Hackers &

Methodologies

By
Pavan s
5 PHASES OF HACKER METHODOLOGIES

• Reconnaissance or Information Gathering.

• Scanning.
• Gaining Access or Exploitation.
• Maintaining Access.
• Covering Tracks or Log Clearing.
 1.RECONNAISSANCE
Reconnaissance means Gathering data about our target or task to gain as much
information about the target . For Example : IP Address, Phone number, E-mails,
Photo and Usernames etc.

There are 2 types of Information Gathering.

1. Active Information Gathering : We directly interacting with the target and
get the data from the target.
2. Passive Information Gathering : We Collect information from the middle
source between victim and us. It may be a website.
 COMMANDS AND TOOLS FOR INFORMATION GATHERING

• Nslookup It finds IP address of the website.

• WhoIs Tool It’s shows Domain, websites, E-mail, Phono, Hosting
more detail about specific domain.
• Whatweb It’s used to scan websites this tool recognize web
technologies, including webserves, embedded devices, Java scripts libraries
etc
• The Harvester Tool It’s Gathers bunch of E-mails you logged in
different websites.
• Hunter.io
 2. SCANNING
Scanning means we gather information on of the technical information
that we can acquire from the target.
For Example : Open Ports, Firewall, What software they are running on
these ports and if they have any outdated operating system.
Nmap tool is the best for Scanning the system.
Nmap is a network mapper
 3. EXPLOITATION OR GAINING ACCESS

The information obtained in the previous two phases is utilized to

enter and take control of the target system over the network or
physically in this phases of the hacking method.
Example 1: Can be done Locally (offline), over a LAN or a Internet.
Example 2 : Can be done by many technique like command injection,
buffer overflow, DoS, Brute forcing , Social Engineering etc..
 4. MAINTAINING ACCESS
• After Access to the system in the previous stage, the hacker
keeps the access for future attacks and makes changes to
the system .The attacked referred to as the “Zombie
System”.
• Items put in place to ensure future access

Example : Rootkit, Trojan, Backdoors can be used.

 5. COVERING TRACKS OR LOG CLEARING

It is a method of erasing any remaining log files or other sort of evidence

on the hacked System that could lead to the hacker’s capture.
Penetration testing is one of the instrument in ethical hacker approaches
that can be used to catch a hacker.
Example : Clear the logs, obfuscate trojan or malicious backdoor
program.
Thank
You