In general, there are five phases of hacking:
– Gaining Access
– Maintaining Access
– Fearing Tracks
Hacking Phase: Reconnaissance
Reconnaissance refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack. In this phase, the attacker draws on competitive intelligence to learn more about the target. It could be the future point of return, noted for ease of entry for an attack when more about the target is known on a broad scale. Reconnaissance target range may include the target organization’s clients, employees, operations, network, and systems.
This phase allows attackers to plan the attack. This may take some time as the attacker gathers as much information as possible. Part of this reconnaissance may involve social engineering. A social engineer is a person who convinces people to reveal information such as unlisted phone numbers, passwords, and other sensitive information. For instance, the hacker could call the target’s Internet service provider and, using whatever personal information previously obtained, convince the customer service representative that the hacker is actually the target, and in doing so, obtain even more information about the target.
Another reconnaissance technique is dumpster diving. Dumpster diving is, simply enough, looking through an organization’s trash for any discarded sensitive information. Attackers can use the Internet to obtain information such as employees’ contact information, business partners, technologies currently in use, and other critical business knowledge. But dumpster diving may provide them with even more sensitive information, such as user names, passwords, credit card statements, bank statements, ATM receipts, Social Security numbers, private telephone numbers, checking account numbers, and any number of other things.
Searching for the target company’s web site in the Internet’s Who is database can easily provide hackers with the company’s IP addresses, domain names, and contact information.
Hacking Phase: Gaining Access
during this phase, hacker designs the blueprint of the network of the target with the assistance of information collected throughout section one and section two. The hacker has finished enumerating and scanning the network and currently decides that they need a some choices to achieve access to the network.
This section is wherever an attacker breaks into the system/network exploitation numerous tools or strategies. once getting into a system, he has got to increase his privilege to administrator level therefore he will install an application he desires or modify information or hide information. In section three the attacker would exploit a vulnerability to achieve access to the target. This usually involves taking management of 1 or a lot of network devices to extract information from the target or use that device to perform attacks on alternative targets.
Hacking Phase: Scanning
Scanning is the phase immediately preceding the attack. Here, the attacker uses the details gathered during reconnaissance to scan the network for specific information. Scanning is a logical extension of active reconnaissance, and in fact, some experts do not differentiate scanning from active reconnaissance. There is a slight difference, however, in that scanning involves more in-depth probing on the part of the attacker. Often the reconnaissance and scanning phases overlap, and it is not always possible to separate the two. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as the standard Windows utility Trace route. Alternatively, they can use tools such as Cheops to add additional information to trace route’s results.
Port scanners detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is to shut down services that are not required, as well as to implement appropriate port filtering. However, attackers can still use tools to determine the rules implemented by the port filtering.
Hacking Phase: Maintaining Access
Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system. Once an attacker gains access to the target system with administrator level privileges (thus owning the system), he or she is able to use both the system and its resources at will, and can either use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can cause a great amount of damage. For instance, the hacker could implement a sniffer to capture all network traffic, including Telnet and FTP (file transfer protocol) sessions with other systems, and then transmit that data wherever he or she pleases.
Attackers who choose to remain undetected remove evidence of their entry and install a backdoor or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain full administrative access to ten target computer. Rootkits gain access at the operating system level, while a Trojan horse gains access at the application level. Both rootkits and Trojans require users to install them locally. In Windows systems, most Trojans install themselves as a service and run as local system, with administrative access.
Hacking Phase: Clearing Tracks
For obvious reasons.. Such as avoiding legal trouble and maintaining access, attackers will usually attempt to erase all evidence of their actions. Clearing tracks refers to the activities carried out by an attacker to hide malicious acts. The attacker’s intentions include continuing access to the victim’s system, remaining unnoticed and uncaught, deleting evidence that might lead to his/her prosecution. Attackers always cover their tracks to hide their identity. Other techniques include stenography and tunneling. Stenography is the process of hiding data in other data,. For instance image and sound files.
Tunneling takes advantage of the transmission protocol by carrying one protocol over another. Attackers can use even a small amount of extra space in the data packet’s TCP and IP headers to hide information.