In this post, we talked about the types of hackers. One of them is ethical hacker. We discuss about the five steps of ethical hacking now. Of course, not necessarily a hacker has to follow these 5 steps in a sequential manner:
Note: Hacking is illegal. The only purpose of hacking is to secure networks, and think like a hacker to be able to secure networks.
Phase 1: Reconnaissance
This phase is also called as Footprinting and information gathering Phase, and int this phase hacker gathers information about a target before launching an attack. It is during this phase that the hacker finds valuable information such as old passwords, names of important employees.
What’s footprinting? It’s a method that used for collecting data from target system. These data include important areas such as:
- Finding out specific IP addresses
- TCP and UDP services
- Identifies vulnerabilities
Having such information is enough to start a successful attack.
There are two types of Footprinting:
- Active: Directly interacting with the target to gather information about the target.
- Passive: Trying to collect the information about the target without directly accessing the target. To this purpose, hacker can use social media, public websites etc.
Hacker may do so by : using a search engine like maltego, researching the target say a website (checking links, jobs, job titles, email, news, etc.), or a tool like HTTPTrack to download the entire website for later enumeration, the hacker is able to determine the following: Staff names, positions, and email addresses. (Source: geeksforgeeks.org)
Phase 2: Scanning
In this phase, hackers are probably seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts. In fact, hacker identifies a quick way to gain access to the network and look for information. This phase includes usage of tools like dialers, port scanners, network mappers, sweepers, and vulnerability scanners to scan data.
Basically, at this stage, four types of scans are used:
- Pre-attack: Hacker scans the network for specific information based on the information gathered during reconnaissance.
- Port scanning/sniffing: This method includes the use of dialers, port scanners, and other data-gathering equipment.
- Vulnerability Scanning: Scanning the target for weaknesses/vulnerabilities.
- Information extraction: In this step, hacker collects information about ports, live machines and OS details, topology of network, routers, firewalls, and servers.
Phase 3: Gaining Access
At this point, the hacker has the information he needs. So first he designs the network map and then he has to decide how to carry out the attack? There are many options, for example:
- Phishing attack
- Man in the middle attack
- Brute Force Attack
- Spoofing Attack
- Dos attack
- Buffer overflow attack
- Session hijacking
- BEC Attack
Anyway, hacker after entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.
Phase 4: Maintaining Access
Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Also, the hacker secures access to the organization’s Rootkits and Trojans and uses it to launch additional attacks on the network. An ethical hacker tries to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.
in this phase hacker has multiple e-mail accounts,, he/she begins to test the accounts on the domain. The hacker from this point creates a new administrator account for themselves based on the naming structure and try and blend in. Hacker begins to look for and identify accounts that have not been used for a long time. The hacker assumes that these accounts are likely either forgotten or not used so they change the password and elevate privileges to an administrator as a secondary account in order to maintain access to the network. The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell in order to extend their possible access. No overt exploitation or attacks will occur at this time. If there is no evidence of detection, a waiting game is played letting the victim think that nothing was disturbed. With access to an IT account the hacker begins to make copies of all emails, appointments, contacts, instant messages, and files to be sorted through and used later. (Source: geeksforgeeks.org)
Phase 5: Clearing Tracks
An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him/her. He/she does this by:
- Clearing the cache and cookies
- Modifying registry values
- Modifying/corrupting/deleting the values of Logs
- Clearing out Sent emails
- Closing all the open ports
- Uninstalling all applications that he/she be used