Phases of ethical hacking

Phases of Ethical Hacking 


In order to be successful in hacking, a hacker needs to follow some steps or you can say phases which involves 5 crucial stages which helps hackers to make a structured ethical hacking attack.


Reconnaissance :

This is the first phase of hacking where an attacker gathers as much information as possible. It is also called as footprinting or information gathering. Information that we collect is divided in three groups - network, host, people. There are two types of reconnaissance  - Active & Passive.

Active - Direct communication is involved to gather information about the target. Information can be regarding an individual or an organization so anytime if somebody is taking too much interest on you or your background - Be alert! Tools used to scan a network can be Nmap, Hping, etc

Passive - Here indirect communication takes place. Information can be gathered using social media websites or public websites.


Scanning : 

Here an attacker begins to actively scan a target machine or network for vulnerabilities that can be exploited. Three types of scanning are involved - port scanning, vulnerability scanning, network mapping.

Port Scanning - Here an attacker scans the target to gather information regarding open ports, live systems, services running on the host.

Vulnerability Scanning - An attacker checks if a system has some vulnerability or weakness that can be exploited. This is done using automated tools.

Network Mapping - Here an attacker finds  the topology of network, firewall, routers and host information.


Gaining Access -

Here an attacker exploits the vulnerability to enter into a system. After that he needs to increase his privilege to an administrator to be able to modify data or hide data. The tool that is used is Metasploit


Maintaining Access - 

After gaining access the hacker installs some backdoor or trojans in order to enter into the system in future. The aim is to maintain the access until he finishes his task.


Clearing Track - 

Hacker deletes all his logs so he doesn't get caught in the future. Which involves uninstalling of applications, deletion of folders, modifying log values.








Comments

Post a Comment

Popular

OSI model

Image
OSI model OSI model is an acronym for Open Systems Interconnection is used to define how data is transferred from one system to another system in a computer network. Now you may ask how a network is formed? If two computers are connected to each other with LAN cables, connectors and Network Interface Card forms a network. Since the designing and infrastructure won't be similar of two computers the OSI model was introduced by ISO(International Organization for Standardization) in 1984 for a successful communication between computers or networks. OSI model consists of  7 different layers 1. Application layer 2. Presentation layer 3. Session layer 4. Transport layer 5. Network layer 6. Data link layer 7. Physical layer Now I'm going to give a mnemonic to remember the OSI model Please-Do-Not-Throw-Sausage-Pizza-Away, easy right? Application layer - Application layer does not include applications like chrome, firefox instead it incl
Read more

Ethical hacking terminologies

Image
Ethical Hacking Terminologies  Following is the list of terms that are frequently used in the field of ethical hacking . If you are not aware of these terms then it would be difficult for you to understand the concept of ethical hacking properly. Thus knowing this will ease your process of going further in this domain. Vulnerability -  A weakness, flaw or loophole in a system, network or any device that can be exploited. Threat -  A danger that can exploit an existing bug or vulnerability to compromise the security of a network system. Attack - An action that is done to extract a sensitive data by getting unauthorized access of a system. Phishing - A process where an attacker creates fake website or url which looks like a legit page but it's to trap the user to get sensitive data. Backdoor -  A hidden entry point which can bypass the authentication process i.e logins and passwords also known as trapdoor. Brute
Read more