Finding and fully exploiting system vulnerabilities takes great time and patience. A typical penetration testing requires the ethical hacker to bypass authorization & authentication mechanisms, then probe the network for potential data breaches and network security threats. As a real-world black hat hacker consistently devises new ways to exploit vulnerabilities, an effective, ethical hack should be carefully thought out considering the changing threat landscape.
Ethical hackers undertake several steps of the ethical hacking methodology to find such vulnerabilities. These steps of hacking include: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Clearing Track. While not every hacker follows these steps in sequential order, they offer a systematic approach that yields better results. Let us take a closer look at what these hack phases offer.
When it comes to penetration testing, the first natural question is – What is the first hacking phase?
Before performing any penetration tests, hackers footprint the system and gather as much information as possible. Reconnaissance is a preparatory phase where the hacker documents the organization’s request, finds the system’s valuable configuration and login information and probes the networks. This information is crucial to performing the attacks and includes:
- Naming conventions
- Services on the network
- Servers handling workloads in the network
- IP Addresses
- Names and Login credentials of users connected to the network
- The physical location of the target machine
In this stage, the ethical hacker begins testing the networks and machines to identify potential attack surfaces. This involves gathering information on all machines, users, and services within the network using automated scanning tools. Penetration testing typically undertakes three types of scans:
This involves discovering the network topology, including host information, servers, routers, and firewalls within the host network. Once mapped, white hat hackers can visualize and strategize the next steps of the ethical hacking process.
Ethical hackers use automated tools to identify any open ports on the network. This makes it an efficient mechanism to enumerate the services and live systems in a network and how to establish a connection with these components.
The use of automated tools to detect weaknesses that can be exploited to orchestrate attacks.
While there are several tools available, here are a few popular ethical hacking tools commonly used during the scanning phase:
- SNMP Sweepers
- Ping sweeps
- Network mappers
- Vulnerability scanners
3. Gaining Access
After collecting the details required to enter the system or network, the next phase is to gain access, find more information, and launch attacks. For the networks without any encryption, it takes little effort to sniff out the data.
In case the network and systems use end-to-end encryption with WEP, WPA, or WPA2 methods, then the task becomes a bit complicated. For accessing the encrypted data, the decrypt keys are required.
Regardless of the security practices in place, the aim of the hacker, after entering the network or system, is to get admin-level access somehow. When he has admin-level access, any data can be stolen or modified.
Hackers typically use many hacking tools and techniques to simulate attempted unauthorized access, including:
- Buffer overflows
- Injection attacks
- XML External Entity processing
- Using components with known vulnerabilities
If the attacks are successful, the hacker has control of the whole or part of the system and may simulate further attacks such as data breaches and Distributed Denial of Service (DDoS).
4. Maintaining Access
After compromising a network, the attackers look to maintain the access for a long time. They want to carry out additional attacks, access more confidential data, until they get what they want to get.
In many instances, they leave some additional vulnerabilities or points of entry to exploit the network in the future whenever required. Unless the victim fixes the vulnerabilities, the attacker can use it for several sorts of ill purposes.
5. Clearing Tracks
Clearing tracks is the process of clearing all the evidence that may allow the victim to reach the attacker.
A smart hacker does this by clearing the cache and cookies, deleting sent emails, closing the open ports, changing or deleting the logs and registry files, uninstalling the apps used by him, and deleting files/folders.
To avoid any evidence that leads back to their malicious activity, hackers perform tasks that erase all traces of their actions. These include:
- Uninstalling scripts/applications used to carry out attacks
- Modifying registry values
- Clearing logs
- Deleting folders created during the attack
For those hackers looking to maintain undetected access, they tend to hide their identity using techniques such as:
Having successfully performed all the 5 steps of ethical hacking, the ethical hacker then concludes the steps of ethical hacking by documenting a report on the vulnerabilities and suggesting remediation advice.