Understanding the Steps of Ethical Hacking 83
Phase 2: Scanning
Phase 2 is scanning, which focuses on an active engagement of the target with the intention
of obtaining more information. Scanning the target network will ultimately locate active
hosts that can then be targeted in a later phase. Footprinting helps identify potential tar-
gets, but not all may be viable or active hosts. Once scanning determines which hosts are
active and what the network looks like, a more refined process can take place.
During this phase tools such as these are used:
■ Pings
■ Ping sweeps
■ Port scans
■ Tracert
Phase 3: Enumeration
The last phase before you attempt to gain access to a system is the enumeration phase. Enu-
meration is the systematic probing of a target with the goal of obtaining user lists, routing
tables, and protocols from the system. This phase represents a significant shift in your pro-
cess; it is the initial transition from being on the outside looking in to moving to the inside
of the system to gather data. Information such as shares, users, groups, applications, proto-
cols, and banners all proved useful in getting to know your target, and this information is
now carried forward into the attack phase.
The information gathered during Phase 3 typically includes, but is not limited to:
■ Usernames
■ Group information
■ Passwords
■ Hidden shares
■ Device information
■ Network layout
■ Protocol information
■ Server data
■ Service information
Phase 4: System Hacking
Once you have completed the first three phases, you can move into the system hacking
phase. You will recognize that things are getting much more complex and that the system
hacking phase cannot be completed in a single pass. It involves a methodical approach that
includes cracking passwords, escalating privileges, executing applications, hiding files, cov-
ering tracks, concealing evidence, and then pushing into a complex attack.