Step 3 - Gaining and Maintaining Access
This phase involves one of our ethical hackers attempting to actually gain access to the target systems or network. The exploit could occur over a LAN, the internet or our hacker could utilise deception or theft.
After the scanning phase, and when the ethical hacker has obtained all of the information that they require about the target network, they will try to exploit possible system vulnerabilities in order to gain access to the actual network. Additional vulnerabilities could also be created using backdoors, Trojans or diallers. The penetration tester might need to use 'sniffer' techniques in order to capture data packets from the target network.
This is the most important stage of penetration testing in terms of establishing the potential damage to the target systems. During a real security breach it would be this stage where the hacker could utilize simple techniques to cause irreparable damage to the target system.
What a hacker could and could not do would depend, primarily, on:
- Configuration of the target system;
- Individual skill of the hacker; and
- Initial level of access obtained;