Phases of Ethical Hacking

Srujan Kumar Aakurathi
5 min readJul 1, 2020

--

The following are the phases of Ethical Hacking which has five phases

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Clearing Tracks
Ethical Hacking Phases

Reconnaissance:- Reconnaissance is the phase where “an attacker seeks to gather information of a particular target prior to launch attack” on that target. It is also called as foot-printing. It is a preparatory phase where target range may include the target organization’s clients, employees, operations, networks, and systems.

Reconnaissance or Foot-printing

Here, in the phase of reconnaissance, the attackers gather as much as possible information about the target they have planned for launching an attack. Following are some techniques used for reconnaissance

  • Social Engineering
  • Dumpster Diving

Social Engineering:- Social Engineering is “a technique used by an attacker to gain information from the people by convincing them to reveal their personal information” such as usernames, passwords, and other sensitive information.

Social Engineering

Dumpster Diving:- Dumpster Diving is “the technique used by an attacker to gain discarded sensitive information by simply looking through an organization’s trash”. Attackers use internet to obtain information such as employees’ contact information, business partners, etc. But, dumpster diving gives attackers more sensitive information such as usernames, passwords, bank statements, private phone numbers, etc.

Dumpster Diving

https://whois.net/ is the database where we can search for target company’s website which gives you results such as company’s IP addresses, domain names, etc.

Reconnaissance are of two types which are as follows

  • Active Reconnaissance
  • Passive Reconnaissance

Active Reconnaissance:- Here, in active reconnaissance, the attackers involve direct interactions with the target system by using tools which detects open ports, accessible hosts, router location, network mapping, details of operating system, etc. Attackers use active reconnaissance when there is low probability of detection of these services.

Passive Reconnaissance:- Here, in passive reconnaissance, the attackers doesn’t interact directly with the target but relies on publicly available information, news releases, etc.

Scanning:- Scanning is the phase where “the attacker scans the network for specific information basis on the information gathered during reconnaissance”. Scanning is a logical extension of active reconnaissance which involves more in-depth probing on the part of the attacker. Scanning phase is also called as pre-attack phase.

Scanning

Scanning can include use of port scanners, ping tools, network mappers, vulnerability scanners, etc. Attackers extract information from live machines, ports, etc to launch an attack.

Port Scanners listens to ports on the OS to find information about the services that are running on the target system. To prevent this, we have to shut down the ports that are unnecessary.

Gaining Access:- Gaining Access is the phase “where the attacker obtain access to the operating system or applications on the computer or a network” using the vulnerabilities that were identified in the reconnaissance and scanning phase.

Gaining Access

Gaining Access is the phase in which real hacking occurs. The attacker can gain access at the operating system level, application level, or a network level. Here, the attacker can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised. Following are the examples included

  • Password Cracking
  • Buffer Overflow
  • Denial-of-Service
  • Session Hijacking, etc.

Maintaining Access:- Maintaining Access is the phase “where the attacker tries to retain his/her ownership of the system”. Attacker can use both the systems or resources as well when he/she gains access to the target system with admin/root level privileges.

Maintaining Access

Attackers can either use the system as launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Attackers who choose to remain undetected remove evidence of their entry and install a backdoor or a Trojan to gain repeated access.

Attackers may prevent the system from being owned by other attackers by securing their access with backdoors, rootkits, or Trojans. Attackers can upload, download, or manipulate data, applications, and configurations on the owned system. Attackers use the compromised system to launch further attacks.

Clearing Tracks:- Clearing Tracks refers to “the activities carried by an attacker to hide malicious acts”. The attacker’s intentions include continuing access to the victim’s system, remaining unnoticed and uncaught, deleting evidence that might lead to prosecution.

Clearing Tracks

Here, the attacker overwrites the server, system, and application logs to avoid suspicion. They use tools such as PsTools or Netcat or Trojans to erase their footprints from the system’s log files. Following are some techniques

  • Steganography
  • Tunneling

Steganography:- Steganography is “the process of hiding data in other data”. For example, a text file may hidden inside an image.

Steganography

Tunneling:- Tunneling is “the process of transmission protocol by carrying one protocol over other”. Attackers can use even a small amount of extra space in the data packet’s TCP and IP headers to hide information.

Tunneling

--

--

Srujan Kumar Aakurathi
Srujan Kumar Aakurathi

Written by Srujan Kumar Aakurathi

💻 PenTesting 💣 Ethical Hacking 💥 Exploit ⚠ Vulnerability 🔐 Security