Unit31. What is a web application? Explain the vulnerabilities in web applications. 7.

7. Define the term password hacking and what are web-based cracking techniques?
Answer:A web application is a software application that runs on a web server and is accessed by users through a web Answer:Password hacking is the process of attempting to gain unauthorized access to user accounts by compromising
browser. Web applications have become ubiquitous in modern society, enabling online services such as e-commerce, their passwords. This can be achieved through various techniques, including brute-force attacks, dictionary attacks, social
social networking, and online banking. However, web applications are also vulnerable to various security threats that can engineering, malware, and exploiting vulnerabilities.Web-Based Password Cracking Techniques:Brute-Force Attacks:
compromise sensitive data, disrupt services, or deface websites.Vulnerabilities in Web Applications:SQL Injection: This Attackers can use automated tools to submit a large number of password guesses to a web application's login
vulnerability occurs when an attacker can inject malicious SQL code into a web application's input fields or parameters, page.Dictionary Attacks: Attackers can use lists of common passwords or words to try and guess userpasswords.Credential
manipulating database queries and gaining unauthorized access to data or modifying data.Cross-Site Scripting (XSS): This Stuffing: Attackers can use stolen credentials from other websites or data breaches to try and gain access to user accounts
vulnerability occurs when an attacker can inject malicious scripts into web pages viewed by other users.Cross-Site Request on the target web application.Exploiting Vulnerabilities: Attackers can exploit vulnerabilities in web applications, such as
Forgery (CSRF): This vulnerability occurs when an attacker tricks a user into performing unwanted actions on a web SQL injection or XSS, to steal passwords or bypass authentication mechanisms.Phishing: Attackers can create fake login
application, such as changing their password or transferring funds.Directory Traversal: This vulnerability allows attackers pages or websites that mimic legitimate websites to trick users into revealing their passwords.
to access files and directories outside the web server's root directory by manipulating file paths or URLs. This can give 8. Define the term authentication and its types.
attackers access to sensitive files, such as configuration files or system logs.File Inclusion: This vulnerability allows Answer:Authentication is the process of verifying the identity of a user or device attempting to access a system or
attackers to include malicious files in web pages, potentially executing code on the server or gaining access to sensitive resource. It ensures that only authorized users or devices can access sensitive information or perform privileged actions.
data. File inclusion vulnerabilities can be exploited by manipulating file paths or input parameters. Types of Authentication:Something You Know: This involves authenticating users based on something they know, such as a
2. What are the phases of web application hacking?Answer:Web application hacking typically involves the following password, PIN, or security question.Something You Have: This involves authenticating users based on something they
phases:Reconnaissance: Gathering information about the target web application, such as its functionality, technologies have, such as a physical token, smart card, or mobile device.Something You Are: This involves authenticating users based
used, and potential vulnerabilities. This may involve using tools like web crawlers, vulnerability scanners, and Google on something they are, such as their fingerprint, facial features, or iris pattern.
hacking techniques.Scanning: Probing the web application to identify vulnerabilities, such as SQL injection, XSS, and CSRF. 9. What is password cracking and name tools used in password cracking?
This may involve using automated vulnerability scanners or manual testing techniques. Answer:Password cracking is the process of attempting to recover or guess a password using various techniques, such as
Exploitation: Exploiting identified vulnerabilities to gain unauthorized access to the web application or its data. This may brute-force attacks, dictionary attacks, rainbow table attacks, or exploiting vulnerabilities. Password cracking tools can be
involve using tools like SQL injection tools, XSS payloads, or CSRF exploits. used for both ethical and malicious purposes.
Maintaining Access: Installing backdoors or other mechanisms to maintain persistent access to the web application or its Tools Used in Password Cracking:John the Ripper: A popular password cracking tool that supports various password
data.Covering Tracks: Removing evidence of the attack to avoid detection. hashing algorithms and cracking techniques.Hashcat: A GPU-accelerated password cracking tool that offers high-
3. Define web application threats and its types.Answer:Web application threats are potential security risks that can performance password recovery capabilities.Cain & Abel: A password recovery tool that supports various password
compromise the confidentiality, integrity, or availability of web applications and their data. These threats can originate cracking techniques, including network sniffing and dictionary attacks.
from various sources, including malicious hackers, disgruntled employees, or accidental errors. Hydra: A network login cracker that supports various protocols and services.
Types of Web Application Threats:External Threats: Originate from outside the organization and may include attacks from Ophcrack: A Windows password cracker that uses rainbow tables to recover passwords.
malicious hackers or cybercriminals.Internal Threats: Originate from within the organization and may include accidental 10. Define SQL injection and name its types.
errors, malicious insiders, or compromised user accounts.Technical Threats: Exploit vulnerabilities in web application code, Answer:SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL
configurations, or infrastructure.Social Engineering Threats: Manipulate or deceive users into revealing sensitive statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL
information or performing actions that compromise security.Physical Threats: Target the physical infrastructure hosting injection must exploit a security vulnerability in an application's software, for example, when user input is either
the web application, such as servers or network devices. incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and
4. Define the terms: A. Threats:A threat is any potential event or action that could cause harm to a system, application, or unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type
data. Threats can be natural, such as a fire or flood, or man-made, such as a cyberattack or social engineering attack. B. of SQL database. Types of SQL Injection:
Malware:Malware (malicious software) is any software designed to harm or exploit a computer system or network. In-band SQLi: This is the most common type of SQL injection, where the attacker uses the same communication channel to
Malware can include viruses, worms, Trojans, ransomware, spyware, and adware. inject malicious SQL code and retrieve the results.
C. Phishing:Phishing is a type of social engineering attack where an attacker attempts to trick a user into revealing Blind SQLi: This type of SQL injection is used when the attacker cannot directly retrieve the results of the injected SQL
sensitive information, such as passwords or credit card numbers, by masquerading as a trustworthy entity. Phishing code. The attacker instead relies on observing the web application's behavior to infer the results.
attacks are often carried out through emails, websites, or text messages that appear to be from legitimate organizations. Error-based SQLi: This type of SQL injection relies on exploiting database errors to retrieve information or manipulate data.
4)What is Google hacking?Answer:Google hacking is a technique used to find sensitive information or vulnerable websites Boolean-based SQLi: This type of SQL injection uses conditional statements to determine if the injected SQL code is being
by using advanced search operators in Google or other search engines. Attackers can use Google hacking to discover executed.
exposed databases, sensitive files, login pages, or vulnerable web applications. Google hacking can be used for both Time-based SQLi: This type of SQL injection uses time delays to determine if the injected SQL code is being executed.
ethical and malicious purposes. Out-of-band SQLi: This type of SQL injection uses alternative channels, such as DNS or email, to retrieve the results of the
5)What are countermeasures to prevent web application vulnerabilities?Answer:Countermeasures to prevent web injected SQL code.
application vulnerabilities involve implementing security measures and best practices to protect web applications from 11. Define vulnerabilities in SQL Server.
attacks and mitigate security risks. These countermeasures can be implemented at various levels, including the Answer:SQL Server vulnerabilities are weaknesses in Microsoft SQL Server database software or configurations that could
application, server, and network levels.Countermeasures:Secure Coding Practices: Using secure coding practices to be exploited by attackers to gain unauthorized access, steal data, or disrupt services. These vulnerabilities can arise from
prevent vulnerabilities such as SQL injection, XSS, and CSRF. This includes input validation, output encoding, and using various sources, including software bugs, misconfigurations, weak passwords, and lack of security updates.
parameterized queries.Web Application Firewalls (WAFs): WAFs are specialized firewalls that can detect and block Common SQL Server Vulnerabilities:SQL Injection: This vulnerability occurs when an attacker can inject malicious SQL code
malicious traffic targeting web applications. WAFs can identify and block attacks such as SQL injection, XSS, and into a SQL Server database, potentially manipulating data or gaining unauthorized access.Weak Passwords: Using weak or
CSRF.Regular Security Assessments: Conducting regular security assessments, including vulnerability scanning and easily guessable passwords for SQL Server logins can make them vulnerable to brute-force or dictionary attacks.Unpatched
penetration testing, can help to identify and mitigate vulnerabilities in web applications.Patch Management: Regularly Vulnerabilities: Failing to install security updates and patches for SQL Server can leave the server vulnerable to known
updating web server software, applications, and frameworks with the latest security patches to address known exploits.Misconfigured Security Settings: Incorrect or insecure security settings, such as overly permissive permissions or
vulnerabilities.Authentication and Authorization: Implementing strong authentication and authorization mechanisms to disabled auditing, can create vulnerabilities.Denial of Service (DoS): SQL Server is susceptible to DoS attacks, which aim to
protect web applications and their data from unauthorized access. make the server unavailable to legitimate users by flooding it with traffic or exploiting vulnerabilities to consume its
resources.

12. What is a buffer overflow? Explain its types.Answer:A buffer overflow occurs when a program attempts to write data 18. Explain WPA Authentication Mechanism.Answer:WPA (Wi-Fi Protected Access) is a security protocol for wireless
beyond the allocated buffer size, overwriting adjacent memory locations with unexpected consequences. This can lead to networks that was introduced to address the weaknesses of WEP. WPA provides stronger encryption and authentication
crashes, data corruption, or even arbitrary code execution, potentially allowing attackers to gain control of the mechanisms to protect wireless communications.WPA Authentication Mechanisms:WPA-PSK (Pre-Shared Key): This is a
system.Types of Buffer Overflows:Stack-Based Buffer Overflow: This is the most common type of buffer overflow, where simpler authentication method that uses a pre-shared passphrase to authenticate devices to the network. WPA-PSK is
the overwritten memory is located on the program's stack. Stack-based buffer overflows can be exploited to overwrite the commonly used in home and small office networks.WPA-Enterprise (802.1X/EAP): This is a more robust authentication
return address of a function, redirecting the program's execution to malicious code.Heap-Based Buffer Overflow: This type method that uses an authentication server, such as a RADIUS server, to authenticate devices to the network.
of buffer overflow occurs when the overwritten memory is located on the program's heap. Heap-based buffer overflows WPA-Enterprise is typically used in enterprise networks where stronger security is required.
can be more difficult to exploit than stack-based buffer overflows, but they can still lead to data corruption or code 19. Explain in detail Wireless Sniffing and its working.Answer:Wireless sniffing is a technique used to capture and analyze
execution.Integer Overflow: This occurs when an arithmetic operation results in a value that is too large to be represented wireless network traffic. It allows attackers to intercept data, steal passwords, or gather information about the network.
by the integer data type, leading to unexpected behavior or vulnerabilities. Wireless sniffing can be performed using various tools, such as Wireshark or Aircrack-ng.How Wireless Sniffing
13. Define stack-based buffer overflow.Answer:A stack-based buffer overflow is a type of buffer overflow where the Works:Monitor Mode: The attacker puts their wireless network adapter into monitor mode, which allows it to capture all
overwritten memory is located on the program's stack. The stack is a region of memory used to store temporary data, wireless traffic within range, not just traffic addressed to the attacker's device.Packet Capture: The attacker uses a packet
such as function parameters, local variables, and return addresses. When a program attempts to write data beyond the sniffer, such as Wireshark, to capture wireless network traffic.Traffic Analysis: The attacker analyzes the captured traffic to
allocated buffer size on the stack, it can overwrite adjacent memory locations, including the return address of a function. identify sensitive information, such as passwords, credit card numbers, or confidential data.
Attackers can exploit this vulnerability to overwrite the return address with the address of malicious code, redirecting the 20. Define the term Rogue Access Point and explain its working.Answer:A rogue access point is an unauthorized wireless
program's execution to their code. access point that is connected to a network without the administrator's knowledge or permission. Rogue access points can
14. Define the term mutation in EH and explain mutation techniques. be set up by attackers to lure users into connecting to a malicious network, potentially stealing their credentials or
Answer:Mutation, in the context of ethical hacking, refers to techniques used to modify malware or exploit code to evade infecting their devices with malware.How Rogue Access Points Work:Setup: The attacker sets up a wireless access point
detection by security software or to make it more difficult to analyze. Mutation techniques can involve changing the with a legitimate-sounding SSID (network name) to attract unsuspecting users.Connection: Users connect to the rogue
code's structure, instructions, or data to create variations that still achieve the attacker's objectives but are not recognized access point, believing it to be a legitimate network. Data Interception: The attacker can then intercept data transmitted
by security tools.Mutation Techniques:Instruction Reordering: Changing the order of instructions in the code without between the user's device and the rogue access point, potentially stealing sensitive information or launching further
affecting its functionality.Code Substitution: Replacing instructions with equivalent instructions or code blocks. Data attacks.Malware Distribution: The attacker can also configure the rogue access point to distribute malware to devices that
Encoding: Encoding or encrypting data within the code to make it more difficult to analyze.Junk Code Insertion: Adding connect to it.
irrelevant or meaningless code to the code to obfuscate its purpose.Polymorphism: Creating multiple versions of the code 21. Explain penetration testing methodology.Answer:Penetration testing methodology is a structured approach to
with different structures or instructions.Metamorphism: Changing the code's structure or instructions each time it is conducting penetration testing to identify vulnerabilities and weaknesses in systems and networks. The methodology
executed. typically involves the following phases:Planning: Defining the scope of the penetration test, identifying the target systems,
15. Explain WEP in detail.Answer:WEP (Wired Equivalent Privacy) is a security protocol for wireless networks that was and establishing the rules of engagement.Reconnaissance: Gathering information about the target systems and
designed to provide confidentiality and integrity for wireless communications. However, WEP has been found to have network.Scanning: Probing the target systems to identify vulnerabilities.Exploitation: Exploiting identified vulnerabilities to
significant security weaknesses and is no longer considered secure.WEP Weaknesses:Weak Encryption: WEP uses the RC4 gain access to the target systems. Maintaining Access: Installing backdoors or other mechanisms to maintain persistent
encryption algorithm, which has been found to have vulnerabilities that can be exploited to recover the encryption key. access to the target systems.Analysis and Reporting: Analyzing the results of the penetration test and documenting the
Short Initialization Vectors (IVs): WEP uses short IVs, which can lead to key reuse and make the encryption vulnerable to findings and recommendations.
attacks.Static Keys: WEP often uses static encryption keys, which are shared by all devices on the network, making them 22. Write a short note on pen test deliverables.Answer:Pen test deliverables are the documents and reports that are
easier to crack. produced as a result of a penetration test. These deliverables typically include:Penetration Test Report: A comprehensive
16. Write different ways to accomplish wireless hacking.Answer:Wireless hacking involves exploiting vulnerabilities in report that documents the findings of the penetration test, including identified vulnerabilities, exploited vulnerabilities,
wireless networks to gain unauthorized access, steal data, or disrupt services. Attackers can use various techniques to and recommendations for remediation.Vulnerability Assessment Report: A report that identifies and assesses security
accomplish wireless hacking, including:WEP Cracking: Exploiting vulnerabilities in WEP encryption to recover the weaknesses in systems and applications.Security Audit Report: A report that evaluates security controls and practices to
encryption key and gain access to the network.WPA/WPA2 Cracking: Using dictionary attacks, brute-force attacks, or ensure compliance with standards and regulations.Remediation Plan: A plan that outlines the steps required to address
exploiting vulnerabilities to crack WPA/WPA2 passwords and gain access to the network.Wireless Sniffing: Capturing and the identified vulnerabilities and weaknesses.
analyzing wireless network traffic to intercept data, steal passwords, or gather information about the network.Rogue 23. Explain automated tools used in penetration testing.Answer:Automated tools play a crucial role in penetration testing
Access Points: Setting up unauthorized access points to lure users into connecting to a malicious network, potentially by automating tasks, scanning for vulnerabilities, and exploiting weaknesses. Some common automated tools used in
stealing their credentials or infecting their devices with malware.MAC Spoofing: Changing the MAC address of a device to penetration testing include:Vulnerability Scanners: Nessus, OpenVAS, QualysGuard, Exploitation Frameworks: Metasploit,
bypass MAC address filtering or impersonate another device on the network.Deauthentication Attacks: Sending Burp Suite, Password Cracking Tools: John the Ripper, Hashcat, Wireless Hacking Tools: Aircrack-ng, Kismet
deauthentication frames to disconnect users from the network, potentially allowing the attacker to launch further attacks Network Scanning Tools: Nmap, Zenmap
or capture authentication credentials. 24. Explain steps to secure wireless networks.
17. Explain Wired Equivalent Privacy (WEP) in detail.Answer:Wired Equivalent Privacy (WEP) is a security protocol for Answer:Securing wireless networks is essential to protect sensitive data and prevent unauthorized access. Steps to secure
wireless networks that was introduced as part of the original 802.11 standard in 1997. It was designed to provide wireless networks include:Use Strong Encryption: Use WPA2 or WPA3 encryption with a strong passphrase to protect
confidentiality and integrity for wireless communications, comparable to that of wired networks. However, WEP has been wireless communications.Enable MAC Address Filtering: Allow only authorized devices to connect to the network by
found to have significant security weaknesses and is no longer considered secure.WEP Security Mechanisms:Encryption: filtering MAC addresses.Disable SSID Broadcast: Hide the network name (SSID) to make it more difficult for attackers to
WEP uses the RC4 encryption algorithm to encrypt data transmitted over the wireless network.Authentication: WEP discover the network.Change Default Credentials: Change the default username and password for the wireless router to
supports two authentication methods: Open System Authentication and Shared Key Authentication. Open System prevent unauthorized access.Keep Firmware Up to Date: Regularly update the wireless router's firmware to patch
Authentication provides no security, while Shared Key Authentication uses a pre-shared key to authenticate vulnerabilities and improve security.Use a Firewall: Use a firewall to block unauthorized access to the network and its
devices.Integrity Check: WEP uses a CRC-32 checksum to verify the integrity of data.WEP Vulnerabilities:Weak Encryption: devices. Implement Intrusion Detection and Prevention Systems: Use IDSs and IPSs to detect and prevent malicious
The RC4 encryption algorithm used by WEP has been found to have vulnerabilities that can be exploited to recover the activity on the wireless network.Regularly Monitor Logs: Monitor wireless network logs for suspicious activity and take
encryption key. Short Initialization Vectors (IVs): WEP uses short IVs, which can lead to IV reuse and make the encryption corrective action as needed.Secure Wireless Clients: Configure wireless clients with strong passwords and security settings
vulnerable to attacks.Static Keys: WEP often uses static encryption keys, which are shared by all devices on the network, to protect them from attacks.Educate Users: Educate users about wireless security best practices, such as avoiding
making them easier to crack. connecting to untrusted networks and using strong passwords.