For an overview of the process, let’s look at the steps of ethical hacking to see where foot-printing fits in as well as what future phases hold.
Phase 1: Footprinting
Footprinting is the first phase of the ethical hacking process and is the subject of this article. This phase consists of passively gaining information about a target. The goal is to gather as much information as possible about a potential target with the objective of getting enough information to make later attacks more accurate. The end result should be a profile of the target that is a rough picture but one that gives enough data to plan the next phase of scanning.
Information that can be gathered during this phase includes:
- IP address ranges
- Employee information
- Phone numbers
- Facility information
- Job information
Footprinting takes advantage of the information that is carelessly exposed or disposed of inadvertently.
Phase 2: Scanning
Phase 2 is scanning, which focuses on an active engagement of the target with the intention of obtaining more information. Scanning the target network will ultimately locate active hosts that can then be targeted in a later phase. Footprinting helps identify potential targets, but not all may be viable or active hosts. Once scanning determines which hosts are active and what the network looks like, a more refined process can take place.
During this phase tools such as these are used:
- Ping sweeps
- Port scans
Phase 3: Enumeration
The last phase before you attempt to gain access to a system is the enumeration phase. Enumeration is the systematic probing of a target with the goal of obtaining user lists, routing tables, and protocols from the system. This phase represents a significant shift in your process; it is the initial transition from being on the outside looking in to moving to the inside of the system to gather data. Information such as shares, users, groups, applications, proto- cols, and banners all proved useful in getting to know your target, and this information is now carried forward into the attack phase.
The information gathered during Phase 3 typically includes, but is not limited to:
- Group information
- Hidden shares
- Device information
- Network layout
- Protocol information
- Server data
- Service information
Phase 4: System Hacking
Once you have completed the first three phases, you can move into the system hacking phase. You will recognize that things are getting much more complex and that the system hacking phase cannot be completed in a single pass. It involves a methodical approach that includes cracking passwords, escalating privileges, executing applications, hiding files, covering tracks, concealing evidence, and then pushing into a complex attack.