Steps Of Hacking

Hello friends, Welcome back to the module of learning ABC of Ethical Hacking. I got various mails regarding the module to add several topics and believe me friends i try my best to improve the module. Now today’s post is on Step of hacking. In this post i elucidate all task perform by hacker to hack.

Steps of Hacking

Hacker performs his Task in 5 Phases.

Steps Of Hacking
Steps Of Hacking

Steps Of Hacking

  1. Reconnaissance
  2. Scanning
  3. Gaining Scanning
  4. Maintaining access
  5. Clearing Tracks

Phase 1 – Reconnaissance

Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack. In this phase hacker simply gather all the information regarding Target.

This Reconnaissance phase can be perform in two way

  • Passive reconnaissance involves acquiring information without directly interacting with the target.

• For example, searching public records or news releases

  • Active reconnaissance involves interacting with the target directly by any means

• For example, telephone calls to the help desk or technical department

Phase 2 – Scanning

Scanning refers to the pre-attack phase when the hacker scans the network for specific information on the basis of information gathered during reconnaissance. Hackers have to get a single point of entry to launch an attack Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability and so on. In this phase we simply find the loop of hole of Target.

Phase 3 – Gaining Access

Gaining access refers to the penetration phase. The hacker exploits the loop hole (vulnerability) in the system. The attack can occur over a LAN, the Internet, or as a deception, or theft. Examples include buffer overflows, denial of service, session hijacking, and password cracking

Influencing factors include architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. In this phase we attack the Victim.

Phase 4 – Maintaining Access

Maintaining access refers to the phase when the hacker tries to retain his/her ownership of the system, The hacker has compromised the system

Hackers may harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, or Trojans. Hackers can upload, download, or manipulate data, applications, and configurations on the owned system.

In simple manner Hackers put the compromised system in that where again he will get access easily.

Phase 5 – Covering Tracks

Covering Tracks refer to the activities that the hacker does to hide his misdeeds. In simple language hacker remove his all foot print so he will not caught.
Reasons include the need for  continued use of resources, removing evidence of hacking, or avoiding legal action
Examples include Steganography, tunneling, and altering log files.

All the above phase , and tools involved in these Phase;s will be cleared in further posts.

Keep visiting !!

How to bye pass Firewall

How to bye pass Firewall

To bye pass the Firewall you must know the firewall identification means full information about Firewall like type , version , and rules of almost every firewall on a Network.

How to bye pass Firewall
How to bye pass Firewall

These are three technique for Firewall Identification


  • Port scanning
  • Firewalking
  • Banner grabbing

Port Scanning (How to bye pass Firewall)

Some firewalls have obvious signatures
  • Check Point’s FireWall-1 listens on TCP ports 256, 257, 258, and 259
  • Check Point NG listens on TCP ports 18210, 18211, 18186, 18190, 18191, and 18192 as well
  • Microsoft’s Proxy Server usually listens on TCP ports 1080 and 1745

Here we are providing you , the ways by which you can conceal your Scanning

  • Randomize target ports
  • Randomize target addresses
  • Randomize source ports
  • Distributed source scans
  • Using multiple computers on the Internet, each taking a small portion of the scanning targets
These techniques will fool most IDS systems with default rules.
And here are the Countermeasure of above
  • Block unneeded ICMP packets at your border router
  • Use an Intrusion Detection System, such as Snort
  • IPPL is a Linux daemon that detects port scans (link Ch 901)
  • Cisco routers have ACL rules to block scans

Firewalking (How to bye pass Firewall)

Firewalking is a method to collect information from remote network that are behind firewalls. Firewalk Looks Through a  Firewall

How to bye pass Firewall
How to bye pass Firewall
 In above figure  , Suppose The target is Router3
We want to know which ports Router3 blocks, and which ports it allows through.
Phase 1: Hopcount Ramping
  1. First Firewalk sends out a series of packets towards the destination with TTL=1, 2, 3, …
  2. When the target (Router3) is reached, that determines the TTL for the next phase
  3. In this example, the Target is at TTL=3, so all future packets will use TTL=4


Phase 2: Firewalking

  1. TCP or UDP paclets are sent from the scanning host to the Destination
  2. They all have TTL=4

Firwalking Countermesure

  • You can block “ICMP TTL expired” packets at the gateway
  • But this may negatively affect its performance
  • Because legitimate clients connecting will never know what happened to their connection

Banner Grabbing

Banner are messages sent out by network services while connecting to the service.They announce which service is running on System

Banner grabbing is simple method of OS detection, its also help to find services runs by Firewall. there are three measure services send out through it is TELNET , FTP and Web Server.

Banner Grabbing Countermeasures

  • Eliminate the open port on your firewall
– A management port should not be open externally anyway
  • If you must leave the ports open on the external interface of your firewall
–Change the banner to display a legal warning reminding the offender that all attempts to connect will be logged

How to bye pass Firewall

Breaching  Firewall

Byepassing a firewall using HTTP Tunnel

Placing Backdoors through Firewall

Hiding behind a Covert channel : Loki

The above topic and tools to bye pass firewall cover in next post as How to bye pass Firewall 2