The only difference between criminal crackers and ethical hackers is the motive behind the hacking. However, they all follow the same procedures and apply similar skillset to exploit targets. While the crackers do it for motives such as financial gain, theft and disruptions, the ethical hackers do so to report the weaknesses and exploitation so that the target organization can fix them. Be it cracker or ethical hacker, they mainly apply the following major phases:
- Footprinting: The cracker gathers information about internal and external security architecture of the target organization. Besides, this helps the cracker to exploit the target system to gain unauthorized access. Footprinting focuses on gathering every piece of information about the target. This collected information will help the cracker to identify ways to penetrate into the target system.
- Reconnaissance: This is an activity of the cracker with the purpose of gathering information about vulnerabilities. The attacker employs different tools such as Metasploit to facilitate this process. Moreover, it can be active or passive reconnaissance.
- Scanning: In this phase, the cracker scans the network through the gathered information.
- Enumeration: In this phase of the attack, the cracker pays close scrutiny to the target systems to get detailed information.
- System Hacking: This is the phase where the real hacking on applications, operating systems, and the computer network takes pace.
- Escalation of privileges: The cracker tries to gain elevated privilege to aggravate the attack.
- Covering Tracks: The attacker will finally clear the tracks to hide the moves taken
the_cyberguy Edited answer 10/07/2022