ETHICAL HACKING VIRTUAL INTERNSHIP

A Summer Internship report submitted in partial fulfilment of the requirements for the award of the
degree of

BACHELOR OF TECHNOLOGY

in

CSE – CYBER SECURITY

submitted by
CHOWDARY DURGA VARA PRASAD

(21B21A4657)

Under the Guidance of

Mr. K PAPARAO

Assistant Professor

CYBER SECURITY

DEPARTMENT OF CYBER SECURITY

KAKINADA INSTITUTE OF ENGINEERING AND TECHNOLOGY

(Approved by AICTE & Affiliated to JNTUK, Kakinada & Accredited by NAAC)
Yanam Road, Korangi, Andhra Pradesh - 533461.

2024-2025
 KAKINADA INSTITUTE OF ENGINEERING AND TECHNOLOGY
(Approved by AICTE & Affiliated to JNTUK & Accredited by NAAC)
Yanam Road, Korangi, Andhra Pradesh-533461.
DEPARTMENT OF CSE – CYBER SECURITY

CERTIFICATE

This is to certify that the report entitled “ETHICAL HACKING VIRTUAL INTERNSHIP”, that is

being submitted by CHOWDARY DURGA VARA PRASAD of IV Year I Semester bearing,21B21A4657

in partial fulfillment for the award of the Degree of Bachelor of Technology in Computer Science and

Engineering Cyber Security, Kakinada Institute of Engineering and Technology is a record of bona fide

work carried out by them.

Internal Examiner Head of the Department

External Examiner
 Student’s Declaration

I CHOWDARY DURGA VARA PRASAD a student of BACHELOR OF TECHNOLOGY

program, Reg.No.21B21A4657 of the Department of CSE (CYBER SECURITY), KAKINADA INSTITUTE

OF ENGINEERING AND TECHNOLOGY do hereby declare that I have completed the mandatory

internship from OCTOBER 2024 to DECEMBER 2024 in ETHICAL HACKING VIRTUAL INTERNSHIP

(Cohort-10 10 Weeks Internship) under the Faculty guidance of MR. K PAPARAO Btech, Department of

CSE – CYBER SECURITY, KAKINADA INSTITUTE OF ENGINEERING AND TECHNOLOGY.

(Signature and Date)

COMPLETION CERTIFICATE
 Official Certification
This is to certify that CHOWDARY DURGA VARA PRASAD Reg. No. 21B21A4657 has

completed his/her internship in EDUSKILLS (Name of the Intern Organization) on

Ethical Hacking Virtual Internship under my supervision as a part of partial

fulfilment of the requirement for the Degree of B. TECH (CSE- CS) in the Department of

KAKINADA INSTITUTE OF ENGINEERING AND TECHNOLOGY.

This is accepted for evaluation.

(Signature with Date and Seal)

Endorsements

Faculty Guide

Head of the Department

Principal
 ACKNOWLEDGEMENTS
It gives us an immense Pleasure to express a deep sense of gratitude to our supervisor

Mr. K PAPARAO, Assistant Professor, Department of CSE – CYBER SECURITY because

of his whole hearted and valuable guidance throughout the report. Without his sustained and

sincere effort, this report would not have taken this shape. He encouraged and helped us to

overcome various difficulties that we have faced at various stages of our report.

We would like to sincerely thank our supervisor Mr. K PAPARAO, Assistant

Professor for providing all the necessary facilities that led to the successful completion of our

report.

We would like to sincerely thank Mr. K PAPARAO, Assistant Professor & Head of

the Department of CSE – CYBER SECURITY, for providing all the necessary facilities that

led to the successful completion of our report.

We would like to take this opportunity to thank our beloved Principal Dr. Revathi

Duba for providing a great support to us in completing our project and for giving us the

opportunity of doing the internship report.

Finally, we would like to thank all of our friends and family members for their

continuous help and encouragement.

CHOWDARY DURGA VARA PRASAD

21B21A4657
 TABLE OF CONTENTS

• ACKNOWLEDGEMENT.

• INTERNSHIP CERTIFICATE

• INTERNSHIP REPORT

o Introduction to Ethical Hacking

o Foot printing and Reconnaissance

o Scanning Networks

o Enumeration

o Vulnerability Analysis

o System Hacking
 INTERNSHIP REPORT INTRODUCTION

Eduskills is a Non-profit organization which enables Industry 4.0 ready digital

workforce in India. Their vision is to fill the gap between Academia and
Industry by ensuring world class curriculum access to our faculties and
students. They want to completely disrupt the teaching methodologies
and ICT based education system in India. They work closely with all the
important stakeholders in the ecosystem Students, Faculties, Education
Institutions and Central/State Governments by bringing them together
through their skilling interventions. Their three-pronged engine targets
social and business impact by working holistically on Education,
Employment and Entrepreneurship.

⮚ VISION OF EDUSKILLS
Transforming the vision of ‘Skilled India’ and Education for To benefit
the education ecosystem by providing 360degree holistic solutions to
all the stakeholders.

⮚ MISSION OF EDUSKILLS
To positively impact 1 million beneficiaries by 2024.

• HOW THE MISSION

By comprehensive identification of skills gaps in the students
and mapping them with latest and world’s best technical skills.
⮚ VALUES OF EDUSKILLS

a. To provide innovative learning aids and services in the education

sector.
b. To connect industry-ready professionals, researchers, advanced
learners, educators and entrepreneurs who can take best care of
stake holders.
c. To extend cutting-edge research, publications and consultancy.
d. To progress global knowledge and skills for the next generation.

Registered / Accredited By
 EDUSKILLS ETHICAL HACKING VIRTUAL
INTERNSHIP INTRODUCTION

Eduskills Ethical Hacking Virtual Internship is Developed

By Eduskills Foundation. It is an Online Internship of 10
Weeks Duration. It is Started From October 2nd,2024 to
December 11th,2024.This Course Contains 6 Modules. In
this Internship Course We Will learn Ethical Hacking,
Foot printing, Reconnaissance, Scanning Networks,
Enumeration, Vulnerability Analysis, System Hacking.
These Modules We Have to Learn in the Eduskills LMS
Portal. After Completing Those We Will Have to write an
Assignment and After that We Will Receive a Course
Completion Certificate in Eduskills LMS Portal. Finally,
We Will Get a Final Certificate at Eduskills LMS Portal.

This course contains 6 tasks and 0 badges. Those are

listed below:

1.Introduction to Ethical Hacking

2. Foot printing and Reconnaissance

3. Scanning Networks

4.Enumeration

5. Vulnerability Analysis

6. System Hacking
 STEPS TO DO ETHICAL HACKING VIRTUAL
INTERNSHIP
Step 1: Signing In

1. Visit the Eduskills LMS platform.

2. Enter your registered email address and click on

the Send OTP button.

3. Check your email for the OTP code.

4. Enter the OTP and click Submit to log in.

Step 2: Access the Dashboard

● Once logged in, click on the Dashboard option to
view your enrolled courses.

Step 3: Begin the Ethical Hacking Course

1. Locate and select the Ethical Hacking Course.

2. Start with Module 1: Ethical Hacking.

o Complete the pages of the module

sequentially.

o Use the Next Page option to navigate through

the content.

Step 4: Complete Module Assessments

1. After finishing each module, click Start

Assessment.

2. Pass the module assessment to unlock the next

module.

3. Continue this process for all six modules.

Step 5: Obtain Your Certificates

1. Once the assessments are completed:

 o You will receive a Course Completion
Certificate immediately.

Your Final Internship Certificate will be

o
provided within the specified timeline.

ACTIVITY LOG FOR THE 1st WEEK

Day & Brief description of the daily activity Learning Person

Date Outcome In-Charge
Signature

Learned About
2nd Oct 2024 Basics of ETHICAL
Introduction to ETHICAL HACKING HACKING.

Learned about
some types of
3rd Oct 2024 Types of Ethical Hacking ETHICAL
HACKING.

Phases of Ethical Hacking Learned about Key

Phases of ETHICAL
4th Oct 2024 HACKING.

5th Oct 2024 Learned about

Legal and Ethical Boundaries Laws.

Ethical Hacker using Tools Learned about

some basic Tools.

6th Oct 2024

 Ethical Hacker Techniques Learned about
some techniques
about tools.
7th Oct 2024
 TASK REPORT
TASK-1 (From: 02-10-2024 to 07-10-2024)

Ethical hacking, also known as penetration testing or white-hat

hacking, is the practice of testing computer systems, networks, and
applications to identify vulnerabilities and strengthen their defenses
against potential cyber threats.
Unlike malicious hackers, ethical hackers operate with legal
authorization and aim to protect data and systems.

Key Aspects of Ethical Hacking

Purpose:
Safeguard sensitive information. Prevent
unauthorized access.
Ensure compliance with cybersecurity regulations.
Strengthen system reliability and resilience.

Types of Ethical Hacking:

Network Security Testing: Analyzing routers,

switches, and firewalls.
Web Application Testing: Identifying issues like SQL
injection or XSS.
Mobile Application Testing: Evaluating the
security of apps on Android or iOS.
Social Engineering: Testing human factors like
phishing awareness.
Cloud Security Testing: Securing data stored in
cloud environments.

Phases of Ethical Hacking:

 Reconnaissance: Gathering information about
target.
Scanning: Identifying vulnerabilities using tools.
Exploitation: Simulating attacks to assess risks.
Reporting: Documenting findings and
recommending fixes.

Legal and Ethical Boundaries:

Ethical hackers must obtain proper authorization.
They must operate within the law and respect
confidentiality.

Tools and Techniques

Ethical hackers use tools like Nmap, Metasploit,

Wireshark, and Burp Suite for testing. Techniques
include password cracking, vulnerability scanning,
and exploiting misconfigurations.
Significance of Ethical Hacking
Ethical hacking plays a crucial role in cybersecurity by:

Protecting sensitive data from breaches.

Reducing risks of financial and reputational loss.
Enhancing trust in digital systems.
 ACTIVITY LOG FOR THE 2nd WEEK

Day & Brief description of the daily activity Learning Outcome Person
Date In-Charge
Signature

Learned About
8th Oct 2024 Importance of Foot printing Importance of Foot
printing.

Learned about Types

of Foot printing.
9th Oct 2024 Types of Foot printing

Learned about Key

DNS Enumeration Features of DNS
10th Oct 2024 Enumeration.

Learned about how to

th
11 Oct 2024 Email Harvesting collect Email address
through public
resources.
Tools for Foot printing and Reconnaissance Learned about the
tools for foot printing.

12th Oct 2024

Ethical Considerations Learned about Email
laws.

13th Oct 2024

 TASK REPORT
TASK-2 (From: 08-10-2024 to 13-10-2024)
Foot printing and Reconnaissance are the initial stages
of ethical hacking, where an attacker or ethical hacker
gathers information about the target system, network, or
organization to identify vulnerabilities. This phase is
crucial as it sets the foundation for planning and
executing attacks or security tests.
1. What is Foot printing?

Foot printing is the process of collecting as much

information as possible about a target system or
network to understand its security posture. It involves
both passive and active methods.
2. Importance of Foot printing
Helps identify potential entry points for an
attack.
Provides a blueprint of the target’s IT
infrastructure.
Aids in developing targeted and efficient
penetration testing strategies.
Reduces the risk of triggering alarms by using
stealthy information-gathering techniques.

3. Types of Foot printing

• Passive Foot printing

Gathering information without direct interaction
with the target.
Techniques include:
Searching public records and websites.
 Using search engines to find sensitive information.
Social media profiling.
WHOIS lookups for domain information.
• Active Foot printing
Involves direct interaction with the target system or
network.
Techniques include:
Scanning IP addresses and ports.
Sending emails or messages to test responses.
Querying DNS servers for information.
• Reconnaissance
Reconnaissance is the broader term for gathering
intelligence, which includes foot printing and other
techniques to collect technical and non-technical data
about the target.
5. Techniques Used in Foot printing and Reconnaissance

Website and Search Engine Analysis:

Using Google hacking techniques like advanced
search operators.
Analyzing the target’s website for technologies used,
directories, and sensitive files.

DNS Enumeration:

Using tools like Nslookup or Dig to gather DNS records.

Identifying subdomains and mail servers.
WHOIS Lookup:
Finding domain ownership and registration details.
 Example tools: WHOIS.net, Domain Tools.
IP and Network Scanning:
Identifying live hosts and open ports. Tools: Nmap,
Angry IP Scanner.

Social Media and Public Data:

Mining social networks for personal and organizational
data.
Checking for leaked credentials and sensitive
information.

Email Harvesting:
Collecting email addresses from public sources. Tools:
Harvester, Email Extractor.

Third-party Services:
Using external services to gain insights about the target,
such as SSL certificates, public repositories, and leaked
databases.
6. Tools for Foot printing and Reconnaissance
Malte go: Visual mapping of relationships and
links. Shodan: Internet-connected device search
engine.
Nmap: Network scanning and host discovery.
Recon-ng: Framework for open-source
reconnaissance. FOCA: Metadata extraction from
public documents.
Google Dorking: Advanced search queries to find
sensitive information.
 7. Ethical Considerations
Always obtain authorization before performing active
reconnaissance.
Use gathered data responsibly and for ethical purposes.
Ensure compliance with local and international
cybersecurity laws.
 ACTIVITY LOG FOR THE 3rd WEEK

Day & Brief description of the daily activity Learning OutcomePerson

Date In-Charge
Signature

Learned About
th
14 Oct 2024 Introduction to Network Scanning Introduction to
Network Scanning

Objectives In Network Scanning Learned about The

Objectives In Network
15th Oct 2024 Scanning

Types Of Network Scanning Learned about Types

OF Network Scanning
16th Oct 2024

Tools Of Network Scanning Learned about the

17th Oct 2024 Tools In Network
Scanning

Ethical Considerations Learned about the

Ethical Considerations

18th Oct 2024

Network scanning is a crucial phase in ethical hacking
and penetration testing, where attackers or security
professionals identify active devices, open ports, and
vulnerabilities in a target network. It builds upon
information gathered during the foot printing and
reconnaissance phases.
1. What is Network Scanning?
Network scanning is the process of identifying live
hosts, services, and vulnerabilities within a network.
This step provides a detailed understanding of the target
environment and helps in pinpointing potential attack
vectors.
2. Objectives of Network Scanning
Discover active devices (hosts) in a network.
Identify open ports and running services.
Detect operating systems and software
versions.
Locate vulnerabilities and misconfigurations.
Prepare for exploitation in the penetration
testing process.
3. Types of Network Scanning

• Port Scanning

Identifies open, closed, or filtered ports on a device.

Determines the services running on open ports.
Tools: Nmap, Mass can.
• Vulnerability Scanning
 Detects known security vulnerabilities in devices and
software.
Helps prioritize remediation.
Tools: Nessus, OpenVAS.
• Network Mapping
Maps the structure of the target network.
Visualizes connections and relationships between hosts.
Tools: SolarWinds Network Mapper, Maltego.
4. Types of Network Scanning Based on Interaction
• Active Scanning
Directly interacts with the target network to gather data.
Provides detailed results but is more likely to be detected.
Example: Sending packets to ports to determine their status.
• Passive Scanning
Monitors network traffic without interacting directly
with devices.
Less likely to trigger alarms but provides limited
data.
Example: Using Wireshark to analyze network
traffic.
4. Techniques Used in Network Scanning
• Ping Sweep
Sends ICMP Echo Requests to multiple hosts.
Identifies live hosts in a network.
Tools: Fping, Hping.
 • Port Scanning
Scans for open ports to determine services running on a host.
Types of port scans:
• TCP Connect Scan: Completes a full TCP handshake.
• SYN Scan: Half-open scan that sends SYN packets.
• UDP Scan: Checks for open UDP ports.
• Xmas Scan: Sends packets with all flags set.

• OS Fingerprinting
Identifies the operating system running on a
host. Tools: Nmap, Xprobe.

• Service Version Detection

Determines the version of software running on open
ports. Tools: Nmap, Netcat.

• Vulnerability Scanning
Matches discovered software versions against known
vulnerabilities.
Tools: Nessus, QualysGuard.

6. Tools for Network Scanning

• Nmap (Network Mapper):
Most popular tool for scanning networks.
Features include port scanning, OS detection, and service
versioning.

• Zenmap:

GUI version of Nmap for easier usability.

• Nessus:

Advanced vulnerability scanner for identifying

weaknesses.
• Angry IP Scanner:

Lightweight tool for scanning IP addresses and ports.

• Wireshark:

Captures and analyzes network packets.

• Masscan:

Fast port scanner capable of scanning the entire Internet.

• Netcat:

Tool for reading and writing data across network

connections.

7. Ethical Considerations

Always perform scanning with proper authorization.

Avoid scanning systems or networks that you do not
own or have permission to test.
Document findings accurately and report them
responsibly.
8. How Network Scanning Fits in Ethical Hacking

Network scanning is part of the Reconnaissance Phase

in penetration testing. After gathering preliminary
information about the target, scanning
• helps in:
Validating active hosts and
services.
Identifying exploitable
weaknesses.
Planning for further exploitation
and attacks.
 ACTIVITY LOG FOR THE 4th WEEK

Day & Brief description of the daily activity Learning Outcome Person
Date In-Charge
Signature

Learned About
16th Aug 2024 Introduction to Enumeration Enumeration

Objectives of Enumeration Learned about network

resources and shared
17th Aug 2024 files

Types of Enumeration Learned about

Network , System ,
18th Aug 2024
Application , SNMP,
DNS.
Techniques Used in Enumeration Learned about the
19 Aug 2024
th
NetBIOS, SNMP,
SMTP.
Tools for Enumeration Learned about the
Nmap,Enum4Linux,
Metasploit.
20th Aug 2024
Common Data Extracted During Enumeration Learned about the
Usernames and
group names&
th
21 Aug 2024 SMTP server details
 TASK REPORT
TASK-4 (From: 16-08-2024 to 21-08-2024)

Enumeration is the process of extracting detailed

information about network resources, user accounts,
shared directories, and system configurations from the
target after identifying active hosts and open ports
during scanning. It involves active engagement with
the target system to gather data that could be used for
exploitation.

1. What is Enumeration?
Enumeration is a process where attackers or ethical
hackers establish active connections with a system and
query it to retrieve more in-depth information. This
stage is often the starting point for exploiting
vulnerabilities identified during scanning.

2. Objectives of Enumeration
Identify network resources and shared files.
Retrieve usernames, group memberships, and machine
names.
Discover service banners and application details.
Gather details about operating systems, DNS records,
and email addresses.
Extract system configuration and routing tables.

3. Types of Enumeration

• Network Enumeration

Identifies network resources like routers, servers, and other

devices.
Retrieves network shares and service banners.
 • System Enumeration
Focuses on discovering system-level information,
such as OS details, user accounts, and services.
• Application Enumeration

Gathers details about applications running on open

ports, such as their versions and vulnerabilities.

• DNS Enumeration
Extracts DNS records like A, MX, NS, and TXT.
Identifies subdomains and misconfigurations.

e. SNMP Enumeration
Uses the Simple Network Management Protocol
(SNMP) to extract data from network devices.

4. Techniques Used in Enumeration

NetBIOS Enumeration:
Retrieves information about shared resources on a
Windows network.
Tools: nbtstat, enum4linux.

SNMP Enumeration:
Extracts data such as network configuration and
routing tables.
Tools: SNMP walk, SolarWinds SNMP Enabler.
LDAP Enumeration:
Queries Lightweight Directory Access Protocol
(LDAP) services for user and group information.
Tools: ldapsearch, JXplorer.

DNS Enumeration:
Extracts DNS records and subdomains.
Tools: Dig, Fierce, DNSRecon.
SMTP Enumeration:
Identifies valid email addresses on mail servers.
Tools: Telnet, Netcat, Metasploit.
Windows Enumeration:
Gathers data about shares, users, and groups in
Windows environments.
Tools: PowerShell, PsExec, WMIC.
Linux/Unix Enumeration:
Retrieves system details like user accounts and
running processes.
Tools: Finger, Rwho, RPCinfo.

5. Tools for Enumeration

Nmap: For service version and OS detection.
Enum4Linux: Linux-based tool for enumerating
Windows systems.
Metasploit: Framework for exploiting vulnerabilities
and gathering information.
Nikto: Web server vulnerability scanner.
Netcat: For banner grabbing and service interrogation.
Dig: For DNS enumeration.
SNMPwalk: Queries SNMP-enabled devices.
6. Common Data Extracted During Enumeration
Usernames and group names.
Network shares and access permissions. Service
banners and software versions.
Email addresses and SMTP server details. DNS
records and domain names.
System policies and configurations.
7. Ethical Considerations
Obtain proper authorization before performing
enumeration.
Use tools responsibly to avoid disrupting services.
Document findings thoroughly for remediation.
8. Enumeration in the Ethical Hacking Lifecycle

Enumeration comes after Scanning and provides

actionable insights for the next phase of ethical
hacking: Exploitation. It is critical for identifying:
Weak passwords and misconfigured access controls.
Outdated software versions prone to exploitation.
Poorly configured DNS or email systems.
 ACTIVITY LOG FOR THE 5th WEEK

Day & Brief description of the daily activity Learning OutcomePerson

Date In-Charge
Signature

Learned About
22nd Aug 2024 Introduction to Vulnerability Analysis Vulnerability
Analysis

Objectives of Vulnerability Analysis Learned about

systems, applications,
23th Aug 2024 and networks.

Types of Vulnerabilities Learned about Type of

24th Aug 2024 ,

Network Operating

System, Application,
Human.

Steps in Vulnerability Analysis Learned about the

25 Aug 2024
th
Identify Assets,
Define Scope,
Perform Scanning,

Tools for Vulnerability Analysis Learned about the

Automated Scanning,
Manual Analysis,
26th Aug 2024
Specialized.
 TASK REPORT
TASK-5 (From: 22-08-2024 to 26-08-2024)

Vulnerability Analysis is the process of identifying,

classifying, and prioritizing security weaknesses in systems,
networks, and applications. It plays a vital role in
understanding the security posture of a target and forms
the basis for remediation efforts to prevent exploitation.

1. What is Vulnerability Analysis?

Vulnerability analysis involves systematically evaluating

systems to discover flaws that could be exploited by
attackers. These vulnerabilities may result from:
Outdated software or misconfigurations.
Weak passwords or poor access controls.
Missing patches or insecure coding
practices.

2. Objectives of Vulnerability Analysis

Identify security flaws in systems, applications, and

networks.
Assess the risk associated with each vulnerability.
Prioritize vulnerabilities for remediation based on
their impact and exploitability.
Provide actionable recommendations to mitigate risks.

3. Types of Vulnerabilities
• a. Network Vulnerabilities

Open ports or insecure network

services.
 Misconfigured firewalls and
routers.
Weak encryption protocols.
• b. Operating System Vulnerabilities
Unpatched software or kernel
flaws. Misconfigured system
services.
Privilege escalation opportunities.
• c. Application Vulnerabilities
SQL Injection, Cross-Site Scripting (XSS), and
buffer overflows.
Poor input validation and insecure
APIs. Outdated libraries and
plugins.
• d. Human Vulnerabilities
Weak or reused passwords.
Lack of awareness of phishing or social engineering
attacks.
Misuse of sensitive data.

4. Steps in Vulnerability Analysis

• Identify Assets:
List systems, applications, and network
components to be analyzed.
• Define Scope:
Decide the boundaries for the analysis (e.g.,
internal network, web applications).
• Perform Scanning:
Use vulnerability scanners to identify potential flaws.
• Analyze Results:
Correlate findings with known vulnerabilities and
assess their severity.

• Report Findings:
Document vulnerabilities, their impact, and suggested
mitigation strategies.

5. Tools for Vulnerability Analysis

• a. Automated Scanning Tools
Nessus: A comprehensive vulnerability scanner for
networks and applications.
OpenVAS: Open-source tool for identifying security
vulnerabilities.
QualysGuard: Cloud-based platform for vulnerability
management.
Rapid7 Nexpose: Provides real-time vulnerability
insights. Nikto: Web server vulnerability scanner.

• b. Manual Analysis Tools

Burp Suite: For analyzing web application vulnerabilities.
Metasploit Framework: For validating vulnerabilities
through exploitation.
Nmap: For service and version detection.
• c. Specialized Tools

OWASP ZAP (Zed Attack Proxy): For web

application security testing.
 Acunetix: For automated vulnerability scanning of web
applications.
Wireshark: For analyzing network traffic vulnerabilities.
1. Types of Vulnerability Scanners

Host-Based Scanners: Evaluate individual systems

for weaknesses.
Network-Based Scanners: Assess networks for
misconfigurations and open ports.
Web Application Scanners: Detect vulnerabilities in web
applications.
Database Scanners: Analyze databases for
misconfigurations and insecure storage practices.

2. Vulnerability Scoring Systems

To evaluate the severity of vulnerabilities, industry-

standard scoring systems are used:

• CVSS (Common Vulnerability Scoring System):

Provides a numerical score (0–10) based on the
risk level.
Categories: Low (0.1–3.9), Medium (4.0–6.9), High
(7.0–8.9), Critical (9.0–10).

• CVE (Common Vulnerabilities and

Exposures): Database of publicly disclosed
vulnerabilities.
Each vulnerability is assigned a unique ID.

• OWASP Top 10:

 List of the most critical web application
vulnerabilities.
 ACTIVITY LOG FOR THE 6thWEEK

Day & Brief description of the daily activity Learning OutcomePerson

Date In-Charge
Signature

Learned About
27th Aug 2024 Introduction to System Hacking Introduction to
System Hacking

Phases of System Hacking Learned about Phases

of Maintaining
28th Aug 2024
Access, Privilege
Escalation, Gaining
Access.

Techniques Used in System Hacking Learned about

Password Cracking,
29th Aug 2024
Exploiting
Vulnerabilities,
Privilege Escalation,
Keylogging.
Challenges in System Hacking Learned about
30th Aug 2024 Detection by Security
Controls, Patching and
Updates, Lack of
Permissions.
 TASK REPORT
TASK-6 (From: 27-08-2024 to 30-08-2024)
System hacking is a critical phase in the ethical hacking
lifecycle where an attacker or ethical hacker attempts to
gain unauthorized access to systems, elevate privileges,
and exploit vulnerabilities identified in earlier phases.
The primary goal is to simulate a real-world attack to
understand security weaknesses and protect against
malicious activities.
1. What is System Hacking?

System hacking is the process of compromising a

system by exploiting its vulnerabilities to gain
unauthorized access, manipulate data, or take control.
Ethical hackers perform this process with permission to
test a system's resilience.
2. Objectives of System Hacking

Gain unauthorized access to the system.

Escalate privileges to gain higher-level control.
Capture sensitive data such as credentials or files.
Install backdoors or maintain persistence for future access.
Understand and remediate the security weaknesses.
3. Phases of System Hacking

• Gaining Access:

Exploiting vulnerabilities to enter the system.

Techniques include password cracking, exploiting software
vulnerabilities, and bypassing authentication mechanisms.
• Privilege Escalation:

Elevating privileges from a standard user to an

administrator or root user.
Exploiting misconfigurations or unpatched
vulnerabilities.

• Maintaining Access:

Installing backdoors, rootkits, or Trojans to retain

access. Ensuring persistence even after a system reboot.

• Clearing Tracks:

Removing evidence of unauthorized access.

Clearing logs and hiding malicious files.

4. Techniques Used in System Hacking

• a. Password Cracking

Methods:
Brute Force Attack: Tries every possible combination.
Dictionary Attack: Uses pre-defined wordlists.
Rainbow Table Attack: Matches hashed passwords to
precomputed hash values.
Tools: John the Ripper, Cain and Abel, Hash cat.

• b. Exploiting Vulnerabilities
Identifying and exploiting software or OS vulnerabilities.
Tools: Metasploit, Exploits in CVE databases.
• c. Privilege Escalation

Techniques:
Exploiting SUID files or unpatched vulnerabilities.
Bypassing UAC (User Account Control) in
Windows.
Tools: Privilege Escalation Exploitation Framework
(PEEF).

• d. Keylogging

Capturing keystrokes to steal

credentials. Tools: Spyrix,
Keylogger Pro.

• f. Backdoor Installation

Injecting malicious code to maintain future

access. Tools: Netcat, Beef.

5. Tools for System Hacking

Metasploit Framework: For exploiting vulnerabilities

and creating payloads.
Hydra: Password cracking tool for network services.
Mimi Katz: For extracting plaintext passwords, hashes,
and Kerberos tickets.
Empire: Post-exploitation tool for maintaining
access. Veil: Bypasses antivirus software to
deliver payloads.
Netcat: Tool for creating backdoors and transferring files.
6. Ethical Considerations
Obtain written permission before attempting system hacking.
 Follow a structured methodology and document each
step. Avoid causing disruption to the target system.
Share findings transparently and assist in
remediation efforts.
7. System Hacking in the Ethical Hacking Lifecycle

System hacking follows Vulnerability Analysis and

focuses on exploiting identified weaknesses. It serves
as a precursor to post-exploitation activities, such as
data exfiltration or persistence.
8. Challenges in System Hacking

Detection by Security Controls: Firewalls, IDS, and

antivirus software can detect hacking attempts.
Patching and Updates: Regularly patched systems
reduce the likelihood of successful exploitation.
Lack of Permissions: Ethical hackers must adhere to
strict legal and ethical boundaries.
9. Defenses Against System Hacking

Use strong and unique passwords with multi-factor

authentication.
Regularly update and patch operating systems and
software. Monitor logs for suspicious activities.
Restrict administrative privileges.
 Student Self Evaluation of the Short-Term Internship

Student Name: Registration No:

Term of Internship: From: To:

Date of Evaluation:

Please rate your performance in the following areas:

Rating Scale: Letter grade of CGPA calculation to be provided

1 Oral communication 1 2 3 4 5
2 Written communications 1 2 3 4 5
3 Proactiveness 1 2 3 4 5
4 Interaction ability with community 1 2 3 4 5
5 Positive Attitude 1 2 3 4 5
6 Self-confidence 1 2 3 4 5
7 Ability to learn 1 2 3 4 5
8 Work Plan and organization 1 2 3 4 5
9 Professionalism 1 2 3 4 5
10 Creativity 1 2 3 4 5
11 Quality of work done 1 2 3 4 5
12 Time Management 1 2 3 4 5
13 Understanding the Community 1 2 3 4 5
14 Achievement of Desired Outcomes 1 2 3 4 5
15 OVERALL PERFORMANCE 1 2 3 4 5

Date: Signature of the

Student
 Evaluation by the Supervisor of the Intern Organization

Student Name: Registration No:

Term of Internship: From: To:

Date of Evaluation

Please rate the student’s performance in the following areas:

Organization Name & Address:

Please note that your evaluation shall be done independent of the
student’s self- evaluation Rating Scale: 1 is lowest and 5 is highest rank

1 Oral communication 1 2 3 4 5
2 Written communication 1 2 3 4 5
3 Proactiveness 1 2 3 4 5
4 Interaction ability with community 1 2 3 4 5
5 Positive Attitude 1 2 3 4 5
6 Self-confidence 1 2 3 4 5
7 Ability to learn 1 2 3 4 5
8 Work Plan and organization 1 2 3 4 5
9 Professionalism 1 2 3 4 5
10 Creativity 1 2 3 4 5
11 Quality of work done 1 2 3 4 5
12 Time Management 1 2 3 4 5
13 Understanding the Community 1 2 3 4 5
14 Achievement of Desired Outcomes 1 2 3 4 5
15 OVERALL PERFORMANCE 1 2 3 4 5

Date: Signature of the Supervisor

 EVALUATION
(Internal Evaluation for the Community Service Project)

INTERNAL ASSESSMENT STATEMENT

Name Of the Student:

Programme of Study:
Year of Study:
Group:
Register No/H.T. No:
Name of the College:
University:

Maximum Marks
Sl. No Evaluation Criterion Marks Awarded
1. Activity Log 20
2. Community Service Project Implementation 30
3. Mini Project Work 25
4. Oral Presentation 25
GRAND TOTAL 100

Date: Signature of the Faculty Guide

Certified by
Date: Signature of the Head of the Department/Principal
Seal: