Hacking Phases

Subscribe to my newsletter and never miss my upcoming articles

Listen to this article

The following are the five phases of hacking: -

Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks Reconnaissance Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering information about the target before launching an attack using different tools and techniques. The gathering of information about the target makes it easier for an attacker, even on a large scale. Similarly, on large scale, it helps to identify the target range.

In Passive Reconnaissance, the hacker is acquiring information about the target without interacting with the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target.

Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk, or technical departments.

Scanning The scanning phase is a pre-attack phase. In this phase, the attacker scans the network by information acquired during the initial phase of reconnaissance.

Scanning tools include Dialler, Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner. During the scanning phase, the attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.

Gaining Access The gaining access phase of hacking is the point where the hacker gets control over an operating system, application, or computer network. Control gained by the attacker defines the access level such as operating system level, application level, or network-level access. Techniques include password cracking, denial of service, session hijacking or buffer overflow, and others are used to gain unauthorized access. After accessing the system; the attacker escalates the privileges to obtain complete control over services and processes and compromise the connected intermediate systems.

Maintaining Access / Escalation of Privileges The maintaining access phase is the point when an attacker is trying to maintain access, ownership & control over the compromised systems. Similarly, the attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits, or Trojans to retain their ownership. In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration. To compromise other systems, the attacker uses this compromised system to launch attacks.

Clearing Tracks An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities.

Covering tracks is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed, and wipe all evidence that indicates his identity. To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.

Share this