5 Phases of Ethical Hacking

Master the structured methodology used in penetration testing. From reconnaissance to covering tracks, understand each phase of an ethical hacking engagement and the tools used in each step.

Phase 1

Reconnaissance

Gather information about target systems without direct interaction

Key Concepts

Passive OSINT: Social media, DNS records, WHOIS, archives, public databases

Active OSINT: Network mapping, DNS enumeration, website analysis, footprinting

Tools: Google Dorking, Shodan, theHarvester, Recon-ng, whois, nslookup

Practical Tasks

1

Map network topology and identify IP ranges

2

Identify personnel and email addresses

3

Discover web applications and servers

4

Gather DNS information and subdomains

5

Identify technologies and software versions

Kali Linux Tools

theHarvesterRecon-ngMaltegowhoisnslookupdigsublist3rGoogle

Penetration Testing Methodologies

PTES

Penetration Testing Execution Standard

Open-source, freely available framework with 7 phases aligned with industry practices

Visit ptes.org β†’

OWASP

Open Web Application Security Project

Focus on web application security testing with top vulnerabilities and testing guide

Visit owasp.org β†’

CEH

Certified Ethical Hacker Framework

Industry-recognized certification framework covering all phases of ethical hacking

Visit ec-council.org β†’

Testing Types (Black/White/Grey Box)

πŸ”’

Black Box Testing

Tester has no prior knowledge of system. Most realistic, simulates external attacker

βœ“ Pros:

  • β€’ Most realistic
  • β€’ Tests actual defenses
  • β€’ Simulates real threats

βœ— Cons:

  • β€’ Takes longer time
  • β€’ May miss issues
  • β€’ Limited scope
πŸ”“

White Box Testing

Tester has full access and knowledge of system architecture and code

βœ“ Pros:

  • β€’ Comprehensive testing
  • β€’ Faster execution
  • β€’ Deep vulnerability discovery

βœ— Cons:

  • β€’ Less realistic
  • β€’ Biased by knowledge
  • β€’ May over-test
βš™οΈ

Grey Box Testing

Tester has partial knowledge (like internal employee with limited access)

βœ“ Pros:

  • β€’ Balanced approach
  • β€’ Realistic scenario
  • β€’ Cost effective

βœ— Cons:

  • β€’ Assumptions made
  • β€’ Variable scope
  • β€’ Mid-level thoroughness

HackTheBox Practicals - Tier 0 Starting Points

Complete these beginner-friendly machines to practice the 5 phases of ethical hacking. Each focuses on specific skills and phases.

Meow

Very Easy

Learn basic reconnaissance and service enumeration using Telnet on a legacy system

Phases:

ReconnaissanceScanningGaining Access

Skills: Telnet, basic enumeration, credential discovery

Start Challenge β†’

Dancing

Very Easy

Explore SMB file sharing to discover sensitive documents and information

Phases:

ReconnaissanceScanning

Skills: SMB shares, file discovery, network enumeration

Start Challenge β†’

Fawn

Very Easy

Practice FTP enumeration and exploit anonymous access to retrieve files

Phases:

ScanningGaining Access

Skills: FTP, anonymous login, file download, access control

Start Challenge β†’

Explosion

Very Easy

Use RDP to gain remote access and understand Windows service vulnerabilities

Phases:

ReconnaissanceScanningGaining Access

Skills: RDP, Windows services, protocol exploitation

Start Challenge β†’

Preignition

Very Easy

Discover web application vulnerabilities and default admin credentials

Phases:

ReconnaissanceWeb Scanning

Skills: Web enumeration, default credentials, HTTP methods

Start Challenge β†’

Appointment

Very Easy

Practice SQL injection techniques on a vulnerable web application

Phases:

ScanningGaining Access

Skills: SQL injection, web application testing, basic exploitation

Start Challenge β†’

Key Takeaways

  • β€’Penetration testing follows a structured 5-phase methodology that guides the entire engagement
  • β€’Each phase has specific objectives, tools, and techniques that must be mastered independently
  • β€’Proper reconnaissance is criticalβ€”well-gathered intelligence makes later phases more effective
  • β€’Always follow established methodologies (PTES, OWASP, CEH) to ensure comprehensive testing
  • β€’Black box testing is most realistic but time-consuming; choose testing type based on engagement goals
  • β€’HackTheBox starting point machines provide hands-on practice for each phase methodology