GTU Cyber Security Summer 2022 Paper Solutions

Q1.

(a) Explain the terms: Datapipe, Fpipe, and WinRelay (03 marks)

  • Datapipe: A Unix-based port redirection tool. It enables traffic redirection between specified local and remote ports. Originally developed by Todd Vierling in 1995, it runs on both UNIX and Windows platforms.
  • Fpipe: A Windows-based port redirection tool from McAfee. It implements port redirection natively in Windows and adds UDP support, which Datapipe lacks. Fpipe does not require support DLLs or privileged user access and can bind to a specific interface.
  • WinRelay: Another Windows-based port redirection tool. It shares similar features with FPipe, including the ability to define a static source port for redirected traffic. WinRelay can be used interchangeably with FPipe on any Windows platform.

(b) What do you mean by Vulnerability? Explain types of vulnerabilities in detail with its example (04 marks)

  • Vulnerability: Vulnerability is a weakness that can be exploited by attackers to gain unauthorized access or cause damage to a system.
  • Types of Vulnerabilities:
    1. HTML Injection Vulnerability: Occurs when a web application allows input that includes HTML or scripting code. Example: An attacker could exploit a search box in a web application to inject malicious HTML or JavaScript, manipulating the website's content or stealing user data.
    2. Zero-day Vulnerability: Refers to a flaw in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. Example: An attacker discovers a vulnerability in a popular software application before the developer does and uses it to launch attacks before a fix is available.
    3. Denial of Service Vulnerability: A vulnerability that allows attackers to render a service inoperable. Example: An attacker could exploit a flaw in a web server's handling of requests, causing the server to crash and deny service to legitimate users.

(c) What is Cybercrime? Explain the different categories of cybercrime in details (07 marks)

  • Cybercrime: Cybercrime refers to illegal activities conducted using computers and the internet. It encompasses a wide range of criminal activities that exploit the convenience, speed, and anonymity of the digital world.
  • Categories of Cybercrime:
    1. Identity Theft: Stealing personal information to impersonate someone for fraudulent purposes.
    2. Financial Fraud: Activities like online banking fraud, credit card fraud, and electronic money laundering.
    3. Cyber Espionage: The use of computer networks to gain illicit access to confidential information, typically held by a government or other organization.
    4. Cyber Terrorism: Using the internet to conduct violent activities that threaten or cause harm for the purpose of achieving political or ideological gains.
    5. Malware Attacks: Distributing malicious software, such as viruses, worms, and trojans, to disrupt or gain access to systems.
    6. Online Harassment and Cyberstalking: Using the internet to harass or stalk individuals.
    7. Data Breaches: Unauthorized access to and extraction of sensitive or confidential information from corporate networks or personal computers.

Q2.

(a) What is Metasploit? Explain payload types in short (03 marks)

  • Metasploit: Metasploit is a powerful tool used for penetration testing, which helps in identifying vulnerabilities and developing exploit codes against a remote target machine. It's widely used for security auditing and testing the effectiveness of security defenses.
  • Payload Types:
    1. Trojans/RATs (Remote Access Trojans): Provide remote access or control over the infected system.
    2. Keyloggers: Capture and send keystrokes to an attacker.
    3. Reverse Shells: Open a remote shell or command line interface from the target to the attacker's system.

(b) What is Firewall? Explain its type with rules in detail (04 marks)

  • Firewall: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a trusted internal network and untrusted external networks like the internet.
  • Types and Rules:
    1. Packet-Filtering Firewalls: Inspect packets transferred between computers. The rules are based on source IP, destination IP, port numbers, and protocols.
    2. Stateful Inspection Firewalls: Monitor the state of active connections and decide which network packets to allow through the firewall.
    3. Proxy Firewalls (Application-Level Gateways): Filter network traffic at the application level, inspecting the payload of packets.
    4. Next-Generation Firewalls (NGFW): Include features like intrusion prevention systems, deep packet inspection, SSL inspection, and identity-based filtering.

(c) What is Nmap? Explain different functionality with its commands in detail (07 marks)

  • Nmap: Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. It's used for a range of activities in network security and IT infrastructure auditing.
  • Functionality and Commands:
    1. Service Version Detection: sV scans for service versions to identify application names and versions. Example: Nmap –sV 192.168.1.1.
    2. Operating System Detection: Uses IP packet characteristics to guess the operating system. Example: Nmap -O [IP Address].
    3. Stealthy Scan: sS performs a SYN scan, which is less likely to be logged. Example: Nmap –sS 192.168.1.1.
    4. TCP and UDP Scan: sT for TCP connect scan and sU for UDP scan. Example: Nmap –sT 192.168.1.1 and Nmap –p U:53 192.168.1.1.
    5. Aggressive Scan: Combines OS detection, version detection, script scanning, and traceroute. Example: Nmap -A [IP Address].
    6. Ping Scan: sP to determine if a host is up. Example: Nmap –sP 192.168.1.1.

OR

(c) What is Netcat? Explain steps for File Transfer process by using Netcat in detail (07 marks)

What is Netcat?

  • Netcat, often referred to as the "Swiss Army knife" of networking, is a versatile networking tool used for reading from and writing to network connections using TCP or UDP. It's widely used in the IT world for a variety of networking tasks like port scanning, transferring files, and remote administration.

File Transfer Process Using Netcat:

  1. Setup Listening Process:
    • On the receiving end (where you want to transfer the file to), set up Netcat to listen on a specific port. For example, using the command $ nc -l -p 12345 > received_file.txt will make Netcat listen on port 12345 and write any data it receives into received_file.txt.
  2. Sending the File:
    • On the sending end (where the file is located), use Netcat to connect to the receiver's IP address and the listening port. For example, if the receiver's IP address is 192.168.1.10, use the command $ nc 192.168.1.10 12345 < file_to_send.txt to send file_to_send.txt.
  3. Transfer Initiation:
    • Once both commands are executed, Netcat establishes a connection between the sender and receiver. The file starts transferring from the sender to the receiver.
  4. Completion and Verification:
    • After the file transfer is complete, check the integrity of the received file. You can compare file sizes or use checksums to ensure the file was transferred correctly.
  5. Closing the Connection:
    • Netcat will close the connection automatically once the file transfer is complete. If it doesn’t, you can manually terminate the process using Ctrl+C.
  6. Security Consideration:
    • It’s important to note that Netcat does not encrypt the data during transmission. Therefore, it is advisable to use it within a secure network or employ additional encryption methods for sensitive data.
  7. Advantages of Using Netcat:
    • One significant advantage of using Netcat for file transfers is its simplicity and absence of a significant audit trail, unlike more common file transfer methods like FTP or SCP.

Q3.

(a) Write a short note on ‘Curl’ (03 marks)

  • Curl: Curl (Client URL) is a command-line tool and library for transferring data with URLs. It's widely used for various purposes including downloading files, testing APIs, and automating web interactions. Curl supports a wide range of protocols including HTTP, HTTPS, FTP, and more. It's known for its versatility and ability to handle various types of requests and data formats, making it a valuable tool for developers and system administrators.

(b) Describe Snort in detail (04 marks)

  • Snort: Snort is an open-source network intrusion detection system (NIDS) that is used to monitor network traffic for suspicious activity. It operates by analyzing network packets and comparing them against a database of known threats, called rules.
  • Functionality: Snort can perform real-time traffic analysis and packet logging on IP networks. It can detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and more.
  • Modes of Operation: Snort can be used in three main modes: Sniffer mode (simply reads the packets off the network), Packet Logger mode (logs the packets to disk), and Network Intrusion Detection mode (analyzes network traffic to detect malicious activity).
  • Customization and Rules: Snort's behavior can be customized through its rule configuration, allowing it to be tailored to protect specific network environments. The rules are used to define the patterns of traffic that should be considered suspicious.

(c) What is NAT? Describe port forwarding with its types in detail (07 marks)

  • NAT (Network Address Translation): NAT is a method used in networking to modify network address information in packet headers while in transit. It enables a single device, such as a router, to act as an agent between the public internet and a local network, allowing multiple devices to share a single public IP address.
  • Purpose of NAT: NAT conserves the number of public IP addresses used within an organization and also adds a layer of security by masking internal IP addresses.
  • Port Forwarding:
    • Basic Concept: Port forwarding in NAT involves redirecting a communication request from one address and port number combination to another. It's primarily used to allow external users to access services on a private network from the outside.
    • Types of Port Forwarding:
      1. Static Port Forwarding: Also known as inbound port forwarding, it's a manual setting on the router. It's used to forward requests from the internet to a specific device on the LAN, usually for servers or gaming devices.
      2. Dynamic Port Forwarding: It allows for automatic selection of the best path for traffic to follow. Useful in VPNs (Virtual Private Networks) and for applications that require frequent changes in routing.
      3. Reverse Port Forwarding: Also known as outbound port forwarding, it allows users within a private network to securely connect to an external server.
    • Implementation: Port forwarding is typically configured in a router or firewall. The configuration involves specifying the external port number to be forwarded, the internal IP address, and the internal port number.
    • Applications: Common uses include hosting a server within a private network, remote access to devices, and managing internet-connected devices like security cameras or game servers.

OR

Q3.

(a) Write a short note on ‘Nikto’ (03 marks)

  • Nikto: Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items, including potentially dangerous files and programs, outdated versions of over 1300 servers, and version-specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files and HTTP server options, and will attempt to identify installed web servers and software. Nikto is known for its speed and comprehensiveness in scanning, making it a popular tool for security and IT professionals.

(b) Explain DOS and DDOS Attack in detail (04 marks)

  • Denial of Service (DoS) Attack:
    • A DoS attack aims to make a machine or network resource unavailable to its intended users by overwhelming the target with traffic or sending information that triggers a crash.
    • Methods include flooding the target with superfluous requests to overload systems or exploiting vulnerabilities that cause the system to crash.
    • Impact: Disrupts service to users, potentially leading to significant downtime and financial losses.
  • Distributed Denial of Service (DDoS) Attack:
    • A DDoS attack is similar to a DoS attack but comes from multiple sources, making it more difficult to stop.
    • Often involves a network of compromised computers (botnets) which flood a target with traffic.
    • Impact: More severe than standard DoS attacks as they can completely overwhelm a target's resources and cause extended service disruption.

(c) What is a DVWA? Explain SQL injection in DVWA with example in detail (07 marks)

  • DVWA (Damn Vulnerable Web Application):
    • DVWA is an open-source web application designed to be vulnerable. It's used for educational purposes to teach and learn web application security.
    • It contains several vulnerabilities, including SQL injection, which can be practiced on to understand how these vulnerabilities can be exploited and how to defend against them.
  • SQL Injection in DVWA:
    • SQL Injection is a code injection technique that exploits a security vulnerability in a website's software.
    • In DVWA, an example of an SQL injection could be entering a specially crafted SQL query in an input field, which then gets executed by the database server.
    • For example, entering ' OR '1'='1 in a login form's username field could trick the application into logging the attacker in without a valid username and password.
    • The attacker can retrieve or manipulate data from the database, which can lead to unauthorized access to sensitive information.
  • Steps for SQL Injection in DVWA:
    1. Select the SQL Injection vulnerability from the DVWA menu.
    2. In an input field (like a username or search box), input a malicious SQL query.
    3. Submit the request and observe the application's behavior.
    4. If the SQL query is executed, it might display database information or log in the attacker.
    5. Experiment with different queries to understand the extent of the vulnerability.

Q4.

(a) Write a short note on ‘Cyberspace’ (03 marks)

  • Cyberspace: Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to form a global computer network to facilitate online communication. It encompasses not just the physical infrastructure and devices but also the information and data stored digitally. Cyberspace is the realm where digital interactions occur, ranging from email and social media to online banking and e-commerce. It's a broad term that captures the entire spectrum of networked digital technology and the virtual environment it creates.

(b) Explain Hydra in detail with example (04 marks)

  • Hydra: Hydra is a popular tool for conducting network logon attacks. It's often used in penetration testing to test the strength of passwords on network services such as SSH, FTP, HTTP, and others. Hydra rapidly tries multiple username/password combinations to bypass authentication processes.
  • Functionality: It supports numerous protocols and can perform rapid dictionary or brute-force attacks.
  • Example: For instance, using Hydra to test the strength of FTP logins, a command might look like hydra -l user -P passlist.txt ftp://192.168.1.1 where l is the login name, P is the path to a list of potential passwords, and ftp://192.168.1.1 is the target FTP server.
  • XSS (Cross-Site Scripting):
    • XSS is a type of security vulnerability typically found in web applications. It enables attackers to inject malicious scripts into web pages viewed by other users. These scripts can hijack user sessions, deface websites, or redirect the user to malicious sites.
  • Iframe Vulnerability in XSS:
    • Using XSS, an attacker can inject an iframe tag into a web page. This iframe can load a malicious website, potentially stealing information or tricking a user into entering sensitive data.
    • For example, an XSS script might inject an iframe that appears as a login form, capturing user credentials.
  • Cookie Vulnerability in XSS:
    • XSS can be used to steal a user's cookies, which often contain sensitive session data. With access to a user's cookies, an attacker can impersonate the user on the website.
    • An XSS script might be crafted to send the user's cookies to the attacker's server, giving them access to the user's session tokens.
  • Prevention:
    • To mitigate XSS vulnerabilities, web applications should encode user input and validate or sanitize data before rendering it on the page. Additionally, implementing Content Security Policy (CSP) can help prevent the execution of unauthorized scripts.

OR

Q4.

(a) Write a short note on ‘Digital Forensic’ (03 marks)

  • Digital Forensics: Digital Forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically. It plays a crucial role in investigating a wide range of cybercrimes and legal proceedings involving digital evidence. Digital forensic experts use specialized techniques and tools to recover, preserve, and analyze data from various digital devices like computers, smartphones, and networks. This field is essential for uncovering evidence in cases of data breaches, cyberattacks, and even in civil litigations where digital evidence is pertinent.

(b) What is ZAP? Explain its uses and features in detail (04 marks)

  • ZAP (Zed Attack Proxy): ZAP is an open-source web application security scanner. It's designed to help find a wide range of security vulnerabilities in web applications during development and testing phases.
  • Uses:
    • Automated Scanner: For identifying vulnerabilities like SQL injection and cross-site scripting.
    • Manual Testing: Providing tools for experienced testers to carry out manual security testing.
  • Features:
    • Active Scanning: Automatically tests web pages for vulnerabilities.
    • Passive Scanning: Monitors and analyzes traffic between the browser and the web application to identify issues.
    • Spidering: Crawls a website to identify URLs and form inputs.
    • Proxy Support: Acts as a man-in-the-middle between the tester's browser and the web application for traffic analysis and manipulation.
    • REST API Support: Enables automation of tasks and integration with other tools and systems.

(c) What do you mean by Brute force attack? Explain its type with example in detail (07 marks)

  • Brute Force Attack: A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In this attack, automated software is used to generate a large number of consecutive guesses to gain unauthorized access to a system.
  • Types of Brute Force Attacks:
    1. Simple Brute Force: Tries every possible combination until the correct one is found. For example, cracking a four-digit PIN by trying all combinations from 0000 to 9999.
    2. Dictionary Attack: Uses a prearranged list of likely passwords, such as words in a dictionary.
    3. Hybrid Brute Force: Combines dictionary words with extensions, like adding numbers or symbols to words.
    4. Rainbow Table Attack: Uses precomputed tables (rainbow tables) to crack password hashes. More efficient than simple brute force as it reduces the time needed to crack a password.
    5. Credential Stuffing: Uses previously stolen or leaked username/password pairs to gain access to accounts on other websites.
  • Example: A common example is attempting to crack a user's login password on a website. An attacker might use a tool to automatically try thousands of commonly used passwords or all possible alphanumeric combinations until the correct one is found.

Q5.

(a) Write a short note on ‘Steganography’ (03 marks)

  • Steganography: Steganography is the practice of concealing a message within another message or a physical object. In digital terms, it involves hiding data within other data, like embedding text within an image or audio file. The primary purpose is to communicate secretly, ensuring that the existence of the hidden message is unknown to the observer. Unlike cryptography, which encodes the message to make it unreadable, steganography hides the message so it goes unnoticed. This method is used in various fields, including digital watermarking and confidential communications.

(b) Describe Phishing in detail with example (04 marks)

  • Definition of Phishing:
    • Phishing is a deceptive technique used by cybercriminals to trick individuals into revealing sensitive personal information. This is usually achieved through fraudulent communications that appear to come from legitimate sources.
  • How Phishing Works:
    • Typically, phishing attacks are carried out via email, social media, or instant messaging. The attacker poses as a trustworthy entity to lure the victim into opening an email or message containing a malicious link or attachment.
    • The goal is often to steal sensitive data like login credentials, credit card numbers, or personal identification information.
  • Example of a Phishing Attack:
    • Imagine receiving an email that looks like it's from your bank, warning you of suspicious activity on your account. The email urges you to click on a link to verify your account immediately. The link redirects to a website that closely resembles your bank's login page. However, this website is a clever fake designed to capture your login details when you attempt to sign in.
  • Preventive Measures:
    • It's crucial to verify the authenticity of messages, especially those requesting personal information. Always approach unsolicited requests with caution and avoid clicking on links or downloading attachments from unknown or untrusted sources.

(c) Explain IT-Act 2000 in brief. List out different sections under IT-Act 2000 and explain any four in detail (07 marks)

  • IT-Act 2000: The Information Technology Act 2000 is an Act of the Indian Parliament notified on October 17, 2000. This Act provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce."
  • Key Sections:
    • Section 43: Covers damage to the computer, computer system, etc.
    • Section 66: Deals with hacking with a computer system.
    • Section 67: Focuses on publishing obscene information electronically.
    • Section 72: Concerns breach of confidentiality and privacy.
    • Section 75: Extends the Act to offenses or contraventions committed outside India.
    • Section 79: Exempts intermediaries from liability in certain cases.
  • Explanation of Four Sections:
    1. Section 43: Imposes penalties for unauthorized access, copying, introducing viruses, and disrupting the functioning of a computer system.
    2. Section 66: Criminalizes the act of hacking and provides for imprisonment up to three years or a fine.
    3. Section 67: Penalizes the publication or transmission of obscene content in electronic form with imprisonment and fine.
    4. Section 72: Protects data privacy by penalizing the breach of lawful contract regarding sharing or disclosing information.

OR

Q5.

(a) Explain the term: Buffer Overflow (03 marks)

  • Buffer Overflow: A buffer overflow occurs when a program writes more data to a buffer, a fixed-size block of memory, than it can hold. This extra data overflows into adjacent buffers, corrupting or overwriting the existing data. Buffer overflows can lead to various issues, including erratic program behavior, a crash, or a security breach if an attacker can exploit this behavior to execute arbitrary code. This vulnerability is common in programs written in languages that do not automatically manage memory, like C and C++.

(b) What do you mean by Hacker? Explain its type in detail (04 marks)

  • Definition of Hacker: A hacker is an individual skilled in technology who uses their expertise to overcome a technical problem. The term can refer to anyone, from a computer enthusiast to someone who breaks into systems or bypasses security.
  • Types of Hackers:
    1. White Hat Hackers: These are ethical hackers who use their skills for good. They help organizations to improve their security by identifying vulnerabilities.
    2. Black Hat Hackers: Opposite of white hats, they use their skills for illegal or malicious activities, such as stealing data or creating malware.
    3. Grey Hat Hackers: They fall somewhere in between white and black hats. They might violate ethical standards or laws but do not have the malicious intent typical of black hats.
    4. Script Kiddies: Typically unskilled individuals who use existing computer scripts or code to hack into computers, lacking the expertise to write their own.

(c) Explain Virus, worms, Trojan Horses, and backdoors in detail with an example (07 marks)

1. Virus:

  • Definition: A computer virus is a malicious code that attaches itself to clean files and spreads throughout a computer system, infecting files with malicious code.
  • Propagation: Typically spreads by attaching itself to legitimate software and executing code when a user launches the infected application.
  • Damage: Can corrupt files, reformat hard drives, or cause system performance to drop.
  • Example: The ILOVEYOU virus, which propagated via email and file sharing, overwrote user files and spread to other contacts through the Microsoft Outlook email client.

2. Worms:

  • Definition: Worms are similar to viruses but can spread independently without attaching to a host file.
  • Propagation: Exploits vulnerabilities or uses trickery to transmit itself across networks without user intervention.
  • Damage: Consumes bandwidth and can overload web servers. Often carries payloads that inflict more harm.
  • Example: The WannaCry ransomware worm targeted vulnerabilities in Windows OS, encrypting data and demanding ransom for decryption.

3. Trojan Horses:

  • Definition: Trojans are deceptive software appearing as legitimate programs but, when executed, can give unauthorized access to the user's system.
  • Propagation: Users are typically tricked into loading and executing Trojans on their systems.
  • Damage: Can steal information, disrupt the system's performance, or create a backdoor to the system.
  • Example: The Zeus Trojan, a well-known banking Trojan, used to steal financial information by keystroke logging and form grabbing.

4. Backdoors:

  • Definition: A backdoor is a secret path into a system that bypasses normal authentication procedures.
  • Propagation: Often installed by other malware, a backdoor enables remote access to a computer system or network.
  • Damage: Allows an attacker to remotely control the infected computer, steal data, or use the system for malicious activities.
  • Example: Back Orifice, a notorious backdoor, allowed attackers remote control over Windows computers, including access to files, capturing keystrokes, and more.

Prevention and Mitigation:

  • Antivirus and Antimalware: Use of reliable security software can detect and remove these threats.
  • Regular Updates: Keeping systems and software updated to patch vulnerabilities is crucial.
  • User Awareness: Educating users about the dangers of opening unknown attachments or downloading software from untrusted sources.