Hi, Welcome Here. How You Are??Hope Fine. My Name is Aryan and Today I will Give an overview of the hacking process, Let’s look at the steps of ethical hacking to see where foot￾printing fits in as well as what future phases hold.

Phase 1: Footprinting

Footprinting is the first phase of the ethical hacking process and is the subject of this chapter.

This phase consists of passively gaining information about a target. The goal is to gather as

much information as possible about a potential target with the objective of getting enough information to make later attacks more accurate. The end result should be a profile of the tar￾get that is a rough picture but one that gives enough data to plan the next phase of scanning.

Information that can be gathered during this phase includes:

■ IP address ranges

■ Namespaces

■ Employee information

■ Phone numbers

■ Facility information

■ Job information

Footprinting takes advantage of the information that is carelessly exposed or disposed of inadvertently.

Phase 2: Scanning

Phase 2 is scanning, which focuses on an active engagement of the target with the intention of obtaining more information. Scanning the target network will ultimately locate active

hosts that can then be targeted in a later phase. Footprinting helps identify potential tar￾gets, but not all may be viable or active hosts. Once scanning determines which hosts are active and what the network looks like, a more refined process can take place.

During this phase tools such as these are used:

■ Pings

■ Ping sweeps

■ Port scans

■ Tracert

Phase 3: Enumeration

The last phase before you attempt to gain access to a system is the enumeration phase. Enu￾meration is the systematic probing of a target with the goal of obtaining user lists, routing

tables, and protocols from the system. This phase represents a significant shift in your pro￾cess; it is the initial transition from being on the outside looking in to moving to the inside

of the system to gather data. Information such as shares, users, groups, applications, proto￾cols, and banners all proved useful in getting to know your target, and this information is

now carried forward into the attack phase.

The information gathered during Phase 3 typically includes, but is not limited to:

■ Usernames

■ Group information

■ Passwords

■ Hidden shares

■ Device information

■ Network layout

■ Protocol information

■ Server data

■ Service information

Phase 4: System Hacking

Once you have completed the first three phases, you can move into the system hacking phase. You will recognize that things are getting much more complex and that the system hacking phase cannot be completed in a single pass. It involves a methodical approach that

includes cracking passwords, escalating privileges, executing applications, hiding files, cov￾ering tracks, concealing evidence, and then pushing into a complex attack.