Different phase in hacking |Free Ethical Hacking Course

Different phase in hacking |Free Ethical Hacking Course

phases of hacking

There are a total of 5 phase of hacking listed and explained below

Passive and active reconnaissance:-

Passive reconnaissance involves gathering information about the targeted company or individual’s knowledge. Passive reconnaissance is as simple as just watching building and identifying the employee entered and leave. Every one of you may search on the internet about you or any other person or any company to gain information about the topic. This process is usually used to gather information regarding TOE is generally called information gathering. Social engineering and dumpster diving are also considered passive information gathering method.


Scanning is a process in which it takes information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning include:-

  • Dialer
  • Port scanner
  • Internet Control Message Protocol(ICMP) scanner
  • Ping Sweeps
  • Network mappers
  • Simple Network
  • Management Protocol (SNMP) sweepers
  • Vulnerability Scanners

Gaining Access:-

In this 3rd Phase, real hacking Is take place. The Vulnerabilities exposed during the reconnaissance and scanning phase are now exploited to gain access to the target system.

The hacking attack can be delivered to the target system via a local area network (LAN), either wired or wireless; local access to a PC.

Maintaining access –

Once a hacker has gained the access of a particular system then they want to keep that access for future exploitation and attacks. Sometimes, hacker hardens the system from another hacker by securing their exclusive access with a backdoor, rootkits, and Trojans. Once the hacker owns the system they can use it as a base to launch additional attacks. In this case, the owned system we sometimes referred to as a zombie system.

Covering Tracks-

Once a hacker gets access and maintains it, they cover their tracks to avoid detection by security personnel to continue to use the owned system, to remove evidence of hacking or to avoid legal action.

Leave a Reply

Your email address will not be published. Required fields are marked *