Series 2:

As engineers, we’re expected to deliver precision in every layer of a project, but in 2025, that precision has to extend beyond the physical build. With so much of our work stored, shared, and accessed digitally, the risk of cyber threats creeping into project environments is higher than ever. Yet most teams in construction still rely on default settings, unsecured networks, and outdated assumptions about IT safety. That’s where tools like Nmap come in. Originally designed for network scanning, Nmap has become a powerful asset for detecting hidden threats, scanning open ports, and identifying vulnerabilities before they become costly breaches. If you’re working on securing project files, protecting IP, or just trying to stay one step ahead of attackers targeting the construction space, this article breaks down how to start using Nmap effectively, even if cybersecurity isn’t your primary job. clear the screen. Now bring up the previous statement again and simply add a hyphen v. It will give us the output in much detail. I press enter. Then we can see that there are much more details associated with our output. We are getting essentially the same thing with all of the ports which are open being informed to us. It also mentions the IP address where the ports are available. On the bottom, we can see some other details available as well which was the previous form of output that we got. We can see how convenient it can get when we are using Nmap to map out the entire configuration and all of the services that are open on the target system.

Operating System Detection Using Nmap

Alongside finding all of the open ports in our target system, let us also find the operating system of our target system. For that, simply type in Nmap, give in the O switch. So I’ll type in sudo before that, give in the O switch. After you’ve given the O switch, give the V switch again to get our normal information and then give in the IP address 192.168.1.60. Press enter. Now we have gotten the information about the Linux system that we are trying to get into. If I simply scroll up, we look from the above. Firstly, we have all of the open codes that are available on the target system. We have our SIM scan for that. Next, we’ve initiated our OS detection as well. Once we’ve initiated that, the services are again shown. All of the open ports, we get the MAC address available for that particular target system and we can also see the Linux that is running on our target system as well.

Understanding Network Topology and Services

Linux 2.6.9. We can see that raw data packets were sent, raw IP packets were sent to our target system as a request and we got our response back as well. This is quite a good tool for network monitoring for an administrator or for penetration testing to see the topology of our particular target network. We also have the option to get more details about the services that are running. If I bring the previous statement back up again and give another switch which is the SV switch, we’ll also get the versions and the exact name of the services that are running on our target system. If I press enter, it’ll scan for it and then we’ll get our output. Now we can see all of the exact services running on our Metasploitable Linux. We can see that the services corresponding to FTP and SSH have their versions and names. This could be useful when you’re penetration testing and trying to find out which particular versions of these softwares or services are running on your target system. You can manipulate your hack according to that. This is also useful to understand if there are any processes that are not supposed to be running on your target system. By looking at this, we can get that information.

How to Use Nmap for Port Scanning, OS Detection, and Network Enumeration

There are also options for you to get some details. Instead of getting these extensive details, we can also limit our output to a certain quantity. For that, we’ll simply clear the screen and type in sudo Nmap. Let us use a ping command, the Nmap version of ping command. We’ll send a raw data packet and get a response back with the basic information about our target host. Type in S capital P and then give in the address which is 192.168.1.60 and press enter. Now we can see the MAC address associated with that target ping. We have our MAC address. There may also be times where you don’t exactly know the IP address of the target system or you want to find out what devices are available in the network that you’re operating within. For that, bring up the previous statement again which is the ping statement and just remove the last part. Depending on the network subnet that you have, you can put in an asterisk and press enter. You’ll get all of the IP addresses present within the 192.168.1 range that are available within your network at once. Right now, I only have two IP addresses within that range. The first IP address is my IP address which is 192.168.1.50 of the Kali Linux operating system device that we have right now which is the host device and the second one is the target system which is 1.60. That has also been scanned from our ping scan right now.

What if there’s a case where you want to find out what services are running on port 80 in all of the systems that are present within your network range? For that, you can type in sudo Nmap, give the option of hyphen P80. This will only scan the 80 port in all of the target systems. Then you can give in your IP range which is 192.168.1.*. When I press enter, it’ll give me what is available on port 80 on all of the systems in your network within this particular IP range. As we can see for the IP address 192.168.1.60, we can see the HTTP service is open on port 80 on our target system and for us as well on the host system we also have the service of HTTP that is open. Port 80 is generally assigned to HTTP so that is not a surprise. We can understand from that that this is working the way it is supposed to work.

Let us look at another case where you have multiple ports that you want to scan. For that, simply put in a comma after 80. Say if you want to scan port 24, port 28, 8080, 12 and simply press enter after that. This will scan all of the ports that I just mentioned. We can see that the 24th port is closed and it is reserved for private mail. We can see that the 8080 is for the HTTP proxy and 80 again is for HTTP. You can use all of these tools to understand the complexities of the target network or the target host that you’re dealing with and it can tell you the vulnerabilities of the target system when you are running these commands.

It is also a great tool for network administration because you can understand if any unknown device has entered your network. You can also understand what kind of services are running on that unknown device. It is a very handy tool when we’re dealing with hackers and attackers.

Network enumeration with NetBIOS. Now enumeration means counting or listing out. One of the utilities that you can use to enumerate all of the hosts that are present on a particular network is NetBIOS and it is an acronym for Network Basic Input Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. What NetBIOS essentially does is allow you to type in an IP address in your network of a host and it’ll give you information pertaining to that IP address, maybe the MAC address. If you scan within a range, you can get all of the hosts that are present within that IP range in your network. NetBIOS Enumerator is a UI tool that you can use for that. You can enter the from IP address and the to IP address and within that particular range, it’ll give you all of the IP addresses that are allocated to hosts. The NetBIOS enumerator is a tool used to list all of the hosts present on a particular network within a specified IP range, also giving certain information pertaining to the host’s configuration which includes the username of that host.

Password Cracking with Loft Heavy Industries Tool

By mud from Loft Heavy Industries. So that is the organization. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords by using dictionary, brute force, hybrid, and rainbow tables. These are the various methodologies by which password cracking can happen. It is originally meant for good because it is used as a tool by the security expert to understand how strong passwords are in the domain. So if somebody writes something like “password” as his password, this will immediately detect that and this will inform and then you can essentially let the person know to change the password. It also helps with recovering lost passwords because this is the tool for that. It uses a lot of methods to understand that. Dictionary method is one where there’s a word list, and the brute force attack will go through that word list and try various combinations of those words to guess the password. Then there’s brute force which means the system or the tool will essentially try combinations of all characters specified for that particular brute force attack. It’s a permutation and combination attack where all of the possible combinations of those characters will be tried. That is brute force. Then there’s hybrid attacks which is the combination of dictionary and brute force where a lot of dictionary words can be jumbled up together to try those particular attacks. Then there’s rainbow tables. What does it do? Loft Crack retrieves the hash of a particular system log on.

How Hashes Work in Password Security

There are hash files that are generated. What are hash files? Whenever you enter a password, the password is not entered into systems as plain text. They are first converted into hashes and then the hashes are matched with the databases present on the target system. When there’s a successful match, then only you get your login. This is a method to ensure that no particular system has the actual password stored. Even if somebody hacks into the database of that system, the hacker cannot simply enter the password out of that database and get access. He has to enter the correct password which will then be algorithmically encrypted into the hash and then it will be matched with the one present in the database and then you’ll get your login. That is what hashing is. It retrieves the actual hashed password. Based on the hashed password it converts a combination of plain texts and encrypts them into that hash, matches it with that, and then you finally get your right password when the combination matches. Let us understand how this works as a tool. Let us implement Loft Crack version 7. It’s a pretty simple tool to use but we can implement more complexities with it. All of those complexities would be discovered if you opt to dwell further into this topic. For now let us find out the passwords of the devices that are present on my network.

Auditing Windows System Passwords Using Loft Crack

Loft Crack gives you a simple utility which is called the Password Auditing Wizard. This is used to assess the security of the passwords that your systems have. If the hacker gets access to the administrative computers that could be really messy for the entire business. You don’t want that to happen. You want to assess the security of the passwords on all of your devices. I’ll click on Next and then there are two options. One is for Linux and one is for Windows. Let us focus our hack currently on Windows systems. We’ll click Windows. We’ll retrieve the password hashes from our Windows systems. I’ll get a password hash. Now I can have a password dump from another tool such as a password auditing tool or I can use my own credentials from my own Windows system. For that I’ll click on the local machine. I’ll make sure I have administrative privileges so that I can actually use that. Once I have that option selected, I’ll click on Next. Then I’ll use the logged in user credentials instead of using specific user credentials because I am currently an administrator on the system. I have various options available to me regarding what sort of audit I want to perform. These audits will run a series of brute force methods and dictionary methods to guess the password based on the hash. There are various options for that like strong password audit. This is a very taxing audit. It takes about 24 hours to finish because it tries a number of combinations to guess your password. Then there’s the thorough password audit type. It could take up to 6 hours and then you have the 1-hour common password audit. Let us go with the 1-hour one and click on Next. I also have the option of generating a report of my auditing at the end. I can click on CSV format and I’ll get my report in CSV format in this location. I can specify that. I’ll click on Next. Once I click on Next, it’ll give me the option to select when I want to run this audit. I’ll click on run this job immediately. Once I have that selected, I’ll click on Next. It’ll give me all of the options to verify if I want to go with this. You can check this, cross verify it, and then you can click on Finish. It’ll ask me for administrative privileges. I’ll click on Yes and it’ll start running onto my network.

How to Crack Passwords Using Loft Crack and ARP Poisoning Techniques

We can see that three accounts on my network were without a password. They were instantly cracked because they didn’t have a password. As we can see, furthermore other accounts are getting guessed. The account which was Martin had the password Apple. That was guessed. This was a pretty simple password. It was guessed quickly. The password in plain text format runs through an algorithm which converts it into a hash code. This is the hash code that you can see. It takes a bunch of words, tries dictionary words, converts them into the hash format and if the hash matches with the existing hash on the target system, it tells us the password hack has been successful. You’ve successfully cracked the password. Some particular hacks can take more than others. It depends on the complexity of the password.

You also get many options with this particular software which is Loft Crack. You can use custom repositories of dictionary words that you have that you may think might be compatible with the systems that you’re trying to hack. They might be the passwords of the systems that you’re trying to hack. You can get your hashes from elsewhere as well. If you’re trying to hack into a system and it has localized hashes, you can get it from there and you can get a speed boost in your hacking attempts. ARP poisoning with Cain and Abel. Now Cain and Abel is a tool which is used for primarily password recovery but that is not what we’re going to be using it for today. It can recover many kinds of passwords using methods such as network packet sniffing which is something relevant to today’s tutorial, cracking various passwords hashes by using methods such as dictionary. So similar to what we discussed earlier on, what is ARP poisoning? ARP is a short form for Address Resolution Protocols. In ARP spoofing or poisoning or ARP cache poisoning, the attacker uses this technique to spoof Address Resolution Protocols and messages which are sent on local area networks. He can modify those messages, he can alter those messages.

It is the job of Wireshark which we can use optionally to detect these sorts of things. In a particular network, if you have an administrative PC for that network, you can detect all of the network activity happening with Wireshark. Wireshark is a free and open-source packet analyzer. It is used for network development, troubleshooting, analysis, and software and communications protocol development and education. Wireshark is also used to understand how all of these hacks work because you can see network activity that is happening. For ARP spoofing or ARP poisoning attempts, you can see those things exactly as they happen when they are happening in this particular log that is appearing on your Wireshark terminal. Wireshark helps detect packets with suspicious origins or intent. Any packets which are suspicious, meaning the corrupted or poisoned ARP packets, you can detect that with your Wireshark. We’ll see how that happens in a bit. To implement sniffing, we will be using a tool called Cain. We’ll open that up. Once we open that up, we’ll click on Configure. After we’ve clicked on Configure, we’ll click on Sniffer. We’ll select the device, the adapter that we’re currently using. After we’ve selected the adapter, we’ll click on OK. Once we’ve clicked on OK, we’ll click on the Sniffer icon that we have which is the start/stop sniffer.

Detecting Devices Within a Specified IP Range

Click on that, a warning will come. I’ll simply ignore that. Then we’ll click on the sniffer icon over here. You see the current status. The next step is to detect all of the devices that are present within the specified IP range. So for that we’ll click on the plus icon, right? And here we can specify the range. So in my case I will specify 1010.10.1 to 1010.10.30 and I’ll click on all tests because we want to test for every sort of ARP and click on okay. So we get the list of all of the devices that are present in our subnet within that IP range. Now to detect communication between two hosts that are present in this IP range we need to specify the to and fro IP. So firstly we’ll click on APR and then we’ll click on this particular area and click on the plus icon. Now we can specify to and from so firstly let me select 101010 to 1010.13. These are the two that I’m going to be selecting. Okay. And I’ll click on okay. So as we can see here we have our two IP address over here and we have our fro IP address over here.

Simulating Packet Communication Between Hosts

Now the next step would be to actually simulate some packet sending. Now the next step would be to simulate a communication between these two hosts. So let us do that. So firstly I’ll switch over to my parrot security. This is a Linux-based operating system. Firstly, I’ll open up the terminal. So after switching to the root, let us type the hping command to send some packets to our Windows 10 PC. So we’ll type hping 3 10.10. This is the IP of the Windows 10 computer. And then we’ll give the packet count of about 100,000. Then we’ll press enter. This will begin our ping. So firstly I’ll open up Wireshock to detect this network traffic and after I’ve opened that up I’ll go to edit and preferences. So the first thing that I’ll do is go to protocols, expand it and simply scroll down to ARP RAP. We get this option and then we’ll simply click on the tick icon on detect ARP request storms. Once we’ve done that, we’ll select our Ethernet adapter. Now we will start poisoning our packets. So we’ll click on start stop APR. Now the poisoning is active. So we can see that the status of the packets are being poisoned currently. And if we switch back to Wireshock we can see very well what is currently happening. We can see that between these particular IPs source being .13 and the destination being 10 the packets are currently being intercepted and poisoned.

Detecting and Understanding ARP Spoofing With Wireshark

Now what we can do is stop this detection process with the help of Wireshark and we can go to analyze and click on expert information. So we can clearly see that over here there is a warning which says that duplicate IP addresses have been detected which are mapped to 1010. So what has essentially happened currently is if I switch back pain gain enable we have replicated that particular IP which was the Windows 10 IP address 1010.10.10 and we have assumed that IP address to receive those packets instead of the actual Windows 10 device. So we are basically sniffing those packets that are being sent by the Linux system to that Windows 10 system. So what the Wireshark has done it has successfully managed to detect that there’s a duplicate IP because there are two different MAC addresses attached to the same IP address. So this is essentially how you would detect packet sniffing if you’re a security professional with the help of Wireshark fishing with social engineering toolkit. Now this is one of the most popular attacks that happen around the world. It still happens today but it is very easy to spot these things. You can see the IP address of these websites and you can easily spot these things.

How Social Engineering Toolkit Is Used for Website Phishing Attacks

So what is fishing with SE toolkit? So the social engineering toolkit first of all is an open-source penetration testing framework designed for social engineering. SAT has a number of custom attack vectors that allow you to make a believable attack really quickly. It is a tool that you can download on your Linux systems and you can initiate these attacks with this particular tool. So a lot of attacks you can do with that. Social engineering attacks, penetration testing attacks, third-party modules. Then these are the particular things that you do with that. There are a lot of integrations with social engineering toolkit as well. So fishing is one of those attacks. This is present in the social engineering attack section of the SE toolkit. Fishing is the process of creating a fake login page resembling an application identical or based on something that the target uses, sending the link to that page to the victim and extracting their login credentials in plain text format. So that means that you create something that looks identical to the Facebook login page and you send something like a Facebook.xyz to your victim to your target. The person opens that link, thinks it’s Facebook, enters his username and password in that link. So, you’re smart enough to redirect him to his actual Facebook page. So he actually logs into his Facebook page. But what the target does not know is that you have successfully gained access to his password and username in plain text format.

So if you go ahead and go to the login tab of Facebook and type in those things that you’ve gained, you will also be able to log into his particular session. That is how fishing works. It’s exceptionally harmful if it’s happening on your bank account. Although these days there is a two-factor authentication to prevent exactly this. So that means even if somebody is able to rightfully guess your password, they still wouldn’t get access to your account because they’ll get a text on their phone or they’ll get an authenticator message on their phone and until you enter that authenticator message that they’ve received on their phone, you cannot actually log in. So this is how social engineering toolkit works. So we’ll understand how fishing works with an example right now. Just a quick info guys. Intellipath provides an advanced certification in cyber security by EICT Academy IIT Gojhati. You will get to learn the most important concepts such as ethical hacking, penetration testing and network security. In this course, you’ll get to learn from IIT faculty and industry experts. Reach us out to know more.

So let us now understand website fishing through the social engineering toolkit that you get. So firstly let us start our social engineering toolkit. So simply type in SE toolkit in your par terminal. So once you’ve done that you’ll get a lot of options and then we’ll select social engineering attacks because that is what we’re going to be doing. Now we’re going to select website attack vectors and then we’re going to select credential harvester attack method where we are going to harvest the credentials of victims who decide to choose our fishing link.

So once we’ve done that we’ll use site cloner. Firstly we have to give the postback URL for the website that we’re going to be cloning. So we’re going to use the IP address of this particular host which is 1010.10.13. So we will type in the URL that we want to clone. In our case it’s http www.movcope.com. So it’ll take a bit of time to actually clone the website. So let us now try to open that particular link. So http 10.103. So we can see that we’ve successfully opened up a cloned website. Now if you actually hide this IP address behind a link that looks like it leads to the actual website then you can successfully trick your victim into basically giving up their username and password that they would have normally entered when they were logging into this movie scope website.

So let me show you how this works. So say I type in something like admin and I type in something like password and I press login. So I clicked on the login button. Nothing happened. It could have happened as well if we had actually logged in. But let us see on our parrot security as to what information we have obtained. So we can see that whatever the victim had written down like for instance the username had been admin and the password was password. So we got that in plain text format so we can see how this could be useful for a hacker who’s trying to gain access to

How Anne Fell Victim to a Cyber Attack

Meet Anne. She often shops from www.shoppingcart.com. She has her information like email ID, address, and credit card details saved on the website to enable a faster and hassle-free shopping experience. The required information is stored on a server. One day, Anne received an email stating her eligibility for a special discount voucher from shoppingcart.com. In order to receive the coupon code, she was asked to fill in her shoppingcart.com account credentials. This did not seem fishy to her at the time as she thought it was just an account verification step.

Little did she realize the danger she would be facing. She was knocked off her feet when a substantial amount of money was wiped off her account. How did this happen? Yes, the email she received was fake. Anne’s shoppingcart.com account witnessed unauthorized access from a third party. This type of attack is known as a cyber attack, and the person who carries it out is called a hacker. Could Anne have prevented this attack? Indeed, she could have with the help of cyber security. Cyber security involves techniques that help in securing various digital components, networks, data, and computer systems from unauthorized digital access.

There are multiple ways to implement cyber security depending on the kind of network you are connected to and the type of cyber attacks you are prone to. So let’s take a look at the various cyber attacks that Anne could have been exposed to. One of the most common types of cyber attacks is a malware attack, like trojan, adware, and spyware. Had Anne downloaded any suspicious attachments online, her system could have gotten corrupted by certain malicious viruses embedded within the attachments.

Types of Cyber Attacks Anne Faced

Next is a phishing attack, the type of cyber attack which Anne experienced here. The hacker usually sends fraudulent emails which appear to be coming from a legitimate source. This is done to install malware or to steal sensitive data like credit card information and login credentials. Another type of attack is the man-in-the-middle attack. Here, the hacker gains access to the information path between Anne’s device and the website’s server. The hacker’s computer takes over Anne’s IP address. By doing so, the communication line between Anne and the website is secretly intercepted. This commonly happens with unsecured Wi-Fi networks and also through malware.

Password attack is one of the easiest ways to hack a system. Here, Anne’s password could have been cracked by using either common passwords or trying all possible alphabetical combinations. To prevent future cyber attacks, Anne sought to implement a few cyber security practices. First, she installed a firewall. As the name suggests, it is a virtual wall between Anne’s computer and the internet. Firewalls filter the incoming and outgoing traffic from your device to safeguard your network. They can either be software applications or hardware reinforcements.

Secondly, Anne implemented honeypots. Just like how flowers attract bees, dummy computer systems called honeypots are used to attract attackers. These systems are made to look vulnerable in order to deceive attackers. This in turn defends the real system. In addition to these, she also decided to use unique alphanumeric passwords, antivirus software, and started avoiding mails from unknown senders.

Organizational-Level Cyber Attacks

That was Anne’s story. Cyber attacks are not just confined to individuals but also to public and private organizations. The cyber attacks carried out in such places are more deadly, and they result in colossal losses. Motives of such attacks are many, starting from tampering with crucial data to monetary gains. Let’s have a look at a few of the cyber attacks that companies are subjected to. Various public sector organizations and large corporations face the advanced persistent threat (APT). In this form of attack, hackers gain access to networks for a prolonged period in order to continuously gain confidential information.

Companies also witness the denial-of-service attack, where networks are flooded with traffic, which in turn leaves legitimate service requests unattended. A variant of this is the distributed denial-of-service (DDoS) attack, when multiple systems are used to launch the attack. When a hacker manipulates a standard SQL query in a database-driven website, it is known as a SQL injection attack. By doing so, hackers can view, edit, and delete tables from databases.

Cyber Security Jobs, Career Path, and Future Threats in the Construction Industry

Amidst a plethora of cyber attacks, it is indeed a challenge for organizations with several networks and servers to ensure complete security. This is not an easy task. To help with this, cyber security professionals are hired to work on identifying cyber threats and securing a company’s network. There are multiple job roles in the field of cyber security. If hacking fascinates you, then the role of an ethical hacker is something to be explored. Such professionals try to identify a network’s vulnerabilities just like how a hacker would, but only to identify those vulnerabilities and resolve them for protection against an actual cyber attack.

If you are looking to design robust security structures, then the role of a security architect is more apt. A Chief Information Security Officer (CISO) plays a crucial role in enterprise security and is entrusted with the overall safety of the information in an organization. So here’s a question for you. Identify the type of cyber attack where the hacker’s system takes over the client’s IP address: A. DDoS attack, B. Man in the middle attack, C. Phishing attack, D. Password attack. Give it a thought and leave your answers in the comments section below. Three lucky winners will receive Amazon gift vouchers.

With the increase in the production of global digital data, it is anticipated that cyber attacks will quadruple in the near future. Organizations are going to need cyber security professionals who can prevent these attacks. A career in the field of cyber security is lucrative and a very smart decision for professionals now. So what are you waiting for? Get certified with Simplilearn and become a cybersecurity expert. If you enjoyed this video, a thumbs up would be really appreciated. Don’t forget to subscribe to the Simplilearn channel and hit the bell icon to never miss an update on the latest trending technologies. Thank you for watching and stay tuned for more from Simplilearn.

The construction industry is rapidly evolving with digital tools like BIM and IoT devices. These innovations enhance efficiency but also introduce new risks such as data breaches and cyber attacks, which can disrupt operations. Cyber security is now as crucial as wearing a hard hat on site.

Read Also: How to Use the SQL OR Operator to Combine Multiple WHERE Conditions