In this phase, the hacker tries to exploit all the vulnerabilities of the target system

Editor's note:

Nội dung chính Show

What is scanning?
How Scanning Tools Help Hackers
Scanning Is Phase 2 of Hacking
Learn More About Hacking in this Course
Why take Certified Ethical Hacker?
Phase 1: Reconnaissance
Phase 2: Scanning
Phase 3: Gaining access
Phase 4: Maintaining access
Phase 5: Covering tracks
What phase do hackers perform?
What are the phases of cyber security attacks?
At which stage of an ethical hack would the hacker actively apply tools and techniques to gather more in depth information the targets?

This excerpt has been derived from Leonard Chin's white paper, "5 Phases Every Hacker Must Follow," which has been reprinted with permission.

Of the five phases of hacking, attackers often use a method called "scanning" before they attack a network.

What is scanning?

Scanning can be considered a logical extension (and overlap) of active reconnaissance that helps attackers identify specific vulnerabilities.

It's often that attackers use automated tools such as network scanners and war dialers to locate systems and attempt to discover vulnerabilities.

An attacker follows a particular sequence of steps in order to scan a network. The scanning methods may differ based on the attack objectives, which are set up before the attackers actually begin this process.

How Scanning Tools Help Hackers

The most commonly used tools are vulnerability scanners that can search for several known vulnerabilities on a target network and potentially detect thousands of vulnerabilities. This gives attackers the advantage of time because they only have to find a single means of entry while the systems’ professional has to secure many vulnerable areas by applying patches.

Organizations that deploy intrusion detection systems still have reason to worry because attackers can use evasion techniques at both the application and network levels.

Attackers can gather critical network information, such as the mapping of systems, routers, and firewalls, with simple tools like traceroute, which are computer network diagnostic commands. They can also use tools like Cheops, a network management tool, to add sweeping functionality along with what traceroute renders.

Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is to shut down unnecessary services. Appropriate filtering may also be adopted as a defense mechanism, but attackers can still use tools to determine filtering rules.

Scanning Is Phase 2 of Hacking

Scanning is the second phase of hacking. It's preceded by reconnaissance. The remaining phases are:

3. Gaining Access

4. Maintaining Access

5. Covering tracks

Learn More About Hacking in this Course

Certified Ethical Hacker v11

Why take Certified Ethical Hacker?

Given the many cybersecurity attacks and great volume of personal data at risk, plus the potential legal liabilities, the need for certified ethical hackers is quite high. This course is a must-take for anyone responsible for network and data security who is looking to get CEH certified. Read more on the course page here.

An ethical hacker follows a similar process to that of a malicious hacker to gain and maintain access to a computer system. The process of a typical attack scenario can be broken down into five distinct phases, which are described in this article.

Phase 1: Reconnaissance

The first phase is all about gathering preliminary data on the target and learning as much as possible about how it operates. Reconnaissance can be performed actively or passively and sets the basis for further planning the attack. The target usually does not notice anything during this phase.
The used methods typically include identifying the target and discovering the target IP address range, network, domain name, mail server, DNS records, etc... Depending on the target and approach, this may also include non-technical information like employee registers, organizational charts and company relations.

Phase 1 techniques may include the following:

Internet sources
Social engineering
Dumpster diving
Observation

Traditional burglar
When drawing a parallel with a traditional burglar trying to steal from a rich person, this phase would involve finding out where the person lives, at what times he usually is at home and the type of security system or fence he has.

Phase 2: Scanning

In this phase, the information gathered during the reconnaissance phase is used to scan the perimeter and internal network devices looking for weaknesses. This phase requires the use of technical tools to gather further intelligence on the target and about the systems that they have in place.
It includes scanning the target for services running, open ports, firewall detection, finding vulnerabilities, OS detection, etc...

Phase 2 techniques may include the following:

Port scanners
Vulnerability scanners
Network mappers

Traditional burglar
In this phase, a burglar would typically check the locks for complexity or see if there are any open windows he may be able to reach.

Phase 3: Gaining access

In phase 3 the attacker would exploit a vulnerability to gain access to the target. This typically involves taking control of one or more network devices to extract data from the target or use that device to perform attacks on other targets.

Some examples of methods to gain access are:

Abusing a username/password that was found
Exploiting a known vulnerability
Breaking into a weakly secured network
Sending malware to an employee via E-mail or a USB stick on the parking lot

Traditional burglar
This is the phase where the traditional burglar would actually enter the house via an open window.

Phase 4: Maintaining access

After having gained access, the attacker will now need to maintain access long enough to gather as much data as possible or to enable himself to return at a later time.

In order to maintain access for a longer time, the attacker must remain stealthy to not get caught using the host environment.

Some examples of techniques used in this phase:

Privilege escalation
Installation of a backdoor or remote access trojan
Creating own credentials

Traditional burglar
In this phase, the burglar may create a copy of a found key or disable the alarm system long enough for him to extract the goods.

Phase 5: Covering tracks

In the final phase, the attacker will take steps necessary to hide the intrusion and any controls he may have left behind for future visits.
Any changes that were made, installed trojans, backdoors, escalated authorizations, etc. must return to a state in which the attacker's presence cannot be recognized by the network's administrators.

Some examples of covering tracks:

Remove logging
Exfiltration of data via DNS tunneling or steganography
Installation of rootkits

Traditional burglar
In this phase the burglar will wipe the fingerprints from anything he may have touched.

What phase do hackers perform?

D. Explanation: In the process of hacking, actual attacks are performed when gaining access, or ownership, of the network or system. Reconnaissance and Scanning are information gathering steps to identify the best possible action for staging the attack.

What are the phases of cyber security attacks?

Stages of an attack.

Survey - investigating and analysing available information about the target in order to identify potential vulnerabilities..

Delivery - getting to the point in a system where a vulnerability can be exploited..

Breach - exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access..

At which stage of an ethical hack would the hacker actively apply tools and techniques to gather more in depth information the targets?

Scanning and enumeration, the second of five phases of an ethical hack attempt, is the stage in which ethical hackers take the information collected in recon and actively employ tools and techniques to obtain additional in-depth information on the targets.