The hacking process has five phases. These are as follows:
- Maintaining access
- Clearing tracks
The reconnaissance phase is the first phase of the hacking process. This phase is also known as information gathering and footprinting. This phase is very time-consuming. In this phase, we observe and gather all the networks and servers that belong to an organization. We will learn everything about the organization like internet searching, social engineering, non-intrusive network scanning, etc. Depending upon the target, the Reconnaissance phase can last days, weeks or months. The main purpose of this phase is to learn about the potential target as much as possible. We normally collect information about three groups, which are as follows:
- People Involved
Footprinting is of two types:
- Active: In the active reconnaissance, we directly interact with the target to get the information. To scan the target, we can use the Nmap tool.
- Passive: In passive reconnaissance, we indirectly collect information about the target. We can get information about the target from public websites, social media, etc.
After gathering all the target organization’s information, the exploitable vulnerabilities are scanned by the hacker in the network. In this scan, the hacker will look for weaknesses like outdated applications, open services, open ports, and the equipment types used on the network.
The scanning is of three types:
Port scanning: In this phase, we scan the target to get information like live systems, open ports, various systems that are running on the host.
Vulnerability scanning: In this phase, we check the target for weaknesses that can be exploited. This scan can be done using automatic tools.
Network Mapping: In this, we draw a network diagram of available information by finding the routers, topology of the network, firewall servers, and host information. In the hacking process, this map may serve as an important piece of information.
In this phase, the hacker gains access to sensitive data using the previous phase’s knowledge. The hackers use this data and the network to attack other targets. In this phase, the attackers have some control over other devices. An attacker can use various techniques like brute-forcing to gain access to the system.
In this phase, to maintain access to devices, hackers have various options, like creating a backdoor. A persistent attack on the network can be maintained by the hacker using the backdoor. Without fear of losing access to the device, the hacker can perform an attack on the device they have gained control of. Backdoors are noisy. The chances of a hacker being discovered when a backdoor is created. The backdoor leaves a larger footprint for the IDS (intrusion detection system). Using the backdoor, a hacker can access the system any time in the future.
An ethical hacker will never want to leave a track about the activities while hacking. So all the files which are related to the attack, he has to remove it. The clearing tracks phase’s main purpose is to remove all traces through which no one can find him.