of symmetric-key encryption algorithm that
transforms a fixed-length block of plaintext data into a block of
cipher text data of the same length. For many block ciphers, the
block size is 64 bits.
Examples of algorithms:
DES
3DES
IDEA
AES
Data Encryption Standard

triple-DES
International Data Encryption Algorithm
Advanced Encryption Standard
Public Key Cryptography (PKC) : Uses one key for encryption

and another for decryption. public-key cryptography, also referred to
as asymmetric cryptography:
Public-key cryptography primarily used for encryption and digital

signature. The sender uses either the receiver public key (for
privacy) or his/her private key (for digital signature) or both.
Some algorithms such as RSA (Rivest-Shamir-Adlemman) can be
used for both encryption and digital signature, whereas other
algorithms, such as DSA (Digital Signature Algorithm) can only be
used for digital signature
89
Hash Functions : A cryptographic hash function is a hash

function which takes an input (or 'message') and returns a fixed-size
alphanumeric string, which is called the hash value (sometimes
called a message digest, a digital fingerprint, a digest or a checksum
[source:wiki]
[source voer.edu.vn]
Base 16: In base 16 Cryptographic Hash Functions,16 characters
are used to encrypt or decrypt, these 16 characters are 0-9,A-F.Most
popular hexadecimal hash value is MD5. It accepts variable length
message from the user and converts it into a fixed 128-bit message
digest value.
Base 32: It uses 32 characters are used to encrypt or decrypt, these
16 characters are A-Z , 2-7.
Base 64: It uses 64 characters are used to encrypt or decrypt, these
16 characters are A-Z ,a-z,0-9,+,/.It always ends with ==
90
You can use the following site for encryption and decryption
CryptoFox is an encryption or decryption plug in tool available for

Mozilla Firefox. It supports popularly used encryption algorithm.
This add-on also comes with dictionary attack support, to crack
MD5 cracking passwords.
About this Add-on
CryptoFox supports the
following:
- AES 128-bit Encrypt
- AES 128-bit Decrypt
- ASCII to Binary
- ASCII to Hexadecimal
- Base 64 Encode
- Ceaser Encrypt
- Ceaser Decrypt
- Decimal to Binary
- Decimal to Hexadecimal
- Decimal to Octal
- DES Encrypt
- Generate CRC32 Checksum
- Hexadecimal to ASCII
- Hexadecimal to Binary
- Hexadecimal to Decimal
- Hexadecimal to Octal
- HTML Entities Encode
- MD5 Dictionary attack
91
- Base 64 Decode
- Binary to ASCII
- Binary to Decimal
- Binary to Hexadecimal
- Binary to Octal
- Octal to Hexadecimal
- Reverse
- ROT-13
- SHA1 Encrypt
- URL Decode
- MD5 Encrypt
- Morse Code Encrypt
- Morse Code Decrypt
- Octal to Binary
- Octal to Decimal
- SHA256 Encrypt
- URL Encode
- XOR Encrypt
92
Steganography
Analyzing data is an important part of ethical hacking and
penetration testing, Data may be alphanumeric or picture, video. If I
tell you a story, it will be more clear.
According to a news published in website http://arstechnica.com
".When a suspected al-Qaeda member was arrested in Berlin in May
of 2011, he was found with a memory card with a passwordprotected folderand the files within it were hidden. But, as the
German newspaper Die Zeit reports, computer forensics experts
from the German Federal Criminal Police (BKA) claim to have
eventually uncovered its contentswhat appeared to be a
pornographic video called 'KickAss.'
Within that video, they discovered 141 separate text files, containing
what officials claim are documents detailing al-Qaeda operations
and plans for future operationsamong them, three entitled "Future
Works," "Lessons Learned," and "Report on Operations."
Steganography was widely used in World War II. Consider the
following example of a null cipher (unencrypted messages) used by
a German spy in World War II [David Kahn, The Codebreakers, The
Macmillan Company. New York, NY 1967].
Apparently neutral's protest is thoroughly discounted and ignored.
Isman hard hit. Blockade issue affects pretext for embargo on by
products, ejecting suets and vegetable oils.
The following message may be obtained by taking the second letter
form each word and a little manipulation:
Apparently neutral's protest is thoroughly discounted and
ignored. Isman hard hit. Blockade issue affects pretext for
embargo on byproducts, ejecting suets and vegetable oils.
Pershing sails from NY June 1.
93
So learning the basic concepts of steganography is important.

Steganography from the Greek word steganos meaning covered
and the Greek word graphie meaning writing. Steganography is
the process of hiding of a secret message within an ordinary message
and extracting it at its destination.
"Steganography is the art and science of communicating in a way
which hides the existence of the communication. In contrast to
cryptography, where the enemy is allowed to detect, intercept and
modify messages without being able to violate certain security
premises guaranteed by a cryptosystem, the goal of steganography is
to hide messages inside other harmless messages in a way that does
not allow any enemy to even detect that there is a second secret
message present.
[Markus Kuhn 1995-07-03].
Steganography vs Encryption
Encryption is the practice of systematic information scrambling so
that it may be unscrambled later.
But steganography is the practice of information hiding.
Steganography + Encryption = Big Trouble for Law Enforcement
Agencies
Steganography Carrier Files
bmp
jpeg
gif
wav
mp3
94
Steganography Tools
MP3Stego
S-Tools (GIF, JPEG)
StegHide (WAV, BMP)
Invisible Secrets (JPEG)
JPHide
Camouflage
Hiderman
Snow
Steganography can be detected by some programs, The first step in

detection is to locate files with hidden text, which can be done by
analyzing patterns in the images and changes to the color palette.
Stegdetect is an automated tool for detecting steganographic content
in images. Its capable of detecting different steganographic methods
to embed hidden information in
JPEG images.
Hide some text in a jpg file
To retrieve the text, open "new.jpg" in notepad, last lines have the
text.
95
Hiding data in NTFS file system

NTFS alternate File Stream(ADS) is a windows hidden stream used
to store the metadata of a file such as attributes, word count, access
and modification time etc. Hacker can add data in this hidden data
stream so that no one can see it. It is better than steganography
because the file size remains zero.
press yes, and type some text, save and close.

File size is zero, but the text is there.
96
To retrieve the file type the same command.

d:>notepad original.txt:hide.txt
97
Malware
What is a Malware
Malware is a piece of malicious Code or software that is used by
cybercriminals to disrupt computer operations, steal personal or
professional data, gather sensitive information, or gaining access to
computer systems without user knowledge or approval.
Malware dominates the entire cyber crime domain, According to a
study by Kaspersky Lab about 291,800 new mobile malware
programs were found in the second quarter of 2015, nearly three
times more malware than in 2015's first quarter
Types of Malware
Virus: It is a program or piece of code that is loaded onto your
device. It is attached to a host program, the host is usually a
legitimate looking program or file. Once the program is launched,
the virus is executed and starts infecting files on your computer
Viruses can also replicate themselves. virus is spread by human
action.
Examples of computer viruses are:
> Macro virus
>Boot virus
>Logic Bomb virus
>Directory virus
>Resident virus
Worm: It is similar to virus but with a difference, it does not require
any host program to spread. It can also replicate themselves and it
can spread without any human action.
98
Examples of computer worm are:

>Email Worms
>Internet Worms
>File-sharing Networks Worms
>Instant Message and Chat Room Worms
Trojan Horse: This is the most dangerous. It looks like a legitimate
program, but causes damage or compromises the security of the device.
A Trojan Horse neither replicates nor copies itself.
Examples of computer Trojan are:

>Netbus Advance System Care(by Carl-Fredrik Neikter)
>Subseven or Sub7(by Mobman)
>Back Orifice (Sir Dystic)
>Beast
>Zeus
Spyware : Spyware is a type of malware installed on computers that
collects information about users without their knowledge
Spam-sending malware: Malware that infects a users machine and
then uses that machine to send spam.
Adware : Adware (short for advertising-supported software) is a
type of malware that automatically delivers advertisements.
Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software.
Ransomware: Ransomware is a type of malware that prevents or
limits users from accessing their system. This type of malware forces
its victims to pay the ransom through certain online payment
methods in order to grant access to their systems, or to get their data
back. Some ransomware encrypts files (called Cryptolocker).
[Trend Micro USA]
99
The following are some indications of a virus attack:

Increased CPU usage.
Computer's hard drive constantly runs out of free space.
Files have strange names which are not recognizable.
Slow computer or web browser speeds.
Resources are used up very fast.
Appearance of strange files, programs, or desktop icons
Programs running, turning off, or reconfiguring themselves
(malware will often reconfigure or turn off antivirus and firewall
programs)
Picture source: Joy Chakraborty slides
100
Anti-Malware Program :
Anti-Malware programs are used to prevent, detect, and remove
computer viruses, worms, Trojan horses and any other type of
malware from your device
Examples of Anti-Malware program:
a) Antivirus program
What is antivirus?
Antivirus software detects, and then prevents or removes malicious
programs or 'viruses'. Antivirus doesn't offer a perfect solution to the
problem of malware, but it should be the second step to secure your
PC or laptop after the first step firewall.
Popular Antivirus programs
ESET NOD32 Antivirus 8

Webroot Internet Security Plus 2015
Avira Free Antivirus 2015
Panda Global Protection 2015
F-Secure Safe 2014. Rating
G-Data Internet Security 2015
Kaspersky Total Security 2015
McAfee LiveSafe 2015
Many more are there.
b) Anti-spyware program
What is Anti-Spyware
Anti-spyware program is designed to prevent , detect and delete
unwanted spyware program installations.
101
Popular Anti-spyware programs

Spyware Doctor
AVG Anti-spyware
STOPzilla
c) Anti-spam program
What is Anti-Spam
Anti-spam software tries to identify useless or dangerous messages
d) Firewall
A firewall is a system designed to prevent unauthorized access to or
from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both.
How antivirus identifies a virus
Virus detection techniques can be classified as follows:
Signature-based detection: All virus has a signature, The signature
may be a series of bytes in the file or cryptographic hash of the file
or its sections. Antivirus program check that signature with the
Database stored
Heuristics-based detection :This is intelligent programming, used
for detecting new malware. Like it may look for the presence of rare
instructions or junk code in the examined file
Cloud-based detection: It is not performed locally rather the
antivirus engine connect to cloud and derive patterns related to
malware characteristics and behavior by correlating data collected
from local machine.
102
Behavioral detection: This approach attempts to identify

malware by looking for suspicious behaviors, such as unpacking of
malware code or trying to modify the hosts file or observing
keystrokes.
"VirusTotal" is a free service that analyzes suspicious files and
URLs and facilitates the quick detection of viruses, worms, Trojans,
and all kinds of malware.
103
Google hacking
What is web search engine
A web search engine is a software system that is designed to search
for information on the World Wide Web. The search results are
generally presented in a line of results often referred to as search
engine results pages (SERPs). The information may be a mix of web
pages, images, and other types of files. Some search engines also
mine data available in databases or open directories. Unlike web
directories, which are maintained only by human editors, search
engines also maintain real-time information by running an algorithm
on a web crawler. [defined in en.wikipedia.org]
In simple word Search engines are programs that search some
documents specified by the keywords in the world wide web and
returns a list of the documents where the keywords were found.
Typically, Web search engines work by sending out a spider to fetch
as many documents as possible.
104
Popular Search Engine Used By Hackers

In most of the time out searching starts and end with Google, bing
and yahoo, but there are more web search engine, Computational
Knowledge Engine(www.wolframalpha.com), computer search
engine (https://www.shodan.io), WayBackMachine (archive.org)
that are popularly used by hackers.
You can see the list of various search engines in the following link
[http://www.ebizmba.com/articles/search-engines]
https://www.shodan.io
105
archive.org
Majority of the information can be obtained from Google,

around 80% and you will be astonished to know that
"facebook","twitter"," LinkedIn" are also used as a search engine
for target specific attack.
How the Google Search Engine Works
At first Google use a "optimized algorithm" , to speed up the data
processing and a technique known as "parallel processing" to run
several different computations simultaneously. This is done by using
a network of several thousand computers. Google's search engine
consists of three main parts:
GoogleBot: The web crawler, by crawling the internet, we mean that

it sends requests to all the servers hosting web sites, downloads
copies of them, and then sends them off to the Indexer for
processing.
Indexer: sorts every word on a page, and stores the results in a
database.
106
Query Processor : looks at your search string, compares to the

results stored by the indexer, retrieves, and presents the list of most
relevant results. Following picture explain the concept
source[http://www.brighthub.com/]
Google Hacking Database, GHDB, Google Dorks - Exploit-DB
Google hacking is a computer hacking technique that uses Google
Search and other Google applications to find security holes in
the configuration and computer code that websites use.
[defined in en.wikipedia.org]
A Google dork query, sometimes just referred to as a dork, is a
search string that uses advanced search operators to find information
that is not readily available on a website.
107
Google dork, also known as Google hacking, can return information

that is difficult to locate through simple search queries.
[http://whatis.techtarget.com]
Google Hacking Database (GHDB).Your home for "googledorks" is
maintained by offensive-security. The definition of Google Hacking
Database according to the site is as follows.
"Originally created by Johnny Long of Hackers for Charity,
The Google Hacking Database (GHDB) is an authoritative source
for querying the ever-widening reach of the Google search engine. In
the GHDB, you will find search terms for files containing
usernames, vulnerable servers, and even files containing
passwords."
https://www.offensive-security.com/community-projects/googlehacking-database/.
108
According to a news published in www.welivesecurity.com BY

ROB WAUGH dated 28 AUG 2014, "Google dorks FBI warning
about dangerous new search tool". Now I think you can imagine
the power of "google dorks". Google dork terms are widely known
to everybody, and till today google dork searching is legal.
Exploit-DB
According to the site https://www.exploit-db.com "The Exploit
Database(EDB) is a CVE compliant archive of exploits and
vulnerable software. A great resource for penetration testers,
vulnerability researchers, and security addicts alike. Our goal is to
collect exploits from various sources and concentrate them in one,
easy to navigate database".
You can check the following link to know more about Exploit-DB.
https://www.exploit-db.com/about
109
The contents available in this site is not for beginners, but some day
it will be required on your way to become an elite hacker.
Google as a Proxy Server to Bypass Pay walls & Download Files

Suppose you have problem in accessing a web page(say
example.com),may be the website is blocked at your workplace, or
that page happens to be behind a pay wall. Then there are a couple of
undocumented Google proxy servers that may help you in accessing
that page. When you access any page via one of these Google
proxies, the content of that page gets downloaded on Google servers
and then served to you.
a) Google Translate as a Proxy
To use Google Translate as a proxy, set the destination language as

the actual language of the page and the source language as anything.
suppose a page is written in English, set the destination language (tl)
in the translate URL as en and the source language (sl) as ja for
Japanese.
http://translate.google.com/translate?sl=ja&tl=en&u=http://example.
com
b) Google Mobilizer as a Proxy
Google has discontinued the main mobilizer service on google.com
(secure) but you can still access it through any country-specific
Google domain like google.co.in or google.ie. The URL would be:
http://www.google.ie/gwt/x?u=http://example.com/
110
c) Google Modules as a Proxy

The gmodules.com domain is part of the Google personalized
homepage service and is primarily used for hosting gadgets that are
available for the Google homepage. This is the only Google proxy
that will let you download files (like PDFs, .MP4 videos, etc) in
addition to viewing regular web pages.
http://www.gmodules.com/ig/proxy?url=http://example.com/
Google advance Search Operators
Operator
site
Description
Restrict result to that particular domain, like site:.pk,
will bring all sites with the domain "site:.pk"
intitle
Restricts results to those site where title contains the

specified phrase "intitle:hack"
inurl
Restricts results to sites whose URL contains the

specified phrase " inurl:hack"
filetype
Restricts results to documents of the specified type,like

pdf,doc,ppt etc " intitle:java fietype:pdf"
allintext
Restricts results to documents containing the specified

phrase in the
text, but not in the title, link descriptions or URLs
" allintext:java fietype:pdf "
link
Restricts results to sites that have links to the specified

location " link:www.google.com "
111
Google queries for locating passwords

Operator
Description
intitle: "Index of" pwd.db
searching database password files
intitle: "index.of" passwd.bak search index backup password files

filetype: xls inurl:
"password.xls"
allinurl: auth_user_file.txt
looking for username and password

in ms excel format
find files auth_user_file.txt
containing password on server
index.of passlist.txt
load the page containing password

list in the clear text format
"Login: *" "password =*"

filetype: xls
searching data to the system files

that are stored in Microsoft Excel
Various Online Devices

Operator
Description
inurl:axis.cgi ext:cgi
Dork for all axis cams. Enjoy with

them!. These Dork is Discovered by
Rootkit Pentester.
intitle:Global Traffic
Statistics "Ntop"
View Global Traffic Statistics
inurl:printer/main.html
inurl:/view.shtml
".git" intitle:"Index of"
This Dork reveals Printers Panels

Some Cctv came online
Shows publicly browsable .git
directories
112
Google queries for locating passwords

Operator
Description
intitle: "Index of" pwd.db
searching database password files
intitle: "index.of" passwd.bak
search the index backup password

files
filetype: xls inurl:

"password.xls"
allinurl: auth_user_file.txt
looking for username and

password in ms excel format
find files auth_user_file.txt
containing password on server
index.of passlist.txt
load the page containing password

list in the clear text format
"Login: *" "password =*"

filetype: xls
searching data to the system files

that are stored in Microsoft Excel
Searching for personal data and confidential document

Operator
Description
"not for distribution" confidential

filetype:ctt "msn"
documents containing the

confidential information
MSN contacts list
"phone * * *" "address *" "e-mail"

intitle:"curriculum vitae"
filetype:xls inurl:"email.xls"
ALL cv
email.xls files, potentially

containing contact information
113
Google queries for locating admin Login portals

Operator
Description
inurl:admin.php site:.pk
intitle:admin
intitle:admin login
intitle:administrator
Find admin page of a site
inurl:adminlogin.asp
inurl:administrator
Various sections of www.exploit-db.com/google-hackingdatabase site
practice more from here
114
Shodan
At DEFCON 17 in 2009, John Matherly debuted a search engine
named Shodan (after the villainous computer in the cult-classic
video game, System Shock). Shodan was received with some alarm
in the media, who named it The worlds scariest search engine.
Shodan is the search engine for next generation of hackers. Internet
of Things(IOT) is on the way, IOT will connect every possible
device in the net. " Shodan is the world's first search engine for all
Internet-connected devices. "
Shodan runs 24/7 and collects information on about 500 million
connected devices and services each month.Using shodan is simple,
create an account and then use it, without creating an account
searching is possible but with limited facility.
With Shodan you can find
+Unprotected Webcams
+Find Traffic Lights
+Find Routers
+Find SCADA Systems(SCADA devices are those that control such things as
the electrical grid, water plants, waste treatment plants, nuclear power
plants, etc.)
+Find the Default Passwords
and many more
115
Some popular searches
click on webcam
116
I want to finish this topic with a search engine named

"indexeus.com".
Indexeus was developed by the Portuguese Jason Relinquo, a 23year-old hacker which has built a searchable archive
containing over 200 million entries. it retrieves all the available
information on user account acquired from hundreds recently
data data breaches. The data collected includes information on
malicious hackers stolen recent hack, including Adobe and Yahoo!.
Anyway Indexeus website was rapidly targeted by other hackers, a
few days ago the search engine was defaced by hacker group
Pernicious Developers which also deployed a backdoor shell on the
website.
117
118
HTML
HTML started its life in 1989, when it was designed to be the
publishing language of the newly created World Wide Web. HTML
(Hyper Text Markup Language) was originally developed by a man
named Tim Berners-Lee a physicist back in early 1989. The first
version of HTML 1.0 was initially released as a publishing language.
HTML is a language used for describing the structure of the web
page. Using HTML markups one can create a web page. In other
words HTML is used to create a web document. Every HTML
document contains three main sections the head, title and the body.
All HTML file must have an htm or html file extension.
You should know HTML, because most of the websites use HTML.
For a hacker analyzing the web page code is important.HTML 4 is
popularly used but, HTML5 is there with lots of new feature. We are
going to learn both.
How to View HTML Source
To find out, simply right click on the browsers and Source or Page
Source or view source. This will open a window that shows you the
actual HTML of the page.
HTML is the language of web. So first comes what is web
A web is a complex, cross platform, cross language, cross cultural
mesh of servers,
clients, users, databases, all talking, working, searching, viewing,
accessing, downloading together.
A website is a collection of web pages (documents that are accessed
through the Internet), A web page is what you see on the screen
when you type in a web address, click on a link, or put a query in a
search engine.
119
[source www.sans.org]
How to write and run HTML file
1)open notepad
2)type the code
3) save it with a name, say demo.html
4) click on the file demo.html, automatically open in browser.

HTML files consists of tag. A summary of tag is given below
Basic HTML Tags
<html>
<body>
<h1> to <h6>
Tag Description
Defines an HTML document
Defines the document's body
Defines header 1 to header 6
120
<p>
<br>
<hr>

</script>
</head>
<body>
This is a part of html boy
</body>
</html>
132
Message Box example

There are three message boxes: alert, confirm, and prompt.
window.alert("Welcome to my site!")
window.confirm("Are you ready to quit?")
window.prompt("please enter user name")
</script>
var x=window.confirm("Are you sure you want to quit")
if (x)
window.alert("Thank for visiting.")
else
window.alert("welcome.")
</script>
<html>
<head>
function show_alert()
it is a
function
{
alert("I am an alert box!!!!!");
}
</script>
</head>
<body>
<input type="button" onclick="show_alert()" value="show" />
click on [show]
</body>
</html>
133
onclick is a event
<html>
<head>
function disp_okcan()
{
var res=confirm("Press a button"); //if u press ok, then res
variable stores true otherwise false
if (res==true)
{
document.write("You pressed OK!");
}
else
{
document.write("You pressed Cancel!");
}
}
</script>
</head>
<body>
<input type="button" onclick="disp_okcan()" value=" press" />
</body>
</html>
134
<html>
<head>
function product(a,b)
{
return a*b;
}
</script>
</head>
<body>
document.write(product(4,4)); // result is 16
</script>
</body>
</html>
Form validation example with userid and password
<html>
<head>
<SCRIPT Language="JavaScript">
function validate(x)
{
if ((x.id.value != "sen")||(x.pass.value !="sen123"))
{
alert("Invalid Login");return false;
}
else
alert("welcome");
}
</script>
</head>
135
<body>
<form>
<p>UserID:<input type="text" name="id"></p>
<p>Password:<input type="password" name="pass"></p>
<p><input type="button" value="Login"
onClick="validate(this.form)"></p>
</form>
</body>
</html>
<html>
<head>
<SCRIPT Language="JavaScript">
function validate()
{
if(document.login.uid.value=="")
{
alert ("Please enter User Name");return false
}
if(document.login.password.value=="")
{
alert ("Please enter Password");return false
}
}
function emailcheck()
{
var x=document.login.email.value
if (x.indexOf("@")==-1)
[@ is missing]
{
alert("You entered an invalid email address.")
document.login.email.focus()
}
}
</script>
</head>
136
<body>
<form name="login" onsubmit="return validate()">
<p>UserID:<input type="text" size="10" name="uid"><p>
<p>Password:<input type="text" size="10"
name="password"><p>
<p>Email:<input type="text" size="20" name="email"
onblur="emailcheck()">
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
137
Python
Why python
Python is a brilliant language. At certain stage of hacking you have
to build some hacking tools, python is best suitable for that. I am
assuming that you know any one programming language, so
obviously not going to discuss the logic of programming, just
demonstrating some example.
The python version I use is python 2.7.9,which is more stable than
python 3.You can download python from
"https://www.python.org/downloads/".I downloaded a windows
version of python.
Python is a general-purpose interpreted,interactive, object-oriented
and high-level programming language. Python was created by Guido
van Rossum in the late eighties and early nineties. Like Perl, Python
source code is also now available under the GNU General Public
License (GPL).
Features of python
>Support for functional and structured programming methods as
well as OOP.
>It can be used as a scripting language or can be compiled to bytecode for building large applications.
>Very high-level dynamic data types and supports dynamic type
checking.
>Supports automatic garbage collection.
>It can be easily integrated with C, C++, COM, ActiveX, CORBA
and Java.
138
Python 2.7.9 shell is open.
Now we learn how to save file and run.

step 1: File menu-> New file
step 2: Type code and save it
step 3:press F5
139
>>> 11
11
>>> 2+(3*2)
8
>>>
>>> 1 + 5 ; 6 2
6
4
140
Python treats everything as an object

>>> s = "computer"
>>> s.capitalize()
'Computer'
>>>
>>> 8**2 //** is power
64
>>> s = "hello"*3
>>> s
'hellohellohello'
>>> len("python")
6
>>> x = 16
>>> print x
6
>>> y = x * 5
>>> print y
80
>>>
141
>>> first = 5
>>> second = 6
>>> print first + second
11
>>> first = '10'
>>> second = '15'
1015
>>> name = raw_input('What is your name?\n')
What is your name?
Ss
>>> print name
Ss
x = 13
y = 15
print("The sum of", x, "plus", y, "is", x+y)
Python's ability to manipulate lists of variables and objects is

core to its programming style.
There are essentially two kinds of list objects in Python, tuples
and lists.
142
>>> lst = [11,12,13,14,15]

>>> print lst
[1, 2, 3, 4, 5]
>>> [1,2] + [3,4]
[1, 2, 3, 4]
>>> [1,2]*4
[1, 2, 1, 2, 1, 2, 1, 2]
>>> l1 = [1,2,3]
>>> l2 = [3,2,1]
>>> l1 += l2
>>> l1
[4,4,4]
range(start, stop, step) function automatically produces lists
>>> range(4)
[0, 1, 2, 3]
>>> range(1, 4)
[1, 2, 3]
>>> range(0, 8, 2)
[0, 2, 4, 6]
>>> lst = [11,12,13,14,15] access list elements.
>>> lst[1]
12
143
subsections of lists can be extracted using the notation list

[lower:upper:step]
where lower gives the inclusive lower element index, upper gives
the exclusive upper index, and the optional step gives the increment
between the two.
>>> l = [1,2,3,4,5]
>>> l[0:4]
[1, 2, 3, 4]
>>> l[0:4:2]
[1, 3]
>>> l = [1,2,3,4,5]
>>> l[:4]
[1, 2, 3, 4]
>>> l[2:]
[3, 4, 5]
>>> l[::2]
[1, 3, 5]
a = raw_input(">")
a =int(a)
b = raw_input(">")
b =int(b)
//if else
if a>b:
144
print "max = %d." % a

else:
print "max = %d." %b
a = raw_input(">")
a =int(a)
b = raw_input(">")
b =int(b)
if a>b:
//if elif else
print "max = %d." % a

elif a == b:
print "equal"
else:
print "max = %d." %b
>>> first = 5
>>> second = 6
11
>>> first = '10'
>>> second = '15'
145

1015
>>> name = raw_input('What is your name?\n')
What is your name?
Ss
>>> print name
Ss
>>> for i in [2, "ss", 19]:

... print i
... <hit return>
>>> for i in (2.1, [8, 9],

{"city":"kolkata"}):
... print i
... <hit return>
2.1
ss
[8, 9]
19
{"city":"kolkata"}
4
for i in [4, 6, 7, 8, 10]:
print i
6
7
8
10
>>> list = [(1, 2), (2, 3), (3, 4)]

>>> for (a, b) in list:
146
... print a + b
... <hit return>
3
5
7
Use of function
def happyBirthday():
>>>
Happy Birthday to you!
print("Happy Birthday to you!")
Happy Birthday, dear ss.
print("Happy Birthday, dear ss.")
happyBirthday()
def happyBirthday(person):
Happy Birthday, dear ss
print("Happy Birthday, dear "+person) Happy Birthday, dear dm

def main():
happyBirthday('ss')
happyBirthday('dm')
main()
147
def happyBirthday(person):
print("Happy Birthday, dear " +
person + ".")
def main():
userName = input("Enter the persons
name: ")
happyBirthday(userName)
main()
Basic File Handling
File is a place to store data sequentially, The first thing is open the
file. When you open the files, you can specify with parameters how
you want to open them. The "r" is for reading, the "w" for writing
and the "a" for appending.
Example of file read
fh = open("file2.py","r")
content = fh.read()
print content
write and save it with "file2.py"
file name
>>>
content = fh.read()
print content
>>>
148
Example of file readline

content = fh.readline()
print content
>>>
>>>
write and save it with "file2.py"

file name
Only 1st line is printed
Write text in a file

f = file("file1.txt", "w")
f.write("This is first line.")
f.write("This is 2nd line.")
f.close()
149
Server-side programming
Server-side programming means some programs that run on the
remote web server and then returns the processed information to a
client's web browser. Some popular server side programming
languages are Perl, PHP, Python, Ruby, Java server pages,
ASP.NET, ColdFusion etc.
Below is a comparison of popularity of server-side programming
languages for websites. PHP is used by 81.5% of all the websites.
Source http://w3techs.com
150
Knowledge of at least one server side programming language is very

important for a ethical hacker. Two important things should be kept
in mind .
a) PHP and JSP are scripting languages, not programming
languages.
b) ASP.NET is a web framework that is made up of any .NET

language.
It is impossible for me to explain each of these all server side

programming language in this book, but I can teach you some
basics of the most popular PHP.
For a beginner running PHP is a difficult task, because you have

to know how to install a server and to configure it. But you can
run PHP codes online in [sandbox.onlinephpfunctions.com]
without knowing details of web server configuration. Many more
sites are there.
151
152
The full form of PHP is Hypertext Pre-processor (PHP). It allows

web developers to create dynamic web pages that interacts with
server
Some characteristics of PHP
>PHP is a server side scripting language; it can work alone or can be
embedded in HTML file.
>It can be integrated with a number of popular databases, including
MySQL, PostgreSQL,Oracle, and Microsoft SQL Server.
>PHP supports a large number of major protocols such as POP3,
IMAP, and LDAP.
>PHP Syntax is similar to C.
>PHP codes are written within this block <?
?>
>To run PHP codes you need a server like XAMP (X (cross
plaftorm), Apache, MySQL, PHP, Perl), WAMP ( windows,
apache, mysql, php) and a browser.
>PHP is case sensitive
>PHP is whitespace insensitive
>PHP Statements are terminated by semicolons
A simple php code
>Open notepad
>Type the code
>Save the file with .php extention
<html>
<head>
<title>this is my first program</title>
</head>
<body>
<?php
echo "first program";
?>
</body>
</html>
Output : first program
153
<html>
<head>
<title>My First PHP Page</title>
</head>
<body>
<?php
echo "Hello World! ";
?>
</body>
</html>
Output : Hello World! Hello World! Hello World!
<?php
$str1= "Hello!";
// str1 is a variable, written with $
$str2= "ajit";
echo $str1;
echo $str2;
?>
Output : Hello!" ajit
<?php
$addition = 5 + 6;
$subtraction = 6 - 5;
$multiplication = 5 * 3;
$division = 15 / 3;
echo "after addition: 5 + 6 = ".$addition."<br />";
echo " after subtraction: 6 - 5 = ".$subtraction."<br />";
echo " after multiplication: 5 * 3 = ".$multiplication."<br />";
echo " after division: 15 / 3 = ".$division."<br />";
?>
Output : after addition: 5 + 6 =11
after subtraction: 6 - 5 = 1
after multiplication: 5 * 3 = 15
after division: 15 / 3 = 5
154
<?php
$str1= "Hello!";
strings together
$str2= "ajit";
$str3= $str1.$str2;
echo $str3;
?>
Output : Hello!" ajit
// the period "." is used to add two
<?php
$t1 = 10;
$t2 = 12;
if ($t1 < $t2)
//example of if else
{
echo $t1 ." less than " . $t2;
}
else
{
echo $t2 ." more than " . $t1;
}
?>
Output : 10 less than 12
<?php
$color = "green";
switch ($color)
{
case"red":
echo "Your favorite color is red!";
//example switch case
break;
case "blue":
echo "Your favorite color is blue!";
break;
case "green":
echo "Your favorite color is green!";
break;
default:
echo "Your favorite color is neither red, blue, nor green!";
}
155
?>
Output : Your favorite color is green!
<?php
for ($i = 0; $i <= 10; $i++)
{
echo "The number is: $x\n "; //loop syntax similar to c language
}
?>
Output : The number is: 0
The number is: 1
<?php
$play = array("cricket", "football", "baseball");
echo "I like " . $play[0] . ", " . $play[1] . " and " . $play[2] . ".";
//array
?>
Output : I like cricket, football and baseball.
<html>
//form name home.html
<body>
<form action="submit.php" method="post">
//this form calling submit.php file
// form method is post.
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
<html>
<body>
//file name submit.php
Welcome <?php echo $_POST["name"]; ?><br>

Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>
156
Output : Welcome srikanta

Your email address is srikantasen@gmail.com
<html>
<body>
<form action="submit.php" method="get">
//this form calling submit.php file
// form method is get
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
157
Relational Algebra and SQL
Relational algebra is a formal system for manipulating

relations. Relational algebra, first described by E.F. Codd.
Basic operations of Relational Algebra
Selection ( ) Selects a rows from a relation.
Projection ( ) Select particular columns from relation.
Cross-product ( x ) Combine two relations.
Set-difference ( T1-T2) Tuples from relation T1, but not from T2 .
Union (T1 U T2) All Tuples from T1 and T2
Intersection (T1
T2) All common Tuples from T1 and T2
T1
Roll
Name
T2
Marks
Roll
Name
Marks
Ana
20
devid
23
devid
23
clinton
21
alen
26
hamid
28
158
Selection ( ) operation
select from T1,where marks more
than 25

than 23 and less than 29
Algebra: Marks>25 (T1)
Algebra: Marks>23 and Marks<=28 (T2)
T1
Roll
4
Name
alen
T2
Marks
Roll
26
Name
Marks
devid
23
hamid
28
Projection ( ) operation
select roll and marks from T1,where marks more than 25
Algebra: Roll, Marks ( Marks>25 (T1))
Roll
4
Marks
26
select roll and marks from T2,where marks more than 23 and less than 29
Algebra: Roll, Marks ( Marks>23 and Marks<=28 (T2))
Roll
Marks
23
28
159
Set-difference
Set-difference ( T1-T2)
T1-T2
Roll
Name
T2-T1
Marks
Roll
Name
Marks
Ana
20
clinton
21
alen
26
hamid
28
Roll
Name
Marks
Ana
20
devid
23
alen
26
clinton
21
hamid
28
Roll
2
Name
devid
Intersection (T1
Union (T1 U T2)
160
Marks
23
T2)
Cross-product (x)
T1
Roll
T2
Name
Marks
Roll
Name
Marks
Ana
20
devid
23
devid
23
clinton
21
Cross-product (T1 x T2)
Roll
Name
Marks
Ana
20
Ana
20
Roll
2
devid
3
devid
23
devid
23
Name
23
clinton
devid
Marks
clinton
21
23
21
Advance operations of Relational Algebra

Join
(Returns all rows when there is at least one match in
BOTH tables)
Left outer Join
(Return all rows from the left table, and the
matched rows from the right table)
Right outer Join
( Return all rows from the right table, and
the matched rows from the left table )
Full outer Join
ONE of the tables)
(Return all rows when there is a match in
161
T1
T2
Roll
Name
Roll
Marks
Ana
26
devid
21
alen
28
T1
Roll
Name
T1
T2
devid
Marks
26
T2
Roll
Name
Marks
Ana
NULL
devid
26
alen
NULL
T1
T1
Roll
Name
T2
Roll Name Marks
T2
Marks
Ana
NULL
devid
26
devid
26
NULL
21
alen
NULL
NULL
28
NULL
21
NULL
28
Relational Algebra is much more than this, but more

explanation is beyond the scope of this book
162
Some important concept related to DBMS and RDBMS

Data: Known facts that can be recorded and that have implicit
meaning
Field: Smallest unit of Data,e.g roll,name,marks,which can not be
broken further
T1
Roll
Name
Marks
Record or tuple or Row: It is a collection of Fields.

T1
Roll
Name
Marks
Ana
20
1st row
devid
23
2nd row
Table: It is collection of Records.T1 is a table.

T1
Roll
Name
Marks
Ana
20
devid
23
Database: it is collection of more than 1 table,T1,T2 together form

Database.
163
T1
T2
Roll
Name
Roll
Marks
Ana
26
devid
21
alen
28
RDBMS: Codd's twelve rules are a set of rules (numbered zero to

twelve) designed to define what is required from a database
management system in order to be considered RDBMS
SQL(Structured Query Language) is a standard language for
accessing databases.SQL statements are used to perform tasks such
as insert data, delete data, search data and update data on a database.
Some common relational database management systems that use
SQL are: Oracle, Sybase, Microsoft SQL Server, Access, Ingres, etc.
This tutorial will teach you basics of ORACLE SQL.
Consider the following table
T1
Roll
Name
T2
Marks
Roll
Name
Marks
Ana
20
devid
23
devid
23
clinton
21
alen
26
hamid
28
164
Selection ( ) operation
than 25
select from T2,where marks

more than 23 and less than 29
Algebra: Marks>25 (T1)
Algebra: Marks>23 and Marks<=28 and

(T2)
SQL: select * from T1 where Marks

>25;
SQL: select * from T2 where
Marks >25 and Marks<=28;
T1
T2
Roll
Name
Marks
Roll
Name
Marks
4
alen
26
2
devid
23
5
hamid
28
* means all column
Projection ( ) operation
select roll and marks from
T1,where marks more than 25
Algebra: Roll, Marks (
Marks>25 (T1))
SQL: select Roll, Marks
from T1
where Marks >25;
select roll and marks from

T2,where marks more than 23 and
less than 29
Algebra: Roll, Marks ( Marks>23 and
Marks<=28 and (T1))
SQL: select Roll, Marks
from T1
where Marks >25 and Marks <=28;
165
Roll
Roll
Marks
26
Marks
23
28
Set-difference
SQL: (select * from T1)
Minus
(select * from T2)
Minus
(select * from T1)
T1-T2
Roll
Name
T2-T1
Marks
Ana
20
alen
26
Roll
Name
Marks
clinton
21
hamid
28
166
Union (T1 U T2)
Intersection (T1

Union
(select * from T2);
Roll
Name
T2)

Intersect
(select * from T2);
Roll
Marks
Ana
20
devid
23
alen
26
clinton
21
hamid
28
Name
devid
Cross-product (x) Consider the following table

T1
Roll
Name
Marks
Ana
20
devid
23
167
Marks
23
T2
Roll
Name
Marks
devid
23
clinton
21
Cross-product (T1 x T2)

SQL: Select * from T1, T2;
Roll
Name
Marks
Ana
20
Ana
20
Roll
2
devid
3
devid
23
devid
23
Name
23
clinton
devid
Marks
clinton
21
23
21
Advance operations of Relational Algebra

Join
(Returns all rows when there is at least one match in
BOTH tables)
Left outer Join
(Return all rows from the left table, and the
matched rows from the right table)
Right outer Join
( Return all rows from the right table, and
the matched rows from the left table )
Full outer Join
ONE of the tables)
(Return all rows when there is a match in
168
T1
Roll
T2
Name
Roll
Marks
Ana
26
devid
21
alen
28
SQL: (select T1.Roll,

T1.Name, T2.Marks
From T1, T2 Where
SQL: (select T1.Roll, T1.Name, T2.Marks

From T1, left outer join T2 on
T1.Roll= T2.Roll)
T1.Roll= T2.Roll)
T1
T1
T2
Roll
Name
Marks
Devid
23
Roll
Name
T2
Marks
Ana
devid
23
alen
NULL
169
NULL
SQL: (select T1.Roll,

T1.Name, T2.Marks
From T1, right outer join
T2 on T1.Roll= T2.Roll)
SQL: (select T1.Roll, T1.Name, T2.Marks

From T1, full outer join T2 on
T1.Roll= T2.Roll)
T1
T2
Roll Name Marks

T1
T2
Ana
NULL
Roll
Name
Marks
devid
23
devid
23
alen
NULL
NULL
21
NULL
21
NULL
28
NULL
28
170
Join a Ethical Hacking School

I hope you got some prerequisite skills before you start exploring
the world of ethical hacking or penetration testing, next step will
be obviously joining a Ethical Hacking School.
You can call me biased but my recommendation is ISOEH. The
web site is [www.isoeh.com].The corporate website is
[http://isoah.com].Let me explain, Most of the hacking institute
only teach you only hacking, but in ISOEH you can learn ethical
hacking, penetration testing, malware analysis, cyber forensics,
web application testing, computer network, network penetration
testing, secure coding, virtualization and many more. I should
definitely mention their penetration testing lab in cloud, which is
the best in India as far my observation.
I learned from team ISOEH, still today I am learning from
them. Their research team is fantastic with high volume of
resource material available.
171
172

Ethical Hacking Level 0 by Srikanta Sen

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ethical Hacking Level 0 by Srikanta Sen

Uploaded by

Copyright:

Available Formats

STUDENT GUIDE

About the Author

Srikanta Sen presently teaching in a college affiliated to Maulana

Mr. Sandeep Sengupta

Any words can be mailed to [srikantasen@gmail.com]

Ethical hacking, also known as penetration testing, intrusion testing

An ethical hacker also should have a basic understanding Data

Big data is the new inclusion, In ethical hacking we try to protect

Ethical Hacking Concepts

What is ethical hacking ,Who is ethical hacker

.Hacktivism: Hacktivism is the act of hacking, or breaking into a

Threat - An action or event that is a concern regarding

Confidentiality, Integrity, and Availability (CIA Triad)

CIA triad, is a model designed to guide policies for information

Reconnaissance : It means collect as much as information possible

Covering tracks: Attackers will usually attempt to erase all

Penetration Testing Concepts

Ethical hacking and penetration testing relation

A. Local Area Networks (LAN) is usually limited to a few

Categories of transmission media

Network topology: It is the arrangement of the various elements

Phase Shift Keying

OPEN SYSTEMS INTER CONNECTION REFERENCE

Application Layer :Data generation

OSI Model Layer Mnemonics

Application, Presentation, and Session layers

Data Link layer

AS data moves from level to level header starts attaching to data

Explanation of these SEVEN distinct layers

In the Open Systems Interconnect model, which allows dissimilar

At the receiving computer, this layer receives the incoming

The Data-Link Layer actually consists of two separate

Network Interface Layer

The Application layer of the TCP/IP Model encompasses the same

Mapping of OSI and TCP-IP layer

HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP

IP,IGMP, ICMP, ARP, RARP

Ethernet, Token Ring, FDDI, X.25, Frame

Application layer protocol

The Hypertext Transfer Protocol (HTTP) is used to transfer files

TCP is a reliable connection-oriented, reliable protocol. i.e. a

Internet layer protocol

The Internet Protocol (IP) is a routable protocol responsible for IP

Comparison OSI and TCP/IP

OSI model has separate

TCP/IP does not have a separate

In OSI model the transport layer

In TCP/IP model the transport

OSI provides layer functioning

TCP/IP model is more based on

What is Internet Protocol?

There are two notations to show an IPv4 address:

Problem with IPv4

Protocols and ports

Computer Systems Architectures

In Centralized Systems, several jobs are done on a particular

Distributed computing is required, when the system requirement is

A client is something that send a request to one computer or server.

2-tier architecture is used to describe client/server systems, where

Picture source: pecktechdesigns.com

Clients which request services

Application servers whose task is to provide the requested

Database servers which provide the application servers with the

Picture source: tutorials.jenkov.com