Phases of Ethical Hacking

Pulkit Mital
4 min readMay 16, 2020

The process of Ethical Hacking can be classified into five phases which are mentioned below:

  • Reconnaissance (Information Gathering)
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Covering Tracks

Let’s go to each step and see how these phases are executed when a hacker or pentester wants to hack a target.

Phase 1: Reconnaissance (Information Gathering)

This is the first and crucial step to hacking. The reconnaissance phase is also known as foot-printing and information gathering. This is the preparatory phase, in this phase, we will gather as much information as possible about the target.

This can be divided into two parts

  • Passive Reconnaissance- In this phase, we gather as much information as possible about the target without the target’s knowledge.
    We collect all the information from public websites.
    For eg:
    * If we need the employees’ information of the target company we will search LinkedIn, Facebook
    * For Companies information we can go through LinkedIn Pages, Wikipedia, Crunch Base, Glassdoor, and main website of the target company.
    * We can collect the financial status of the companies via Economic times, stories of getting investment.
    * Getting much useful information of the company from Dumpster Diving (a process where you see the garbage bins near the company to see if there are important papers of the company or not)
  • Active Reconnaissance: In this phase, we are directly interacting with the target and the target system will know that we are getting some information about it. Active reconnaissance includes Banner Grabbing, DNS Zone File Transfer.

Phase 2: Scanning

In the previous step, we have gathered a lot of information about the company like employee details, IP address, domains and sub-domains etc.
Now we will use these information to scan the target for the open ports, services running on it, the operating system that target is running. We will use many tools like Nmap, ping sweepers, SNMP sweepers and vulnerability scanners.
Using Nmap scripting engine, we can find various vulnerabilities on open ports that are running vulnerable services.
As we gather information about open ports, vulnerable services running on it, and vulnerabilities that they are vulnerable to, we go to the next phase which is gaining access.

Phase 3: Gaining Access

This is the phase where actual hacking takes place. The vulnerabilities that we found in phase 1 and 2 can now be used to gain access to a target system. There are various ways that a payload can be sent to a system. Typically, these would be through the network, an adjacent network, local access to the network, or physical access to the computer. There are many examples of exploits like buffer overflows, DoS, and injection vulnerabilities. If an attack is successful, the hacker will have control over the system, able to violate confidentiality, integrity, or availability triad.

Phase 4: Maintaining Access

Once we have access to a target system, we want to keep the access available for future use. This is typically done using tools such as backdoors, rootkits, and other malicious softwares. Once the system is in our control, we can use it as a base to launch additional attacks. The system that has been compromised is sometimes referred to as a zombie system.

Phase 5: Covering Tracks

Once we have gained access to a system, we will need to cover our tracks to avoid detection by defensive security. This would involve removing any sort of evidence of the attack, by deleting logs and potential IDS alarms.

This gives you some idea of the process ethical hackers go through to typically attack a system.