ethical hacking level 0 by srikanta sen

7/23/2019 Ethical Hacking Level 0 by Srikanta Sen

http://slidepdf.com/reader/full/ethical-hacking-level-0-by-srikanta-sen 1/172

STUDENT GUIDE

Ethical HackingLevel 0

By SRIKANTA SEN

Certified Ethical Hacker

This book does not teach you ethical hacking, but you can't learn ethical

hacking without having the knowledge of these basic topics.Level 0 is a term used in Data structure [Computer Science], which means

the root or the starting point, this book will drop you at the starting point



2

About the Author

Srikanta Sen is an EC-Council certified Ethical hacker, penetration

tester, python code developer, Data analyst professional and an

independent cyber security researcher. His research interest is

"use of big data analytics in cyber security".

Srikanta Sen presently teaching in a college affiliated to Maulana

Abul Kalam Azad University of Technology in Westbengal, India.

He has more than decades of experience in teaching computer

related subjects at university level. He is also working in cyber

security domain for last 5 years.

Srikanta Sen lives in Kolkata, India with his wife and son. He loves

traveling, reading.



3

Thanks to Team

Special Thanks To

Mr. Sandeep Sengupta

Mr. Abir Atarthy

For Their Constant Inspiration



4

Copyright Notice

THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE

COPIED OR REPRODUCED UNLESS SPECIFIC PERMISSIONS

HAVE BEEN GIVEN TO YOU BY THE AUTHOR SRIKANTA

SEN.

ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR

ANY PART OF THIS BOOK IS STRICTLY DISCOURAGED.

Liability Disclaimer

THE TERM “HACKING” SHOULD BE READ AND

UNDERSTOOD AS “ETHICAL HACKING”.

“ETHICAL HACKING” AND “PENETRATION TESTING” ARE

INTERCHANGEABLY USED IN THIS BOOK.

AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY

ORGANIZATION OR COUNTRY.

NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR

ORGANIZATION’S BUSINESS POLICY BY THE AUTHOR.

THE INFORMATION PROVIDED IN THIS EBOOK IS FOR

EDUCATIONAL PURPOSES ONLY.

THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY

MISUSE OF THE INFORMATION PROVIDED.

THE INTENTION OF THIS EBOOK IS TO MAKE YOU AWARE

ON ETHHICAL HACKING.

WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE

ABOUT THE SOURCE INFORMATION OF PICTURE AND

CONTENT.

Any words can be mailed to [[email protected]]

Date:01-jan-2016



5



6

Contents at a Glance

--------------------------------------------------------------------------------

Introduction.....................................................................07-09

Ethical Hacking Concepts..............................................10-15

Penetration Testing Concepts........................................16-16

Basics of Communications.............................................17-20

OSIRM ..........................................................................21-33

Protocols and Ports........................................................34-34

Computer Systems Architectures.................................35-39

Proxy...............................................................................40-42

Basics of Wireless and Mobile Communications........43-47

Command Line Basics for Ethical Hacking................48-52

Virtualization.................................................................53-75

HTTP and HTTPS........................................................76-79

Password........................................................................80-84

Cryptography and Encryption....................................85-91

Steganography..............................................................92-96

Malware........................................................................97-102

Google Hacking..........................................................103-117

HTML.........................................................................118-128

JAVASCRIPT...........................................................129-136



7

Contents at a Glance

--------------------------------------------------------------------------------

Python........................................................................137-148

Server-Side Programming.......................................149-156

Relational Algebra and SQL...................................157-169

Join a Ethical Hacking School.................................170-170



8

Introduction

If a report is to be believed, released by software security services

provider, Norton around 42 million people in India have become

victims of cyber crimes in 2012. As many as 500,000 U.S. jobs are

lost each year from costs associated with cyber espionage, accordingto the report, released by the security firm McAfee and the Center

for Strategic and International Studies. The report also says that

hacking costs the overall U.S. economy as much as $100 billion each

year. U.S. companies spend millions of dollars securing their

networks, buying insurance and repairing their reputations after

getting hacked.

According to Nasscom India will require at least 77,000 ethicalhackers every year, whereas we are producing only 15,000 in a year.

India faces a dearth of 450,000 “cyber army” where demand will be

around 500,000 in the near future.

In India news appears in paper that thousands of graduate engineers

are jobless. According to news published in Times of India July

only 18% engineering grads are employable. If we consider the

extended report; out of 6 lakh engineers that graduate annually, only18.43% of them are employable for the software engineer-IT

services role, while just 3.95% are appropriately trained to be

directly deployed on projects. For core jobs in mechanical,

electronics/electrical and civil jobs, only a mere 7.49% are

employable. OMG, I don’t think India will ever be able to fill the

skill gap in cyber security sector.

In spite of the huge contribution of Indian students in various sectors

of world education over the centuries, this "cyber security domain"

may be overlooked by them. We find in one sector there is a huge

demand for professions and in the other side unskilled jobless

graduate engineers, I think something is wrong with the system.

Educationalist can answer it better.



9

Ethical hacking, also known as penetration testing, intrusion testing

or red teaming whatever you call it, can be a very good career

option, but most of the students don’t know how to choose it as a

career. Some go to Google learn some tricks, show it to their friend

and become popular as hacker, some go to learn ethical hackingfrom ABCD institute and learn only what they are told in just 40-80

hours of course, and finally they are certified ethical hacker. Many

organizations working on cyber security training in India are really

doing very well, but they are helpless with throughput until the mass

awareness is created in cyber security learning.

This book do not teach you ethical hacking, but trust me you cannot

learn ethical hacking without knowing these basic topics discussedin this book.

There is no fast (measured in hours) or easy way to become an

ethical hacker. Ethical hacking requires lots of skill set, which is

categorized into 6 domains.

Networking Domain

Programming knowledge DomainDatabase Domain

Operating system Domain

Ethical hacking tools Domain

Big data analytics Domain

An ethical hacker also should have a basic understanding Data

communication network theory and devices, details of TCP/IPprotocols such as SMTP, ICMP and HTTP. Knowledge of various

operating systems like (Microsoft Windows, various versions of

Linux, backtrack etc) is important. Knowledge on Python, java

programming language, also the knowledge of web programming

platform, like HTML, JavaScript, Microsoft .NET and PHP is

crucial. Basic concept of database is also vital.



10

Big data is the new inclusion, In ethical hacking we try to protect

data or information and you will be astonished to know that

90% of the data produced by civilization ,is generated in last 2-3

years alone and more is going to generate at exceptional speed.Big data analytics will soon be incorporated into cyber security

domain, with the arrival of “Internet of Things” and IPV6

things will be more complicated for cyber security professionals

in next 2-3 years. Last one is the knowledge of Ethical hacking

tools, latest tools are very powerful and can produce fantastic

reports, Ethical hackers should know, how to use the tools and how

to understand the reports produced by these automated tools.

Level 0 is a term used in Data structure in computer science, which

means the root or the starting point, this book will drop you at the

starting point, but you should know more about the topics discussed

in this book from various sources. With this book, my aim is to teach

ethical hacking concepts to ”neophyte” or “noob” and Experts can

recommend this book to juniors for startup.

I am working on “Ethical Hacking Level 1” and “Ethical HackingLevel 2” books, which will be out soon, depending on the response

of this book.



11

Ethical Hacking Concepts

What is hacking

Hacking is the process of exploring the features of a system beyondthe thoughts of the developer, in order to achieve some extrabenefits.

Who is a hacker

The person who is involved in hacking activities, is knownas hacker. They try to find and explore the weakness in computer

systems and/or networks to gain access. Hacker's are exceptionalprogrammers' with vast knowledge of computer science domain.

What is ethical hacking ,Who is ethical hacker

Ethical hacking and ethical hacker are terms used todescribe hacking performed by a company or individual to help

identify potential threats on a computer or network. An ethicalhacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. Thisinformation is then used by the organization to improve the systemsecurity, in an effort to minimize or eliminate any potential attacks.

What constitutes ethical hacking?

For hacking to be deemed ethical, the hacker must obey thefollowing rules:

1. Expressed (often written) permission to probe the network and attempt to identify potential security risks.

2. You respect the individual's or company's privacy.



12

3. You close out your work, not leaving anything open foryou or someone else to exploit at a later time.

4. You let the software developer or hardware manufacturerknow of any security vulnerabilities you locate in their

software or hardware, if not already known by thecompany. [source: computerhope.com]

Types of Hackers

Ethical Hacker (White hat): They hack for a good motive and

always report the weakness to the developer team or to the team, that

deployed themselves to find weakness. The best thing is that they

have a face, I mean they don't disclose their identity.

Cracker (Black hat): They hack for a bad motive and gain

unauthorized access to computer systems. They hide their face and

don't come in front of public.

Grey hat: Sometimes they are White hat, Sometimes Black hat

depending on situation.

Script kiddies: They don't have in depth knowledge of hacking,basically non-skilled person who gains access to computer systems

using already available tools.

Suicide Hackers: The concept of suicide hackers is the same assuicide bombers. They hack, they caught and get punishmentaccording to law.

Phreak: It is a person who tries to intrude systems for fun ormalicious personal activities. Mostly they are children of age 12-15

who don't even know wrong consequences of hacking.

Hacktivist: They hack for a purpose, in order to send any social,

religious or political messages.



13

.Hacktivism: Hacktivism is the act of hacking, or breaking into a

computer system, for a politically or socially motivated purpose. The

individual who performs an act of hacktivism is said to be

a hacktivist

Elite hacker or 1337: They are the best in business and use theirown tool for hacking purpose. 1337 was a port number used by a

group of hackers to communicate between themselves without

anyone knowledge.

Skill Profile of an Ethical Hacker

• Strong knowledge of computer networking.

• Knowledge of programming Language, specially web

programming.

• Good knowledge of various operating system.

• Knowledge of hardware.

• Good knowledge of hacking tools.

• Basic knowledge of virtualization.

• Good knowledge Wireless protocol.

Essential Terminology

• Threat - An action or event that is a concern regardingsecurity. A threat is a potential violation of security.

• Vulnerability - Weakness in the system, that can becompromised

• Target of Evaluation - An IT system, product, or componentthat will be evaluated by security professional

• Attack - An attack is any action that attempts to or violates

security.• Exploit - A defined way to breach the security of an IT

system through vulnerability.



14

Confidentiality, Integrity, and Availability (CIA Triad)

CIA triad, is a model designed to guide policies for informationsecurity within an organization. The model is also sometimesreferred to as the AIC triad (availability, integrity andconfidentiality) to avoid confusion with the Central IntelligenceAgency. The triad are considered the three most crucial componentsof security.

Confidentiality is a set of rules that limits access to

information, Integrity is the assurance that the information istrustworthy and accurate, and Availability is a guarantee of reliableaccess to the information by authorized people.

Phase of Ethical Hacking

• Reconnaissanceo Active / passive

• Scanning• Gaining access

o Operating system level / application levelo Network levelo Denial of service

• Maintaining accesso Uploading / altering / downloading programs or data

• Covering tracks



15

Reconnaissance : It means collect as much as information possible

about the target of evaluation. Passive reconnaissance involves

gathering information about target without their knowledge. Active

reconnaissance involves directly connect to the target and collect

information

Scanning: Attacker uses the details gathered during reconnaissance

to identify specific vulnerabilities. Tools that a hacker may employduring the scanning phase can include dialers, port scanners,

network mappers, sweepers, and vulnerability scanners.

Gaining access: This is the phase where the real hacking takes place

and hacker takes control of the system.

Maintaining access: Once a hacker has gained access, they want to

keep that access for future exploitation and attacks. Attackers, whochoose to remain undetected

>Remove evidence of their entry

>Install a backdoor or a Trojan to gain repeat access

>Install root kits at the kernel level to gain full administrator access

to the target compute



16

Covering tracks: Attackers will usually attempt to erase all

evidence of their actions.

What is called a cyber crime

• website defacing

• child pornography• data breach

• E-mail bombing

• Computer Hacks

• Network Hacks

• Data diddling

• usage of virus, worms, Trojans

• Harassment through mails and chats

• spoofing- email, sms, call• defamation

• software piracy

• spamming etc



17

Penetration Testing Concepts

According to techtarget.com "Penetration testing (also called pen

testing) is the practice of testing a computer system, network or Web

application to find vulnerabilities that an attacker could exploit."

Types of Penetration testing:

There are primarily two types of penetration tests, a) Black Box Test

b)White Box Test

Black Box Test : The pen tester has very little or no knowledge

about the systems to be tested (except the IP address ranges or a

domain name). The penetration tester collects all information and

perform the test. This is costly and takes much time.

White Box Test : In a white‐box penetration test, the penetration

tester is usually provided with a complete knowledge about the

network or systems to be tested, including the IP address schema,

source code, OS details. This is popular and fast compared to Black

Box Test.

Steps in Penetration testing:

Ethical hacking and penetration testing relation

Pen testing is often confused with hacking, but there is a substantial

difference that have to understand, while “hacking” is

exploratory and unstructured, penetration testing is based on a

scientific and structured method.



18

Basics of Communications

Data refers to the raw facts that are collected while information

refers to processed data

Data Communication is a process of exchanging data or informationbetween two devices over a transmission medium.

The data can flow between the two devices in the following ways

1. Simplex: One way communication.

2. Half Duplex: Two way communication, but not simultaneously.Example: A walkie-talkie

3. Full Duplex: Two way communication and simultaneously.Example: mobile phones.

source : ni.com

Categories of Network

Networks are categorized on the basis of their size. The three basiccategories of computer networks are:



19

A. Local Area Networks (LAN) is usually limited to a fewkilometers of area. It may be privately owned example is network consisting of the computers in a college lab.

B. Wide Area Network (WAN) is made of all the networks in a

(geographically) large area. Example is the network in the entirestate.

C. Metropolitan Area Network (MAN) is of size between LAN &WAN.Example is entire network in a “CITY OF JOY”.

DATA

Data can be of two types:Analog data refers to information that is continuous;example: human voiceDigital data refers to information that has discrete states.

SIGNALS

Signals can be of two types:1. Analog Signal: They have infinite values in a range.

2. Digital Signal: They have limited number of defined values.



20

Categories of transmission media

Network topology: It is the arrangement of the various elements

(links, nodes, etc.) of a computer network. Essentially, it is the

topological structure of a network and may be depicted physically

or logically. [source en.wikipedia.org/]

[source www.conceptdraw.com]



21

Digital modulation

Modulation of digital signals known as Shift Keying

Amplitude ShiftKeying (ASK): Binarybit stream is 101, 1 isrepresented by signal, 0is represented by nosignal.

Frequency ShiftKeying (FSK): Binarybit stream is 101, 1 isrepresented by one kindof signal, 0 isrepresented by different

kind of signal.

Phase Shift Keying(PSK): Binary bitstream is 101, See thephase change from 1 to0 and then from 0 to 1.



22

OPEN SYSTEMS INTER CONNECTION REFERENCE

MODEL (OSIRM )

The Open Systems Interconnection (OSI) Model was developed

by International Organization for Standardization (ISO).This

model describe how data is transmitted over a network.. It wasdeveloped to allow systems with different platforms to

communicate with each other. It address hardware, software and

data transmission.

It is a hierarchical model that groups its processes into layers.

It has 7 layers as follows: (Top to Bottom) . Each layer has specific

functions it is responsible for All layers work together in the correct

order to move data around a network. In summary the function of each layer is given.

7. Application Layer :Data generation

6. Presentation Layer: Encryption and formatting

5. Session Layer: Establish connection

4. Transport Layer: Delivery and sequencing

3. Network Layer: Routing to destination

2. Data Link Layer: Local network host delivery1. Physical Layer: Access to media

Some protocol associated with this OSI layer model

[source: https://infosys.beckhoff.com]



23

OSI Model Layer Mnemonics

Top to bottom – All People Seem To Need Data Processing.

Bottom to top – Please Do Not Throw Sausage Pizza Away

How Data Is Referred to in the OSI Model

Data Application, Presentation, and Session layers

Segment Transport layer

Packet Networking layer

Frame Data Link layer

Bits Physical layer

AS data moves from level to level header starts attaching to data



24

Explanation of these SEVEN distinct layers

In the Open Systems Interconnect model, which allows dissimilarcomputers to transfer data between themselves, there are.

7. Application LayerProvides Applications with access to network services.

6. Presentation LayerDetermines the format used to exchange data amongnetworked computers.

5. Session LayerAllows two applications to establish, use and disconnect a

connection between them called a session. Provides forname recognition and additional functions like securitywhich are needed to allow applications to communicateover the network.

4. Transport LayerEnsures that data is delivered error free, in sequence andwith no loss, duplications or corruption. This layer also

repackages data by assembling long messages into lots of smaller messages for sending, and repackaging the smallermessages into the original larger message at the receivingend.

3. Network LayerThis is responsible for addressing messages and data sothey are sent to the correct destination, and for translatinglogical addresses and names (like a machine name

FLAME) into physical addresses. This layer is alsoresponsible for finding a path through the network to thedestination computer.

2. Data-Link LayerThis layer takes the data frames or messages from theNetwork Layer and provides for their actual transmission.



25

At the receiving computer, this layer receives the incomingdata and sends it to the network layer for handling.

2. The Data-Link Layer also provides error-free delivery of data between the two computers by using the physicallayer. It does this by packaging the data from the Network Layer into a frame that includes error detectioninformation. At the receiving computer, the Data-Link Layer reads the incoming frame, and generates its ownerror detection information based on the received framedata. After receiving all of the frame, it then compares itserror detection value with that of the incoming frames, andif they match, the frame has been received correctly.

A frame looks like,

The Data-Link Layer actually consists of two separateparts, the Medium Access Control (MAC) and Logical

Link Control Layer (LLC). Example MAC layers areEthernet 802.3 and Token Ring 802.5

Bridges are an example of devices which works at theMAC layer.

1. Physical LayerControls the transmission of the actual data onto thenetwork cable. It defines the electrical signals, line statesand encoding of the data and the connector types used. Anexample is 10BaseT. Repeaters are an example of devicesthat work at the Physical Layer.



26

TCP/IP MODEL

It is also called as the TCP/IP protocol suite. It is a collection of

protocols. It existed even before the OSI model was developed.

Transmission Control Protocol (TCP) and Internet Protocol (IP) are

the two most important lower-level protocols enabling Internetconnectivity. IP is responsible for moving packets of data from one

connection point to the next, while TCP verifies the integrity of data

traveling between two endpoints. TCP and IP work together so much

that the two protocols are commonly referred to as TCP/IP.

Originally it had four layers (bottom to top):

1. Network Interface Layer

2. Internet Layer

3. Transport Layer

4. Application Layer

• The Application layer of the TCP/IP Model encompasses the samefunctions as theApplication, Presentation, and Session layers of the OSI Model.

• The Transport layer of the TCP/IP Model functions the same as theTransport layer in OSI Model and part of Session layer.

• The Internet layer of the TCP/IP Model Performs the same

functions as the OSI Model Network layer and many of the functionsof the LLC sub layer of the OSI Model Data Link layer.

• The Network Interface layer of the TCP/IP Model performs much

of the job of the MAC portion of the Data Link and Physical layers

of the OSI Model.



27

Mapping of OSI and TCP-IP layer

[source www.hardwaresecrets.com]

TCP/IP Model and its Relation to Protocols of the TCP/IP Suite

Layer Protocols

Application HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP

Transport TCP, UDP

Internet IP,IGMP, ICMP, ARP, RARP

Network

interface

Ethernet, Token Ring, FDDI, X.25, Frame

Relay, RS-232, v.35

Application layer protocol

The Hypertext Transfer Protocol (HTTP) is used to transfer files

that make up the Web pages of the World Wide Web.



28

The File Transfer Protocol (FTP) is used for interactive file transfer.

The Simple Mail Transfer Protocol (SMTP) is used for the transfer

of mail messages and attachments.

Telnet, a terminal emulation protocol, is used for logging onremotely to network hosts.

The Domain Name System (DNS) is used to resolve a host name to

an IP address.

The Simple Network Management Protocol (SNMP) is used

between a network management console and network devices

(routers, bridges, intelligent hubs) to collect and exchange network management information.

Transport layer protocol

TCP is a reliable connection-oriented, reliable protocol. i.e. a

connection is established between the sender and receiver before

the data can be transmitted.

It divides the data it receives from the upper layer into segments

and tags a sequence number to each segment which is used at

the receiving end for reordering of data.

UDP is an unreliable, connectionless protocol that provides data

transport with lower network traffic overheads than TCP. UDP is

used when the amount of data to be transferred is small (such as thedata that would fit into a single packet), or when the overhead of

establishing a TCP connection is not desired or when the

applications or upper layer protocols provide reliable delivery. UDP

does not error check or offer any flow control, this is left to the

application process



29

Internet layer protocol

The Internet Protocol (IP) is a routable protocol responsible for IPaddressing, routing, and the fragmentation and reassembly of

packets.

The Address Resolution Protocol (ARP) is responsible for the

resolution of the Internet layer address to the Network Interface

layer address such as a hardware address.

The Internet Control Message Protocol (ICMP) is responsible forproviding diagnostic functions and reporting errors due to the

unsuccessful delivery of IP packets.

The Internet Group Management Protocol (IGMP) is responsible for

the management of IP multicast groups.

(RARP) Reverse Address Resolution Protocol. It is used by a

device on the network to find its Internet address when it knowsits physical address.

Network interface

The Network Interface layer (also called the Network Access layer)is responsible for placing TCP/IP packets on the network mediumand receiving TCP/IP packets off the network medium. TCP/IP wasdesigned to be independent of the network access method, frameformat, and medium. In this way, TCP/IP can be used to connectdiffering network types. These include LAN technologies such asEthernet and Token Ring and WAN technologies such as X.25 andFrame Relay. Independence from any specific network technologygives TCP/IP the ability to be adapted to new technologies such asAsynchronous Transfer Mode (ATM).

[source technet.microsoft.com]



30

Comparison OSI and TCP/IP

OSI TCP/IP

It has 7 layers It has 4 layers

OSI model has separate

presentation layer

TCP/IP does not have a separate

presentation layer

In OSI model the transport layer

guarantees the delivery of

packets

In TCP/IP model the transport

layer does not guarantees

delivery of packets.

OSI provides layer functioningand also defines functions of all

the layers.

TCP/IP model is more based onprotocols.

What is Internet Protocol?

Internet Protocol is a set of technical rules that defines how

computers communicate over a network. There are currently two

versions: IP version 4 (IPv4) and IP version 6 (IPv6).

IPv4 is 32-bit addressing scheme. In IPv4 232 (4,294,967,296)

addresses available. When IP was first standardized in Sep 1981,

each system attached to the IP based Internet had to be assigned a

unique 32-bit address. This 32-bit IP addressing scheme involves a

two level addressing hierarchy.

Network Number prefix Host number



31

There are two notations to show an IPv4 address:

a) Binary notation

The IPv4 address is displayed as 32 bits. ex. 11000001 1000101100011111 11001111

b) Dotted decimal notation

To make the IPv4 address easier to understand, it is usually

written in decimal form with a decimal point (dot) separating the

bytes. Each byte (octet) is 8 bits hence each number in dotted-

decimal notation is a value ranging from 0 to 255.

Ex. 192.168.11.239

IP addresses are divided into 5 categories:

Class A: uses first octet for network addresses and last three octets

for host addressing

Class B: uses first two octets for network addresses and last two for

host addressingClass C: uses first three octets for network addresses and last one

for host addressing

Class D: provides flat IP addressing scheme in contrast to

hierarchical structure for above three.

Class E: Reserved for future use.

[Source: ccnablog.com]



32

[source: tcpipguide.com]

Number of networks and host in each class is given below

Problem with IPv4

In 1981,the number of addresses 232 = ~4,294,967,296 was enough,

but with the penetration with internet, it seems that, a large number

in 1981 is actually a small number in 2015.



33

Another problem with IPv4 is that the IPv4 header length is variable.

It is acceptable when routing was done by software. But now routers

are built within hardware, and processing the variable length headers

in hardware is hard. The large routers that allow packets to go all

over the world are having problems coping with the load. Clearly, a

new scheme was needed with fixed length headers.

IP version 6 (IPv6)

IPv6 is a newer numbering system that provides a much larger

address pool. than IPv4. It was deployed in 1999 and should meet

the world’s IP addressing needs well into the future. Here Address

Size is 128-bit number.IPv6 addresses are so much larger than IPv4

addresses and even representing them in decimals is difficult. Hencethe IPv6 addresses are represented in hexadecimal numbers,

separated by a colon.

for example 3FFE:F200:0234:AB00:0123:4567:8901:ABCD.

Total number of address possible is

2128 = ~340,282,366, 920,938,463,463,374, 607,431,768,211,456.

Comparison of IPv4 and IPv6 header

[source 343networks.wordpress.com]



34



35

Protocols and ports

What is protocol

In telecommunications, a protocol is the special set of predefined rules that allow

two or more entities of a communications system to transmit information.

Protocols specify interactions between the communicating entities.

What is port

In computer hardware, a port acts as an interface between the computer and other

computers or peripheral devices. External devices are connected to a computer

using cables and ports. Ports are slots on the motherboard into which a cable of

external device is plugged in. Examples of external devices attached via ports are

mouse, keyboard, monitor, microphone, speakers etc.

Port number is a 16-bit unsigned integer, ranging from 0 to 65535. Specific port

numbers use specific services. 1024 well-known port numbers are reserved by

convention to identify specific service types on a host. [ source: wikipedia]

Common ports and respective services running on the ports.

20 FTP data (File Transfer Protocol)

21 FTP (File Transfer Protocol)

22 SSH

23 Telnet

25 SMTP (Simple Mail Transfer Protocol)

53 DNS (Domain Name Service)

68 DHCP (Dynamic host Configuration Protocol)

80 HTTP

110 POP3 (Post Office Protocol, version 3)

137 NetBIOS-ns

138 NetBIOS-dgm

139 NetBIOS

143 IMAP (Internet Message Access Protocol)

161 SNMP (Simple Network Management Protocol)

194 IRC (Internet Relay Chat)

220 IMAP3 (Internet Message Access Protocol 3)

389 LDAP

443 SSL (Secure Socket Layer)

445 SMB (NetBIOS over TCP)



36

Computer Systems Architectures

Centralized Systems

In Centralized Systems, several jobs are done on a particularcomputer (system)

Distributed Systems

Distributed computing is required, when the system requirement islarge and cannot be fulfilled by single machine, jobs are distributedin several processor. The processors are interconnected by acomputer network and solutions are then combined together toproduce it in front of client, as it seems to come from singlecomputer.



37

A client is something that send a request to one computer or server.

In response the server accepts the request and sends some message

back to the client, for example at the time of checking result, your

browser acts as a client where request is your roll number.

A server is a process that provides requested services for clients. Thecomputer that stores your result is known as a server.

Client and server processes can reside in the same computer or in

different computers connected by a network.

Web clients: Mozilla Firefox, Internet Explorer, Google Chrome, etc

Web servers: Apache, Microsoft IIS, Sun Java System Web Server

etc

Physical Tiers

In 1-tier architecture all of the processing is done on a single host.Users can access such systems (mainframes) through dumbterminals, but what is displayed and how it appears is controlled bythe mainframe.



38

2-tier architecture is used to describe client/server systems, where

clients send request and servers respond to these requests.

Picture source: pecktechdesigns.com

3-tier architecture is used to describe client/server systems consisting

of:

• Clients which request services

• Application servers whose task is to provide the requestedresources,but by calling on database servers

• Database servers which provide the application servers with thedata they require.

Picture source: tutorials.jenkov.com



39

N-tier architecture is used to describe client/server systems consisting of more than 3 tiers

Picture source: www.informationweek.com

Examples of Servers

Mail Server :: Allows client mail program to connect to mail serveron remote machine.

Login Server :: Allows clients to establish login sessions on remote

machine.File Servers :: Client requests to read or write part of a file. The

server might support several operations, includingread, write, open, close and seek.

Print Server:: A computer that manages one or more printers, and anetwork server is a computer that manages network traffic.

Database Server:: A computer system that processes database queries.

Peer-to-peer (P2P)

The P2P model does not have the concept of clients or servers. Allpeers are called servents, SERVENT = SERVer + cliENT. All nodesacts as both clients and servers In the P2P model, but for anycommunication session we can distinguish who is "clients" andwhich one is "servers".



40

Client/server P2P

It is like lecture-based learning It is like project-based learning

Eating at a restaurant Eating at home

Picture source: shareaza.sourceforge.net



41

Proxy

What is proxy

When an user ask for a webpage from a server, the client sends the

ip address to the website, so that the response get back to the clientip address, in this way the client keeps a stamp of the computer in

server.

A proxy or a proxy server is a computer that is placed between the

attacker and the target computer. Proxy server allow an attacker to

hide his/her identity in the network .When I say hide identity, two

things an attacker wants to hide a)IP address b)MAC address

IP address is used to find the geographic location and MAC address

is used to find the machine used (in the network) used for hacking.

How proxy is implemented

First attacker computer makes a connection with the proxy serverand then requests a connection to the target computer via the existing

connection to the proxy. The proxy server forward the requests to

the proxy, finally which is forwarded to the attackers computer. This

lets a hacker surf the Web anonymously or otherwise hide their

attack.



42

Proxy Chaining: Proxy chaining is the use of more than 1 proxy

servers to stay anonymous. You can use as many proxy servers as

you can or want. The more you have, the more anonymous you will

be.

Why Proxy is used

• To hide the source IP address to avoid any legal trouble

• To remotely access intranets and other web resources that are

out of reach



43

Some popular proxy

• http://www.anonymizer.ru

• https://www.anonymizer.com/

• FoxyProxy is a plugin for your browser which automaticallyswitches an internet connection across one or more proxyservers based on URL patterns.

• AnonymoX is a plugin for your browser for anonymizationon the internet

• proxy workbench

• proxifier

• proxy switcher

• Tor

• Socks Chain

• hide me



44

Basics of Wireless and Mobile Communications

Concept of wireless networking

A wireless network is any type of computer network that useswireless data connections for connecting network nodes.

Wireless networking is a method by which homes,telecommunications networks and enterprise (business) installationsavoid the costly process of introducing cables into a building, or as aconnection between various equipment locations. Wirelesstelecommunications networks are generally implemented andadministered using radio communication. This implementation takesplace at the physical level (layer) of the OSI model network

structure.

Examples of wireless networks include cell phone networks, Wi-Filocal networks and terrestrial microwave networks.[Source:: Wikipedia]

Common term used in wireless networking

Wireless Local Area Network (WLAN): A short-range computer-

to-computer wireless data communications network.

Wireless: Communication between devices where wire is notpresent. Signal moves in the form of electromagnetic waves in theentire communication path.

Wireless Access point: It is a part of hardware that creates a centralpoint of wireless connectivity. It is similar to hub.

Cellular: A wireless communications network architecture thatemploys "cells" or modular coverage areas, typically serviced by a“cell site”, and usually provides hand-off capability between cellsfor roaming devices.

Attenuation: The loss or weakening of a signal through atransmission line, transmission component, or signal path.



45

Antenna: It is important for sending and receiving radio waves,there are 2 types of antennas:

• Omni-directional antennas

• Directional antennas

Microwave: Usually referring to all radio frequencies above 1 GHz

or so.

Jamming: The typically intentional or malicious interference withanother radio signal.

SSID: The SSID (service set identifier) is a unique identifier; it isthe name of the WLAN, it acts as a single shared identifier betweenwireless access points and clients.

Bluetooth: A standard system for wireless personal area networks(PANs). Bluetooth provides speeds of up to 3 Mbps at short ranges(typically less than 10 meters). PAN technologies, such asBluetooth, are complementary to LAN technologies (like 802.11)and are typically used to connect peripheral devices, such askeyboards to computers or wireless headsets to mobile phones.

Wi-Fi hotspots: A Wi-Fi hotspot is created by installing an access

point to a connection. The access point transmits a wireless signalover a short distance which covers around 300 feet. When a Wi-Fienabled device such as a mobile, tab, laptop find a hotspot, thedevicethen connect to that network wirelessly. 802.11b is the mostcommon specification for hotspots worldwide.

Wireless standards:

The first wireless standard was 802.11

It defines 3 physical layers:

• Frequency Hopping Spread Spectrum (FHSS)

• Direct Sequence Spread Spectrum (DSSS)

• Infrared



46

There are several specifications in the 802.11 family:

• 802.11a

• 802.11b

• 802.11g

•

802.11i

802.11i improves WLAN security

What are the Types of Wireless Connections?

• Wireless PAN – Personal area network Wireless PersonalArea Networks

• Wireless LAN – Local Area Network

• Wireless MAN – Metropolitan Area Networks• WWANS: Wireless Wide Area Networks

What is Wi-Fi

Wi-Fi stands 802.11b are Wi-Fi (Wireless Fidelity). It is primarily alocal area networking (LAN) technology designed to provide in-house broadband coverage. Wi-Fi operates at 20 MHz in the 2.4GHz range. It has a theoretical speeds of up to 11 Mbps. It can covera distance up to 8 km in a city.

WIFI – SECURITY WEP and WPA

Wi-Fi Protected Access (WPA): An improvement to WEP, WPAadds — among other changes — a key (TKIP, or Temporal KeyIntegrity Protocol) that changes dynamically over time, whicheliminates the greatest shortcoming of WEP. WPA is the minimum

level of security you should choose, if at all possible. WPA-Enterprise adds 802.1x authentication to make the network evenmore secure.

Wi-Fi Protected Access 2 (WPA2): WPA2 adds even furtherenhancements to WPA, including AES (Advanced EncryptionStandard), which makes the encryption key almost impervious to



47

current cracker attacks.

Wired Equivalent Privacy (WEP): The encryption system used bywireless LANs to provide security on the network. WEP uses anencryption key (which can be 40 or 104 bits long — these keys areoften referred to as 64- and 128-bit keys because of some extra bits

used in the WEP system) to encrypt data flowing across the network.Without the WEP encryption key, unauthorized users see onlygarbled data and cannot read what is being sent across the network .

[source .dummies.com]acking echniquesWireless hacking activities are categorized as:

• Cracking encryption and authentication mechanism

• Eavesdropping or sniffing

• Access Point spoofing

• MAC spoofing

• Denial or Service

Wireless attacks

• War Driving: It is the act of locating and possibly exploiting

connections to WLANs while driving around a city orhighway.

• War Walking: Walking around to search for open wirelessnetworks

• War Flying: Searching open wireless network while flying

• War Chalking: Using chalk to identify available opennetworks

• Blue Jacking: Use of Bluetooth technology to temporarily

hijack another person's cell phone.

Wireless hacking tools

• Aircrack

• AirSnort

• Cain & Able

• Kismet



48

• NetStumbler

• WireShark

How to secure wireless networks

In order to minimize wireless network attacks; individual or

organization can adopt the following policies.

• Change default passwords that come with the hardware• Use of strong WEP and WPA-PSK keys, a combination of

symbols, number and characters reduces the chance of thekeys been cracking using dictionary and brute force attacks.

• Firewall software can also help reduce unauthorized access.• Change the Network’s SSID name.•

Create a unique password on router.• Reduce the Range of the Wireless Signal.



49

Command Line Basics For Ethical Hacking

In Windows environment open command prompt and type the

following commands

mkdir::creates new folder/directory

dir:: to list the content of the folder

echo:: write some text

type:: display the text

more:: more file1.txt also displays the file content

ipconfig:: windows ip configuaration

ipconfig /all:: display more on windows ip configuaration

ipconfig /release:: release all stored ip configuaration value

ipconfig /renew::Ask dhcp server to give new ip value

netstat command:: Netstat, the TCP/IP networking utility, has asimple set of options and identifies a computer's listening ports.

along with incoming and outgoing network connections. This data

can be very helpful if you're trying to resolve a malware issue or

diagnose a security problem.



50

-an is for all listening port in a machine.

taskmgr:: command displays windows task manager, shows all

currently running process

tasklist:: command display all running task in command prompt

to find a particular task and to kill it, you need to know the

process id.

taskkill /PID 2484/F :: kills the task [PID is process id,/F is for

forcefully]



51

The net user is a command-line tool that was introduced in Windows

Vista and is available in Windows 8 too. This tool

can help system administrators to add or modify user accounts or

even displays user account information.

net user <new username> <new password> /ADD add a new user.

ping command is used to check the status of a target computer, ping

to send an ICMP echo request to a target host name or IP address.

The TRACERT (Trace Route) command is a route-tracing utility

used to determine the path that an IP packet has taken to reach a

destination.

BackTrack was a Linux distribution that focused on security based

on the Ubuntu Linux distribution aimed at digital forensics and

penetration testing use. In March 2013, the Offensive Security team

rebuilt BackTrack around the Debian distribution and released it

under the name Kali Linux. [source wiki]

Backtrack is the most popular among hackers or security

professionals. I cannot explain all commands but some are listed

below.



52

You can use ls command to list out all the files or directories

available in a directory.

ls-l is long listing,d........ represent directory

to know your ip configuration use ifconfig command

wc command counts line, word and char in a file

cp command is used to copy filemv commmand rename a file

rm command delete a file

clear command clear the screen

netstat the TCP/IP networking utility

man is a help command [man ls]

ps -A //list all running task



53

pa -A | grep firefox //find the process id of firefox, grep is a filter

command

apt-get install packagename //install package in os



54

Virtualization

It is the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operatingsystems, storage devices, and computer network resources.

VMware, VirtualBox, are well known virtualization softwareproducts. Desktop virtualization software such as VMware (VMwarePlayer), Oracle VirtualBox are freely available for home users.

Desktop virtualization software give user facility to install and run

multiple Operating Systems on desktop or laptop computer in virtual

environment without disturbing the host OS. For Example host may

be XP, guest Os may be LINUX, BACKTRACK, Windows server.

Ethical Hackers need to know these softwares otherwise the host

operating system may be corrupted while performing some

experients. VMware, VirtualBox Both are powerful with negligible

difference at your level.

Oracle VM VirtualBox can be downloaded from

https://www.virtualbox.org/

VMware, Inc. is an American company that provides cloud and

virtualization software and services, VMware can be downloaded

// www.vmware.com/



55

Virtual box screens will come accordingly



56



57



58



59



60



61



62

The Setting button is important explore that.



63



64

Media source is the ISO image of the OS, where the ISO file isphysically stored in hard disk.



65

To exit from virtualbox remember the following screen



66

VMWARE



67



68



69



70



71



72



73



74



75



76



77

HTTP and HTTPS

The HTTP is a standard text based application protocol for

distributed, collaborative, hypermedia information systems. HTTP is

the most important protocol in data communication for the World

Wide Web. HTTP is a reliable protocol, where data is transferred tothe peer machine without any loss.

HTTP functions as a request-response protocol in the client-server

computing model. A HTTP client sends a request to a HTTP

server. In turn the server, returns a response message. HTTP is also

called a pull protocol; because the client pulls information from the

server. HTTP is a stateless protocol, because the current request has

no idea about the previous requests.

HTTP protocol defines a set of request methods. The methods are:

• GET: A client use the GET request for a web resource fromthe server.

• HEAD: A client can use the HEAD request to get the headerthat a GET request would have obtained.

• POST: Used to post data up to the web server.• PUT: Send some document to the server for storing purpose.• DELETE: Request the server to delete the data or object on

server.• TRACE: Ask the server to return a diagnostic trace of the

actions in the path from client to server.• OPTIONS: Ask the server to return the list of request

methods it supports.

HttpFox is a Firefox plug-in that monitors and analyzes all incomingand outgoing HTTP traffic between the browser and the web servers.



78

With it you can not only read about all the elements that loads a webpage, but also can do the following

• The headers of requests and responses (Request and response

headers)• Cookies sent and received (Sent and received cookies)

• The parameters of the URL (query string parameters)• POST parameters (POST parameter)

• The response from the remote server

An example of HTTP header when performed onhttp://www.alahadgroup.com

HTTP Request HeaderConnect to 216.227.218.110 on port 80 ... ok

GET / HTTP/1.1[CRLF]

Host: www.alahadgroup.com[CRLF]

Connection: close[CRLF]

User-Agent: Web-sniffer/1.1.0 (+http://web-

sniffer.net/)[CRLF]

Accept-Encoding: gzip[CRLF]

Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]

Cache-Control: no-cache[CRLF]

Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]

Referer: http://web-sniffer.net/[CRLF]



79

The requested server returns this document with a response statuscode "200 OK". 200 OK means the request is fulfilled. HTTP/1.1 isthe http version.

Both HTTP header and HTTP response provide lots of vital

information about the server. It is used by cyber criminal’s t for

further exploitation because criminals know that data sent via port

80 (HTTP) is plain text and without any encryption.

Limitations of HTTP

• Stateless, no built-in support for tracking clients (sessionmanagement)

• No built-in security mechanisms

HTTPS

Secure Socket Layers (SSL), or Transport Layer Security (TLS) is

used over HTTP, known as HTTPS. It is designed to provide

security for network communication by means of encryption.

The HTTPS Communication Process

The process works out as follows:

1. The client browser connects to http://example.com on port 80using HTTP.

2. The server redirects the client HTTPS version of this siteusing an HTTP code 302 redirect.

3. The client connects to https://example.com on port 443.4. The server provides a certificate to the client containing its

digital signature. This certificate is used to verify the identityof the site.

5. The client takes this certificate and verifies it against its list of trusted certificate authorities.

6. Encrypted communication is developed.



80

If the certificate validation process fails then that means the websitehas failed to verify its identity. At that point the user is typicallypresented with a certificate validation error and they can choose toproceed at their own risk, because they may or may not actually becommunicating with the website they think they are talking to.

Some Status Codes Associated with HTTP

Number Meaning200 OK301 Moved Permanently400 Bad Request401 Unauthorized403 Forbidden

404 Not Found500 Internal Server Error503 Service Unavailable



81

Password

What is a password

A password is an unspaced sequence of characters used to determine

the actual user of the device or the application. Passwords usually

comes with user identification. Passwords are encrypted and are not

visible at the time of typing.

In 2013, Google released a list of the most common password types,

all of which are considered insecure because they are too easy toguess (especially after researching an individual on social media):

• The name of a pet, child, family member, or significant other• Anniversary dates and birthdays• Birthplace• Name of a favorite holiday• Something related to a favorite sports team• The word "password"



82

Different types of password

Biometric password: Biometrics refers to metrics related to human

characteristics, like fingerprint, face recognition, iris recognition,

retina, odour/scent etc It is also used to identify individuals in groups

that are under surveillance.

Iris scanning has some benefits over fingerprint scanner, later

requires physical contact with a device, where as an eye can be

scanned from several feet away.

Typed password: Password can be typed from a keyboard or a

virtual keyboard in the computing device

Pattern based Graphical password: It stores a password in aparticular pattern, usually in pattern of (dot) example: Android

Pattern Unlock and Windows 8 Picture Password.

Entropy: The amount of uncertainty or unpredictable randomness.

Password Entropy: The amount of entropy which can be derived

from a password.

Android Pattern Unlock

• At least four points must be chosen.

• No point can be used twice.

• Only straight lines are allowed.

• Cannot jump over points not visited before



83

Passwords are stored in four ways

a) Stored in computing device

Windows stores its passwords in what is called the Security

Accounts Manager database, or SAM database. The Security

Account Manager (SAM) is a database file in Windows XP,

Windows Vista and Windows 7 that stores users' passwords. It canbe used to authenticate local and remote users.

b) Stored in browser

Majority of browsers will ask whether user wants to save the

password when logging into sites.



85

• Physically isolate and protect the server.

• Monitor the server logs for brute force attacks on useraccounts.

• Include of special characters, e.g. @, #, $ etc in password.

What is Lan Manager Hash

LM hash, LanMan hash, or LAN Manager hash is a

compromised password hashing function that was the primary

hash that Microsoft LAN Manager and Microsoft Windows

versions prior to Windows NT used to store user passwords.

[source Wkipedia]

Example:Lets say your password is: '123456qwerty'.

When this password is encrypted with LM algorithm, it is firstconverted to all uppercase: '123456QWERTY'

The password is padded with null (blank) characters to make it14character length: '123456QWERTY_'

Before encrypting this password, 14 character string is split intohalf: '123456Q and WERTY_'

Each string is individually encrypted and the resultsconcatenated.'123456Q' = 6BF11E04AFAB197F'WERTY_' = F1E9FFDCC75575B15

The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15

Note: The first half of the hash contains alpha-numeric charactersand it will take 24 hrs to crack by LOphtcrack and second half only takes 60 seconds.

[source EC council v3 slide]



86

Cryptography and Encryption

As a hackers, you will often face challenges with the of

cryptography and encryption. Breaking windows password to

wireless password. Many applications and protocols use encryption

to maintain confidentiality and integrity of data. To be able to crack passwords and encrypted protocols such as SSL and wireless, you

need to at least be familiar with the concepts and terminology of

cryptography and encryption.

Cryptography: Cryptography is the art of secret writing.

Cryptography enables to send information between participants in a

way that prevents others from reading it. The following are some

simple terms associated with cryptography.

•Plaintext: A message in its original form is known as plain text.

• Cipher text: The transformed information is known as cipher text.

•Encryption: The process of converting plain text into cipher text is

known as encryption.

•Decryption: The reverse of encryption is called decryption.

Decryption produces plain text from the cipher text.

•Encryption algorithm: The various substitution andtransformations are performed on plain text in cryptography by

Encryption algorithm.

•Key: some critical information used by the cipher, known only to

the sender & receiver.

•Decryption algorithm: This is the encryption algorithm run in

reverse. It takes the cipher text and the corresponding key and

produces the original plaintext.

•Cryptanalysis - the study of principles and methods of

transforming an unintelligible message back into an intelligible

message without knowledge of the key. Also called code breaking.



87

Cryptographic systems are classified along three dimensions

1. The type of operations used for transforming plaintext to cipher

text

- substitution

- transposition

2. The number of keys used- single key, symmetric, secret key, conventional

- two keys, asymmetric, public key

3. The way in which plaintext is processed

- block cipher

- stream cipher

Simple example of cryptography:

When Julius Caesar sent messages to his generals, he didn't trust hismessengers. So he replaced every A in his messages with a D, every

B with an E, and so on through the alphabet. Only someone who

knew the “shift by 3” rule could decipher his messages.

Say you are chatting with your friend, suddenly your mother came

behind, soon you will write "POS" in the chat box, your friend

knows that you mean "Parent On Shoulder", and start chatting on

homework. "POS" is encryption of "Parent On Shoulder".

Encryption algorithm is "take first letter of each word".

Substitution and transposition cipher

Substitution ciphers are simple and operate by replacing eachcharacter with another character, for example, the letter 'A' would besubstituted for the letter 'Q' every place it occurs. Substitutionciphers are rarely used today due to the ease in breaking them with

frequency cryptanalysis.plain text HACKING become cipher text IQEAOFU.



88

Transposition ciphers operate by moving plaintext characters to

new locations in the cipher text, rather than by substituting

individual characters. An example of a simple transposition cipher is

the word jumble or cryptogram in a newspaper. All the characters

found in the plaintext are in the cipher text, but in different relativepositions.

Cryptographic algorithms are classified into three categories

Secret Key Cryptography (SKC) : Uses a single key for bothencryption and decryption.

Secret-key cryptography is much faster than public-keycryptography and is used for ensuring the confidentiality of largepayloads.



90

Hash Functions : A cryptographic hash function is a hashfunction which takes an input (or 'message') and returns a fixed-sizealphanumeric string, which is called the hash value (sometimescalled a message digest, a digital fingerprint, a digest or a checksum

[source:wiki]

[source voer.edu.vn]

Base 16: In base 16 Cryptographic Hash Functions,16 charactersare used to encrypt or decrypt, these 16 characters are 0-9,A-F.Mostpopular hexadecimal hash value is MD5. It accepts variable lengthmessage from the user and converts it into a fixed 128-bit messagedigest value.

Base 32: It uses 32 characters are used to encrypt or decrypt, these16 characters are A-Z , 2-7.

Base 64: It uses 64 characters are used to encrypt or decrypt, these

16 characters are A-Z ,a-z,0-9,+,/.It always ends with ==



91

You can use the following site for encryption and decryption

CryptoFox is an encryption or decryption plug in tool available forMozilla Firefox. It supports popularly used encryption algorithm.This add-on also comes with dictionary attack support, to crack

MD5 cracking passwords.

About this Add-on

CryptoFox supports the

following:

- AES 128-bit Encrypt

- AES 128-bit Decrypt





- ASCII to Binary

- ASCII to Hexadecimal

- Base 64 Encode

- Ceaser Encrypt

- Ceaser Decrypt

- Decimal to Binary

- Decimal to Hexadecimal

- Decimal to Octal

- DES Encrypt

- Generate CRC32 Checksum- Hexadecimal to ASCII

- Hexadecimal to Binary

- Hexadecimal to Decimal

- Hexadecimal to Octal

- HTML Entities Encode

- MD5 Dictionary attack



92

- Base 64 Decode

- Binary to ASCII

- Binary to Decimal

- Binary to Hexadecimal

- Binary to Octal

- Octal to Hexadecimal- Reverse

- ROT-13

- SHA1 Encrypt

- URL Decode

- MD5 Encrypt

- Morse Code Encrypt

- Morse Code Decrypt

- Octal to Binary

- Octal to Decimal

- SHA256 Encrypt- URL Encode

- XOR Encrypt



93

Steganography

Analyzing data is an important part of ethical hacking andpenetration testing, Data may be alphanumeric or picture, video. If Itell you a story, it will be more clear.

According to a news published in website http://arstechnica.com

".When a suspected al-Qaeda member was arrested in Berlin in Mayof 2011, he was found with a memory card with a password-protected folder — and the files within it were hidden. But, as theGerman newspaper Die Zeit reports, computer forensics expertsfrom the German Federal Criminal Police (BKA) claim to haveeventually uncovered its contents — what appeared to be apornographic video called 'KickAss.'

Within that video, they discovered 141 separate text files, containing

what officials claim are documents detailing al-Qaeda operationsand plans for future operations — among them, three entitled "FutureWorks," "Lessons Learned," and "Report on Operations."

Steganography was widely used in World War II. Consider thefollowing example of a null cipher (unencrypted messages) used bya German spy in World War II [David Kahn, The Codebreakers, TheMacmillan Company. New York, NY 1967].

Apparently neutral's protest is thoroughly discounted and ignored.Isman hard hit. Blockade issue affects pretext for embargo on byproducts, ejecting suets and vegetable oils.

The following message may be obtained by taking the second letterform each word and a little manipulation:

A pparently neutral's p rotest i s t horoughly discounted a ndi gnored. I sman h ard hit. Bl ockade i ssue a f fects p retext f ore mbargo o n b yproducts, e jecting suets a nd vegetable oils.

Pershing sails from NY June 1.



94

So learning the basic concepts of steganography is important.

Steganography from the Greek word steganos meaning “covered”

and the Greek word graphie meaning “writing”. Steganography is

the process of hiding of a secret message within an ordinary message

and extracting it at its destination.

"Steganography is the art and science of communicating in a way

which hides the existence of the communication. In contrast to

cryptography, where the enemy is allowed to detect, intercept and

modify messages without being able to violate certain security

premises guaranteed by a cryptosystem, the goal of steganography is

to hide messages inside other harmless messages in a way that does

not allow any enemy to even detect that there is a second secret

message present.” [Markus Kuhn 1995-07-03].

Steganography vs Encryption

Encryption is the practice of systematic information scrambling so

that it may be unscrambled later.

But steganography is the practice of information hiding.

Steganography + Encryption = Big Trouble for Law Enforcement

Agencies

Steganography – Carrier Files

• bmp

• jpeg

• gif

• wav

• mp3

Steganography Tools

• MP3Stego

• S-Tools (GIF, JPEG)

• StegHide (WAV, BMP)

• Invisible Secrets (JPEG)

• JPHide

• Camouflage

• Hiderman

•Snow



95

Steganography can be detected by some programs, The first step in

detection is to locate files with hidden text, which can be done by

analyzing patterns in the images and changes to the color palette.

Stegdetect is an automated tool for detecting steganographic content

in images. It’s capable of detecting different steganographic methodsto embed hidden information in

JPEG images.

Hide some text in a jpg file

To retrieve the text, open "new.jpg" in notepad, last lines have the

text.



96

Hiding data in NTFS file system

NTFS alternate File Stream(ADS) is a windows hidden stream used

to store the metadata of a file such as attributes, word count, access

and modification time etc. Hacker can add data in this hidden data

stream so that no one can see it. It is better than steganographybecause the file size remains zero.

press yes, and type some text, save and close.

File size is zero, but the text is there.



100

The following are some indications of a virus attack:

– Increased CPU usage.

– Computer's hard drive constantly runs out of free space.

– Files have strange names which are not recognizable.

– Slow computer or web browser speeds. – Resources are used up very fast.

– Appearance of strange files, programs, or desktop icons

– Programs running, turning off, or reconfiguring themselves

(malware will often reconfigure or turn off antivirus and firewall

programs)

Picture source: Joy Chakraborty slides



101

Anti-Malware Program :

Anti-Malware programs are used to prevent, detect, and remove

computer viruses, worms, Trojan horses and any other type of

malware from your device

Examples of Anti-Malware program:

a) Antivirus program

What is antivirus?

Antivirus software detects, and then prevents or removes malicious

programs or 'viruses'. Antivirus doesn't offer a perfect solution to the

problem of malware, but it should be the second step to secure your

PC or laptop after the first step firewall.

Popular Antivirus programs

• ESET NOD32 Antivirus 8

• Webroot Internet Security Plus 2015

• Avira Free Antivirus 2015

• Panda Global Protection 2015

• F-Secure Safe 2014. Rating

• G-Data Internet Security 2015

• Kaspersky Total Security 2015

• McAfee LiveSafe 2015

Many more are there.

b) Anti-spyware program

What is Anti-Spyware

Anti-spyware program is designed to prevent , detect and delete

unwanted spyware program installations.



102

Popular Anti-spyware programs

• Spyware Doctor

• AVG Anti-spyware

• STOPzilla

c) Anti-spam program

What is Anti-Spam

Anti-spam software tries to identify useless or dangerous messages

d) Firewall

A firewall is a system designed to prevent unauthorized access to orfrom a private network. Firewalls can be implemented in both

hardware and software, or a combination of both.

How antivirus identifies a virus

Virus detection techniques can be classified as follows:

Signature-based detection: All virus has a signature, The signature

may be a series of bytes in the file or cryptographic hash of the fileor its sections. Antivirus program check that signature with the

Database stored

Heuristics-based detection :This is intelligent programming, used

for detecting new malware. Like it may look for the presence of rare

instructions or junk code in the examined file

Cloud-based detection: It is not performed locally rather the

antivirus engine connect to cloud and derive patterns related to

malware characteristics and behavior by correlating data collected

from local machine.



104

Google hacking

What is web search engine

A web search engine is a software system that is designed to searchfor information on the World Wide Web. The search results are

generally presented in a line of results often referred to as searchengine results pages (SERPs). The information may be a mix of webpages, images, and other types of files. Some search engines alsomine data available in databases or open directories. Unlike webdirectories, which are maintained only by human editors, searchengines also maintain real-time information by running an algorithmon a web crawler. [defined in en.wikipedia.org]

In simple word Search engines are programs that search some

documents specified by the keywords in the world wide web andreturns a list of the documents where the keywords were found.Typically, Web search engines work by sending out a spider to fetchas many documents as possible.



105

Popular Search Engine Used By Hackers

In most of the time out searching starts and end with Google, bingand yahoo, but there are more web search engine, ComputationalKnowledge Engine(www.wolframalpha.com), computer searchengine (https://www.shodan.io), WayBackMachine (archive.org)

that are popularly used by hackers.

You can see the list of various search engines in the following link [http://www.ebizmba.com/articles/search-engines]

https://www.shodan.io



106

archive.org

Majority of the information can be obtained from Google,

around 80% and you will be astonished to know that

"facebook","twitter"," LinkedIn" are also used as a search engine

for target specific attack.

How the Google Search Engine WorksAt first Google use a "optimized algorithm" , to speed up the data

processing and a technique known as "parallel processing" to run

several different computations simultaneously. This is done by using

a network of several thousand computers. Google's search engine

consists of three main parts:

GoogleBot: The web crawler, by crawling the internet, we mean that

it sends requests to all the servers hosting web sites, downloadscopies of them, and then sends them off to the Indexer for

processing.

Indexer: sorts every word on a page, and stores the results in a

database.



107

Query Processor : looks at your search string, compares to the

results stored by the indexer, retrieves, and presents the list of most

relevant results. Following picture explain the concept

source[http://www.brighthub.com/]

Google Hacking Database, GHDB, Google Dorks - Exploit-DB

Google hacking is a computer hacking technique that uses GoogleSearch and other Google applications to find security holes inthe configuration and computer code that websites use.

[defined in en.wikipedia.org]

A Google dork query, sometimes just referred to as a dork, is asearch string that uses advanced search operators to find informationthat is not readily available on a website.



108

Google dork, also known as Google hacking, can return informationthat is difficult to locate through simple search queries.[http://whatis.techtarget.com]

Google Hacking Database (GHDB).Your home for "googledorks" ismaintained by offensive-security. The definition of Google Hacking

Database according to the site is as follows.

"Originally created by Johnny Long of Hackers for Charity,

The Google Hacking Database (GHDB) is an authoritative source

for querying the ever-widening reach of the Google search engine. In

the GHDB, you will find search terms for files containing

usernames, vulnerable servers, and even files containing

passwords."

https://www.offensive-security.com/community-projects/google-

hacking-database/.



109

According to a news published in www.welivesecurity.com BY

ROB WAUGH dated 28 AUG 2014, "Google dorks – FBI warning

about dangerous ‘new’ search tool". Now I think you can imagine

the power of "google dorks". Google dork terms are widely known

to everybody, and till today google dork searching is legal.

Exploit-DB

According to the site https://www.exploit-db.com "The Exploit

Database(EDB) is a CVE compliant archive of exploits and

vulnerable software. A great resource for penetration testers,

vulnerability researchers, and security addicts alike. Our goal is to

collect exploits from various sources and concentrate them in one,

easy to navigate database".

You can check the following link to know more about Exploit-DB.

https://www.exploit-db.com/about



110

The contents available in this site is not for beginners, but some day

it will be required on your way to become an elite hacker.

Google as a Proxy Server to Bypass Pay walls & Download Files

Suppose you have problem in accessing a web page(say

example.com),may be the website is blocked at your workplace, or

that page happens to be behind a pay wall. Then there are a couple of

undocumented Google proxy servers that may help you in accessing

that page. When you access any page via one of these Google

proxies, the content of that page gets downloaded on Google servers

and then served to you.

a) Google Translate as a Proxy

To use Google Translate as a proxy, set the destination language as

the actual language of the page and the source language as anything.

suppose a page is written in English, set the destination language (tl)

in the translate URL as “en” and the source language (sl) as “ja” for

Japanese.

http://translate.google.com/translate?sl=ja&tl=en&u=http://example.

com

b) Google Mobilizer as a Proxy

Google has discontinued the main mobilizer service on google.com

(secure) but you can still access it through any country-specific

Google domain like google.co.in or google.ie. The URL would be:

http://www.google.ie/gwt/x?u=http://example.com/



111

c) Google Modules as a Proxy

The gmodules.com domain is part of the Google personalized

homepage service and is primarily used for hosting gadgets that are

available for the Google homepage. This is the only Google proxy

that will let you download files (like PDFs, .MP4 videos, etc) inaddition to viewing regular web pages.

http://www.gmodules.com/ig/proxy?url=http://example.com/

Google advance Search Operators

Operator Description

siteRestrict result to that particular domain, like site:.pk,will bring all sites with the domain "site:.pk"

intitle Restricts results to those site where title contains the

specified phrase "intitle:hack"

inurl Restricts results to sites whose URL contains the

specified phrase " inurl:hack"

filetype Restricts results to documents of the specified type,like

pdf,doc,ppt etc " intitle:java fietype:pdf "

allintext Restricts results to documents containing the specified

phrase in the

text, but not in the title, link descriptions or URLs

" allintext:java fietype:pdf "

link Restricts results to sites that have links to the specified

location " link:www.google.com "



112

Google queries for locating passwords


intitle: "Index of" pwd.db searching database password files

intitle: "index.of" passwd.bak search index backup password files

filetype: xls inurl:

"password.xls"

looking for username and password

in ms excel format

allinurl: auth_user_file.txt find files auth_user_file.txt

containing password on server

index.of passlist.txt load the page containing password

list in the clear text format

"Login: *" "password =*"

filetype: xls

searching data to the system files

that are stored in Microsoft Excel

Various Online Devices


inurl:axis.cgi ext:cgi Dork for all axis cams. Enjoy with

them!. These Dork is Discovered by

Rootkit Pentester.

intitle:Global Traffic

Statistics "Ntop"

View Global Traffic Statistics

inurl:printer/main.html This Dork reveals Printers Panels

inurl:/view.shtml Some Cctv came online

".git" intitle:"Index of" Shows publicly browsable .git

directories



113

Google queries for locating passwords


intitle: "Index of" pwd.db searching database password files

intitle: "index.of" passwd.bak search the index backup password

files

filetype: xls inurl:

"password.xls"

looking for username and

password in ms excel format

allinurl: auth_user_file.txt find files auth_user_file.txt

containing password on server

index.of passlist.txt load the page containing password

list in the clear text format

"Login: *" "password =*"

filetype: xls

searching data to the system files

that are stored in Microsoft Excel

Searching for personal data and confidential document


"not for distribution" confidential

documents containing the

confidential information

filetype:ctt "msn" MSN contacts list

"phone * * *" "address *" "e-mail"

intitle:"curriculum vitae"

ALL cv

filetype:xls inurl:"email.xls" email.xls files, potentially

containing contact information



116

Some popular searches

click on webcam



117

I want to finish this topic with a search engine named"indexeus.com".

Indexeus was developed by the Portuguese Jason Relinquo, a 23-year-old hacker which has built a searchable archivecontaining “over 200 million entries”. it retrieves all the availableinformation on user account acquired from hundreds recentlydata data breaches. The data collected includes information onmalicious hackers stolen recent hack, including Adobe and Yahoo!.Anyway Indexeus website was rapidly targeted by other hackers, afew days ago the search engine was defaced by hacker group

Pernicious Developers which also deployed a backdoor shell on thewebsite.



118



119

HTML

HTML started its life in 1989, when it was designed to be thepublishing language of the newly created World Wide Web. HTML(Hyper Text Markup Language) was originally developed by a mannamed Tim Berners-Lee a physicist back in early 1989. The firstversion of HTML 1.0 was initially released as a publishing language.

HTML is a language used for describing the structure of the webpage. Using HTML markups one can create a web page. In otherwords HTML is used to create a web document. Every HTMLdocument contains three main sections the head, title and the body.All HTML file must have an htm or html file extension.

You should know HTML, because most of the websites use HTML.For a hacker analyzing the web page code is important.HTML 4 ispopularly used but, HTML5 is there with lots of new feature. We aregoing to learn both.

How to View HTML Source

To find out, simply right click on the browsers and Source or PageSource or view source. This will open a window that shows you the

actual HTML of the page.

HTML is the language of web. So first comes what is web

A web is a complex, cross platform, cross language, cross culturalmesh of servers,clients, users, databases, all talking, working, searching, viewing,accessing, downloading together.

A website is a collection of web pages (documents that are accessedthrough the Internet), A web page is what you see on the screenwhen you type in a web address, click on a link, or put a query in asearch engine.



120

[source www.sans.org]

How to write and run HTML file

1)open notepad2)type the code3) save it with a name, say demo.html

4) click on the file demo.html, automatically open in browser.

HTML files consists of tag. A summary of tag is given below

Basic HTML Tags Tag Description<html> Defines an HTML document<body> Defines the document's body<h1> to <h6> Defines header 1 to header 6



122

<HTML>

<HEAD>

<TITLE>Sample Program</TITLE>

</HEAD>

<BODY><P>

Making some text <B>bold</B>

or <I>italic</I>

is a useful technique, some are<u>underline</u>

</P>

</BODY>

</HTML>

<HTML>

<HEAD>

<TITLE>

Creating table

</TITLE>

</HEAD>

<BODY>

<TABLE BORDER=2 CELLSPACING=4 align=center>

<TR>

<TD>Student Name</TD>

<TD>Student Age</TD>

<TD>Roll Number</TD>

</TR>

<TR>

<TD>AA</TD>

<TD>BB</TD>

<TD>CC</TD>

</TR>



123

</TABLE>

</BODY>

</HTML>

<HTML>

<HEAD>

<TITLE>

list example

</TITLE>

</HEAD>

<BODY>

<P align=center>Creating a list</P>

<UL>

<LI>bca

<LI>btech

<LI>mca

</UL>

</BODY>

</HTML>

HTML Forms are required when you want to collect some datafrom the site visitor. The HTML <form> tag is used to create anHTML form and it has following syntax:

Some elements used in HTML form is explained below.

<form action="Script URL" method="GET|POST">

form elements

</form>

<html>

<head>

<title>working in a form</title>

</head>

<body>



124

<form >

User ID : <input type="text" name="user_id" /><br>

Password: <input type="password" name="password" /><br>

<input type="checkbox" name="ice" value="on"> ICE

<input type="checkbox" name="sand" value="on"> SAND <br>

<input type="radio" name="subject" value="ice"> ICE

<input type="radio" name="subject" value="sand"> SAND <br>

<select name="dropdown">

<option value="ice" selected>ICE</option>

<option value="sand">SAND</option>

</select><br>

<input type="submit" name="submit" value="Submit" />

<input type="reset" name="reset" value="Reset" />

<input type="button" name="ok" value="OK" />

</body>

</html>



125

HTML5

HTML5 has introduced a lot of changes one important change isform validation. Validating web forms has always been a painfultask for many developers. In html4 they have to use some scriptingcodes like JavaScript to performing client side validation.

Furthermore informing users about the validation error is a tedioustask.

HTML5 overcome these problem. There are basically five areas of improvements when it comes to form features in HTML5:

• New input types

• New attributes

•

New elements• Validation

• APIs, such as the File API

New Input Types

color Gives the end user a native color picker to choose a color.date Offers a datepicker.datetime An element to choose both date and time.

datetime-local An element to choose both date and time, with localsettings support.email A field for entering e-mail address(es).month Choose a full month.number Picking a number.range Offers a slider to set to a certain value/position.search A field for search queries.tel Choosing a telephone number.time Input a certain time.

url Entering a URL.week Picking a specific week.



127

New Attributes

autocomplete An option to turn off automatic form completion of values for a field. Possible values are “on” and “off”.

autofocus Whether focus should be set to this field as soon as it hasloaded.

formmethod For buttons that submit a form to be able to overridethe form’s method attribute, in case a button should change the

method.list To connect with a <datalist> element by its id, to use its<option> elements as suggestions.max Maximum value for the value that can be put in.min Minimum value for the value that can be put in.multiple Allows for selection of multiple files for <inputtype=”file”> elements, and for multiple e-mail addresses separated

by a comma.pattern Declaring what pattern should be used for validating afield’s value, in the form of a regular expression.placeholder Meant to be able to display a hint to the end user whatto input.readonly If a field should be readonly.required For validation purposes, if a field is required or not.

<!DOCTYPE HTML>

<html lang="en-US">

<head>

<meta charset="UTF-8">

<title>Forms Complete Example</title>

<form>

TEXT1<input type="text" autocomplete="off"><BR>

TEXT2<input type="text" autofocus><BR>

RANGE1<input type="range" max="95"><BR>

RANGE2<input type="range" min="2"><BR>



128

ALL TEXT<input type="text" pattern="[A-Z]*"><BR>

TEXT3<input type="placeholder" name="first-name"placeholder="E.g. Srikanta sen"><BR>

TEXT4<input type="text" readonly><BR>

TEXT5<input type="text" required><BR>

</form>

</body>

</html>

New Elements

datalist Contains a number of <option> elements with values thatcan be used as suggestions for other form elements through theusage of the list attribute on them.keygen Offers a way to create a public/private key pair where thepublic key is sent with the formmeter The meter element is for displaying values on a bar, whereyou can custom control min, max and assigned value. You can also



129

specify low, high and optimum to set up different kind of areas of the bar.output Dedicated to output the result of a calculation in the page, forinstance sliding a <input type=”range”> back and forth.progress Meant to be used to indicate progress of any kind in a webpage, for instance file upload progress.

Explaining everything on HTML5 is not possible in this book. But Ithink this is enough to give you some idea on HTML and HTML5.



131

side languages. These attacks also have the ability to gather datafrom account hijacking, changing of user settings, cookietheft/poisoning, or false advertising is possible. In some cases,Cross Site Scripting vulnerabilities can perform other functionssuch as scanning for other vulnerabilities and performing a Denialof Service on your web server. [defined in

www.owasp.org]

This is not the place to discuss more on xss, so we willconcentrate on basics.

JavaScript

JavaScript is a client side scripting language, meaning that it runsin the browser used by user. JavaScript, developed originally byNetscape, is a lightweight, interpreted programming languageinitially called LiveScript.

why developers use JavaScript?

• Form Validation at the client-side• Create mouseover effects, change background colour of a

document with a click of a button... interactivity!

• JavaScript can also be used to create animations and games.• Change page contents dynamically.

• JavaScript can be used to build out the entire server using

things like Node.js or Meteor (JavaScript platform).• Load content in new browser windows and frames.

• JavaScript is commonly used to write phone apps using PhoneGap and Apache Cordova. These apps can be built to run on anysmart phone with the same source code.

What JavaScript cannot do?

• It cannot touch any files on your hard drive (besides cookies)• It also cannot read/write any files on the server

132

Other scripting language like Javascript

JScript is Microsoft's dialect of the ECMAScript standard that isused in Microsoft's Internet Explorer. JScript is implemented asan Active Scripting engine

VBScript (Visual Basic Scripting Edition) is an Active Scriptinglanguage developed by Microsoft that is modeled on VisualBasic. It is designed as a "lightweight" language with a fastinterpreter for use in a wide variety of Microsoft environments.

[source en.wikipedia.org]

How JavaScript is written

JavaScript starts with the tag <script language="javascript"> andends with </script> .Anything between these two tags isinterpreted as javascript by the browser. It is embedded in htmlfile or can be written in a separate file with extention .js andcalled in html file.

Next few pages contain some examples, hope you will type, runand understand.

<html>

<head>

<title>This is a JavaScript example</title>

<script language="JavaScript">

</script>

</head>

<body>

This is a part of html boy

</body>

</html>



134

onclick is a event

<html>

<head>

<script language="JavaScript">

function disp_okcan()

{

var res=confirm("Press a button"); //if u press ok, then res

variable stores true otherwise false

if (res==true)

{

document.write("You pressed OK!");

}

else

{

document.write("You pressed Cancel!");

}

}

</script>

</head>

<body>

<input type="button" onclick="disp_okcan()" value=" press" />

</body>

</html>



137

<body>

<form name="login" onsubmit="return validate()">

<p>UserID:<input type="text" size="10" name="uid"><p>

<p>Password:<input type="text" size="10"

name="password"><p>

<p>Email:<input type="text" size="20" name="email"onblur="emailcheck()">

<input type="submit" name="submit" value="Submit">

</form>

</body>

</html>



139

Python 2.7.9 shell is open.

Now we learn how to save file and run.

step 1: File menu-> New file

step 2: Type code and save it

step 3:press F5



140

>>> 11

11

>>> 2+(3*2)

8

>>>

>>> 1 + 5 ; 6 – 2

6

4



141

Python treats everything as an object

>>> s = "computer"

>>> s.capitalize()

'Computer'

>>>

>>> 8**2 //** is power

64

>>> s = "hello"*3

>>> s

'hellohellohello'

>>> len("python")

6

>>> x = 16

>>> print x

6

>>> y = x * 5

>>> print y

80>>>



142

>>> first = 5

>>> second = 6

>>> print first + second

11

>>> first = '10'

>>> second = '15'


1015

>>> name = raw_input('What is your name?\n')

What is your name?

Ss

>>> print name

Ss

x = 13

y = 15

print("The sum of", x, "plus", y, "is", x+y)

Python's ability to manipulate lists of variables and objects is

core to its programming style.

There are essentially two kinds of list objects in Python, tuples

and lists.



143

>>> lst = [11,12,13,14,15]

>>> print lst

[1, 2, 3, 4, 5]

>>> [1,2] + [3,4]

[1, 2, 3, 4]

>>> [1,2]*4

[1, 2, 1, 2, 1, 2, 1, 2]

>>> l1 = [1,2,3]

>>> l2 = [3,2,1]

>>> l1 += l2

>>> l1

[4,4,4]

range(start, stop, step) function automatically produces lists

>>> range(4)

[0, 1, 2, 3]

>>> range(1, 4)

[1, 2, 3]

>>> range(0, 8, 2)

[0, 2, 4, 6]

>>> lst = [11,12,13,14,15] access list elements.

>>> lst[1]

12



144

subsections of lists can be extracted using the notation list

[lower:upper:step]

where lower gives the inclusive lower element index, upper gives

the exclusive upper index, and the optional step gives the increment

between the two.

>>> l = [1,2,3,4,5]

>>> l[0:4]

[1, 2, 3, 4]

>>> l[0:4:2]

[1, 3]

>>> l = [1,2,3,4,5]

>>> l[:4]

[1, 2, 3, 4]

>>> l[2:]

[3, 4, 5]

>>> l[::2]

[1, 3, 5]

a = raw_input(">")

a =int(a)

b = raw_input(">")

b =int(b) //if else

if a>b:



145

print "max = %d." % a

else:

print "max = %d." %b

a = raw_input(">")

a =int(a)

b = raw_input(">")

b =int(b)

if a>b: //if elif else

print "max = %d." % a

elif a == b:

print "equal"

else:

print "max = %d." %b

>>> first = 5

>>> second = 6


11

>>> first = '10'

>>> second = '15'



146


1015

>>> name = raw_input('What is your name?\n')

What is your name?

Ss

>>> print name

Ss

>>> for i in [2, "ss", 19]:

... print i

... <hit return>

2

ss

19

>>> for i in (2.1, [8, 9],{"city":"kolkata"}):

... print i

... <hit return>

2.1

[8, 9]

{"city":"kolkata"}

for i in [4, 6, 7, 8, 10]:

print i

4

6

7

8

10

>>> list = [(1, 2), (2, 3), (3, 4)]

>>> for (a, b) in list:



147

... print a + b

... <hit return>

3

5

7

Use of function

def happyBirthday():

print("Happy Birthday to you!")


print("Happy Birthday, dear ss.")


happyBirthday()

>>>

Happy Birthday to you!


Happy Birthday, dear ss.


def happyBirthday(person):

print("Happy Birthday, dear "+person)

def main():happyBirthday('ss')

happyBirthday('dm')

main()

Happy Birthday, dear ss

Happy Birthday, dear dm



149

Example of file readline

fh = open("file2.py","r")

content = fh.readline()

print content

write and save it with "file2.py"

file name

>>>

fh = open("file2.py","r")

>>>

Only 1st line is printed

Write text in a file

f = file("file1.txt", "w")

f.write("This is first line.")

f.write("This is 2nd line.")

f.close()



150

Server-side programming

Server-side programming means some programs that run on theremote web server and then returns the processed information to aclient's web browser. Some popular server side programminglanguages are Perl, PHP, Python, Ruby, Java server pages,

ASP.NET, ColdFusion etc.

Below is a comparison of popularity of server-side programming

languages for websites. PHP is used by 81.5% of all the websites.

Source http://w3techs.com



151

Knowledge of at least one server side programming language is very

important for a ethical hacker. Two important things should be kept

in mind .

a) PHP and JSP are scripting languages, not programming

languages.b) ASP.NET is a web framework that is made up of any .NET

language.

It is impossible for me to explain each of these all server side

programming language in this book, but I can teach you some

basics of the most popular PHP.

For a beginner running PHP is a difficult task, because you have

to know how to install a server and to configure it. But you can

run PHP codes online in [sandbox.onlinephpfunctions.com]

without knowing details of web server configuration. Many more

sites are there.



152



153

The full form of PHP is Hypertext Pre-processor (PHP). It allowsweb developers to create dynamic web pages that interacts withserver

Some characteristics of PHP

>PHP is a server side scripting language; it can work alone or can beembedded in HTML file.

>It can be integrated with a number of popular databases, includingMySQL, PostgreSQL,Oracle, and Microsoft SQL Server.

>PHP supports a large number of major protocols such as POP3,IMAP, and LDAP.

>PHP Syntax is similar to C.>PHP codes are written within this block <? ? >

>To run PHP codes you need a server like XAMP (X (crossplaftorm), Apache, MySQL, PHP, Perl), WAMP ( windows,

apache, mysql, php) and a browser.>PHP is case sensitive>PHP is whitespace insensitive>PHP Statements are terminated by semicolons

A simple php code

>Open notepad

>Type the code

>Save the file with .php extention

<html><head><title>this is my first program</title></head>

<body>

<?phpecho "first program";

?>

</body></html>

Output : first program



154

<html><head><title>My First PHP Page</title></head><body><?phpecho "Hello World! ";echo "Hello World! ";echo "Hello World! ";?></body>

</html>Output : Hello World! Hello World! Hello World!

<?php$str1= "Hello!"; // str1 is a variable, written with $$str2= "ajit";echo $str1;echo $str2;?>Output : Hello!" ajit

<?php$addition = 5 + 6;$subtraction = 6 - 5;$multiplication = 5 * 3;$division = 15 / 3;echo "after addition: 5 + 6 = ".$addition."<br />";echo " after subtraction: 6 - 5 = ".$subtraction."<br />";echo " after multiplication: 5 * 3 = ".$multiplication."<br />";

echo " after division: 15 / 3 = ".$division."<br />";?>

Output : after addition: 5 + 6 =11after subtraction: 6 - 5 = 1after multiplication: 5 * 3 = 15after division: 15 / 3 = 5



155

<?php$str1= "Hello!"; // the period "." is used to add twostrings together$str2= "ajit";$str3= $str1.$str2;echo $str3;?>Output : Hello!" ajit

<?php$t1 = 10;$t2 = 12;if ($t1 < $t2) //example of if else{

echo $t1 ." less than " . $t2;}else{

echo $t2 ." more than " . $t1;}?>

Output : 10 less than 12

<?php

$color = "green";

switch ($color){

case"red":echo "Your favorite color is red!"; //example switch casebreak;

case "blue":

echo "Your favorite color is blue!";break;case "green":

echo "Your favorite color is green!";break;

default:echo "Your favorite color is neither red, blue, nor green!";

}



156

?>

Output : Your favorite color is green!

<?phpfor ($i = 0; $i <= 10; $i++){

echo "The number is: $x\n "; //loop syntax similar to c language}?>Output : The number is: 0

The number is: 1……………………………

<?php$play = array("cricket", "football", "baseball");

echo "I like " . $play[0] . ", " . $play[1] . " and " . $play[2] . "."; //array?>

Output : I like cricket, football and baseball.

<html> //form name home.html<body>

<form action="submit.php" method="post">//this form calling “submit.php” file

// form method is post.Name: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form>

</body></html>

<html> //file name submit.php<body>

Welcome <?php echo $_POST["name"]; ?><br>Your email address is: <?php echo $_POST["email"]; ?>

</body></html>



157

Output : Welcome srikantaYour email address is [email protected]

<html><body>

<form action="submit.php" method="get"> //this form calling “submit.php” file

// form method is getName: <input type="text" name="name"><br>E-mail: <input type="text" name="email"><br><input type="submit"></form>

</body></html>



158

Relational Algebra and SQL

Relational algebra is a formal system for manipulating

relations. Relational algebra, first described by E.F. Codd.

Basic operations of Relational Algebra

– Selection ( α ) Selects a rows from a relation.

– Projection (π ) Select particular columns from relation.

– Cross-product ( x ) Combine two relations.

– Set-difference ( T1-T2) Tuples from relation T1, but not from T2 . – Union (T1 U T2) All Tuples from T1 and T2

– Intersection (T1 T2) All common Tuples from T1 and T2

T1

Roll Name Marks

1 Ana 20

2 devid 23

4 alen 26

T2

Roll Name Marks

2 devid 23

3 clinton 21

5 hamid 28



159

Selection ( α ) operation

select from T1,where marks more

than 25

Algebra: α Marks>25 (T1)

T1

Roll Name Marks

4 alen 26


than 23 and less than 29

Algebra: α Marks>23 and Marks<=28 (T2)

T2

Roll Name Marks

2 devid 23

5 hamid 28

Projection (π ) operation

select roll and marks from T1,where marks more than 25

Algebra: π Roll, Marks (α Marks>25 (T1))

Roll Marks

4 26

select roll and marks from T2,where marks more than 23 and less than 29

Algebra: π Roll, Marks (α Marks>23 and Marks<=28 (T2))

Roll Marks

2 23

5 28



160

Set-difference

Set-difference ( T1-T2)

T1-T2

Roll Name Marks

1 Ana 20

4 alen 26

Set-difference ( T2-T1)

T2-T1

Roll Name Marks

3 clinton 21

5 hamid 28

Union (T1 U T2)

Roll Name Marks

1 Ana 20

2 devid 23

4 alen 26

3 clinton 21

5 hamid 28

Intersection (T1 T2)

Roll Name Marks

2 devid 23



161

Cross-product (x)

T1

Roll Name Marks

1 Ana 20

2 devid 23

Cross-product (T1 x T2)

Roll Name Marks Roll Name Marks

1 Ana 20 2 devid 23

1 Ana 20 3 clinton 21

2 devid 23 2 devid 23

2 devid 23 3 clinton 21

Advance operations of Relational Algebra

– Join (Returns all rows when there is at least one match in

BOTH tables)

– Left outer Join (Return all rows from the left table, and the

matched rows from the right table)

– Right outer Join ( Return all rows from the right table, and

the matched rows from the left table )

– Full outer Join (Return all rows when there is a match in

ONE of the tables)

T2

Roll Name Marks

2 devid 23

3 clinton 21



162

T1

Roll Name

1 Ana

2 devid

4 alen

T2

Roll Marks

2 26

3 21

5 28

T1 T2

Roll Name Marks

2 devid 26

T1 T2

Roll Name Marks

1 Ana NULL

2 devid 26

4 alen NULL

T1 T2

Roll Name Marks

2 devid 26

3 NULL 21

5 NULL 28

T1 T2

Roll Name Marks

1 Ana NULL

2 devid 26

4 alen NULL

3 NULL 21

5 NULL 28

Relational Algebra is much more than this, but more

explanation is beyond the scope of this book



163

Some important concept related to DBMS and RDBMS

Data: Known facts that can be recorded and that have implicit

meaning

Field: Smallest unit of Data,e.g roll,name,marks,which can not be

broken further

T1

Roll Name Marks

Record or tuple or Row: It is a collection of Fields.

T1

Roll Name Marks

1 Ana 20 1st row

2 devid 23 2nd row

Table: It is collection of Records.T1 is a table.

T1

Roll Name Marks

1 Ana 20

2 devid 23

Database: it is collection of more than 1 table,T1,T2 together form

Database.



164

T1

Roll Name

1 Ana

2 devid

4 alen

T2

Roll Marks

2 26

3 21

5 28

RDBMS: Codd's twelve rules are a set of rules (numbered zero to

twelve) designed to define what is required from a database

management system in order to be considered RDBMS

SQL(Structured Query Language) is a standard language for

accessing databases.SQL statements are used to perform tasks such

as insert data, delete data, search data and update data on a database.

Some common relational database management systems that use

SQL are: Oracle, Sybase, Microsoft SQL Server, Access, Ingres, etc.

This tutorial will teach you basics of ORACLE SQL.

Consider the following table

T1

Roll Name Marks

1 Ana 20

2 devid 23

4 alen 26

T2

Roll Name Marks

2 devid 23

3 clinton 21

5 hamid 28



165

Selection ( α ) operation


than 25

Algebra: α Marks>25 (T1)

SQL: select * from T1 where Marks

>25;

T1

Roll Name Marks

4 alen 26

select from T2,where marks

more than 23 and less than 29

Algebra: α Marks>23 and Marks<=28 and

(T2)

SQL: select * from T2 where

Marks >25 and Marks<=28;

* means all column

T2

Roll Name Marks

2 devid 23

5 hamid 28

Projection (π ) operation

select roll and marks from

T1,where marks more than 25

Algebra: π Roll, Marks (α

Marks>25 (T1))

SQL: select Roll, Marks

from T1

where Marks >25;

select roll and marks from

T2,where marks more than 23 and

less than 29

Algebra: π Roll, Marks (α Marks>23 and

Marks<=28 and (T1))

SQL: select Roll, Marks

from T1

where Marks >25 and Marks <=28;



167

Union (T1 U T2)

SQL: (select * from T1)

Union

(select * from T2);

Roll Name Marks

1 Ana 20

2 devid 23

4 alen 26

3 clinton 21

5 hamid 28

Intersection (T1 T2)

SQL: (select * from T1)

Intersect

(select * from T2);

Roll Name Marks

2 devid 23

Cross-product (x) Consider the following table

T1

Roll Name Marks

1 Ana 20

2 devid 23



168

Cross-product (T1 x T2)

SQL: Select * from T1, T2;

Roll Name Marks Roll Name Marks

1 Ana 20 2 devid 23

1 Ana 20 3 clinton 21

2 devid 23 2 devid 23

2 devid 23 3 clinton 21

Advance operations of Relational Algebra

– Join (Returns all rows when there is at least one match in

BOTH tables)

– Left outer Join (Return all rows from the left table, and the

matched rows from the right table)

– Right outer Join ( Return all rows from the right table, and

the matched rows from the left table )

– Full outer Join (Return all rows when there is a match in

ONE of the tables)

T2

Roll Name Marks

2 devid 23

3 clinton 21



170

SQL: (select T1.Roll,

T1.Name, T2.Marks

From T1, right outer join

T2 on T1.Roll= T2.Roll)

T1 T2

Roll Name Marks

2 devid 23

3 NULL 21

5 NULL 28

SQL: (select T1.Roll, T1.Name, T2.Marks

From T1, full outer join T2 on

T1.Roll= T2.Roll)

T1 T2

Roll Name Marks

1 Ana NULL

2 devid 23

4 alen NULL

3 NULL 21

5 NULL 28



171

Join a Ethical Hacking School

I hope you got some prerequisite skills before you start exploring

the world of ethical hacking or penetration testing, next step will

be obviously joining a Ethical Hacking School.

You can call me biased but my recommendation is ISOEH. The

web site is [www.isoeh.com].The corporate website is

[http://isoah.com].Let me explain, Most of the hacking institute

only teach you only hacking, but in ISOEH you can learn ethical

hacking, penetration testing, malware analysis, cyber forensics,

web application testing, computer network, network penetration

testing, secure coding, virtualization and many more. I should

definitely mention their penetration testing lab in cloud, which isthe best in India as far my observation.

I learned from team ISOEH, still today I am learning from

them. Their research team is fantastic with high volume of

resource material available.

ethical hacking level 0 by srikanta sen

Documents