Methodology of Ethical Hacking
Reconnaissance and Footprinting
The first phase before rolling out an attack is to collect information about the targeted systems. The attackers research and put in their efforts to find as much information as they can using tools, technologies, and techniques like scanning, enumeration, etc. This phase is called reconnaissance.
The aim of reconnaissance is to find the most straightforward entry point to the target system and make the most out of it. Footprinting is similar to reconnaissance, but it involves collecting data in a less intrusive manner.
Companies or individuals have an internet network or an internal network of multiple systems connected to each other. The hackers need to find some loopholes or vulnerabilities in this network to hack it.
Network scanning is the method used to scan the network and find vulnerabilities in it. In the network scanning, all the active ports, hosts, and services in the targeted network are scanned to detect the point of entry.
Enumeration is the third stage where the attacker starts compromising the vulnerabilities in the target system. Here, the details of the victim are extracted from open ports. These details can include usernames, user groups, network source, routing tables, machine names, banners, SNMP details, DNS details, applications, etc.
After collecting the details required to enter the system or network, the next phase is to gain access, find more information, and launch attacks. For the networks without any encryption, it takes little effort to sniff out the data.
In case the network and systems use end-to-end encryption with WEP, WPA, or WPA2 methods, then the task becomes a bit complicated. For accessing the encrypted data, the decrypt keys are required.
Regardless of the security practices in place, the aim of the hacker, after entering the network or system, is to get admin-level access somehow. When he has admin-level access, any data can be stolen or modified.
After compromising a network, the attackers look to maintain the access for a long time. They want to carry out additional attacks, access more confidential data, until they get what they want to get.
In many instances, they leave some additional vulnerabilities or points of entry to exploit the network in the future whenever required. Unless the victim fixes the vulnerabilities, the attacker can use it for several sorts of ill purposes.
Covering tracks is the process of clearing all the evidence that may allow the victim to reach the attacker.
A smart hacker does this by clearing the cache and cookies, deleting sent emails, closing the open ports, changing or deleting the logs and registry files, uninstalling the apps used by him, and deleting files/folders.