The 5 Phases of a hacker attack: Anatomy of an attack

Phase 1 - Reconnaissance (Reconnaissance)

Recognition refers to the preparatory phase where the attacker obtains all necessary information from your target or victim before launching the attack. This phase may also include scanning the network that the hacker wants to attack no matter whether the attack will be internal or external. This phase allows the attacker to create a strategy to attack.

This phase may include social engineering, scavenging (dumpster diving), find the type of operating system and applications use the target or victim, which are the ports that are open, where they are located routers (routers), which are hosts (terminals, computers) more accessible, search the Internet database (Whois) information such as Internet addresses (IP) addresses, domain names, contact information, email servers and all information can be extracted from DNS (Domain Name Server).

This phase may take some time to Hacker as he has to analyze all the information it has obtained to launch the attack with more precision.

Phase 2 - Scan (Scanning)

This is the phase that the attacker performed prior to launch an attack on the network (network). In scanning the attacker uses all information obtained in Phase Recognition (Phase 1) to identify specific vulnerabilities. For example, if the attacker Phase 1 found that the purpose or the victim uses the Windows XP operating system specific vulnerabilities then seek to have that operating system to know where to attack.

It also makes a port scan to see which ports are open to know which port is going to come and use automated tools to scan the network and host for more Vulnerabilities that allow access to the system.

Phase 3 - Gaining Access (Gaining Access)

This is one of the most important phases for Hacker because it is the penetration phase of the system, at this stage the hacker exploits the vulnerabilities found in step 2. Exploitation can occur locally, offline (not connected) on the LAN (Local Area Network), or on the Internet and may include techniques such as buffer overflows (buffer overflow), denial-of-service (denial of service) session hijacking (session hijacking), and password cracking (breaking or guessing passwords using various methods like: dictionary attack and brute force).

The factors that help the Hacker at this stage to have a successful penetration into the system depend on how the system architecture and how it is configured by the target or victim, a simple security configuration means easier access to the system, another factor to consider is the level of skills, abilities and knowledge of computer security and networks that have the Hacker and the level of access that was the beginning of penetration (Phase 3).

Phase 4 - Maintaining Access (Maintaining Access)

Once the hacker gains access to the target system (Fase3) its priority is to maintain the access gained to the system. At this stage the Hacker uses its resources and system resources and uses the target system as a launching pad for attacks to scan and exploit other systems that want to attack, it also uses programs called sniffers to capture all network traffic, including sessions telnet and FTP (File Transfer Protocol).

At this stage the hacker may have the ability to upload, download and alter programs and data.

At this stage the hacker wants to remain undetected and that removes evidence of its penetration into the system and makes use of Backdoor (backdoors) and Trojans to gain access at another time and try to have access to highly privileged accounts such as Administrator accounts. They also use Trojans (Trojans) to transfer user names, passwords and even credit card information stored in the system.

Phase 5 - Covering tracks (Covering Tracks)

This phase is where the hacker tries to destroy all evidence of their illegal activities and does so for several reasons among them still maintain access to the compromised system and erase your tracks if network administrators do not have clear tracks of the attacker and the Hacker can still entering the system at any time, in addition to covering their tracks to avoid being detected and getting caught by the police or the Feds.

The tools and techniques used for this are Trojan horses, Steganography, tunneling, Rootkits and alteration of the "log files" (files that store all the events in a computer system and allows detailed information about the habits of users), once the hacker was able to plant Trojan horses in the system is assumed to have total control of the system.

Author Bio
The above article is composed and edited by Greg Salter. He is an author at PC tricks Blog and writes about latest ethical hacking tricks.Lately he also got interested in other Internet technologies like Facebook and money making tricks.