Reconnaissance is the first phase of hacking. This stage involves gathering information about the target. The information can be collected from anywhere including but not limited to search engines like Google, researching target’s website, WhoIs information or using any other tool. Recon is of two types, passive reconnaissance and active reconnaissance.
Passive reconnaissance includes gathering information without directly connecting to the target. This is done by using search engines or WhoIs lookup.
The other type is Active reconnaissance, which is done by directly interacting with the target to enumerate information. Active recon gives more information but there is a higher chance of getting caught while conducting them.
In the second phase of hacking, scanning is using the information gathered in the reconnaissance phase and enumerating the target with its help. This involves the use of network mapping tools like Nmap or using vulnerability scanners to reveal any weak points on the target network.
This tells hacker the information about the victim’s network and devices and also the possible attack vectors to exploit. Scanning is often an active process, that is, the attackers directly interacts with the target which increases the danger of being caught.
3. Gaining Access / Exploitation
Followed by Scanning is the actual hacking part of the attack. In the exploitation phase, the attacker uses the information he scanned in the second phase (vulnerabilities and network services) to attack the weak points.
The attack could be anything like a Phishing, Buffer Overflow or a vulnerability already discovered but not patched (0-day exploit). After this step, the attacker has access to the victim’s machine/network. After gaining access, the next step is to maintain that access.
4. Maintaining Access
After a successful exploit, a hacker needs to maintain access to the target. Maintaining access means to add a backdoor to the target machine/network so that the attacker may come back in future if needed.
The machine in control of the hacker is often called a zombie system. An attacker can do multiple things to gain persistence like injecting a malware, removing the password protection, adding a root-kit, etc. A hacker can also use this ‘zombie’ machine for any other attacks on the same or any other organisation(s).
5. Clearing Tracks
The last phase of hacking is clearing tracks. In this stage, the attacker clears most if not all the tracks that can lead to him. This can be done by clearing the access logs, blocking Intrusion Detection System (IDS) alarms, removing temporary files, etc.
The hacker will also look for indications of the email provider alerting the user or possible unauthorized logins under their account. This step also includes creating a report of the attack for further investigations.
We hope that you’ll understand the the phases of hacking. We do not part in any illegal activity and we hope from our audience to do the same.
If you think you are compromised, inform the service providers and if you are confirmed then you must report it to the cyber crime department. These days such incidents are being taken seriously.