Ethical Hacker’s Methodology: The 6 Steps of Hacking

Ethical Hacker's Methodology

Hey folks, searching for ethical hacker’s methodology? Here your search ends! In this article I’ll show you ethical hacker’s methodology: the 6 steps of hacking.

You might think that a hacker do whatever he/she wants to do, it is actually right that professional ethical hacker or penetration tester mostly follow a pre established process so that they can understand and exploit their targets.

In this article you will get to know about the 6 steps of ethical hacking which will give you the idea of hacker methodology in the most simplest way.

You’re worried about have no knowledge of hacking methodology, but you really want to know about ethical hacker’s methodology? Well, I put myself in your shoes and created this guide to show you in-depth guide of penetration tester methodology. Without any further ado, let’s get into it.

First Step of Hacking: Reconnaissance

In this very first step, we’re gonna do everything passively. We don’t want to touch the victim’s network yet here we’re gonna looking at open source sites in the internet.

So we’re gonna be scanning for things like understanding what their networks look like from their network ranges and ip addresses. We might be able to find things like ports and protocols. We might find victim’s email addresses to launch a secure phishing campaign against.

This is where we start looking and do spend a lot of our time. Most hacking evolutions take about 80% of the hackers methodology is spent in this phase. Some of the techniques we use are things like dumpster diving, email harvesting, domain information gathering, social engineering, etc.

Second Step of Hacking: Scanning & Enumeration

The second step is already start getting active. It’s called scanning and enumeration. Here’s we might be doing things like port scanning actually reaching out and touching the network finding out what ports are open and what services are on those ports.

We’ll do our enumeration where we can start freaking out are they using windows, mac or linux. We’ll figure out what versions are running, if they’re running a web server, are they running Apache or are they running IIS.

These are all the things we’re gonna find out during our scanning and enumeration phase. That’s gonna help us build our attack before we ever get into stage 3.


Third Step of Hacking: Gaining Access

In our third step we’re doing our exploitation and we’re gaining access. At this point we’re gonna actually launch our attack so we’ve spent probably 80 to 90% of our time between phase 1 and phase 2.

Our third phase is where we actually launch this attack. This is where we might actually throw an exploit, conduct a social engineering campaign or something where we’re being very active.

Now our risk level has gone up because there’s a possibility that the organs we’re going after can see us and see what we’re doing. At this point we’re either doing client side or remote exploitation. This can be things like social engineering, launching exploits, sending out malicious code that attacks a bug or a vulnerability, we could be putting out viruses or trojans.

Fourth Step of Hacking: Escalation of Privilege

The fourth phase is we’re going to do our escalation of privileges. So now we’ve launched our exploit, we’ve gained our initial access usually we’re going to gain access as a user so for instance if I do spear phishing campaign and one of the user clicks, it’s most likely going to be someone in the generic pool not a system administrator.

I want to get system admin rights. At this point I’m gonna have to do something to get from a user level to a system or root level or a domain administrator.

I’m gonna always go for the highest privilege that I can get the way I’ll do this I’ll use various exploits and bugs in the operating system and we’ll use those vulnerabilities to our own advantage.

For a windows environment the golden ticket that we’re looking for here is the domain admin. Now once I’ve got those adminstrative rights I move into phase 5.

Fifth Step of Hacking: Maintaining Access

The fifth step is maintaining my access. Just because I have one user account doesn’t mean that I’m gonna be able stay in there because if the system administrator realized that I’m the bad guy they can just delete the account.

Then I’ve lost my access so instead once I get access I’m gonna go and create several user accounts and I’m gonna hide myself throughout the system. That way I can gain that persistent access where I can always get back to that network anytime I want.

Some of the techniques I’ll use here is I’ll put network sniffers in there or keyloggers so I can gain additional usernames and passwords. If I’m a domain admin at this point I can create my own usernames and passwords and create new accounts.

Sixth Step of Hacking: Covering Tracks

Finally the last thing we’re going to do in phase six is we’re gonna hide ourselves and we’re going to cover our tracks. We’ve created some additional accounts now we’re going to put some backdoors in.

We’re going to start going through and clearing out those log files if there’s information we want to steal this is the point where we’re going to start exploiting that information and start downloading it and exfiltrating it.

We might install a rootkit or a backdoor and this way I can always get back in again. Maintains that persistence like I was doing in phase five but for the long term a lot of hackers and attackers have their fingers in a lot of different networks.

They don’t always go in and steal everything right away. They might go in lay the groundwork and then sit dormant for a while and then they’ll take the information they want or use that network for some other nefarious purpose.

Final Thoughts: Ethical Hacker’s Methodology

In this article you saw ethical hacker’s methodology: the 6 steps of hacking. This article provides a brief overview of each of the stages in the ethical hacker’s methodology and the types of technical means used in each stage.

As we moves through these six phases in the operation we went from the passive collection reconnaissance then we started getting more and more active and as we actually get onto the box in hacking step three, four, five and six that’s where a risk level goes up because if I’m on the box there’s a chance that I can get caught by the system administrator.

I hope this article would be sufficient to answer “What are the ethical hacker’s methodology?” and “What are the six steps of ethical hacking?” I had explained hacking methodology in the easiest way but still if you have any doubt then feel free to ask in comment section.

9,628 thoughts on “Ethical Hacker’s Methodology: The 6 Steps of Hacking