THE DARK HUB
CAPSTONE PROJECT
BENNETT UNIVERSITY,GREATER NOIDA, 201310,UTTAR PRADESH
This blog is about our capstone project which me(Bandlamudi Vasanth) and my fellow-mate(Yatham Pratheek Reddy) have opted to do in our 7th semester in Bennett University.
Our project is on Ethical hacking field. We as freshers for hacking had great interest in the field opted ethical hacking course in our 6th semester. We could not have proper platform to perform different attacks. And even for performing the attacks we need to be careful as it is illegal. Keeping this in mind we planned to develop a platform, where there will be information about different types of attacks and even the hands on experience on particular attack. We decided this platform will be useful mainly for the freshers who are into ethical hacking or are having ethical hacking as a course in under graduation. So, lets get to know how we have accomplished this platform with all the requirements.
WHAT IS BRUTE FORCE ATTACK?
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security.
A brute force attack is also known as brute force cracking or simply brute force.
There are different range of attacks in a website which the user can perform. The range of these attacks depends on the strength of the password and user id. The types are as follows
- Low level Attack
- Medium level Attack
- High Level Attack
Now lets know about the actual attacks which are done to crack the passwords in the previous years.
We are well aware about GITHUB and Ali Baba’s e-commerce platform which is similar to flipkart. These are infected by the brute force attack
GITHUB(2015)
Perhaps the largest brute-force attack to be recorded in recent history affected GitHub in 2015. This brute-force password-guessing attack proved to be quite successful, as several accounts were compromised in the process. Even though GitHub stores passwords securely, criminals managed to compromise some accounts with relative ease.
•ALIBABA’S TAOBAO (2016)
In February of 2016, it became clear the popular e-commerce platform TaoBao was affected by a massive brute-force attack. This platform, owned by the Alibaba group, saw close to 21 million user accounts getting compromised. This attack took place between October and November of 2015. A database containing 99 million usernames and passwords was used to brute-force existing TaoBao accounts. One in five of these attempts was successful, which highlighted how often people reuse bad passwords.
So to bring some awareness about this we have come up with an idea by developing two websites. One website is developed using HTML and CSS, which contains all the information about the attacks which is useful for the freshers to go through while performing an attack. It also shows the steps which the user have to perform. The other website is developed using PHP, this is a website on which user can get hands on experience on different attacks possible. You can observe the screen shots shown below to get the information more efficiently.
These snapshots are of the website which the user gets the information of attacks and also can subscribe in order to get new updates.
Now you will see the snapshots of the website in which user performs the attack.
Like brute force attack there are many attacks which are trending now-a-days because of the change in strength of the id and passwords by the users. We are planning this as a start-up and developed all the attacks of brute force. We are working on SQL injection now. We are planning just to introduce about SQL injection and introduce into our website as our next step and we will perform various new attacks which are trending by observing the response from the users who are getting some good information going through our website.
For all range of attacks the steps are similar. The below flow chart shows the basic steps which the user should follow to perform the attack. After the below steps there will be some more steps to be followed for medium and high level attacks.
The attack will be continued till the hacker gets the correct credentials. To know more about the attack how to perform and all we are going to upload a video on the website as well as on YouTube. I’ll update the link once the video is done in the bottom of the blog.
This is the snapshot after performing the attack successfully and getting the correct credentials.
The one which has no tick has the correct credentials in it. Remaining all the inputs are of trail until we get the required credentials.
Here is some information about SQL injection.
What is SQL injection?
SQL injection is a most appropriate web hacking measure and can be defined as the data injection process from which the user gets the access to the data base by writing the query which is not totally completed. You can get some clarity once you observe the above snapshot. Let us look into in by considering an example.
Example: CONSIDER THE FOLLOWING SQL QUERY
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;
from this query the hacker gets all the information of the users as 1=1 is always true. userid=105 or 1=1 gives the information of all the users.
THANK YOU
THANKS BENNETT UNIVERSITY FOR PROVIDING A GOOD PLATFORM TO PURSUE MY BACHELORS AND GIVING ME THE OPPORTUNITY TO WORK ON ETHICAL HACKING FIELD.
SPECIAL THANKS TO DR. INDRAJEET GUPTA SIR, WHO HAVE GUIDED US IN A RIGHT WAY WHILE PERFORMING DIFFERENT TASKS IN THE CAPSTONE PROJECT PERIOD.