1. Phase 1—Reconnaissance, Phase 2—Scanning, Phase 3—Gaining Access, Phase 4—Maintaining Access, Phase 5—Covering Tracks
2. Zenmap does an intense scan of all TCP ports in order to find open and vulnerable ports.
3. Phase 1 Reconnaissance
4. This is referred to by many names, but typically just called a vulnerability scan. Can be done with tools such as Nessus or Microsoft baseline security analyzer.
5. MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873), MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741), MS03-043: Buffer Overrun in Messenger Service (828035), MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159), MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883), MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687), MS03-039: Microsoft RPC Interface Buffer Overrun (824146), MS04-011: Security Update for Microsoft Windows (835732), MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028), MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422), MS05-043: Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (896423), MS03-026: Microsoft RPC Interface Buffer Overrun (823980), MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644), MS02-045: Microsoft Windows SMB Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS (326830), MS08-067 is a security vulnerability that allows an attacker to take advantage of an exploit that allows a computer worm to remotely run code without user intervention. (Zero day exploit). The patch titled kb958644 fixes the vulnerability.
6. BackTrack4 Metasploit Framework
7. Yes, before penetrating a system, you would always want to get...