Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
Uploaded by game world

internship report

advertisement 
VISVESVARAYA TECHNOLOGICAL UNIVERSITY
JNANA SANGAMA, BELAGAVI-590018
AN INTERNSHIP REPORT
ON
CYBER SECURITY & ETHICAL HACKING
Carried out at
KNOWLEDGE SOLUTIONS INDIA
Mode: ONLINE
Student Name: SHREESHA A RAO
USN: 2VD17CS039
Department of Computer Science and Engineering
KARNATAK LAW SOCIETY’S
VISHWANATHARAO DESHPANDE INSTITUTE OF TECHNOLOGY
HALIYAL-581329
2020-2021
2
1
KARNATAK LAW SOCIETY’S
VISHWANATHARAO DESHPANDE INSTITUTE OF TECHNOLOGY
HALIYAL-581329, UTTARA KANNADA, KARNATAKA
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Certificate
This is to certify that Mr. Shreesha A Rao bearing USN 2VD17CS039 has carried out the
internship program on “Cyber Security & Ethical Hacking” at Knowledge Solutions India,
Pune from 04-10-2020 to 18-11-2020. This work is carried out in partial fulfillment of the
requirements of final year B.E. Degree course in Computer Science and Engineering of
Visvesvaraya Technological University, Belagavi, during the year 2020-2021.
Internal Examiner
Head of Department
External Examiner
2
1
Principal
ACKNOWLEDGEMENT
The internship opportunity I had with Knowledge Solutions India was a great chance for
learning and professional development. I am also grateful for having a chance to meet so many
wonderful people and professional who led me though this internship period.
Bearing in mind previous I am using this opportunity to express my deepest gratitude and
special thanks to the Mr. A K Lala, Founder & CEO of Knowledge Solutions India who in spite of
being extraordinarily busy with his duties, took time out to hear, guide and keep me on the correct
path and allowing me to carry out my project at their esteemed organization and extending during
the training.
I express my deepest thank to Mr. Rajkumar Bhunia, Senior software Engineer for taking
part in useful decision & giving necessary advices and guidance. I choose this moment to
acknowledge his contribution gratefully.
I express my deepest gratitude to the honorable principal, Dr. V. A. Kulkarni, KLS’s
Vishwanathrao Deshpande Institute of Technology, Haliyal, for providing an opportunity to attend
and complete internship at Knowledge Solutions India. I express my profound sense of gratitude to
Prof. Poornima Raikar, Head of the Department of computer science and Engineering, for giving
this opportunity and for her guidance. I avail this opportunity to express my sincere gratitude to my
whole department, for their guidance, valuable suggestions.
I perceive as this opportunity as a big milestone in my career development. I will strive to
use gained skills and knowledge in the best possible way, and I will continue to work on their
improvement, in order to attain desired career objectives.
Sincerely
Shreesha A Rao
i
2
1
ABSTRACT
Knowledge Solutions India Pvt, Ltd is IT enabled Service Company located at Pune is
a leading and well-known software company in Pune, which offers web designing and
development, cyber security, ethical hacking, Microsoft MTA Certification course, end-to-end ecommerce solution, digital marketing service, mobile application development, customized software
development and other IT solutions across India. Knowledge Solutions India Pvt, Ltd is IT enabled
services platform where they provide solutions to every enterprise need which is feasible to
organizational processes.
During the internship at Knowledge Solutions India , I have worked on various fields
in Cyber Security & Ethical Hacking. This includes study on different types of cyber-attacks like
D-DOS, SQL Injection, Keylogger attack. Exposure to a company during the course of under
graduation was a great opportunity to learn work experience and environment of the companies.
Involvement, cooperation and coexistence with the other interns and their projects were notable
lessons.
Based on this I did my project on Dictionary Attack Using MD5 HASH which is used
to crack a password using a dictionary of probable passwords. Using the technique of hashing using
the MD5 encryption.
ii
2
1
List Of Figures
Figure No
Title
Page No
Figure 3.1
DICTIONARY ATTACK
5
Figure 3.2
ACCESS CIPHER
6
Figure 3.3
GENERATE MD-5 HASHCODE
7
Figure 3.4
REQUIRED MD-5 HASHCODE
7
Figure 3.5
PROGRAM FOR ATTACK
8
Figure 3.6
ATTACK OUTPUT WINDOW
8
iii
2
1
TABLE OF CONTENTS
Sl. No.
Title
Page No.
1
Acknowledgement
i
2
Abstract
ii
3
List of Figures
iii
4
Introduction
5
Overview
6
Training Program
04 - 08
7
Learning Experience
09 - 10
8
Conclusion
11
9
Table of marks
12
Internship Certificate Issued By the Organization
13
01 - 02
03
iv
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
CHAPTER 1
INTRODUCTION
Knowledge Solutions India has a journey of building new technologies and to serve
the needs
of customer in the field of IT with better products, technology, service and good
after sales support.
Knowledge Solutions India specialist IT supports team work across all the area of IT.
This service allows us to consolidate compressive managed services into modern technologies
such as web designing, internet marketing services, E-commerce solution and other emerging
services technologies thus enriching the offerings. Modern IT environment becomes very
complex with continuous updating trends. Manger with Business software such as business
intelligence, accounts, payroll, customer relationship Management (CRM) or Enterprise
Resource Planning (ERP), transportation and much more.
VARIOUS FIELDS IN WHICH THE COMPANY OFFERS SERVICE:
•
Machine Learning:
Machine Learning, an application of artificial intelligence (AI) that provides systems the ability
to automate learning and improving from past experiences without being explicitly
programmed, bundled with Microsoft MTA Certification
•
Data Science:
Data science and how to use scientific methods, processes, algorithms and systems to extract
knowledge and insights from structured and unstructured data as one of the hottest professions
in the market today, bundled with Microsoft MTA Certification.
•
Java Certification:
Java one of the most popular programming languages used in the development of Web and
Mobile applications. It is designed for flexibility, allowing developers to write code that would
run on any machine, regardless of architecture or platform Bundled with Microsoft MTA
Certification
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
1.1 Ethical Hacking
Ethical hacking & IT security requirements are different from each person, like a normal
computer user want to protect their information’s from virus, etc and a student want to break his
friends email accounts, college teachers accounts and valuable information’s as per their needs.
System administrators want to maintain information’s safely from outside and inside attacks.
Also maintain logs threads to investigate an attack. A business man wants to protect their
information’s securely from outside and inside attacks, some of businessman interested in
intelligence on competitors for their business benefits, following are others interests.
1. To protect the sensitive information’s in the company’s database. A company’s database will
usually not just contain information about company itself, but also data about its clients and
employees. As such, should malicious hackers be able to breach the system, they could very well
get their hands on information involving a lot of people in one go.
2. To protect the database itself. Malicious hackers may not just steal the information in your
system. To add insult to injury, they can also send viruses into your system that could very well
corrupt it and wipe out everything in your database. This means the company losing a lot of very
important information.
3. To protect a business interests of the company. If the database of a company is left unsecured and
malicious hackers are able to gain access to the information in it, the company can very well lose
the respect of its clients, partners and the business worlds.
A forensic analysist want to investigate cyber cases to find out cyber criminals so he need
latest technology to solve all issues in minimum time and penetration testers want to find loopholes
in software’s or network services to reduce risk.
A black hat hacker want to steal TOP SECRET information’s from business and military
computers for different agenda, now everything is depend on information’s it may be for national
security or war plans etc, like China is more interested to steel valuable information’s from USA,
India, South Korea, Japan, Thailand, Vietnam, etc.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
CHAPTER 2
OVERVIEW
PLAN OF THE INTERNSHIP
The internship performed at Knowledge Solutions India consisted of work on various
fields as per the requirements of the company. The duration of the internship was of one month,
dated from 10/07/2019 to 10/08/2019 and the office timing was from 10:00 AM to 5:00 PM.
The fields on which the work was assigned comprised of domains related to Computer
Science branch. The domain of computer science branch related assignments were carried out
for the duration of two weeks. The remaining period of the internship (i.e. two weeks) mainly
focused on domain of linux application and projects assigned.
In the due course of my internship, I was introduced to Kali Linux, which helps
developers with tools needed to build applications for the Linux platform. Basically, I got to
know about the Linux Operating System.
I was showed to create, design and implement cyber-attacks. I got to know about view
groups and started implementing in building environment, which helped us in providing basic
interface of the cyber-attacks. Later I started implementing second level tasks in setting a
attack. Finally, I worked on project called Dictionary Attack Using MD5 HASH.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
CHAPTER 3
TRAINING PROGRAM
•
Importance of information security in today’s world.
•
Elements of security.
•
Various phases of the Hacking Cycle.
•
Types of hacker attacks.
•
Hacktivism.
•
Ethical hacking.
•
Vulnerability research and tools.
•
Steps for conducting ethical hacking.
•
Computer crimes and implications.
TOOLS WE LEART
•
STUDY ON KALI LINUX:
Kali Linux is a Debian-derived Linux distribution designed for digital forensics
and penetration testing. It is maintained and funded by Offensive Security. Kali Linux has
around 600 pre-installed penetration-testing programs (tools), including Armitage (a
graphical cyber-attacks management tool), Nmap (a port scanner), Wireshark (a packet
analyzer), metasploit (penetration testing framework, awarded as the best penetration
testing software), John the Ripper (a password cracker), sqlmap (automatic SQL injection
and database takeover tool), Aircrack-ng (a software suite for penetration-testing wireless
LANs), Burp suite and OWASP ZAP web application security scanners etc.
•
STUDY ON DIFFERENT APPLICATIONS:
WIRESHARK: Wireshark is the world’s foremost network protocol analyzer. It lets you
see what’s happening on your network at a microscopic level. It is the de facto (and often
de jure) standard across many industries and educational institutions. Wireshark
development thrives thanks to the contributions of networking experts across the globe. It
is the continuation of a project that started in 1998.
NMAP: Nmap (“Network Mapper”) is a free and open source (license) utility for network
discovery and security auditing. Many systems and network administrators also find it
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine
what hosts are available on the network, what services (application name and version)
those hosts are offering, what operating systems (and OS versions) they are running, what
type of packet filters/firewalls are in use, and dozens of other characteristics. It was
designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on
all major computer operating systems, and official binary packages are available for Linux,
Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the
Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data
transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results
(Ndiff), and a packet generation and response analysis tool (Nping).
SQLMAP: sqlmap is an open source penetration testing tool that automates the process of
detecting and exploiting SQL injection flaws and taking over of database servers. It comes
with a powerful detection engine, many niche features for the ultimate penetration tester
and a broad range of switches lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing commands on the
operating system via out-of-band connections.
3.1 Internship Project
TITLE: DICTIONARY ATTACK USING MD5 HASH
3.1.1 DICTIONARY ATTACK
A dictionary attack is a brute-force technique where attackers run through
common words and phrases, such as those from a dictionary, to guess passwords. The
fact people often use simple, easy-to-remember passwords across multiple accounts
means dictionary attacks can be successful while requiring fewer resources to execute.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
Figure 3.1: DICTIONARY ATTACK
3.1.2 JOURNEY OF A DICTIONARY ATTACK
•
The Test Password Is In The Form Of Hashcode.
•
Hash Code For The Password Is To Be Matched.
•
A Dictionary Of All Possible Common Passwords Are Compared.
•
The Hash Code Of The List Of Dictionary Passwords Is Matched With The
Hash Of The Test Hash Code.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
3.1.3 ACCSSING HASHCODE OF THE CIPHER
Figure 3.2: ACCESS CIPHER
This is the very first step where we access the hashcode of a cipher text, since this
is just the demonstration of a dictionary attack, I have created an application where I first
generate a MD-5 hashcode for any given password. In real world scenario the password is in a
cipher format that cannot be read directly. At this step we generate our own MD-5 hashcode.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
3.1.4 GENERATING THE MD-5 HASHCODE
Figure 3.3: GENERATE MD-5 HASHCODE
The hashcode for the given password string is generated using the current code
Figure 3.1.4 and the resultant hash is displayed in Figure 3.1.5.
Figure 3.4: REQUIRED MD-5 HASHCODE
The following Figure 3.1.5 shows the MD-5 hash generated for the brute for
attack to be done.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
3.1.5 DICTIONARY ATTACK USING BRUTE FORCE
Figure 3.5: PROGRAM FOR ATTACK
The Figure 3.1.5.1 shows the function for the brute force attack using the previous
hashcode that we generated for the attack purpose. Here the test hash is used and compared with
the hash of each and every common password list string. On confirmation of the match the
program displays the found string.
Figure 3.6: ATTACK OUTPUT WINDOW
The final output is displayed the window and shows us that our brute force attack
i
l
d h
di b
d i h
2
d
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
CHAPTER 4
LEARNING EXPERIENCE
•
Knowledge gained:
I have completed my internship for one month in Knowledge Solutions India. Through
this internship I was exposed to various activities which were unknown to me and some other
work which was known to me. Everyone in the company were very welcoming and willing to
help and guide me to succeed. I was able to work as a team. I was also able to work on the
things by my own after being given initial direction. I learned new things which were totally
unknown for me like building Linux applications.
I acquired knowledge regarding different types of applications by making using the
linux platform. I enriched my knowledge on the room and learnt different attacks. I felt like
internship is not the way of spoon feeding to learn the things. It is about learning the things and
working independently. After completion of my internship I got to know that having the
capacity to work independently with the little guidance provided is the very important in
today’s professional world.
•
Skills acquired:
It was a great opportunity which I have got to improve my skills, and be a better
skilled person to fit into the professional life. Team work is the ability to work with team
members and being able to adapt in order to complete the project. We were thought to work
with all the team members for achieving the common goal. Time management is also another
important skill I can say, where given a task which should be able to complete it within the
given time.
It was my first experience in the company where I got to know the set of protocols,
about the communication with other people, being professional while talking. I got a chance to
work with the people coming from different place. And got to know how to behave, how to
work as a team, how to be sincere, how to work dedicatedly towards work and to make myself
to be opened to learn new things.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
•
Observed attitudes and gained value:
This is my report after I completed my internship at Knowledge Solutions India . It
was a great experience for me to learn beyond my academics. It was a fabulous opportunity for
me to learn and gain knowledge before I enter into my professional life. Working in the
professional field was a different atmosphere apart from my college and although at the
beginning it was difficult but it was a great opportunity to actually understand the company
atmosphere, how the company works, ability to interact with people in a professional world.
Experiencing the professional world will definitely help us to be more confident about
the business set up. To work in the professional filed there will be set of protocols to be
followed, everything in the professional world is operated in systematic manner. Working in a
company helped me to increase my communication skill, the way to communicate with the
subordinates, the other employees, and to work in the team with assigned project. It was a great
chance given to me to know well about the professional world and how I should be in that
environment before I enter into my professional field.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
CONCLUSION
After completion of my internship training, I could understand more about the company
environment and helped to prepare myself to become skilled and more professional to fit in to
professional field. At the beginning days of my internship I was assigned to learn or gain
knowledge about Linux and to study about company’s atmosphere. Later the team was made and
was assigned with the project throughout my internship, and was able to understand more about
the real professional world. It was an industrial exposure for me which would work with a set of
rules, and everything in the systematic manner. I sincerely and dedicatedly worked to gain more
knowledge on the new things. I studied about the projects assigned to us and initially we began
with the working of basic applications to complex applications.
To conclude with I learnt about different types of cyber-attacks and the preventionary
measures that are to be taken to avoid such attacks. Cyber security is the most important division
of any company. Ethical hackers are helping the community from the cyber-crimes and protecting
the private and valuable data.
2
1
INTERNSHIP REPORT ON CYBER SECURITY & ETHICAL HACKING
INTERNSHIP CERTIFICATE ISSUED BY THE
ORGANIZATION
2
1
Related documents
English 380: Intention to Intern in the English Department
English 380: Intention to Intern in the English Department
Download
advertisement