Shivganga Charitable Trust’s

VISHVESHWARAYA TECHNICAL CAMPUS, PATGAON

(MIRAJ)

A SEMINAR REPORT ON

“Ethical Hacking"
Submitted to,

Dr. Babasaheb Ambedkar Technological University, Lonere

In the fullfillemnt of the requirement for the award of

Second Year B.Tech

Submitted by,

Ms. Seema Dadaso Pawar

Under the Guidance of,

Mr. S.D Kadam

Department of Computer Science And Engineering

Vishveshwaraya Technical Campus,

Patgaon

2024-2025

1
 ACKNOWLEDGEMENT

It gives us great pleasure while presenting this Seminar report on "Ethical

Hacking". We are indeed grateful to H.O.D of our Computer Science And
Engineering Department Prof. S. D. Kadam for being an effective source of
inspiration.

A sense of prevailing satisfaction and achievement envelopes the whole

feeling of having completed the paper work under the guidance of Prof. S. D.
Kadam. we wish to express our respect, deep sense of gratitude regard to her for
this valuable guidance, keep interest and Co-operation without which it would
have been impossible to accomplish this project successfully. It was indeed great
experience to work under her guidance. Also I am very thankful to the
Honourable Director Dr. I. N. Yadav sir for his continuous encouragement.

Place:

Date:
2
 Shivganga Charitable Trust’s

VISHVESHWARAYA TECHNICAL CAMPUS, PATGAON

(MIRAJ)

CERTIFICATE
This is to Certified that Ms. Seema. D. Pawar a student of C.S.E (Computer
Science And Engineering), Roll No DCSE118 has successfully completed
seminar work entitled “Ethical Hacking” towards the partial fulfillment of B.
Tech (Computer Science And Engineering) course as per the rules laid down by
Dr. Babasaheb Ambedkar Technological University, Lonere for year 2024-
2025.This report represents the bonafied work carried out by the student.

Prof. S. D. Kadam Prof. S. D. Kadam Dr. I. N. Yadav

Guide Head of Department Director

3
 CONTENTS

Sr.No Particulars Page No

1. INTRODUCTION 5

2. HACKING AND TYPES OF HACKERS 6-7

3. ETHICAL HACKING 8

4. WHAT DO AN ETHICAL HACKER DO 8

5. REQUIRED SKILLS OF AN ETHICAL HACKER 9

6. TYPES OF ETHICAL HACKING 9

7. ETHICAL HACKING COMMANDMENTS 10

8. METHODOLOGY OF HACKING 11

9. ETHICAL HACKING TOOLS 14

10. ADVANTAGES AND DISADVANTAGES 17

11. FUTURE ENHANCEMENTS 18

12. CONCLUSION 19

13. REFERENCE 20
 INTRODUCTION

Ethical hacking also known as penetration testing or whitehat hacking, involves the same
tools, tricks, and techniques that hackers use, but with one major difference that Ethical
hacking is legal. Ethical hacking is performed with the target’s permission. The intent of
ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be
better secured. It’s part of an overall information risk management program that allows for
ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about
the security of their products are legitimate.

Security: Security is the condition of being protected against danger or loss. In the general
sense, security is a concept similar to safety. In the case of networks the security is also called
the information security. Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Need for Security: Computer security is required because most organizations can be damaged
by hostile software or intruders. There may be several forms of damage which are obviously
interrelated which are produced by the intruders. These include:

● lose of confidential data

● Damage or destruction of data

● Damage or destruction of computer system

● Loss of reputation of a company

5
Hacking

Eric Raymond, compiler of “The New Hacker's Dictionary”, defines a hacker as a clever
programmer. A "good hack" is a clever solution to a programming problem and "hacking" is
the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker,
which we paraphrase here:

● A person who enjoys learning details of a programming language or system

● A person who enjoys actually doing the programming rather than just theorizing about it

● A person capable of appreciating someone else's hacking

● A person who picks up programming quickly

Types of Hackers:

Hackers can be broadly classified on the basis of why they are hacking system or why the are
indulging hacking. There are mainly three types of hacker on this basis

● Black-Hat Hacker

A black hat hackers or crackers are individuals with extraordinary computing skills, resorting
to malicious or destructive activities. That is black hat hackers use their knowledge and skill
for their own personal gains probably by hurting others.

● White-Hat Hacker

White hat hackers are those individuals professing hacker skills and using them for defensive
purposes. This means that the white hat hackers use their knowledge and skill for the good of
others and for the common good.

● Grey-Hat Hackers

These are individuals who work both offensively and defensively at various times. We cannot
predict their behaviour. Sometimes they use their skills for the common good while in some
other times he uses them for their personal gains

6
 Automated
Organizational Attacks
Attacks

Accidental Breaches
in Security
Denial of
Viruses, Trojan Horses, Service (DoS)
and Worms

Different kinds of system attacks

General hacking

7
ETHICAL HACKING

 Ethical hacking – defined as “a methodology adopted by ethical hackers to

discover the vulnerabilities existing in information systems’ operating
environments.”

 With the growth of the Internet, computer security has become a major concern for
businesses and governments.

 In their search for a way to approach the problem, organizations came to realize that
one of the best ways to evaluate the intruder threat to their interests would be to
have independent computer security professionals attempt to break into their
computer systems.

What do an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security

personal who tries to penetrate in to a network to find if there is some vulnerability in the
system. An ethical hacker will always have the permission to enter into the target network.
An ethical hacker will first think with a mindset of a hacker who tries to get in to the
system.
He will first find out what an intruder can see or what others cansee. Finding these
an ethical hacker will try to get into the system with that information in whatever method
he can. If he succeeds in penetrating into the system then he will report to the company
with a detailed report about the particular vulnerability exploiting which he got in
to the system. He may also sometimes make patches for that particular vulnerability or
he may suggest some methods to prevent the vulnerability.

8
Required Skills of an Ethical Hacker:

• Microsoft: skills in operation, configuration and management.

• Linux: knowledge of Linux/Unix; security setting, configuration, and services.

• Firewalls: configurations, and operation of intrusion detection systems.

• Routers: knowledge of routers, routing protocols, and access control lists

• Network Protocols: TCP/IP; how they function and can be manipulated.

• project Management: leading, planning, organizing, and controlling a penetration

testing team.

9
Computer Networking Skills

The computer network is nothing but the interconnection of multiple devices, generallytermed
as Hosts connected using multiple paths to send/receive data or media.Understanding
networks like DHCP, Superwetting, Subnetting, and more will provideethical hackers to
explore the various interconnected computers in a network and the potential
security threats that this might create, as well as how to handle those threats.

Programming Skills

Another most important skill to become an ethical hacker is Programming Skills. So whatdoes
the word programming in the computer world actually means? It means, “The act ofwriting
code understood by a computational device to perform various instructions.” So, toget better
at programming, one will be writing a lot of code! Before one writes code he/shemust choose
the best programming language for his/her programming. Here is the list of programming
languages used by ethical hackers
1. Python
2. SQL
3. C++
4. Java
5. C
6. PHP
7. Ruby

Basic Hardware Knowledge

Computer hardware comprises the physical parts of a computer, like the central
processingunit (CPU), monitor, mouse, keyboard, computer data storage, graphics card, sound
card,speakers and motherboard, etc.

10
Reverse Engineering

Reverse Engineering is a process of recovering the design, requirement specifications,

andfunctions of a product from an analysis of its code. It builds a program database
andgenerates information from this. The objective of reverse engineering is to expedite
themaintenance work by improving the understandability of a system and to produce
thenecessary documents for a legacy system. In software security, reverse engineering
iswidely used to ensure that the system lacks any major security flaws or vulnerabilities.

Cryptography Skills

Cryptography is the study and application of techniques for reliable

communication in the presence of third parties called adversaries. It deals with developing
and analyzing protocols that prevent malicious third parties from
retrieving information being shared between two entities thereby following the various
aspects of information security.Cryptography deals with converting a normal
text/message known as plain text to a non-readable form known as ciphertext
during the transmission to make it incomprehensible tohackers. An ethical hacker
must assure that communication between different people withinthe organization
does not leak.

Database Skills

DBMS is the crux of creating and managing all databases. Accessing a database where allthe
information is stored can put the company in a tremendous threat, so ensuring that this
software is hack-proof is important. An ethical hacker must have a good understanding ofthis,
along with different database engines and data schemas to help the organization builda strong
DBMS.

11
Problem Solving Skills

Problem-solving skills help one to determine the source of a problem and find an effective
solution. Apart from the technical skills pointed above, an ethical hacker also must be acritical
thinker and dynamic problem solver. They must be wanting to learn new ways and ensure all
security breaches are thoroughly checked. This requires tons of testing and an in genious
penchant to device new ways of problem-solving.

12
TYPES OF ETHICAL HACKING

It is no big secret that any system , process, website, device can be hacked.

Types of Ethical Hacking are as follows

Web Application Hacking

It refers to exploitation of applications via HTTP which can be done by

manipulatingapplication via it’s graphical web interface, tampering the URL or tampering
HTTP elementsnot contained in the URL.

System Hacking

It is defined as the compromise of computer systems and software to access the

targetcomputer and steal or misuse their sensitive information.

Web Server Hacking

Web content is generated in real time by a software application running at server side.
Sphackers attack on the web servers to access passwords, etc., by using DDOS attacks ,
portscan and social engineering attacks.

Hacking Wireless Networks

Wireless networks are accessible to anyone within the router’s transmissions radius.
Thismakes them vulnerable to attacks.

Social Engineering

It is the art of exploiting human psychology , rather than technical hacking techniques to
gainaccess to systems , building or data.

13
ETHICAL HACKING COMMANDMENTS:

Every ethical hacker must abide by a few basic commandments. If not, bad things can
happen. The commandments are as follows:
 Working ethically:

The word ethical in this context can be defined as working with high profes-
sional morals and principles. Everything you do as an ethical hacker must be above
board and must support the company’s goals. No hidden agendas are allowed! Trust
worthiness is the ultimatete net. The misuse of information is absolutely forbidden.
 Respecting privacy:

Treat the information gathered with the utmost respect. All information you
obtain during your testing from Web-application log files to clear-text passwords must
be kept private. If you sense that someone should know there’s a problem, consider
sharing that information with the appropriate manager.
 Not crashing your systems:

One of the biggest mistakes hackers try to hack their own systems is
inadvertently crashing their systems. The main reason for this is poor planning. These
testers have not read the documentation or misunderstand the usage and power of the
security tools and techniques.

14
Methodology of Hacking:

As described above there are mainly five steps in hacking like reconnaissance,
scanning, gaining access, maintaining access and clearing tracks. But it is not the end of the
process. The actual hacking will be a circular one. Once the hacker completed the five steps
then the hacker will start reconnaissance in that stage and the preceding stages to get in to
the next level.The various stages in the hacking methodology are
● Reconnaissance

● Scanning & Enumeration

● Gaining access

● Maintaining access

● Clearing tracks

Reconnaissance:

The literal meaning of the word reconnaissance means a preliminary survey to gain
information. This is also known as foot-printing. This is the first stage in the
methodology of hacking. As given in the analogy, this is the stage in which the hacker
collects information about the company which the personal is going to hack. This is one of
the pre-attacking phases. Reconnaissance refers to the preparatory phase where an attacker
learns about all of the possible attack vectors that can be used in their plan.

Scanning & Enumeration:

Scanning is the second phase in the hacking methodology in which the hacker tries to
make a blue print of the target network. It is similar to a thief going through your
neighborhood and checking every door and window on each house to see which ones are
open and which ones are locked. The blue print includes the ip addresses of the target
network which are live, the services which are running on those system and so on. Usually
the services run on predetermined ports.There are different tools used for scanning war
dialing and pingers were used earlier but now a days both could be detected easily.
15
Enumeration:

Enumeration is the ability of a hacker to convince some servers to give them information
that is vital to them to make an attack. By doing this the hacker aims to find what resources
and shares can be found in the system, what valid user account and user groups are there in
the network, what applications will be there etc. Hackers may use this also to find other
hosts in the entire network.

Gaining access:

This is the actual hacking phase in which the hacker gains access to the
system. The hacker will make use of all the information he collected in the pre-attacking
phases. Usually the main hindrance to gaining access to a system is the passwords. System
hacking canbe considered as many steps. First the hacker will try to get in to the system.
Once he get in to the system the next thing he want will be to increase his privileges so that
he can have more control over the system. As a normal user the hacker may not be able to
see the confidential details or cannot upload or run the different hack tools for his own
personal interest. Another way to crack in to a system is by the attacks like man in the
middle attack.

● Password Cracking:

There are many methods for cracking the password and then get in to the
system. The simplest method is to guess the password. But this is a tedious work. But
in order to make this work easier there are many automated tools for password
guessing like legion. Legion actually has an inbuilt dictionary in it and the software will
automatically. That is the software it self generates the password using the
dictionary and will check the responses.
Techniques used in password cracking are:

 Dictionary cracking

 Brute force cracking

 Hybrid cracking

16
Maintaining Access:

Now the hacker is inside the system by some means by password guessing or
exploiting some of it’s vulnerabilities. This means that he is now in a position to upload
some files and download some of them. The next aim will be to make an easier path to get
in when he comes the next time. This is analogous to making a small hidden door in the
building so that he can directly enter in to the building through the door easily. In the
network scenario the hacker will do it by uploading some softwares like Trojan
horses, sniffers , key stroke loggers etc.

Clearing Tracks :
Now we come to the final step in the hacking. There is a saying that
“everybody knows a good hacker but nobody knows a great hacker”. This means that a good
hacker can always clear tracks or any record that they may be present in the network to prove
that he was here. Whenever a hacker downloads some file or installs some software, its log
will be stored in the server logs. So in order to erase those the hacker uses man tools. One
such tool is windows resource kit’s auditpol.exe. This is a command line tool with which the
intruder can easily disable auditing. Another tool which eliminates any physical evidence is
the evidence eliminator. Sometimes apart from the server logs some other in formations may
be stored temporarily. The Evidence Eliminator deletes all such evidences.

17
Ethical hacking tools:

Ethical hackers utilize and have developed variety of tools to intrude into
different kinds of systems and to evaluate the security levels. The nature of these tools
differ widely. Herewe describe some of the widely used tools in ethical hacking.
 Samspade:

Samspade is a simple tool which provides us information about a particular host.

This tool is very much helpful in finding the addresses, phone numbers etc

The above fig 2.1 represents the GUI of the samspade tool. In the text field in the top left
corner of the window we just need to put the address of the particular host. Then we can find
out various information available. The information given may be phone numbers, contact
names, IP addresses, email ids, address range etc. We may think that what is the benefit of
getting the phone numbers, email ids, addresses etc.

18
 Email Tracker and Visual Route:

We often used to receive many spam messages in our mail box. We don’t
know where it comes from. Email tracker is a software which helps us to find from
which server does the mail actually came from. Every message we receive will have a
header associated with it. The email tracker uses this header information for find the
location.

The above fig 2.2 shows the GUI of the email tracker software. One of theoptions in the email
tracker is to import the mail header. In this software we just need to import the mails header to
it. Then the software finds from which area that mail comes from. That is we will get
information like from which region does the message come from like Asia pacific, Europe
etc. To be more specific we can use another tool visual route to pinpoint the actual location
of the server. The option of connecting to visual route is availablein the email tracker. Visual
route is a tool which displays the location a particular server with the help of IP
addresses. When we connect this with the email tracker we can find the server which actually
sends the mail. We can use this for finding the location of servers of targets also visually in a
map.

19
The above fig 2.3 depicts the GUI of the visual route tool. The visual route GUI have a
world map drawn to it. The software will locate the position of the server in that world
map. It will also depict the path though which the message came to our system. This
software will actually provide us with information about the routers through which
the message orthe path traced by the mail from the source to the
Destination.

Some other important tools used are:

 War Dialing

 Pincers

 Super Scan

 Nmap etc…

20
Nmap

It stands for Network Mapper. It is an open source tool that is used widely for
networkdiscovery and security auditing. Nmap was originally designed for large networks but
it canwork equally well for single hosts. Nmap uses raw IP packets to determine –

what hosts are available on the network,

what services those hosts are offering,
what operating systems they are running on
what type of firewalls are in use, and other such characteristics.
Nmap runs on all major computer operating systems such as Windows, Mac OS X, and Linux

Net Stumbler

Network stumbler is a WiFi scanner and monitoring tool for Windows. It allows network pro
fessionals to detect WLANs. It is widely used by networking enthusiasts and hackers because
it helps you find non-broadcasting wireless networks. Network Stumbler can be used to verify
if a network is well configured, its signal strength or coverage, and detect interference
between one or more wireless networks. It can also be usedto non-authorized connections.

21
Advantages and disadvantages:

Ethical hacking nowadays is the backbone of network security. Each day its
relevance isincreasing, the major pros & cons of ethical hacking are given below:

Advantages

 “To catch a thief you have to think like a thief”

 Helps in closing the open holes in the system network

 Provides security to banking and financial establishments

 Prevents website defacements

 An evolving technique

Disadvantages

 All depends upon the trustworthiness of the ethical hacker

 Hiring professionals is expensive.

22
Future enhancements:

As it an evolving branch the scope of enhancement in technology is

immense. No ethical hacker can ensure the system security by using the
same technique repeatedly. He would have to improve, develop and
explore new avenues repeatedly.

More enhanced software’s should be used for optimum protection. Tools

used,need to be updated regularly and more efficient ones need to be
developed.

23
 Conclusion

One of the main aim of the seminars is to make others understand that there are so
manytools through which a hacker can get in to a system. There are many reasons
for everybody should understand about these basics.
Let’s check its various needs from various perspectives. Student A student should
understand that no software is made with zero vulnerability. So while they are
studying they should study the various possibilities and should study how to prevent
that becausethey are the professionals of tomorrow.
Professionals Professionals should understand that business is directly related to
security.So they should make new software with vulnerabilities as less as possible.
If they are not aware of these then they won’t be cautious enough in security
matters. Users The software is meant for the use of its users. Even if the software
menders make the softwarewith high security options without the help of users it
can never be successful.

It’s like a highly secured building with all doors open carelessly by the insiders. So
usersmust also be aware of such possibilities of hacking so that they could be more
cautious intheir activities. In the preceding sections we saw the methodology of
hacking, why should we aware of hacking and some tools which a hacker may use.
Now we can see what can we do against hacking or to protect ourselves from
hacking. The first thing we should do is to keep ourselves updated about those
software’s we and using for official and reliable sources.
Educate the employees and the users against black hat hacking. Use every possible
security measures like Honey pots, Intrusion Detection Systems, Firewalls etc.
Every time make our password strong by making it harder and longer to be cracked.
The finaland foremost thing should be to try ETHICAL HACKING at regular
intervals.

24
 References

1. https://studymafia.org/wp-content/uploads/2015/01/MCA-Ethical-
Hacking-report.pdf

2. https://www.scribd.com/document/503436608/A-Report-on-Ethical-
Hacking-1

3. https://www.google.com/search?q=ethical+hacking+&tbm=isch&ved
=2ahUKEwjxwp3ilYCFAxUQvmMGHQajB70Q2-
cCegQIABAA&oq=ethical+hacking+&gs_lp=EgNpbWciEGV0aGljY
WwgaGFja2luZyAyBRAAGIAEMgUQABiABDIFEAAYgAQyBRA
AGIAEMgUQABiABDIFEAAYgAQyBRAAGIAEMgUQABiABDIF
EAAYgAQyBRAAGIAESJQYUKoGWK4TcAB4AJABAJgB8QGgA
eELqgEGMC4xMC4xuAEDyAEA-
AEBigILZ3dzLXdpei1pbWfCAgcQABiABBgYwgIEEAAYHsICBhA
AGAgYHogGAQ&sclient=img&ei=72_5ZbGPO5D8juMPhsae6As&b
ih=670&biw=1396&prmd=ivnsbmtz#imgrc=2xvhtFUCB8%20BpbM

4. https://www.eccouncil.org/cybersecurity-exchange/ethical-
hacking/what-is-ethical-
hacking/#:~:text=Ethical%20hacking%20is%20a%20process,and%2
0looking%20for%20weak%20points.

5. https://www.ibm.com/topics/ethical-hacking

25