| Summary: |
Exploitation is the phase that is most commonly associated with hacking. According to the Penetration Testing Execution Standard (PTES) [4], the exploitation phase ‘focuses solely on establishing access to a system or resource by bypassing security restrictions’. The main focus is to identify the main entry point into the organization and to identify high value target assets. It should be planned extensively by thoroughly completing the previous phases. The attack vector should be swift and concentrate on the target providing highest chances of success. Ultimately, exploitation is the process of launching an exploit against a vulnerable target. At times, it could be used to cause a Denial of Service.
As already mentioned, a vulnerability is a security flaw or weakness in an application or system that enables an attacker to compromise the target system. A compromised system can result in privilege escalation, denial-of-service, unauthorized data access, stolen passwords, and buffer overflows. An exploit is a realization of a vulnerability.
Generally an exploit is a program that takes advantage of a specific vulnerability and provides an attacker with access to the target system.
Exploits can be fleeting; meaning that they provide access only as long as the program that was exploited remains running. When the target machine reboots or the exploited process is stopped the shell is stopped. Attackers usually try to install backdoors for future access.
An exploit typically carries a payload and delivers it to the target system. Payloads are additional software or functionality installed and executed on the target system upon successful execution of an exploit. |
Loading previews...
