Cowpatty is the implemented on an offline dictionary attack against WPA/WPA2 networks utilizing a PSK-based verification (e.g. WPA-Personal). Cowpatty can be execute an enhanced attack if a recomputed PMK document is the accessible for SSID that is being assessed.

Most broadly utilized a scripting language for Hackers is Python. Python has some of very critical to highlights that make it especially to valuable for the hacking, most importantly, it has some pre-assembled is libraries that give some intense is functionality.

Hacking, or targeting on an machine, should have the following 5 phases :

Surveillance : This is the principal stage where the hacker is endeavours to gather as much data is possible about the target.

Scanning : This stage of  includes exploiting the data accumulated amid Surveillance stage and utilizing it to the  inspect the casualty. The hacker can a utilize computerized devices amid the scanning stage which can be incorporate port scanners, mappers and vulnerability scanners.

Getting access : This is where the real hacking as  happens. The hacker attempts to the exploit data found amid the surveillance and the Scanning stage to get access.

Access Maintenance : Once access is gained, hackers need to a keep that access for future the exploitation and assaults by securing their exclusive access with a backdoors, rootkits and Trojans.

Covering tracks : Once hackers have a possessed the capacity to pick up and maintain to access, they cover their tracks and to keep away from getting is detected. This likewise enables them to be proceed with the utilization of the hacked framework and keep themselves away from legitimate activities.

• Guessing. Simple, repeated attempts using a common passwords or known facts about the users.
• Stealing. Physically or electronically acquiring a users passwords– can be include sniffing of the network communications.
• Dictionary Attacks.
• Brute Forces Attacks.
• Rainbows Tables.
• Hybrid Password Attacks.
• Birthday Attacks.

The legal way of accessing the system to find the malicious activities.

• Hacking: it defines the illegal way of accessing the system (Unauthorized Access)
• Ethical hacking: Legal way of accessing the system (Penetration testing)

• To find flaws and vulnerabilities
• To determine the risk to the organization

• Black hats: Using their skills for an offensive purpose
• White hats: Using their skills to defend

• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Clearing Tracks

Process of collecting information about system or network

Active & Passive

By using a predefined application like Nmap and command line utilities

Extracting information from the system\files.

Brute force attack, dictionary attack and rainbow attack

Malicious code which harms the system

• Black box: No previous knowledge of network
• White box: Knowledge of remote network

Affecting the availability factor (Resource unavailability for Authorized user)

• Capturing of packets in the network
• Tools: Wire shark & Pcap Analyzer

Changing the physical appearance of the website

• Flaws in database
• Tools: SQL map

Aircrack-ng, WiFi Sniffing Kismet

• Changing of default SSID
• Disable SSID
• Router access password

By using Nessus and Acunetix

Possible if the system has vulnerability so that exploitation can be done using Metasploit

Actually, we identify injection vulnerability using web application firewall and automated scanners like burpsuite, zap, etc..

In Http splitting attack attacker sends multiple requests to the same page.

Authentication ,session management, access control,HTTP secure configuration

To prove our self to give the right credentials.

To give permission to the user to access particular resources

To force the sire running in only HTTPS

Which is used for creating a remote connection which helps in performing malicious tasks? The attacker will create a stub, which he will bind with the different file such as pdf, video, pic, etc—- and will pass to the victim by any means necessary, and ask the victim to execute or run the particular file.

This is the fraud attempt usually made via SMS, calls, emails, etc, just to collect credentials of the users.

Please see the example below for spear phishing

From:Security@facebook.com

To- Kumar.p@gmail.com

Subject: Security Alert

Hi Kumar,

Your account has been logged in from Russia (54.67.89.23)

If you want to stop this activity, please click on the link given below.

www.facebook.com/security-system

Regards:

Facebook Team

—————————————————-

You click on the link to stop the activity but your system is injected with the virus.

It’s a way to copy someone’s identity and sent an email from copied ID. The receiver won’t be able to understand whether this is coming from the right source or wrong source.

we use Maltego CE to gather information

Wifi Stands for Wireless Fidelity is a technology used to access communication over a network along with devices.

Steps:

• airmon-ng :(Info and detects the wifi card whether its capable of hacking or not).
• airodump-ng : It will dump the packets in air and used to collect the key (password) to be used later to know the real wifi password.
• aircrack-ng : This is used to decrypt the key which we got from airodump.

The cyber kill chain is a process which defines primary steps of a cyber attack. Below is the 7 stages of cyber kill chain.

• Reconnaissance- Passively( searching information on various search engines like google dork, shodan etc) gathering information about target.
• Weaponization – Preparing remote access malware with an exploit into a deliverable payload.
• Delivery – Transferring payload(any malicious application or script) to victims device by social engineering or by some other method.
• Exploitation – Exploit vulnerable application to make use of delivered payload.
• Installation – Installation of backdoor using payload for remote access.
• Command & Control – After the successful installation of a backdoor device can be controlled remotely and various actions can be performed.( DDOS is the most common attack performed using CnC servers).
• Actions on Objective – Attacker will work to achieve the objective for which attack is performed, which can include data exfiltration or destruction of data or attacking some other device.

CIA are the 3 pillars of Information Security. CIA stands for:-

• Confidentiality – Protecting data from getting shared or accessed by some unauthorized person.
• Integrity- Protecting data from getting tampered by some unauthorized person.
• Availability- As word defines itself, availability of data to authorized person whenever required.

• Black hat- One who performing hacking(penetration or exploitation) without authority and with malicious intent.
• White hat- Authorised penetration tester.
• Grey hat- One who performing hacking(penetration or exploitation) without authority but without malicious intent. They perform the activity for bounty programs or security testing without getting authorized to do so.

• Encryption is used to protect the data from losing its confidentiality and it is a reversible process.
• Hashing is used to maintain the integrity of the data and it is irreversible.

• Sniffing – It is a passive attack in which data packets are captured to get information, remaining away from the victim device.
• Spoofing- It is an active attack pretending to be a trusted user and get connected to the network and gather information.

A vulnerability of system which is unknown to the responsible person and that has got exploited by attackers. The time difference in attack and getting aware of unknown vulnerability is called zero days.

It’s cybercrime where the exploit is performed for demanding money. For example- Ransomware.

Given Below are the top 10 Vulnerability:-

• Injection
• Broken Authentication
• Sensitive data exposure
• XML External Entities (XXE)
• Broken Access control
• Security misconfigurations
• Cross Site Scripting (XSS)
• Insecure Deserialization
• Using Components with known vulnerabilities
• Insufficient logging and monitoring

A firewall is the First level of security it monitors all the traffic coming to and leaving from the organization, using firewall unauthorized access, malicious source and network traffic can be controlled.

CIA stands for Confidentiality, Integrity, and Availability. These are the 3 basic components for information security which stands to secure our data in an organization

• Confidentiality – it ensures that the data should not be disclosed to unauthorized access, an attacker can breach confidentiality by network sniffing, shoulder surfing or stealing the password files during transmission of data. So, confidentiality can be provided by encrypting the data as it is stored or transmitted from client to server.
• Integrity – It assures the accuracy and reliability of the information and prevents unauthorized modification. An attacker can insert a virus, backdoor or key logger into a system, so the system’s integrity can be compromised.
• Availability – It ensures reliability and timely access to data and resource to authorized people, if resources is not available at the time when is required, it can lead to a huge business loss like which usually happen in DOS attack.

CSRF (Cross-site request forgery) is an attack where the attacker sends the legitimate request or HTML page to authenticate the user to perform some action inattentively. The only condition to perform this attack is a victim should be logged in.

We can mitigate is attack while implementing captcha in all form submitted pages and with CSRF token. And there is another option to mitigate this attack is implementing multi-factor authentication based on the criticality of the application.

Cross-site scripting (XSS) attack is a type of client-side injection attack in which an attacker tries to inject malicious scripts to the legitimate web application. This attack will lead to disclosing cookie information, website defacement, etc.

There are 3 types of Cross-site scripting:

• Reflected XSS – In this type of XSS, the request with malicious scripts send to server and reflected into theclient side.
• Stored XSS – In this type of XSS, malicious scripts stored permanently in server and whenever any user accesses that particular application, malicious script executes.
• DOM-based XSS – In this type of XSS, the request of the malicious script does not send to the server, it executes in theclient sideitself.

There are different types of cookies attributes:

• HTTP-only – It blocks the client-side scripts to access the cookie.
• Secure – Secure flag ensures the cookie will be sent from client to server through an encrypted channel.
• Domain – The domain for which cookie is valid will submit with every request for the same domain and its sub-domain.
• Path – The cookie should be valid for a particular URL or path.
• Expires – It is used to set a persistent cookie and when the cookie should be expired.

Heartbleed is the vulnerability in OpenSSL library, Heartbeat is a component of TSL/SSL protocol when any system sends an encrypted piece of data is called heartbeat request to other systems, the other system will also send an exact same encrypted piece of data to maintain the connection. Now the system which receives the data never checked the size of data which was claimed, so attacker increase the size of data lets say 64kb but actual size of data is 40kb, now the receiving system will send back the data of 64kb in which 24kb is plus size taking form memory buffer whatever happens in next 24kb memory. This extra 24kb data an attacker can extract from a web server. So this is the way we can exploit heartbleed attack.

In the login page web application, we can perform the following task:

• 1^st we can try user enumeration, including observing the error getting from the application while giving input of wrong usernames and passwords.
• We can perform SQL injection in all entry points.
• We can perform Clickjacking.
• We can try to login with default username and password
• We can perform a Brute force attack to extract username and password.
• Check for SSL certificate if the application is using weakly encrypted certificate, Man-in-the-middle attack can be performed.

Bind and reverse shell are two different payloads which are used in Metasploit.

The basic difference between bind and reverse shell is, Bind shell uses when payload is sent in intranet for example, If an attacker is there in the same network, can send payload to anyone who has connected in same network and get access of their system, but Reverse shell payload used to access the system which has public IP and is there in internet and it is used to bypass firewall, get entered into any network and access the systems inside the particular network.

Encryption is a two-way process which is used to change the format of data from human-readable format to non-human readable format and vice-versa. we use some algorithm to encrypt the data.

Encryption also has two types:

• Symmetric Encryption – In Symmetric encryption, we use the same key to encrypt and decrypt the data. Ex – 3DES, AES, RC4, etc
• Asymmetric Encryption – In Asymmetric encryption, we use the public key to encrypt the data and private key to decrypt the data. Ex – RSA, DSA, etc.

Hashing is a unidirectional process which is used to store long string data in short length, mostly hashing algorithm uses to retrieve data in databases. Ex – MD5, SHA2, etc.

There is a different way to mitigate SQL injection

• Using parameterized queries which forces the developer to define all sql codes and then passes in parameter to the queries.
• keep up to date application server and database
• Sanitize the inputs and keep input validation properly
• Keep Web application firewall to filter malicious input

Vulnerability Assessment is a process to identify the weaknesses and loopholes in the system, server or asset, mostly it is automated process which can be identified with different tools available in the market.

Penetration testing is a process to exploit the vulnerabilities which is identified in VA. It can be performed in both ways manual and automated, manually we can perform based on the information gathered of server details, versions framework etc.