The Five Phases of Hacking
Reconnaissance :-
- Reconnaissance refers to the preparatory phases where an attacker seeks to gather information about a target prior to launching an attack.
- This is the primary phase where the Hacker tries to collect as much information as possible about the target.
- It includes Identifying the Target, finding out the target's IP Address Range, Network, DNS records, etc.
- An attacker might return to this phase when he/she needs to find out more information about the target.
Types of reconnaissance :-
- Passive reconnaissance : It involves acquiring information without direct interaction with the target. For example, searching public records or news releases.
- Active reconnaissance : It involves interacting with the target by any means. For example, telephone calls or emails to the help desk or technical department.
Scanning :-
- Scanning refers to a pre-attack phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance.
- It involves taking the information discovered during reconnaissance and using it to examine the network.
- Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners.
- Hackers extract information such as live machines, ports, port status, OS details, device type, system uptime, etc. to launch the attack.
Gaining Access :-
- Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network.
- The attacker can gain access at the operating system level, application level, or the network level.
- After scanning, the hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2.
- This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.
- The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline.
- Examples include stack based buffer overflows, password cracking, denial of service (DoS), and session hijacking.
- Gaining access is known in the hacker world as owning the system.
Maintaining Access :-
- Maintaining access refers to the phase when the attacker tries to retain his/her ownership of the system.
- Once a hacker has gained access, they want to keep that access for future exploitation and attacks.
- Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans.
- Once the hacker owns the system, they can use it as a base to launch additional attacks. Attackers can upload, download, or manipulate data, applications, and configuration on the owned system.
- In this case, the owned system is sometimes referred to as a zombie system.
Clearing / Covering Tracks :-
- Covering tracks refers to the activities carried out by attacker to hide malicious acts.
- The attacker's intention include : continuing access to victim's system, remaining unnoticed and uncaught, deleting the evidence that might lead to his prosecution.
- The attacker overwrites the server, system, and application logs to avoid suspicion.
- Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action.
- Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms.
- Examples of activities during this phase of the attack include steganography, the use of tunneling protocols, and altering log files.
The article became a bit lengthy but it is just a small bit really...its just a introduction to the phases.
ReplyDeleteThere are complete chapters on it which include how, where and when these steps are done. But before going into that deep well, I will just make you clear of the common terms you read in the above article like port scanners, uptime of a system, OS a system uses, buffer overflows, live machines, port status etc..
Understanding those terms would clear your basics and then we will move on to the real Hacking.
Stay connected..Thanks
CONTACT: onlineghosthacker247 @gmail. com
ReplyDelete-Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
-Let them Help You Hack Any Website Or Database
-Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
-Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
-And All Related Services
- let them help you in recovery any lost fund scam from you
onlineghosthacker Will Get The Job Done For You
onlineghosthacker247 @gmail. com
TESTED AND TRUSTED!
Lol trust me I cant be messed with by any man because anonymousmaskhat@gmail.com got me covered if you feel you can cheat on me and think I would not find out lol try it and watch me catch you red handed with anonymousmaskhat@gmail.com.
ReplyDeleteA white hat hacker is a skilled coder who uses their coding skills to protect small businesses from being hacked. You can Hire a Hacker. These hacker specialists also reinforce weak networks in an effort to keep employees and customers safe. They may also work on behalf of a hacking company, allowing them to monitor their network to identify any suspicious activity.
ReplyDeleteThere are ethical reasons to hire a hacker, and it is important to know who you're hiring before committing any of these actions.
ReplyDeleteYou are looking for an urgent loan.
Looking for an urgent loan? Or: To restart your financial activities? Renovate the interior of your apartment, your home, your building? To rent ? You buy a car for the wedding? Set a debt? To carry out a project? Or for other reasons, if you need a loan, please contact us by e-mail: challotloan@gmail.com