How to think like a Methodical Hacker | SecureKnow

Written by Shpat Ibrani

When it comes to hacking, a large number of ‘hackers’ or those passionate about hacking often approach this form of art without any caution. Like any other, hacking is a form of behavior that should always be backed up by an ideology of what is right or wrong. This ideology in a word is described as the methodology of hacking and in this guide we will be covering the following steps to making you an ethical hacker:

  • Reconnaissance
  • Exploitation
  • Privilege Elevation
  • Persistence Establishment
  • Data Extraction
  • Track Covering

1. Reconnaissance

The first step in performing any kind of work is understanding the work and what it will bring you, and how you can manage finishing said work with the least steps, possible while being all the same efficient. We will call this first method ‘performing reconnaissance’.

Basically, it is the act of performing recon work regarding the machine you are going to hack and the steps you will take in succeeding. In many cases, a hacker will have to deal with different machines that work completely different from another one.

Let’s break this first phase into sub-categories:

  • Passive Reconnaissance
  • Active Reconnaissance

1.1 Passive Recon

The first recon work should be always passive, meaning that you should not immediately interact with the target, but instead you take your sweet time in understanding what the target is, perhaps finding out information on wiki or wherever possible, or even something as simple as googling it will give you enough information to understand who you are dealing with.

1.2 Active Recon

The second recon work then will be active by default, which is basically the part where you ‘poke the bear’ by sending packets to previously found targets. In short, you use passive recon to better perform active recon. If during your passive recon you found out that the target’s IP is hosted by, say a specific server, by actively gathering information about that server you also reveal hidden information about the target’s network, such as server applications that you may use in breaking in or gathering more information for your next step.

2. Exploitation

Now, the second step is exploiting the target, or making it vulnerable to your hacking. Methodically, by gathering information from your two recon phases, you can use that information to gain access to the said target or machine.

In the previous example, we found out that the said target’s network revealed server applications such as ports and such, which are actual gateways to getting in and out of that target’s network. Now, through several hacking tools like Metasploit or phishing emails you can easily enter the target’s network. Metasploit is one of many tools, but not always the right one.

3. Escalation of Privileges

The third step which may or may not be done depending on your liking, is Privilege Escalation, which is the simple procedure of entering your target’s network and obtaining super user or administrator privileges. This can be done by creating new users or again by using the ‘getsystem’ command with the Metasploit Meterpreter that runs through all known privilege escalation methods to gain privileges.

4. Persistence Establishment

The fourth step, an important part to any hacker’s methodology is to establish persistence. This is done by creating a backdoor or access point for our own benefit so that we may visit the network whenever we please. This can be done easily in the form of various tools like Netcat, command shells, or VNC, but overall it is a crucial step in what is to come next.

5. Data Extraction

Step 5 is extracting data which brings us to the whole point of hacking in the first place: to infiltrate the system for valuable data. This needs to be done in the way that the system does not notice that it is being extracted of the intellectual property and you can use Recub orCryptcat in removing such data invisibly.

6. Covering Tracks

Step 6 is covering our tracks in order to not be found responsible for the damage we have caused. The methods for doing this can be as simple as deleting the log files, removing the tools we deployed during the penetration. Take heed as this is a very important part in a hacker’s methodology, and as the saying goes ‘the devil’s greatest trick is convincing the world he doesn’t exist’.


We hope that this short guide is helpful to all hackers and especially to the beginners who should always be careful before getting into serious hacking. As a suggesting, you should visitour guide about Ethical Hacking as learning is never enough, and the more one learns the more experience they gain.

How to think like a Methodical Hacker | SecureKnow.