Passive reconnaissance is gathering information about the target we intend to hack. Naturally, this is done without the knowledge of the target system and user. Much like what the military does when they scope out an area they plan to attack. In passive recon the target system is not engaged in any way. Information and intel is collected by simply observing.
Sniffing the network is a way of conducting a passive reconnaissance and can give you very useful intel such as IP address, networks in the area etc. Sniffing is like what a dog does, he sniffs out information on networks. Using sniffing, the hacker studies the system, information and data flow and looks for vulnerabilities within the target network.
Active reconnaissance is when the hacker engages the system and looks for vulnerabilities to enter a network. it involves more risk than conducting a passive recon, since there is high risk of being detected as anfoutsider and intruder and being blocked by the security systems put in place by the target network. Both passive and active reconnaissance is helpful in the discovery of critical initial information on the target system. lP address, kind of 05 at work etc are all information that aid and assist the hacker find vulnerabilities in the network and therefore plan his attack.
Phase 2: Scanning
Scanning is the stage when all the information that is collected is taken and run through different tools that may be available and examined. The scanning helps the hacker in preparing for his attack. Whether it’s the lP address, type of packets, operating systems in use; all the collected information helps the hacker. The hacker can deploy many tools like Vistumbler, inSSlDer and many others that are available depending on the hackers OS.
Phase 3: Gaining Access
This is where the hacking actually happens. In phase 1 and 2, the hacker had searched and studied the weaknesses and vulnerabilities of the target network. He will now attempt to use those weaknesses to enter the system. He can use many methods to gain this access to the network, from LAN, local access to the PC, the internet. The hacker will gain entry by authenticating himself with the Access Point. So any data he watches, sends or receives, will appear to have been authenticated by the AP.
Phase 4: Maintaining Access
The key to hacking does not lie in just entering the system, but also staying there. Whether he uses packet injections to fool the system network or boots another user to replace him, the hacker ensures that he stays in the system. Once he has access to the system, he may want to keep that access going for future use. They could create back doors or Trojans to ensure no other hacker enters the system and can enter and exit the system when they need to.
Phase 5: Covering Tracks
As is evident from the name itself, hackers like to clean up the place. Like thieves who wipe out any evidence of ever having been there. This is critical, so they can’t be traced or even detected and therefore avoids legal action against them. Steganography permits hackers to conceal information inside image headers and Meta tags that are not obvious. Tunnelling allows hackers to hack through one service that is carried over another service, to increase the difficulty of finding them. A successful attack with maintained access often means continued recon. The more the hacker learns about the system and operations, the more curious he gets and returns to exploit and explore. These five stages are ongoing in a continued loop and format for a hacker who has succeeded in hacking the system.
THE END (The Five phases of hacking process)