(1) information collection: Information collection:
Web applications: Server operating systems,Web server types, Web back-end languages, and so on, while desktop apps focus more on the application itself.
(2) vulnerability found: Determine what vulnerabilities the target will have. Can be done through search engines and generic vulnerability scanning tools. You can use a search engine to search for possible vulnerabilities after scanning using the vulnerability scanning Tool.
(3) attack:Kali Linux offers a lot of ready-made tools to attack. including two aspects, one is the use of existing loopholes, the second is to raise power.
(4) Permission Maintenance phase: How to continue to maintain control of the system after successfully cracking a system. Typically, you create a high-privilege hidden user, or install a backdoor (trojan, virus, and so on).
(5) Documentation
Intrusion detection steps (from the Wooyun Knowledge Base)