Phases of Hacking

There are mainly 5 phases in hacking. Not necessarily a hacker

has to follow these 5 steps in a sequential manner. It’s a stepwise
process and when followed yields a better result.

1. Reconnaissance:

This is the first step of Hacking. It is also called as Footprinting

and information gathering Phase. This is the preparatory phase
where we collect as much information as possible about the
target. We usually collect information about three groups,

1. Network
2. Host
3. People involved

There are two types of Footprinting:

 Active: Directly interacting with the target to gather

information about the target. Eg Using Nmap tool to scan the
target
 Passive: Trying to collect the information about the target
without directly accessing the target. This involves collecting
information from social media, public websites etc. reconng

2. Scanning:

Three types of scanning are involved:

 Port scanning: This phase involves scanning the target for

the information like open ports, Live systems, various services
running on the host.
 Vulnerability Scanning: Checking the target for
weaknesses or vulnerabilities which can be exploited. Usually
done with help of automated tools
 Network Mapping: Finding the topology of network, routers,
firewalls servers if any, and host information and drawing a
network diagram with the available information. This map may
serve as a valuable piece of information throughout the haking
process.

3. Gaining Access:

This phase is where an attacker breaks into the system/network

using various tools or methods. After entering into a system, he
has to increase his privilege to administrator level so he can
install an application he needs or modify data or hide data.

4. Maintaining Access:

Hacker may just hack the system to show it was vulnerable or he

can be so mischievous that he wants to maintain or persist the
connection in the background without the knowledge of the user.
This can be done using Trojans, Rootkits or other malicious files.
The aim is to maintain the access to the target until he finishes
the tasks he planned to accomplish in that target.
5. Clearing Track:

No thief wants to get caught. An intelligent hacker always clears

all evidence so that in the later point of time, no one will find any
traces leading to him. This involves modifying/corrupting/deleting
the values of Logs, modifying registry values and uninstalling all
applications he used and deleting all folders he created.

Penetration testing is very closely related to ethical hacking, so

these two terms are often used interchangeably. However there
is a thin line of difference between these two terms. This chapter
provides insights into some basic concepts and fundamental
differences between penetration testing and ethical hacking.

Penetration Testing

Penetration testing is a specific term and focuses only on

discovering the vulnerabilities, risks, and target environment with
the purpose of securing and taking control of the system. Or in
other words, penetration testing targets respective organization’s
defence systems consisting of all computer systems and its
infrastructure.

Ethical Hacking

On the other hand, ethical hacking is an extensive term that

covers all hacking techniques, and other associated computer
attack techniques. So, along with discovering the security flaws
and vulnerabilities, and ensuring the security of the target
system, it is beyond hacking the system but with a permission in
order to safeguard the security for future purpose. Hence, we can
that, it is an umbrella term and penetration testing is one of the
features of ethical hacking.
The following are the major differences between Penetration
testing and Ethical hacking which is listed in the following table −
Penetration Testing Ethical Hacking

A narrow term focuses on

A comprehensive term and
penetration testing only to
penetration testing is one of its
secure the security
features.
system.

A tester essentially does

need to have a
comprehensive An ethical hacker essentially needs
knowledge of everything to have a comprehensive knowledge
rather required to have of software programming as well as
the knowledge of only the hardware.
specific area for which he
conducts pen testing.

A tester not necessarily An ethical hacker essentially needs

required to be a good to be an expert on report writing.
report writer.

Any tester with some It requires to be an expert

inputs of penetration professional in the subject, who has
testing can perform pen the obligatory certification of ethical
test. hacking to be effective.

Paper work in less A detailed paper works are required,

compared to Ethical including legal agreement etc.
hacking.
To perform this type of Ethical hacking involves lot of time
testing, less time and effort compared to Penetration
required. testing.

Normally, accessibility of
whole computer systems
and its infrastructure As per the situation, it normally
doesn’t require. requires a whole range of
Accessibility is required accessibility all computer systems
only for the part for which and its infrastructure.
the tester performing pen
testing.

Since penetration techniques are used to protect from threats,

the potential attackers are also swiftly becoming more and more
sophisticated and inventing new weak points in the current
applications. Hence, a particular sort of single penetration testing
is not sufficient to protect your security of the tested systems.
As per the report, in some cases, a new security loophole is
discovered and successful attack took place immediately after
the penetration testing. However, it does not mean that the
penetration testing is useless. It only means that, this is true that
with thorough penetration testing, there is no guarantee that a
successful attack will not take place, but definitely, the test will
substantially reduce the possibility of a successful attack.
 What is a phishing attack
Phishing is a type of social engineering attack often used to steal user
data, including login credentials and credit card numbers. It occurs
when an attacker, masquerading as a trusted entity, dupes a victim
into opening an email, instant message, or text message. The
recipient is then tricked into clicking a malicious link, which can lead to
the installation of malware, the freezing of the system as part of
a ransomware attack or the revealing of sensitive information.
Phishing attack examples
The following illustrates a common phishing scam attempt:

 A spoofed email ostensibly from myuniversity.edu is mass-

distributed to as many faculty members as possible.
 The email claims that the user’s password is about to expire.
Instructions are given to go to myuniversity.edu/renewal to renew
their password within 24 hours.
 Spoofing
 Spoofing is a kind of computer virus attack where a person
steals the details of a legitimate user and acts as another
user. It is a kind of identity theft. This type of attack is
generally used to breach security of big systems or to steal
sensitive information of users.
 Phishing
 Phishing is a kind of social engineering attack where a
person steals the sensitive information of user in a fraud
manner by disguising as a legitimate person.
 Following are the important difference between Spoofing and
Phishing.
Sr. Key Spoofing Phishing
No.

Definition Spoofing is Phishing is

an identity where a
theft where person steals
a person is the sensitive
1 trying to information of
use the user like bank
identity of a account
legitimate details.
user.

Category Spoofing Phishing is

can be not a part of
2
phishing in spoofing.
part.

Way For Phishing is

Spoofing, done using
someone social
has to engineering.
3 download a
malicious
software in
user's
computer.

Purpose Spoofing is Phishing is

done to get done to get
4
a new confidential
identity. information.

5 Example IP Scoofing, Phone

Sr. Key Spoofing Phishing
No.

s Email Phishing like

Scoofing, asking OTP or
URL getting bank
Scoofing. account
details, Clone
phishing

What Is Session Hijacking:

Session hijacking is an attack where a user session is taken over

by an attacker. A session starts when you log into a service, for
example your banking application, and ends when you log out.
The attack relies on the attacker’s knowledge of your session
cookie, so it is also called cookie hijacking or cookie side-jacking.
Although any computer session could be hijacked, session
hijacking most commonly applies to browser sessions and web
applications.

to perform session hijacking, an attacker needs to know the

victim’s session ID (session key). This can be obtained by
stealing the session cookie or persuading the user to click a
malicious link containing a prepared session ID. In both cases,
after the user is authenticated on the server, the attacker can take
over (hijack) the session by using the same session ID for their
own browser session. The server is then fooled into treating the
attacker’s connection as the original user’s valid session.

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an
attacker to interfere with the queries that an application makes to
its database. It generally allows an attacker to view data that they
are not normally able to retrieve. This might include data
belonging to other users, or any other data that the application
itself is able to access. In many cases, an attacker can modify or
delete this data, causing persistent changes to the application's
content or behavior.

In some situations, an attacker can escalate an SQL injection

attack to compromise the underlying server or other back-end
infrastructure, or perform a denial-of-service attack.

Man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle
attack (MITM) is an attack where the attacker secretly relays and
possibly alters the communications between two parties who
believe that they are directly communicating with each other. One
example of a MITM attack is active eavesdropping, in which the
attacker makes independent connections with the victims and
relays messages between them to make them believe they are
talking directly to each other over a private connection, when in
fact the entire conversation is controlled by the attacker. The
attacker must be able to intercept all relevant messages passing
between the two victims and inject new ones. This is
straightforward in many circumstances; for example, an attacker
within the reception range of an unencrypted Wi-Fi access
point could insert themselves as a man-in-the-middle.[1][2][3]
Caesar Cipher in Cryptography
The Caesar Cipher technique is one of the earliest and simplest
method of encryption technique. It’s simply a type of substitution
cipher, i.e., each letter of a given text is replaced by a letter some
fixed number of positions down the alphabet. For example with a
shift of 1, A would be replaced by B, B would become C, and so
on. The method is apparently named after Julius Caesar, who
apparently used it to communicate with his officials.
Thus to cipher a given text we need an integer value, known as
shift which indicates the number of position each letter of the text
has been moved down.
The encryption can be represented using modular arithmetic by
first transforming the letters into numbers, according to the
scheme, A = 0, B = 1,…, Z = 25. Encryption of a letter by a
shift n can be described mathematically as.

C=(P+K) mod 26
P= (c-k ) mod 26

(Encryption Phase with shift n)

(Decryption Phase with shift n)

Examples :
D =3
C=p +k mod 26
4+23=27 mod 26 =1

Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW

Text : ATTACKATONCE
Shift: 4
 Cipher: EXXEGOEXSRGI
Algorithm for Caesar Cipher:
Input:
1. A String of lower case letters, called Text.
2. An Integer between 0-25 denoting the required shift.
Procedure:
 Traverse the given text one character at a time .
 For each character, transform the given character as per the
rule, depending on whether we’re encrypting or decrypting the
text.
 Return the new string generated.
Program that receives a Text (string) and Shift value( integer) and
returns the encrypted text.
 C++
 Java
 Python
 C#
 PHP
filter_none
edit
play_arrow
brightness_4
// A C++ program to illustrate
Caesar Cipher Technique
#include <iostream>
using namespace std;

  
// This function receives text
and shift and
// returns the encrypted text
string encrypt(string text,
int s)
{
    string result = "";

  
    // traverse text
    for (int
i=0;i<text.length();i++)
    {
        // apply
transformation to each
character
        // Encrypt Uppercase
letters
        if (isupper(text[i]))
            result +=
char(int(text[i]+s-65)%26
+65);

  
    // Encrypt Lowercase
letters
    else
        result +=
char(int(text[i]+s-97)%26
+97);
    }

  
    // Return the resulting
string
    return result;
}

  
// Driver program to test the
above function
int main()
{
    string
text="ATTACKATONCE";
    int s = 4;
    cout << "Text : " << text;
    cout << "\nShift: " << s;
    cout << "\nCipher: " <<
encrypt(text, s);
    return 0;
}
Output:
Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI