Step 1 - Reconnaissance
The first and most important step of a penetration test is reconnaissance. The main objective is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.
Successful reconnaissance can often be successfully achieved through passive steps such as social engineering. Here, the hacker will attempt to 'probe' relevant personnel into revealing sensitive information. Unlisted phone numbers, passwords and even sensitive network information are often divulged by unsuspecting employees and managers. Other techniques used include 'dumpster diving' where an organisation's waste is searched for redundant sensitive information such as passwords.
Active reconnaissance refers to the probing of a network in order to detect possible routes to access. These may include:
- Accessible hosts;
- OOpen ports;
- Location of routers;
- OS details; and
- Details of services;
At the end of this stage an intelligent attack strategy is compiled based upon relevant findings.