5 Phases of Ethical Hacking

You are currently viewing 5 Phases of Ethical Hacking
(Last Updated On: December 13, 2020)

This is not to motivate you to hack and shut down websites but to provide a general idea of how the daily hacks are performed and to protect yourself from such incidents at least take some precautions.

This article explains 5 steps of Ethical Hacking taking an example of a Hacker trying to hack any server and gaining unauthorized access to all the data.

5 phases of ethical hacking explained in diagram

1. Reconnaissace

This is the first phase where the Hacker tries to collect as much information as possible about the target system. 

It includes Identifying the Target System, finding out the target's IP Address Range, Network, DNS records, etc.

It is also called as Footprinting and information gathering Technique. 

This is the phase where we collect as much information as possible about the target. 

We usually collect information about three groups, 

  1. Network
  2. Host
  3. People involved

There are two types of Footprinting:

Active: Directly interacting with the target to gather information about the target system.

 Eg Using Nmap tool to scan the target

Passive: Trying to collect information about the target without directly accessing the target system. 

This involves collecting information from social media, public websites, blogs, etc.

2. Scanning

This phase includes the usage of tools like dialers, port scanners, network mappers, sweepers, and vetulnerability scanners to scan data.

Hackers are now probably seeking any information that can help them perpetrate attacks such as computer names, IP addresses, and user accounts. 

Now the hacker has some basic information, the hacker now moves to the next phase and begins to test the network for other avenues of attacks. 

The hacker decides to use a couple of methods for this end to help map the network

 (i.e. Kali Linux and find an email to contact to see what email server is being used). 

Three types of scanning are involved:

Port scanning: This phase involves scanning the target for the information like open ports, closed ports, Live systems, various services running on the host.

Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited on the system. Usually done with the help of automated tools Eg., Nikto.

Network Mapping: Finding the topology of network, routers, firewalls servers if any available, and host information and drawing a network diagram model with the available information. 

3. Gainning Access

After scanning, the hacker designs the blueprint of the network of the target system with the help of data collected during Phase 1 and 2.  

Vulnerabilities discovered during the reconnaissance phase and scanning phase are now exploited to gain access. 

This is the exact phase where the real hacking started. 

This phase is also known as where an attacker breaks into the system/network using various tools or methods. 

After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide sensitive data.

This method of connection to the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), the Internet, or offline. 

Examples include stack-based buffer overflows, denial of service (DoS), XSS, and session hijacking.

Gaining access is known in the world hacker as owning the system.


4. Maintaining Access

Once a hacker has gained access, they want to keep that access for future exploitation and additional attacks. 

Once the hacker owns the system, they can use it as a base to launch additional experimental attacks. 

In this case, the owned system is sometimes referred to as a zombie system. 

Now that the hacker has multiple e-mail accounts, the hacker begins to test each account on the domain. 

The hacker from this point of view creates a new administrator account for themselves based on the naming structure and try and blend in. 

As a precaution, the hacker begins to look for and identify accounts that have not been used for a long period. 

The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell to extend their possible access. 

No overt exploitation or attacks will occur at this time. If there is no evidence of detection, a waiting game is played letting the victim think that nothing was disturbed.  

with access to a data, hacker begins to make copies of all emails, appointments, contacts, instant messages and files to be sorted through and used later.

5. Covering Tracks

Before the attack, the attacker would change their MAC address and run the attacking machine through at least one VPN to help cover their identity. 

They will not deliver a direct attack or any scanning technique that would be deemed “unharmonious sounds”.

Once access is gained and privileges have been escalated, the hacker seeks to cover their tracks. 

This includes clearing out Sent emails, clearing server logs, temp files, intrusion detection system (IDS) alarms, etc. 

The hacker will also look for indications of the email provider alerting the user or possible unauthorized logins under their account through emails.

kamlesh pendurkar

hacker and security professional. website penetration tester.

Leave a Reply