Phases of Hacking
There is a certain procedure or steps that the hacker follows to carry out his activities. These are better known as phases as mentioned below.
a. Reconnaissance
b. Scanning and Enumeration
c. Gaining access
d. Backdoors / maintaining access
e. Covering tracks
a. Reconnaissance :
Reconnaissance is a way to obtain information by visual observation or other detection methods, about the activities and resources of a victim under consideration. The victim could be a website , a wireless network , entire IT infrastructure , any individual.
Active reconnaissance : The attacker interacts with the system by doing ping sweep, port scanning etc. This type of attack can be recognized easily as it generally directly hits the target system to gather the information about the system where the actual probing gets logged on the victim system or over the IDS/IPS (Intrusion Detection) systems..
Few ways to do it are ,
Ping sweep : Range of ip address to which ICMP echo request is send to verify whether the system is alive. You can do it on multiple systems at one go.
DNS search/zone transfer: Collecting information about the different hostnames gives hints about the kind of services and information that is available on the servers.
whois information: One can collect information about the company by using DNS registration information.
The DNS registration information can be collected by using whois.
Port scanning : This help us to identify the services that are running on the system so as to find out which system to be targeted.
Passive reconnaissance : Here the attacker will silently gather information about the target under consideration. As the probing is not directly against the victim, it remains stealth.
The attacker uses techniques like social engineering, publicly available information and dumpster diving.
Social engineering: Making a legitimate user to reveal information about the system. The information could be password, system ip address, services running on the system etc.There are again various ways are doing it like posing as employee of company, using helpdesk sections etc.
Publicly available information: Information that is available by public available media, website are some of the examples.
Dumpster Diving: Collecting information from garbage.
Disclaimer: Note that this information is for educational purpose and to prevent innocent people from becoming prey to the hackers...Please use it judiciously
a. Reconnaissance
b. Scanning and Enumeration
c. Gaining access
d. Backdoors / maintaining access
e. Covering tracks
a. Reconnaissance :
Reconnaissance is a way to obtain information by visual observation or other detection methods, about the activities and resources of a victim under consideration. The victim could be a website , a wireless network , entire IT infrastructure , any individual.
Active reconnaissance : The attacker interacts with the system by doing ping sweep, port scanning etc. This type of attack can be recognized easily as it generally directly hits the target system to gather the information about the system where the actual probing gets logged on the victim system or over the IDS/IPS (Intrusion Detection) systems..
Few ways to do it are ,
Ping sweep : Range of ip address to which ICMP echo request is send to verify whether the system is alive. You can do it on multiple systems at one go.
DNS search/zone transfer: Collecting information about the different hostnames gives hints about the kind of services and information that is available on the servers.
whois information: One can collect information about the company by using DNS registration information.
The DNS registration information can be collected by using whois.
Port scanning : This help us to identify the services that are running on the system so as to find out which system to be targeted.
Passive reconnaissance : Here the attacker will silently gather information about the target under consideration. As the probing is not directly against the victim, it remains stealth.
The attacker uses techniques like social engineering, publicly available information and dumpster diving.
Social engineering: Making a legitimate user to reveal information about the system. The information could be password, system ip address, services running on the system etc.There are again various ways are doing it like posing as employee of company, using helpdesk sections etc.
Publicly available information: Information that is available by public available media, website are some of the examples.
Dumpster Diving: Collecting information from garbage.
Disclaimer: Note that this information is for educational purpose and to prevent innocent people from becoming prey to the hackers...Please use it judiciously
Replies
You are reading an archived discussion.
Related Posts
Is it possible to get coordinates from an external GPS transmitter and received on smart phone and displayed on Google map?
If yes please help 😀
Hey folks a kin here keen to develop myself. Rest is silence about private style But in it all I am What I am.
Hey guys My first post here I am designing a high speed switch and I got stuck here the deviced used ??😔
The first part was real easy and simple...
Here is my small contribution to this section
First never see BUDGET"
Next FIX THE SIZE OF BOT
Then comes the DESIGN . Here you will have to make the...
uBuntu fans (we've a large number of them here on CrazyEngineers) will be happy to hear the news. System76 has launched world's fastest gaming machine that runs on uBuntu -...