Last week we talked to you about the first phase of Hacking, Footprinting, where the “hacker” collected all possible information about the target to find a way to access the system or decide which cyberattacks are most appropriate to be successful.
If you want to learn more about ethical hacking, we invite you to visit our school EIP and train with our Master in Cybersecurity Management, Ethical Hacking and Offensive Security.
Second phase of hacking
Well, today we are going to talk about the second stage of hacking, Scanning and Enumeration, in this phase we will take all the information discovered during Footprinting or recognition and we will use it to explore the network.
During the scan, the “hacker” use tools such as dialers (markers), port scanning, network mappers, ping sweepers and of network protocols and vulnerability scanners, with the idea of finding the necessary information to decide which exploit will attack the target.
The data that can help the most to this end are:
- IP addresses.
- Operating systems installed.
- Available services.
- Installed applications.
Scan Types
A “hacker” Follow a sequence of steps to scan a network. The analysis methods They can vary depending on the objective of the cyberattack, which are configured before the hackers begin the process. There is three types scanning:
- He port scanning, where the open and available TCP/IP ports are determined
- He network scan, where the hosts that are active are determined.
- He vulnerability scanning, where the existence of known vulnerabilities in the hosts is determined.
The enumeration starts when the scan has finished and as the name suggests, enumerate and identify scanned information such as computer names, operating systems, users, shared resources, etc.
Along with footprinting, scanning and enumeration are the phases of obtaining information previous to a cyber attack.
Next phases of hacking
Scanning and Enumeration is the second phase of hacking, during the next few weeks we will see the remaining phases, which would be:
- Get Access.
- Maintain Access.
- Erasing traces.