SRINIVAS UNIVERSITY

INSTITUTE OF ENGINEERING AND

TECHNOLOGY
MUKKA, MANGALURU

DEPARTMENT OF CYBER SECURITY AND CYBER FORENSIC

ENGINEERING

NOTES
ON
ETHICAL HACKING AND NETWORK DEFENSE
SUBJECT CODE: 19SCSF73

COMPILED BY:
Mrs. SWATHI R, Assistant Professor

2023-2024
 MODULE 3
SYSTEM HACKING AND PENETRATION TESTING

System Hacking and Penetration Testing:

System Hacking:

System hacking involves gaining unauthorized access to computer systems or networks. It

includes various techniques and methodologies to exploit vulnerabilities, weaknesses, or
misconfigurations in systems for unauthorized access or control.

1. Reconnaissance: Gathering information about the target system or network, including IP

addresses, domain names, network topology, and potential vulnerabilities.

2. Scanning: Identifying active hosts, open ports, and services running on the target system to
find potential entry points.

3. Gaining Access: Exploiting vulnerabilities or weak points to gain unauthorized access.

This can involve methods like exploiting unpatched software, using malware, or gaining
physical access.

4. Maintaining Access: Creating backdoors or persistent access methods to ensure continued

control over the compromised system.

5. Covering Tracks: Deleting logs, altering timestamps, and removing traces of the attack to
hide the unauthorized access.

Penetration Testing:

Penetration testing (pen testing) is a controlled process where security professionals simulate
real-world attacks on systems, applications, or networks to identify vulnerabilities and
weaknesses before malicious hackers can exploit them.

1. Planning: Defining the scope, goals, and rules of engagement for the penetration test.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 1

2. Information Gathering: Collecting information about the target, such as IP addresses,
domain names, and services.

3. Vulnerability Analysis: Identifying potential vulnerabilities in the target system by

scanning for open ports, services, and known vulnerabilities.

4. Exploitation: Attempting to exploit the identified vulnerabilities to gain unauthorized

access or control.

5. Post-Exploitation: Exploring the compromised system to understand the extent of access

and potential damage that an attacker could cause.

6. Reporting: Documenting the findings, including identified vulnerabilities, their potential

impact, and recommended remediation steps.

Password Cracking and Authentication

Password Cracking:

Password cracking involves attempting to discover passwords by various methods, such as

guessing, brute-force attacks, dictionary attacks, and rainbow table attacks. The goal is to
gain unauthorized access to an account or system.

Authentication:

Authentication is the process of verifying the identity of a user, system, or device before
granting access to resources. Passwords are commonly used for authentication, but there are
also other methods like biometrics (fingerprint, facial recognition), smart cards, and multi-
factor authentication (MFA).

Types of Password Attacks:

1. Brute-Force Attack: Trying all possible combinations of characters until the correct
password is found. This method is time-consuming but effective against weak passwords.

2. Dictionary Attack: Using a list of commonly used passwords or words from the dictionary
to guess the password. It's faster than brute-force and can crack weak passwords.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 2

3. Rainbow Table Attack: Pre computed tables of password hashes are used to quickly match
against stolen password hashes. Effective against systems with weak hashing algorithms.

4. Credential Stuffing: Using known username and password combinations (often from
previous data breaches) to gain unauthorized access to accounts on different platforms.

5. Phishing: Tricking users into revealing their passwords by posing as a legitimate entity via
email, messages, or websites.

6. Key loggers: Malware that records keystrokes to capture passwords as they are typed.

7. Social Engineering: Manipulating individuals to reveal passwords by exploiting

psychological or social aspects.

8. Pass-the-Hash: Exploiting a system's method of authentication by passing a hash of the

password instead of the actual password.

9. Offline Attacks: Attacking password hashes directly offline, which is useful after
compromising a system and obtaining its password database.

To protect against password attacks, it's crucial to use strong, unique passwords, enable
multi-factor authentication, keep systems and software up to date, and implement proper
password policies. Additionally, security professionals conduct penetration testing to identify
and rectify vulnerabilities before malicious attackers can exploit them.

Cracking Password Hashes Using John the Ripper:

John the Ripper is a widely used open-source password cracking tool designed to help
security professionals and penetration testers test the strength of passwords by attempting to
crack password hashes. It supports a variety of password hash algorithms and techniques for
efficient password cracking.

Steps to Crack Password Hashes Using John the Ripper:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 3

1. Gathering Hashes:

Obtain the password hashes from the target system's password file or database. These hashes
are typically stored in a secure, hashed format to protect passwords.

2. Choosing Hash Algorithm:

Identify the hash algorithm used for hashing the passwords (e.g., MD5, SHA-1, SHA-256).

3. Format Conversion (if needed):

Convert the hashes to a format that John the Ripper can understand. This might involve
extracting the hashes from the system and saving them in a format supported by the tool.

4. Creating Wordlist (Optional):

A wordlist is a file containing a list of words, passwords, and patterns that John will use to
crack the hashes. You can create custom wordlists or use pre-built ones.

5. Cracking Process: Run John the Ripper with the appropriate flags and options to start the
cracking process. The tool tries various techniques, including dictionary attacks and brute-
force attacks, to crack the hashes.

6. Dictionary Attack: John the Ripper uses the provided wordlist to compare against the
hashes. If the password is in the wordlist, the tool will successfully crack the hash.

7. Brute-Force Attack: If the password is not in the wordlist, John the Ripper can perform a
brute-force attack, trying all possible combinations of characters up to a specified length.

8. Rules and Mangling (Optional): John supports rule-based mangling, where you can define
transformations to apply to words in the wordlist. This helps create variations of words to
increase the likelihood of cracking the hash.

9. Results and Reporting: Once the cracking process is complete, John the Ripper will display
the cracked passwords and hashes. If the password is not cracked, you may need to adjust the
cracking parameters or use a different wordlist.

Tips for Effective Use of John the Ripper:

Wordlist Selection: Use a comprehensive wordlist that includes commonly used passwords,
phrases, and patterns. You can also create custom wordlists based on your target's
characteristics.

Rules and Mangling: Experiment with different rules to apply transformations to the wordlist
entries. This increases the chances of cracking complex passwords.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 4

-Hash Algorithms: Ensure you correctly identify the hash algorithm used for hashing the
passwords. John the Ripper supports a wide range of hash algorithms.

Performance Optimization: John the Ripper can be resource-intensive. Utilize multicore

processors and consider using specialized hardware, such as GPUs, for faster cracking.

Password Complexity: Cracking strong, complex passwords might take an impractically long
time. Focus on weak and commonly used passwords to prioritize the cracking effort.

Ethical Use: Always obtain permission before attempting to crack passwords on systems you
don't own or have proper authorization to test.

Importance of Strong Authentication Mechanisms:

Strong authentication mechanisms play a critical role in ensuring the security and integrity of
digital systems, networks, and sensitive information. They provide a defense layer against
unauthorized access, data breaches, identity theft, and various cyber threats. Here are detailed
notes on the importance of strong authentication mechanisms:

1. Preventing Unauthorized Access:

Strong authentication mechanisms, such as multi-factor authentication (MFA), require users

to provide multiple forms of verification before granting access. This significantly reduces
the risk of unauthorized individuals gaining entry.

2. Protecting Sensitive Data:

Sensitive data, such as personal information, financial records, and intellectual property, must
be safeguarded from unauthorized access. Strong authentication ensures that only authorized
individuals can access and manipulate this data.

3. Mitigating Credential Theft:

Password breaches and credential theft are common tactics used by attackers to gain
unauthorized access. Strong authentication, such as MFA or biometric verification, makes it
significantly harder for attackers to compromise accounts even if passwords are
compromised.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 5

4. Compliance Requirements:

Many industries and regulatory frameworks (e.g., GDPR, HIPAA) mandate the use of strong
authentication to protect sensitive information. Failure to implement strong authentication
can lead to legal and financial consequences.

5. Reducing Insider Threats:

Employees or insiders with malicious intent can pose a significant threat. Strong
authentication mechanisms ensure that even if an insider's credentials are compromised,
additional verification steps are required for access.

6. Defense against Phishing:

Phishing attacks trick users into revealing their credentials. Strong authentication makes it
much more difficult for attackers to use stolen credentials effectively.

7. Enhancing Trust:

Strong authentication builds trust between users and systems. When users know their
information is well-protected, they are more likely to engage with services and share sensitive
information.

8. Preventing Account Hijacking:

Strong authentication mechanisms prevent attackers from taking control of user accounts,
maintaining the privacy and integrity of user data.

9. Strengthening Remote Access Security:

With the rise of remote work and cloud-based services, strong authentication is crucial to
ensure secure access to systems and data from various locations and devices.

10. Adapting to Evolving Threats:

Cyber threats are constantly evolving. Strong authentication mechanisms can adapt to new
attack vectors and provide an additional layer of defense as threats change.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 6

11. Balancing User Experience and Security:

While strong authentication adds an extra layer of security, it's essential to balance security
with user experience. Modern strong authentication methods, such as biometrics or push
notifications, offer enhanced security without sacrificing convenience.

12. Securing Internet of Things (IoT) Devices:

Many IoT devices are vulnerable to attacks due to weak or default credentials. Implementing
strong authentication mechanisms can help protect these devices from being compromised.

In conclusion, strong authentication mechanisms are essential for safeguarding digital assets,
preventing unauthorized access, and maintaining user trust in today's digital landscape. As
cyber threats continue to evolve, organizations and individuals must prioritize the
implementation of robust and multifaceted authentication methods to ensure the security and
integrity of their systems and sensitive information.

Malware Threats and Countermeasures:

Malware (malicious software) refers to any software specifically designed to harm, exploit, or
gain unauthorized access to systems or data. Malware threats are a significant concern in
cyber security, as they can cause data breaches, financial losses, and disruption of operations.
Here are detailed notes on malware threats and the countermeasures to mitigate them:

Common Types of Malware Threats:

1. Viruses:

Viruses attach themselves to legitimate programs and replicate when the infected program is
executed. They can spread rapidly and cause damage to files and systems.

2. Worms:

- Worms are self-replicating malware that spread across networks without user interaction.
They exploit vulnerabilities to propagate and can consume network resources.

3. Trojans:

Trojans masquerade as legitimate software but carry malicious payloads. They can steal data,
provide backdoor access, or install additional malware.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 7

4. Ransomware:

Ransomware encrypts files on a victim's system and demands payment (ransom) in exchange
for the decryption key. It can cause data loss and operational disruption.

5. Spyware:

Spyware gathers sensitive information from a system without the user's knowledge. It can
capture keystrokes, monitor activities, and steal passwords.

6. Adware:

Adware displays unwanted advertisements and collects user data to deliver targeted ads. It
can slow down systems and compromise user privacy.

7. Botnets:

Botnets are networks of compromised devices controlled by a central entity (botmaster).

They can be used for distributed denial-of-service (DDoS) attacks, spam distribution, and
other malicious activities.

8. Rootkits:

Rootkits provide unauthorized access and control to attackers. They are difficult to detect and
can manipulate operating system functions.

Countermeasures Against Malware Threats:

1. Antivirus and Anti-Malware Software:

Install reputable antivirus and anti-malware software to detect and remove known malware.
Keep the software up to date to stay protected against new threats.

2. Firewalls:

Firewalls monitor incoming and outgoing network traffic, blocking unauthorized access and
preventing the spread of malware.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 8

3. Regular Software Updates:

Keep operating systems, applications, and plugins updated to patch known vulnerabilities that
malware exploits.

4. Email and Web Filtering:

Implement filters to block malicious attachments and links in emails and websites, reducing
the risk of phishing and malware infections.

5. User Education and Awareness:

Train users to recognize suspicious emails, attachments, and websites. Educate them about
safe browsing and the importance of not clicking on unknown links.

6. Least Privilege Principle:

Limit user and system privileges to the minimum necessary to perform tasks. This reduces
the potential impact of malware if a system is compromised.

7. Backup and Recovery Plans:

Regularly back up critical data and ensure backups are stored offline or in a secure
environment. This helps recover data in case of a ransom ware attack.

8. Application Whitelisting:

Allow only approved applications to run on systems, preventing unauthorized and potentially
malicious software from executing.

9. Network Segmentation:

Divide networks into segments to contain the spread of malware. If one segment is
compromised, it minimizes the impact on the rest of the network.

10. Patch Management:

Implement a rigorous patch management process to ensure timely installation of security

patches and updates.

11. Behavioral Analysis and Anomaly Detection:

Use tools that analyze user and system behavior to detect abnormal activities that might
indicate malware presence.

12. Multi-Factor Authentication (MFA):

Implement MFA to add an extra layer of protection to accounts and systems, making it harder
for attackers to gain unauthorized access.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 9

In conclusion, malware threats pose significant risks to organizations and individuals.
Implementing a multi-layered approach to cyber security, including preventive measures,
user education, and response plans, is essential to mitigate the impact of malware attacks and
maintain the security and integrity of systems and data.

Certainly, I can provide you with detailed notes on different types of malware, including
viruses, worms, Trojans, and more.

1. Viruses:

Viruses are malicious software programs that attach themselves to legitimate executable files
and propagate when those files are run. They can spread through infected email attachments,
removable storage devices, and malicious downloads. Once activated, viruses can corrupt or
delete files, steal information, and spread to other systems. Examples include the Melissa
virus and the ILOVEYOU virus.

2. Worms:

Worms are self-replicating malware that can spread across computer networks without
requiring user intervention. They exploit vulnerabilities in software to gain access to a system
and then use that system to infect others. Worms can spread rapidly and consume network
bandwidth, leading to system slowdowns or outages. Examples include the Blaster worm and
the Conficker worm.

3. Trojans (Trojan Horses):

Trojans are malware that disguise themselves as legitimate software to deceive users into
running them. Unlike viruses and worms, Trojans don't replicate on their own but can create a
backdoor for remote access or deliver other malicious payloads. They often trick users into
installing them through enticing offers, disguised attachments, or deceptive links. Examples
include the Zeus Trojan and the Back Orifice Trojan.

4. Ransomware:

Ransomware is a type of malware that encrypts a victim's files or entire system, making them
inaccessible until a ransom is paid to the attacker. Ransomware can cause severe data loss
and financial damage to individuals and organizations. Notable examples include WannaCry
and CryptoLocker.

5. Spyware:

Spyware is designed to monitor a user's activities without their consent. It can track
keystrokes, capture screenshots, record browsing habits, and collect sensitive information like
login credentials and personal data. Spyware often aims to steal information for malicious
purposes, such as identity theft or corporate espionage.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 10

6. Adware:

Adware is malware that displays unwanted advertisements or redirects users to advertising

websites. While not as malicious as other types, adware can still be highly annoying and
negatively impact user experience. It often comes bundled with legitimate software, leading
to its unintentional installation.

7. Rootkits:

Rootkits are designed to hide malicious processes or activities from the operating system and
security software. They can give attackers persistent control over compromised systems and
are often used to maintain unauthorized access for extended periods. Rootkits can be difficult
to detect and remove.

8. Botnets:

A botnet is a network of infected computers (bots) that are remotely controlled by a single
entity (bot herder). These infected machines can be used for various malicious activities,
including distributed denial-of-service (DDoS) attacks, spam distribution, and data theft.

9. Keyloggers:

Keyloggers are designed to record a user's keystrokes, capturing sensitive information such as
passwords, credit card numbers, and other personal data. Attackers use this information for
identity theft and unauthorized access to accounts.

10. Logic Bombs:

Logic bombs are snippets of code that lie dormant within a system until a specific condition
is met, such as a certain date or a particular action. Once triggered, they can execute
malicious actions, like deleting files or causing system crashes.

It's important to note that cyber security measures, such as using reliable antivirus software,
keeping software up to date, being cautious with email attachments and downloads, and
practicing safe browsing habits, can significantly reduce the risk of malware infections.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 11

Analyzing malware behavior and infection vectors is a critical aspect of cyber security that
helps researchers, analysts, and security professionals understand how malware operates,
spreads, and impacts systems. This knowledge is essential for developing effective
countermeasures and protecting systems from potential threats. Below are detailed notes on
how malware behavior is analyzed and the various infection vectors that malware can exploit:

Analyzing Malware Behavior:

1. Static Analysis:**

- Involves examining the malware's code and structure without executing it.

- Helps identify potentially malicious functions, libraries, and strings.

- Involves techniques like disassembly, de compilation, and examining file headers.

- Signature-based detection relies on identifying known patterns of malicious code.

2. Dynamic Analysis:

- Involves executing the malware in a controlled environment (sandbox) to observe its

behavior.

- Monitors activities such as file system changes, registry modifications, network

communications, and process interactions.

- Provides insight into the malware's actions and potential impact on the system.

3. Behavioral Analysis:

- Focuses on understanding the actions the malware takes during execution.

- Identifies if the malware modifies files, establishes network connections, attempts

privilege escalation, etc.

- Helps determine the malware's purpose and potential damage it can cause.

4. Code Reversing:

- Involves disassembling the malware to understand its logic and functions.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 12

 - Helps identify key components, such as command and control mechanisms and encryption
techniques.

- Requires expertise in reverse engineering.

5. Memory Analysis:

- Involves examining the malware's interaction with system memory.

- Identifies injected code, API calls, and potential data leakage.

- Useful for analyzing sophisticated malware like rootkits.

6. Payload Analysis:

- Focuses on understanding what actions the malware performs after successful infection.

- Determines if the malware steals data, encrypts files, or conducts other malicious
activities.

Infection Vectors:

1. Email Attachments:

- Malware is often distributed through malicious email attachments (e.g., infected

documents ).

- Users are tricked into opening attachments, triggering malware execution.

2. Malicious Links:

- Cybercriminals send phishing emails with links to infected websites.

- Users are lured into clicking these links, which can lead to drive-by downloads of
malware.

3. Drive-by Downloads:

- Malicious code is injected into legitimate websites.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 13

 - Users visiting these compromised sites unknowingly download malware onto their
systems.

4. Software Vulnerabilities:

- Malware exploits vulnerabilities in software (e.g., operating systems, applications).

- Attackers can deliver malware through unpatched vulnerabilities.

5. Removable Media:

- Malware spreads through infected USB drives, external hard drives, and other removable
media.

- Users unknowingly execute malware when plugging in these devices.

6. Malvertising:

- Malicious ads are placed on legitimate websites.

- Clicking on these ads can lead to malware infection.

7. Social Engineering:

- Attackers manipulate users into executing malware by exploiting their trust, curiosity, or
fear.

- Common techniques include fake software updates, fake antivirus alerts, and enticing
offers.

8. Watering Hole Attacks:

- Attackers compromise websites that a specific target group frequently visits.

- Users visiting these sites are exposed to malware.

9. **Supply Chain Attacks:**

- Malware is inserted into the software supply chain, infecting legitimate software updates.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 14

 - Users unknowingly download and install malware-infected updates.

10. Physical Access:

- Malware can be introduced to a system via physical access, such as infected USB drives
left in public places.

Analyzing malware behavior and understanding its infection vectors is an ongoing process
that requires continuous vigilance and collaboration among cybersecurity professionals. This
knowledge helps in developing effective mitigation strategies, improving detection
mechanisms, and enhancing overall security posture.

Certainly, I can provide you with detailed notes on the penetration testing methodology,
including planning and scoping, exploiting vulnerabilities, post-exploitation activities, and
covering tracks.

Penetration Testing Methodology:

Penetration testing, often referred to as ethical hacking, is a controlled process of evaluating

the security of a system, network, or application by simulating real-world attacks. It involves
identifying vulnerabilities and weaknesses to help organizations strengthen their
cybersecurity. The penetration testing process typically follows a well-defined methodology:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 15

1. Planning and Scoping:

- Define Objectives: Clearly establish the goals and objectives of the penetration test.
Determine what you want to achieve, whether it's testing a specific application, network
segment, or overall security posture.

- Scope: Define the scope of the test, including what systems, applications, and network
segments will be tested. Determine whether the test will be "black box" (no prior knowledge)
or "white box" (with knowledge of the system).

- Rules of Engagement: Set the rules for the test, specifying what actions are permitted and
what's off-limits. This could include constraints on system downtime, data loss, or other
potential impacts.

- Legal Considerations: Ensure that all testing activities are conducted within legal
boundaries and with proper authorization.

- Communication: Establish clear communication channels between the testing team and the
organization's stakeholders. Inform relevant parties about the testing timeline and potential
disruptions.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 16

2. Reconnaissance:

- Gather Information: Collect information about the target environment, such as IP addresses,
domain names, subdomains, and employee information.

- Passive Reconnaissance: Gather information from publicly available sources like search
engines, social media, and public records.

- Active Reconnaissance: Use tools to scan and identify live hosts, open ports, and potential
vulnerabilities.

3. Vulnerability Assessment:

- Scan for Vulnerabilities: Utilize vulnerability scanning tools to identify known

vulnerabilities in the target systems, applications, and services.

- Vulnerability Prioritization: Assess the criticality of vulnerabilities based on their potential

impact and exploitability.

4. Exploitation:

- Exploit Vulnerabilities: Attempt to exploit identified vulnerabilities to gain unauthorized

access to systems or applications.

- Privilege Escalation: If initial access is gained, attempt to escalate privileges to gain higher
levels of control.

5. Post-Exploitation Activities:

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 17

- Lateral Movement: Move laterally within the network to explore the extent of the
compromise and identify other potential targets.

- Data Exfiltration: Attempt to access and exhilarate sensitive data that an attacker might
target.

- Maintaining Access: Set up mechanisms that allow continued access even after the test is
complete to assess the organization's ability to detect and respond to persistent threats.

6. Reporting:

 Documentation: Thoroughly document all actions, findings, and evidence during the
penetration test.

 Technical Report: Provide a detailed technical report to the organization, including

vulnerabilities discovered, exploited systems, and potential impact.

 Risk Assessment: Assess the risks associated with the vulnerabilities and their
potential impact on the organization.

7. Remediation and Recommendations:

 Recommendations: Provide actionable recommendations to address identified

vulnerabilities and weaknesses.

 Patch and Mitigate: The organization should prioritize and apply patches,
configurations changes, and security updates to mitigate the identified vulnerabilities.

8. Retesting:

Validation: Conduct a retest to verify that the recommended fixes and mitigations have been
properly implemented and are effective.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 18

9. Lessons Learned:

Review and Improve: Evaluate the penetration testing process, outcomes, and lessons learned
to improve future testing efforts.

10. Covering Tracks:

Removing Traces: After the penetration test is complete, the testing team should ensure that
all traces of their activities are removed from the systems and network.

ETHICAL HACKING AND NETWORK DEFENSE (19SCF73) Page 19