I will begin by summarizing the five phases of a penetration test. The five phases refer to each primary step in the process of a penetration test. Here is a brief overview of the five phases of a penetration test
Phase 1: Reconnaissance.
Reconnaissance is the act of gathering preliminary data or information about your target. The data is collected to better plan your attack. Reconnaissance can be done actively (meaning you hit the target directly) or passively (meaning your reconnaissance is done by an intermediary). Phase 1 includes identifying the target, discovering the target IP address range, network, domain name, mail server, DNS records, etc.
Phase 2: Scanning.
The Scanning phase requires the use of technical tools to gather more information about your target, in this case. The information sought is more often about the systems that are in place. A good example would be the use of a vulnerability scanner on a target network. Phase 2 includes scanning the target for running services, open ports, firewall detection, vulnerability scanning, bone scan, etc.
Phase 3: Obtaining access.
Obtaining access in Phase 3 requires taking control in order to extract data from the target or using that target to then launch attacks on other targets. Phase 3 includes exploiting vulnerabilities, social engineering, etc.
Phase 4: Maintaining access.
Maintaining access requires taking the necessary steps to be able to stay in the target environment to gather as much data as possible. The attacker must remain stealthy in this phase, so as not to be caught while using the host environment. Phase 4 includes escalation of privileges, installation of backdoor on the target to be able to keep the acquired access and see to connect to the target at any time, etc.
Phase 5: Erasing the traces.
This final phase simply means that the attacker must take the necessary steps to remove any semblance of traces. Any changes that were made, permissions that were escalated, etc. should all revert to a state of non-recognition by the host network administrators.
We could also add two other phases:
A pre-engagement phase: which takes place before the recognition phase and which consists of defining with the client a perimeter of the penetration test that is going to be carried out, what is allowed to be done and what is totally forbidden, as well as the objectives.
A phase where we create a final report: which is of course in the last position. It will be to provide the customer with a documented report that will explain how and with which tools the pentest was performed, what flaws were discovered, what are the risks for the customer, and of course how to remedy these problems by explaining how to correct the various flaws discovered.