How Hackers attack networks and a Hacker's mindset
Footprint analysis or Reconnaissance: Footprint analysis or Reconnaissance is the first step typically performed by a network hacker. In Footprint analysis or Reconnaissance, hacker gathers information about the target network. Footprint analysis or Reconnaissance is to map the addresses, devices, operating systems, application running in the target network.
Footprint analysis or Reconnaissance helps attacker to tailor an attack plan to exploit known vulnerabilities configuration errors in the target network.
Attackers use many information which are available in the internet like DNS lookups to find the name and IP address of the target network, WHOIS information to find the contact details name server names etc.
Launch Attack: After performing Footprint analysis or Reconnaissance, hacker gain much information about the target network. The next step is to launch an attack on the target network based of the found vulnerabilities.
Escalate privileges: If the hacker gained access as an normal unprivileged user, then the next step to to escalate the user account to gain administrator-level privilege.
Jump to other servers and devices: Once the hacker is inside the internal network, then he can gain access to other devices inside. Collect additional information like applications running, operating systems, user ids, password etc.
Install Back Doors: After compromising servers and collected the information he required, hacker then try to install and configure back door or remote-control hacking tools to gain access to the system in future. A backdoor application allow the hacker future access to the compromised machines. or to
Hide the Tracks: After performing attack and installed back door applications, next step is to hide the tracks so that the hacker can hide the attack from administrators. Hackers do perform many actions for this. For example, deleting the log files.
Leverage the compromised network: Finally, hackers start using the target network. They can steal or destroy the target network data, bring servers down, or attack another organization using the target network's systems.