Summer Industry Internship – I Report

On

Ethical Hacking Virtual Internship

During

III Year I Semester Summer

Submitted to

The Department of Computer Science and Engineering-IOT

In partial fulfillment of the academic requirements of
Jawaharlal Nehru Technological University

For

The award of the degree of

Bachelor of Technology

In

Computer Science and Engineering-IOT

By

Bathala Murali
(23315A6901)

Name of Internship Co-ordinator : Mrs. C. Swetha

Designation : Assistant Professor

Sreenidhi Institute of Science and Technology

Yamnampet, Ghatkesar, R.R. District, Hyderabad - 501301
 CERTIFICATE

This is to certify that this Summer Industry Internship – I Report on “Ethical Hacking Virtual Internship ”,
submitted by Bathala Murali (23315A6901) in the year 2024 in partial fulfillment of the academic
requirements of Jawaharlal Nehru Technological University for the award of the degree of Bachelor of
Technology in Computer Science and Engineering-IOT , is a bonafide work in industry internship that has
been carried out during III B Tech CSE-IOT I Semester Summer, will be evaluated in III B Tech CSE-
IOT I Semester , under our guidance. This report has not been submitted to any other institute or university
for the award of any degree.

Mrs. C. Swetha Dr. T. Venkat Narayana Rao

Assistant Professor Head of Department CSE-IOT
Department of CSE-IOT
Internship Coordinator

External

Examiner Date:-
 DECLARATION

I , Bathala Murali (23315A6901) student of SREENIDHI INSTITUTE OF SCIENCE AND TECHNOLOGY,

YAMNAMPET, GHATKESAR, studying III year I semester, CSE-IOT solemnly declare that the Summer Industry

Internship-I Report, titled “Ethical Hacking Virtual Internship ” is submitted to SREENIDHI INSTITUTE
OF SCIENCE AND TECHNOLOGY for partial fulfillment for the award of degree of Bachelor of
technology in COMPUTER SCIENCE AND ENGINEERING-INTERNET OF THINGS.

It is declared to the best of our knowledge that the work reported does not form part of any dissertation submitted to
any other University or Institute for award of any degree

Bathala Murali
23315A6901
 ACKNOWLEDGEMENT

I would like to express my gratitude to all the people behind the screen who helped me to transform an idea into a real
application.

I would like to thank my Project co- ordinator Mrs. C. Swetha for his technical guidance, constant encouragement and
support in carrying out my project at college.

I profoundly thank Dr. T. Venkat Narayana Rao, Head of the Department of Computer Science & Engineering –IOT
who has been an excellent guide and also a great source of inspiration to my work.
I would like to express my heart-felt gratitude to my parents without whom I would not have been privileged to achieve
and fulfill my dreams. I am grateful to our principal, Dr. T. Ch. Siva Reddy, who most ably run the institution and has
had the major hand in enabling me to do my project.
The satisfaction and euphoria that accompany the successful completion of the task would be great but incomplete
without the mention of the people who made it possible with their constant guidance and encouragement crowns all the
efforts with success. In this context, I would like thank all the other staff members, both teaching and non-teaching,
who have extended their timely help and eased my task.

BATHALA MURALI
23315A6901
 ABSTRACT

The internet has considerably enhanced various business critical operations of company's indifferent
industry sectors across the globe. However, as more and more organizations become partially or completely
dependent on the internet, computer security and the serious threat of computer criminals comes to the
foreground. The explosive growth of the Internet has brought many good things: electronic commerce,
easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for
advertising and information distribution, to name a few.

As with most technological advances, there is also a dark side: criminal hackers. Governments,
companies, and private citizens around the world are anxious to be a part of this revolution, but they are
afraid that some hacker will break into their Web server and replace their logo with pornography, read
their e-mail, steal their credit card number from an on-line shopping site, or implant software that will
secretly transmit their organization's secrets to the open Internet. With these concerns and others, the
ethical hacker can help.

Unfortunately, most organizations across the globe continue to remain oblivious of the threat.posed by
computer criminals, corporate espionage and cyber terrorism. Ethical Hacking attempts to pro-actively
increase security protection by identifying and patching known security vulnerabilities on systems owned
by other parties.
 TABLE OF CONTENTS

S.NO. CONTENT PAGE NO.

1. Executive Summary 11
1.1 Course Learnings Objectives 2
1.2 Course Outcomes 2
2. Overview of the Organization 3
2.1 Introduction of the Organization 3
2.2 Vision 3
2.3 Academy on Barding 3
2.4 Skill Training 3
2.5 Industry Certificate 3
2.6 Placement Linkage 3
2.7 Awards & Recognitions 4
2.8 Future Plans of the Organization 4
3. Internship Part 5
3.1 Intern’s day-to-day Responsibilities include 5
3.2 Software Requirements 5
3.3 Hardware Requirements 5
3.4 Working Conditions 5
4. weekly report 6
4.1 Activity log for first week 6

4.2 Activity log for second week 8

4.3 Activity log for third week 10

4.4 Activity log for fourth week 12

4.5 Activity log for fifth week 14

4.6 Activity log for sixth week 16

4.7 Activity log for seventh week 18

4.8 Activity log for eighth week 20

4.9Activity log for ninth week 22

4.10 Activity log for tenth week 24

5. Project 26
5.1 Install Required Libraries 26
5.2 python code for email spam detection 26
5.3 Explanation of Code 27
5.4 Improving the Model 28
5.5 Output Screens 28
6. Outcomes description 30
5.1 Describe the work environment you have experienced. 30
5.2 Describe the real time technical skills you have acquired. 30
5.3 Describe the managerial skills you have acquired. 30
7. Conclusion 31
7.1 Bibliography 32
8. Appendix 33
 1. EXECUTIVE SUMMARY

The Ethical Hacking Virtual Internship offers participants the opportunity to gain practical experience in
the field of cybersecurity, focusing on ethical hacking techniques, tools, and methodologies. This
internship is designed for individuals who seek to develop hands-on skills in identifying and mitigating
security vulnerabilities within computer networks, systems, and applications. Through a series of virtual
assignments, practical labs, and guided exercises, participants will be exposed to real-world security
challenges and learn how to simulate cyber-attacks in a controlled environment to strengthen defenses.
The internship is ideal for aspiring ethical hackers, penetration testers, and cybersecurity professionals
seeking to enhance their knowledge and technical abilities.

The primary objective of the Ethical Hacking Virtual Internship is to equip participants with the
necessary tools and knowledge to perform ethical hacking activities in various digital environments. This
includes:

1. Participants will learn the ethical standards, legal frameworks, and industry best practices that guide
ethical hackers in their work.

2. Interns will gain practical experience with industry-standard tools such as Kali Linux, Metasploit,
Wireshark, Burp Suite, and Nmap, which are essential for vulnerability assessment and penetration
testing.

3. Interns will apply techniques such as footprinting, scanning, enumeration, and exploitation to identify
security flaws and weaknesses in networks, systems, and web applications.

4. Participants will learn how to secure vulnerable systems and patch exploits, ensuring that
organizations can mitigate potential risks and improve their overall cybersecurity posture.

5. Through collaborative tasks and discussions, interns will have opportunities to interact with
cybersecurity experts and like-minded peers, fostering professional connections and enhancing their
future career prospects.

The internship is divided into modules that progressively build on each other. Each module includes
interactive lessons, virtual labs, and assessment exercises. Key components of the internship include:

1. Introduction to Ethical Hacking:

- Concepts of ethical hacking and its distinction from malicious hacking

- Legal and ethical considerations in cybersecurity

- Overview of common cybersecurity threats and attack vectors

1
2. Reconnaissance and Scanning:

2
 - Information gathering (footprinting) techniques

- Network scanning and vulnerability assessment tools

- Introduction to Nmap, Nessus, and other reconnaissance tools

3. System Hacking and Exploitation:

- Understanding system vulnerabilities (e.g., buffer overflow, privilege escalation)

- Exploiting systems using Metasploit and other tools

- Methods of bypassing security controls

4. WebWebplication Security:

- Introduction to web application vulnerabilities (e.g., SQL injection, Cross-Site Scripting)

- Using Burp Suite for penetration testing

- Security best practices for web applications

5. Wireless Network and Social Engineering Attacks:

- Understanding Wi-Fi security protocols and vulnerabilities

- Techniques for cracking passwords and intercepting communications

- Social engineering tactics and prevention measures

6. Post-Exploitation and Reporting:

- Techniques for maintaining access and covering tracks

- Creating detailed vulnerability reports

Program Structure The internship is structured in a flexible, virtual format that allows interns to learn

at their own pace while participating in live sessions, practical labs, and group discussions.

The virtual nature of the program ensures that participants from diverse geographical locations can access the
training.

3
OVERVIEW OF THE ORGANIZATON

2.1 INTRODUCTION OF THE ORGANIZATION

EduSkills is a Non-profit organization which enables Industry 4.0 ready digital workforce
in India. EduSkills vision is to fill the gap between Academia and Industry by ensuring world
class curriculum access to their faculties and students.

2.2 VISION
To be a world class organization leading technological and socioeconomic development
of the country by enhancing the global competitiveness of technical man power by ensuring
high quality technical education to all sections of thesociety.
2.3 ACADEMY ON BOARDING
Academy on boarding is the part of the process to establish a platform, to connect
Academia with Corporate to overcome theskill gap at the earliest.

2.4 SKILL TRAINING

Edu Skills Foundation is transforming the vision of "Skilled India" through various
cutting edge inter disciplinary skills to minimize the scarcity, in turn, making them self-
independent.

2.5 INDUSTRY CERTIFICATE

Only Skills without certification does not benefit in long run. To maintain a sustainable
career. Industry certifications are very much required. We provide platform to go through the
required training as well as the corresponding certifications.
2.6 PLACEMENT LINKAGE
We are not confined to provide skilling platform only, but also connect IT/ITES and
Core industries to hire our trained candidate pool. Entrepreneurship We promote more job
provider than job seekers' by conducting several programs.

2.7 AWARDS & RECOGNITIONS

The Academies & Instructors are the backbone to make every program successful. We
take care of our instructors. Who really contribute to the growth of these programs .

4
WEBISTE : aicte-india.org

FOUNDED : November 1945

SECTOR : Technology Education

HEADQUARTERS : New Delhi

AGENCY EXECUTIVE : Anil Sahasra budhe

(Chairperson) PARENTAGENCY : Department of Higher

Education TYPE : Statutory Corporation

2.8 FUTURE PLANS OF THE ORGANIZATION

The company:

• plan to expand our production facilities

• intend to continue our focus on training

• intend to enhance our value-added services

• intend to penetrate new industries, expand sales network and enhance brand
awareness

• intend to growour business through joint ventures and acquisition.

5
 3. INTRODUCTION

Ethical hacking also known as penetration testing or whitehat hacking, involves the same tools,
tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal.
Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover
vulnerabilities from a hacker’s viewpoint so systems can be better secured. It’s part of an overall
information risk management program that allows for ongoing security improvements. Ethical hacking
can also ensure that vendors’ claims about the security of their products are legitimate.

Security:

Security is the condition of being protected against danger or loss. In the general sense, security
is a concept similar to safety. In the case of networks the security is also called the information
and information systems from unauthorized access, use, disclosure, disruption, modification, or
destruction

Need of Security:

Computer security is required because most organizations can be damaged by hostile software or
intruders. There may be several forms of damage which are obviously interrelated which are
produced by the intruders. These include:

● lose of confidential data

● Damage or destruction of data security.

● Damage or destruction of computer system

● Loss of reputation of a company

Hackers:

Eric Raymond, compiler of “The New Hacker's Dictionary”,

defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming

problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that

qualify one as a hacker, which we paraphrase here:

6
● A person who enjoys learning details of a programming language or system

● A person who enjoys actually doing the programming rather than just

theorizing about it

● A person capable of appreciating someone else's hacking

● A person who picks up programming quickly

● A person who is an expert at a particular programming language or system

Types of Hacker:

Hackers can be broadly classified on the basis of why they are hacking system or why the are

indulging hacking. There are mainly three types of hacker on this basis

● Black-Hat Hackers
A black hat hackers or crackers are individuals with extraordinary computing

skills, resorting to malicious or destructive activities. That is black hat hackers use their

knowledge and skill for their own personal gains probably by hurting others.

● White-Hat Hackers
White hat hackers are those individuals professing hacker skills and using them for

defensive purposes. This means that the white hat hackers use their knowledge and skill for the

good of others and for the common good.

● Grey- Hat Hackers

These are individuals who work both offensively and defensively at

various times. We cannot predict their behaviour. Sometimes they use their skills for the

common good while in some other times he uses them for their personal gains.

7
 Different types of Attacks

Ethical Hacking:

• Ethical hacking – defined as “a methodology adopted by ethical hackers to discover the

vulnerabilities existing in information systems’ operating environments.”

• With the growth of the Internet, computer security has become a major concern for

businesses and governments.

• In their search for a way to approach the problem, organizations came to realize that

one of the best ways to evaluate the intruder threat to their interests would be to have

independent computer security professionals attempt to break into their computer

systems.

What do an Ethical Hacker do?

An ethical hacker is a person doing ethical hacking that is he is a security personal

8
who tries to penetrate in to a network to find if there is some vulnerability in the system. An

ethical hacker will always have the permission to enter into the target network. An ethical hacker

will first think with a mindset of a hacker who tries to get in to the system.

He will first find out what an intruder can see or what others can

see. Finding these an ethical hacker will try to get into the system with that information in

whatever method he can. If he succeeds in penetrating into the system then he will report to

the company with a detailed report about the particular vulnerability exploiting which

he got in to the system. He may also sometimes make patches for that particular vulnerability

or he may suggest some methods to prevent the vulnerability.

Required Skills of an Ethical Hacker:

• Microsoft: skills in operation, configuration and management.

• Linux: knowledge of Linux/Unix; security setting, configuration, and services.

• Firewalls: configurations, and operation of intrusion detection systems.

• Routers: knowledge of routers, routing protocols, and access control lists

• Mainframes

• Network Protocols: TCP/IP; how they function and can be manipulated.

• Project Management: leading, planning, organizing, and controlling a penetration

testing team.

9
ETHICAL HACKING COMMANDMENTS :

Every ethical hacker must abide by a few basic commandments. If not, bad things can

happen. The commandments are as follows:

• Working ethically :

The word ethical in this context can be defined as working with high profes-sional

morals and principles. Everything you do as an ethical hacker must be aboveboard and must

support the company’s goals. No hidden agendas are allowed! Trustworthiness is the ultimate

tenet. The misuse of information is absolutely forbidden.

• Respecting privacy :

Treat the information gathered with the utmost respect. All information you obtain

during your testing — from Web-application log files to clear-text passwords — must be

kept private. If you sense that someone should know there’s a problem, consider sharing that

information with the appropriate manager.

• Not crashing your systems :

One of the biggest mistakes hackers try to hack their own sys- tems is

inadvertently crashing their systems. The main reason for this is poor planning. These testers

have not read the documentation or misunderstand the usage and power of the security tools

and techniques.

10
Methodology of Hacking:

As described above there are mainly five steps in hacking like reconnaissance,

scanning, gaining access, maintaining access and clearing tracks. But it is not the end of the

process. The actual hacking will be a circular one. Once the hacker completed the five steps then

the hacker will start reconnaissance in that stage and the preceding stages to get in to the next

level.The various stages in the hacking methodology are

● Reconnaissance

● Scanning & Enumeration

● Gaining access

● Maintaining access

● Clearing tracks

Reconnaissance:

The literal meaning of the word reconnaissance means a preliminary survey to gain

information. This is also known as foot-printing. This is the first stage in the methodology

of hacking. As given in the analogy, this is the stage in which the hacker collects information

about the company which the personal is going to hack. This is one of the pre-attacking phases.

Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible

attack vectors that can be used in their plan.

Scanning & Enumeration :

Scanning is the second phase in the hacking methodology in which the hacker tries to make a

blue print of the target network. It is similar to a thief going through your neighborhood and

11
checking every door and window on each house to see which ones are open and which ones are

locked. The blue print includes the ip addresses of the target network which are live, the services

which are running on those system and so on. Usually the services run on predetermined

ports.There are different tools used for scanning war dialing and pingers were used earlier but

now a days both could be detected easily and hence are not in much use. Modern port scanning

uses TCP protocol to do scanning and they could even detect the operating systems

running on the particular hosts.

Enumeration :

Enumeration is the ability of a hacker to convince some servers to give them information that

is vital to them to make an attack. By doing this the hacker aims to find what resources and

shares can be found in the system, what valid user account and user groups are there in the

network, what applications will be there etc. Hackers may use this also to find other hosts in

the entire network.

Gaining access :

This is the actual hacking phase in which the hacker gains access to the system.

The hacker will make use of all the information he collected in the pre-attacking phases.

Usually the main hindrance to gaining access to a system is the passwords. System hacking can

be considered as many steps. First the hacker will try to get in to the system. Once he get in to

the system the next thing he want will be to increase his privileges so that he can have more

control over the system. As a normal user the hacker may not be able to see the confidential

details or cannot upload or run the different hack tools for his own personal interest. Another
12
way to crack in to a system is by the attacks like man in the middle attack.

• Password Cracking :

There are many methods for cracking the password and then get in to the

system. The simplest method is to guess the password. But this is a tedious work. But in

order to make this work easier there are many automated tools for password

guessing like legion. Legion actually has an inbuilt dictionary in it and the software will

automatically. That is the software it self generates the password using the

dictionary and will check the responses.

Techniques used in password cracking are:

• Dictionary cracking

• Brute force cracking

• Hybrid cracking

• Social engineering

• Privilege escalation:

Privilege escalation is the process of raising the privileges once the hacker

gets in to the system. That is the hacker may get in as an ordinary user. And now he tries to

increase his privileges to that of an administrator who can do many things. There are many

types of tools available for this. There are some tools like getadmin attaches the user to some

kernel routine so that the services run by the user look like a system routine rather than user

initiated program. The privilege escalation process usually uses the vulnerabilities present in

13
the host operating system or the software. There are many tools like hk.exe, metasploit

etc. One such community of hackers is the metasploit.

Maintaining Access :

Now the hacker is inside the system by some means by password guessing or exploiting

some of it’s vulnerabilities. This means that he is now in a position to upload some files and

download some of them. The next aim will be to make an easier path to get in when he

comes the next time. This is analogous to making a small hidden door in the building so that

he can directly enter in to the building through the door easily. In the network scenario the

hacker will do it by uploading some softwares like Trojan horses, sniffers , key stroke

loggers etc.

Clearing Tracks :

Now we come to the final step in the hacking. There is a saying that

“everybody knows a good hacker but nobody knows a great hacker”. This means that a good

hacker can always clear tracks or any record that they may be present in the network to prove

that he was here. Whenever a hacker downloads some file or installs some software, its log

will be stored in the server logs. So in order to erase those the hacker uses man tools. One

such tool is windows resource kit’s auditpol.exe. This is a command line tool with which the

intruder can easily disable auditing. Another tool which eliminates any physical evidence is the

evidence eliminator. Sometimes apart from the server logs some other in formations may be

stored temporarily. The Evidence Eliminator deletes all such evidences.

14
Ethical hacking tools :
Ethical hackers utilize and have developed variety of tools to intrude into different

kinds of systems and to evaluate the security levels. The nature of these tools differ widely. Here

we describe some of the widely used tools in ethical hacking.

• Samspade :
Samspade is a simple tool which provides us information about a particular host. This

tool is very much helpful in finding the addresses, phone numbers etc

The above fig 2.1 represents the GUI of the samspade tool. In the text field in the top left

corner of the window we just need to put the address of the particular host. Then we can find

out various information available. The information given may be phone numbers, contact

names, IP addresses, email ids, address range etc. We may think that what is the benefit of

getting the phone numbers, email ids, addresses etc.

But one of the best ways to get information about a company is to just pick up the phone and

ask the details. Thus we can get much information in just one click.

• Email Tracker and Visual Route :

We often used to receive many spam messages in our mail box. We don’t know

where it comes from. Email tracker is a software which helps us to find from which server

does the mail actually came from. Every message we receive will have a header associated

with it. The email tracker uses this header information for find the location.

15
The above fig 2.2 shows the GUI of the email tracker software. One of the

options in the email tracker is to import the mail header. In this software we just need to

import the mails header to it. Then the software finds from which area that mail comes from.

That is we will get information like from which region does the message come from like

Asia pacific, Europe etc. To be more specific we can use another tool visual route to

pinpoint the actual location of the server. The option of connecting to visual route is available

in the email tracker. Visual route is a tool which displays the location a particular server

with the help of IP addresses. When we connect this with the email tracker we can find

the server which actually sends the mail. We can use this for finding the location of servers

of targets also visually in a map.

The above fig 2.3 depicts the GUI of the visual route tool. The visual route GUI have a

world map drawn to it. The software will locate the position of the server in that world map.

16
It will also depict the path though which the message came to our system. This software

will actually provide us with information about the routers through which the message or

the path traced by the mail from the source to the

Destination.

Some other important tools used are:

• War Dialing

• Pincers

• Super Scan

• Nmap etc…

Future enhancements :

• As it an evolving branch the scope of enhancement in technology is immense.

No ethical hacker can ensure the system security by using the same technique

repeatedly. He would have to improve, develop and explore new avenues

repeatedly.

• More enhanced software’s should be used for optimum protection. Tools

used, need to be updated regularly and more efficient ones need to be

developed.

17
• Conclusion :
One of the main aim of the seminars is to make others understand that there are so many

tools through which a hacker can get in to a system. There are many reasons for

everybody should understand about these basics.

Professionals Professionals should understand that business is directly related to security.

So they should make new software with vulnerabilities as less as possible. If they are not

aware of these then they won’t be cautious enough in security matters. Users The

software is meant for the use of its users. Even if the software menders make the

software with high security options without the help of users it can never be successful.

Educate the employees and the users against black hat hacking. Use every possible

security measures like Honey pots, Intrusion Detection Systems, Firewalls etc. Every

time make our password strong by making it harder and longer to be cracked. The final

and foremost thing should be to try ETHICAL HACKING at regular intervals

18
28