Having knowledge of phases of hacking process give a better overview of the basic methods used during hacking process. There are basically five phases of hacking, includes:

  1. Reconnaissance
  2. Scanning
  3. Gaining Access
  4. Maintain Access
  5. Clearing Tracks


The process  used to covertly discover and collect information about a target system before attacking it. The techniques used during this phase may include scanning, footprinting and enumeration. This is the most initial phase of any hacking process and is done way before a launch of an attack. It is basically gathering information about the target prior to the attack.


Information gather could include the systems, hosts, servers but also could include the clients of the company or the target as well as the employees. Social Engineering can be the best approach of gathering information.


Commonly there are two types of Reconnaissance process, includes:

  1. Passive Reconnaissance: There is no direct interaction with the target. Examples include Google search, looking for any sort of public record or looking for news releases about the target company or personnel. There is no any sort of direct interaction with the target itself.
  2. Active Reconnaissance: This process involves interacting directly with the target. Example includes – Making telephone calls directly to the target which might include help desk support, asking information, visiting the company as a job seeker and gathering both logical and physical information about the company, etcetera.


Based on the earlier reconnaissance we did; next phase is SCANNING. It could include things like port scanners, network mappers, ping tools, vulnerabilities scanners, etcetera.

If we know that the target has old modems for out of bad management and other network gear, we might try some methods to connect with such options.

From this scanning phase, we can gather and pull up the information about the target that we had learnt from the scanning. This could include examples such as which port to open, which port to close, details on the network host operating systems that are involved, types of devices and other information we can fetch from this phase i.e. SCANNING.


Third phase includes GAINING ACCESS to the target’s system. It can be gaining access to the operating systems or the applications that are currently running. The gained access can be accelerated or improved.

Illustration: If the attacker gets access of maintenance account or administration account, it may be possible that the employee might have left the systems and files opened or might have least securities if not opened. Logging into such accounts, attacker can accelerate privilege as high as can be possible to get the most control over the systems.

It can be very likely to get additional access to the other systems using the current access by the attacker. The one way of doing this is to take compromised system that were connected to and then pivoting from that machine and launching further analysis & examination, further attacks from the compromised systems.


It is essential for hackers to not only get access for one-time access but can return every time to the compromised system in future at the same level. In order to do that attacker might implement features such as a backdoor, rootkit, trojan horse, etcetera that will continually provide the access in the future.

Some of the benefits of that maintained and continue access can be manipulating data, continuing to watch what’s going on the network over longer period of time to launch additional attacks.


This is the fifth and the last phase of the hacking process. The goal of this phase can includes:

  1. Not getting noticed or caught by the forensic examiner.
  2. To hide anything malicious that an attacker might have done on the system or the network.

As it is very unlikely to notice the attacker’s access to the victim’s system for a non-technical person or anyone with no higher educational level. Because the attack was unnoticed and uncaught as this may result of not taking any quick action to prevent happening the same in the future.

Therefore, one of the aspects of covering once tracks be it to make sure any system logs that documents activities on the system, whether they are overwritten, destroyed or modified. So that those logs do not reflect attackers’ activities and even after retrieving of deleting the logs, a lot of corporate companies, organisations, etcetera neither refer nor review the system log files. This may give advantage to the attackers to continue maintain access to the compromised system & doing evil activities.

Leave a Reply

Report an incident