Hacking Concepts, Types, and Phases
1. Hacker
Hacker is the one who is smart enough to steal the information such as Business data, personal data, financial information, credit card information, username & Password from the system he is unauthorized to get this information by taking unauthorized control over that system using different techniques and tools. Hackers have great skill, ability to develop software and explore software and hardware. Their intention can be either doing illegal things for fun or sometimes they are paid to hack.
2. Hacking
The Term "Hacking" in information security refers to exploiting the vulnerabilities in a system, compromising the security to gain unauthorized command and control over the system resources. Purpose of hacking may include modification of system resources, disruption of features and services to achieve goals. It can also be used to steal information for any use like sending it to competitors, regulatory bodies or publicizing the sensitive information.
3. Hacking Phases
The following are the five phases of hacking: -
- Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Clearing Tracks
- Reconnaissance
Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the information about the target before launching an attack using different tools and techniques. Gathering of information about the target makes it easier for an attacker, even on a large scale. Similarly, in large scale, it helps to identify the target range.
In Passive Reconnaissance, the hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target.
Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical departments.
- Scanning
Scanning phase is a pre-attack phase. In this phase, attacker scans the network by information acquired during the initial phase of reconnaissance. Scanning tools include Dialler, Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner. During the scanning phase, attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.
- Gaining Access
Gaining access phase of hacking is the point where the hacker gets the control over an operating system, application or computer network. Control gained by the attacker defines the access level such as operating system level, application level or network level access. Techniques include password cracking, denial of service, session hijacking or buffer overflow and others are used to gain unauthorized access. After accessing the system; the attacker escalates the privileges to obtain complete control over services and process and compromise the connected intermediate systems.
- Maintaining Access / Escalation of Privileges
Maintaining access phase is the point when an attacker is trying to maintain the access, ownership & control over the compromised systems. Similarly, attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits or Trojans to retain their ownership. In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration. To compromise other systems, the attacker uses this compromised system to launch attacks.
- Clearing Tracks
An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities. Covering track is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed and wipe all evidence that indicates his identity. To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.
