Ethical hacking: What are exploits?
The very soul of ethical hacking consists of searching for vulnerabilities and weaknesses within an organization’s system, using methods and tools that attackers would use (with permission, of course). Taking this path will lead you to exploits — kind of like a twisted pot of gold at the end of the rainbow. This article will detail exploits in the context of ethical hacking, including:
- What exploits are
- How exploits work
- Their greatest target
- Types of exploits
- Types of exploit kits
- Where to find information about known exploits
Expect a solid overview of exploits that will get even the greenest newcomer introduced to this fascinating subject matter.
What are exploits?
Simply put, exploits are a way of gaining access to a system through a security flaw and taking advantage of the flaw for their benefit — in other words, to exploit it. Exploits normally come by way of a piece of programmed software, piece of code or a script. They are often delivered as a part of a kit, which is a collection of exploits.
You can think of exploits as the proverbial battering ram in a medieval battle, where the organization’s security is the castle wall. The enemy will use a battering ram (or an exploit) to deliver their attack at a weakness in the castle wall, or in this case, a security flaw.
Just as there are different battering rams and methods to breach castle walls, there are different exploits for different situations because not all flaws and weaknesses are the same.
How do exploits work?
Not all exploits work the same way. However, I will provide a general explanation for kit-delivered exploits.
The most common method of making contact with exploits is by visiting websites that have been booby-trapped by attackers. The worst part is that it is not uncommon for attackers to booby-trap high-traffic websites — including nytimes.com, msn.com and yahoo.com. Remember that online shopping tear you were on a few days ago? Yeah, it’s safe to say you had a strong likelihood of surfing on to a site with one (or more) booby traps on it.
So how does this all work? There are two methods: 1) There is a piece of malicious code hidden on the website in plain sight, and 2) An infected advertisement, or malvertising, is displayed on the website. When malvertising is involved, you do not even have to click on the ad to be exposed.
In both cases, the user becomes redirected to the exploit kit, which is hosted on an invisible landing page. If you have a vulnerability and the exploit kit identifies it, the kit will launch its exploit and drop its malicious payload. The news media’s favorite payload of late has been ransomware, for its recent scourges across the globe.
As you can see, the exploit is the means by which attackers reach their end.
The greatest target
In theory, every piece of software and application is potentially vulnerable to exploit. Security teams spend a lot of resources taking these resources apart to find vulnerabilities every year.
Despite this general observation, the greatest target for attackers are applications and software with the highest user base. This target-rich environment is indicative of the numbers game approach that malicious hackers use as their playbook. Common applications to target are Microsoft Office, Internet Explorer, Java and Adobe Reader — just imagine how many users are on these applications daily!
Types of exploits
The broadest categorization of exploits separates them into two categories — known and unknown. Known exploits are exploits that researchers have already been discovered and documented. This means that ethical hackers will have a better chance of fighting them: normally, they are addressed in subsequent security updates.
Unknown exploits, also known as zero-day exploits, have not been discovered or documented yet. These exploits can go on for years sometimes without being discovered, and updates will not protect you from them.
Another way to categorize exploits are by defining them as being either client-side or server-side. With client-side exploits, access is gained to a system by some action of the client — this includes clicking on a malicious website, clicking on a malicious link and social engineering. Server-side exploits gain access via a server application where an auxiliary scanner scans your system looking for flaw with which to gain entry.
Common exploit kits
There is an array of exploit kits out there today. They include:
- Rig: The most popular. Uses website compromising and malvertising. Used to deliver ransomware
- Neutrino: Originating in Russia, this uses malvertising to target Internet Explorer and Flash vulnerabilities
- Magnitude: Uses malvertising. Mainly targets systems in Asia
Where can you find discovered exploits?
As mentioned earlier, known exploits will be discovered and documented (hopefully thoroughly). The Exploit Database maintains a public archive that is said to be the ultimate exploit collection. Exploit information is gathered from submissions from the public, and the information is easy to navigate and freely available. It can be found here.
Exploits are a popular way to gain access to systems in today’s information security landscape, although their popularity has been waning a bit. Distilling things down, exploits are the actual method of the crime that attackers use to commit crimes against organizations.
By understanding known exploits, ethical hackers can harden the security of their organization by finding flaws and vulnerabilities before attackers do and addressing them. And by focusing mainly on what is known, they can narrow their scope down to things like zero-day exploits.