All hackers have a series of steps to meet their demands, these steps help hackers to get important information step by step and then use that information to penetrate the system in fact, they will draw a map for themselves through these steps so that they will penetrate the system and exploit their weakness.
As you know, a map is needed to build a building, which tools and objects it used to build.
Hackers use exactly the same steps to infiltrate what tools and information they need to do to achieve their desired result.
- Footprinting and Reconnaissance Step: This is the first step in which the hacker tries to collect information about the target or, better, the organization in question, including IP,contact information, employee information, etc. Information gathering is also called information gathering, this step itself consists of two parts.
- Passive Reconnaissance: In this method, identifying a hacker without communicating with the intended target can get information about it, such as searching the Internet and social networks about the organization, using sites that collect information, trashing, social engineering, etc.
- Active Reconnaissance: In this method, identifying the hacker by communicating and interacting with the intended target can obtain information about it, such as using data collection tools that are installed directly on the hacker’s system and communicate with the intended target, or network tools, etc.
- Scanning Step: The second step that the hacker hasobtained using the information he has obtained in the previous step, this time using network tools and vulnerability scanner andport scanner, census service enumeration. It discovers more detailed information, including live systems, open ports, vulnerability or vulnerabilities, running services, operating system type, operating system version and services, etc. This information helps the hacker to launch his attack in the next step and infiltrate the system.
- Gaining Access Step: The third step in which the hacker uses the information he obtains in stages 1 and 2 can start his attack using the information of the previous steps and the tools he has at his disposal and infiltrate the system, how the attack depends on the type of vulnerabilities as well as the use of various attack and penetration techniques, after the attack is successful. They will use system information and resources for their own purposes.
- Maintaining Access Step: The fourth step that a hacker has to do after accessing and infiltrating the system is to increase their access, because the hacker in the previous step, which had been given initial access, is accessed at the level of a normal user and can only read or run some files, in order to have the entire system at the level of the system administrator, so that in the term Hackers say that increasing the level of access or privilege escalation is to maintain access, and the hacker can also use the system infiltrated for other attacks or do not need to re-enter the previous steps, doing so by rootkits, backdoor and Trojans.
- Clearing Tracks Step: The last step a hacker has to take after raising the level of access and maintaining access is to erase the footprints, as you know, every system in the network world has a unique address called IP that can be detected through which the system requests to other systems or systems have been sent or entered, so it is needed that the hacker erase his footprint, although the hacker can hide from various IP techniques such as using fake IDs or so-called Spoofing IP. However, in order for the system administrator not to notice the intrusion and change of system commands, it is required to erase the logs of the system, these logs can be system and security logs, which help security inspectors or forensic experts track the hacker’s information.