The 5 Phases Every Hacker Must Follow

Originally to “hack” meant to possess extraordinary computer skills able to extend the limits of computer systems. Hacking required great proficiency. However, today there are automated tools and codes available on the Internet that make it possible for anyone with a will and desire to hack and succeed. The ease with which system vulnerabilities can be exploited increased while the knowledge curve required to perform such exploits shortened. The concept of the elite/super hacker is an illusion.

However, hackers are generally intelligent individuals with good computer skills and the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers intend to steal data. In general, there are five phases in which an intruder advances an attack that are covered in this series:

1. Reconnaissance

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Covering Tracks

Phase 1—Reconnaissance

Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. In this phase the attacker also draws on competitive intelligence to learn more about the target. This phase may involve network scanning, either external or internal, without authorization and allows potential attackers to strategize their attack. This could take some time as the attacker waits to unearth crucial information.

Who engages in Reconnaissance?

Reconnaissance techniques can be categorized broadly into active and passive reconnaissance.

When attackers use passive reconnaissance techniques, they don’t interact with the system directly. They use publicly available information, social engineering, and dumpster diving as a means of gathering information.

Social Engineer:

A social engineer is a person who smooth-talks people into revealing information such as unlisted phone numbers, passwords, and other sensitive information.

Dumpster Diver:

A dumpster diver looks through an organization’s trash for discarded sensitive information. Attackers can use the Internet to get information like employees’ contact information, business partners, technologies in use, and other critical business knowledge, but dumpster diving may provide them with even more sensitive information such as usernames, passwords, credit card statements, bank statements, ATM slips, social security numbers, telephone numbers, etc.

For example, a Whois database can provide information about Internet addresses, domain names, and contacts. If potential attackers get DNS information from the registrar and are able to access it, they can obtain useful information such as the mapping of domain names to IP addresses, mail servers, and host information records. It’s important that a company has appropriate policies to protect its information assets and also provide guidelines to its users. Building user awareness of the precautions they must take in order to protect their information assets is a critical factor in this context.

Active Reconnaissance Attacker:

When attackers employ active reconnaissance techniques, they try to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications.

Some experts don’t differentiate scanning from active reconnaissance, but there’s a slight difference since scanning involves more in-depth probing. Often reconnaissance and scanning phases overlap. Attackers typically use active reconnaissance when there’s a low probability that the reconnaissance activities will be detected. Newbies and script kiddies often attempt this to get faster, visible results and sometimes just for the bragging rights.

As an ethical hacker, you must be able to distinguish among the various reconnaissance methods and be able to advocate preventive measures in the light of potential threats. Companies, on their part, must address security as an integral part of their business and/or operational strategy, and be equipped with proper policies and procedures to check for such activities.

Excerpted from Leonard Chin’s white paper, 5 Phases Every Hacker Must Follow which has been reprinted with permission from

Related Courses
Certified Ethical Hacker v7

In this article

Join the Conversation