A hacking methodology refers to the step-by-step approach used by an aggressor to attack a target such as a computer network. There is no specific step-by-step approach used by all hackers. As can be expected when a group operates outside the rules as hackers do, rules do not apply the same way. A major difference between a hacker and an ethical hacker is the code of ethics to which each subscribes.
The following steps, illustrated in Figure 1, typically comprise hacking process.
- Footprinting means that you are using primarily passive methods of gaining information from a target prior to performing the later active methods. Typically, you keep interaction with your target to a minimum to avoid detection, thus alerting the target that something is coming in their direction. A myriad of methods are available to perform this task, such as Whois queries, Google searches, job board searches, and discussion groups.
- Scanning is the phase in which you take the information gleaned from the foot-printing phase and use it to target your attack much more precisely . The idea here is to act on the information from the prior phase, not to blunder around without purpose and set off alarms. Scanning means performing tasks like ping sweeps, port scans, observations of facilities, and other similar tasks. One of the tools you will use is nmap, which is very useful for this purpose.
- Enumeration is the next phase where you extract much more detailed information about what you uncovered in the scanning phase to determine its usefulness. Think of the information gathered in the previous phase, walking down a hallway and rattling the doorknobs, taking note of which ones turn and which ones do not. Just because a door is unlocked doesn’t mean anything of use is behind it. In this phase you are looking behind the door to see if there is anything of value behind the door. Results of this step can include a list of user-names, groups, applications, banner settings, auditing information, and other similar information.
- System hacking follows enumeration. You can now plan and execute an attack based on the information you uncovered. You could, for example, start choosing user accounts to attack based on the ones uncovered in the enumeration phase. You could also start crafting an attack based on service information uncovered by retrieving banners from applications or services.
- If the hacking phase was successful, then you can start to obtain privileges that are granted to higher privileged accounts than you broke into originally. Depending on your skills at escalation of privilege, it might be possible to move from a low-level account such as a guest account all the way up to administrator or system-level access.
- Covering tracks is the phase when you attempt to remove evidence of your presence in a system. You purge log files and destroy other evidence that might give away the valuable clues needed for the system owner to determine an attack occurred. Think of it this way: If someone were to pick a lock to get into your house versus throwing a brick through the window, the clues are much less obvious in the former than the latter. In the latter case you would look for what the visitor took immediately, and in the former case you might notice the break-in much later, after the trail had gone cold.
- The purpose of planting back doors is to leave something behind that would enable you to come back later if you wanted. Items such as special accounts, Trojan horses, or other items come to mind.