Ethical hacking: What are exploits?
The very soul of ethical hacking consists of searching for vulnerabilities and weaknesses within an organization’s system, using methods and tools that attackers would use (with permission, of course). Taking this path will lead you to exploits — kind of like a twisted pot of gold at the end of the rainbow. This article will detail exploits in the context of ethical hacking, including:
- What exploits are
- How exploits work
- Their greatest target
- Types of exploits
- Types of exploit kits
- Where to find information about known exploits
Expect a solid overview of exploits that will get even the greenest newcomer introduced to this fascinating subject matter.
What should you learn next?
What are exploits?
Simply put, exploits are a way of gaining access to a system through a security flaw and taking advantage of the flaw for their benefit — in other words, to exploit it. Exploits normally come by way of a piece of programmed software, piece of code or a script. They are often delivered as a part of a kit, which is a collection of exploits.
You can think of exploits as the proverbial battering ram in a medieval battle, where the organization’s security is the castle wall. The enemy will use a battering ram (or an exploit) to deliver their attack at a weakness in the castle wall, or in this case, a security flaw.
Just as there are different battering rams and methods to breach castle walls, there are different exploits for different situations because not all flaws and weaknesses are the same.
How do exploits work?
Not all exploits work the same way. However, I will provide a general explanation for kit-delivered exploits.
The most common method of making contact with exploits is by visiting websites that have been booby-trapped by attackers. The worst part is that it is not uncommon for attackers to booby-trap high-traffic websites — including nytimes.com, msn.com and yahoo.com. Remember that online shopping tear you were on a few days ago? Yeah, it’s safe to say you had a strong likelihood of surfing on to a site with one (or more) booby traps on it.
So how does this all work? There are two methods: 1) There is a piece of malicious code hidden on the website in plain sight, and 2) An infected advertisement, or malvertising, is displayed on the website. When malvertising is involved, you do not even have to click on the ad to be exposed.
In both cases, the user becomes redirected to the exploit kit, which is hosted on an invisible landing page. If you have a vulnerability and the exploit kit identifies it, the kit will launch its exploit and drop its malicious payload. The news media’s favorite payload of late has been ransomware, for its recent scourges across the globe.
As you can see, the exploit is the means by which attackers reach their end.
The greatest target
In theory, every piece of software and application is potentially vulnerable to exploit. Security teams spend a lot of resources taking these resources apart to find vulnerabilities every year.
Despite this general observation, the greatest target for attackers are applications and software with the highest user base. This target-rich environment is indicative of the numbers game approach that malicious hackers use as their playbook. Common applications to target are Microsoft Office, Internet Explorer, Java and Adobe Reader — just imagine how many users are on these applications daily!
Types of exploits
The broadest categorization of exploits separates them into two categories — known and unknown. Known exploits are exploits that researchers have already been discovered and documented. This means that ethical hackers will have a better chance of fighting them: normally, they are addressed in subsequent security updates.
Unknown exploits, also known as zero-day exploits, have not been discovered or documented yet. These exploits can go on for years sometimes without being discovered, and updates will not protect you from them.
Another way to categorize exploits are by defining them as being either client-side or server-side. With client-side exploits, access is gained to a system by some action of the client — this includes clicking on a malicious website, clicking on a malicious link and social engineering. Server-side exploits gain access via a server application where an auxiliary scanner scans your system looking for flaw with which to gain entry.
Common exploit kits
There is an array of exploit kits out there today. They include:
- Rig: The most popular. Uses website compromising and malvertising. Used to deliver ransomware
- Neutrino: Originating in Russia, this uses malvertising to target Internet Explorer and Flash vulnerabilities
- Magnitude: Uses malvertising. Mainly targets systems in Asia
Where can you find discovered exploits?
As mentioned earlier, known exploits will be discovered and documented (hopefully thoroughly). The Exploit Database maintains a public archive that is said to be the ultimate exploit collection. Exploit information is gathered from submissions from the public, and the information is easy to navigate and freely available. It can be found here.
Conclusion
Exploits are a popular way to gain access to systems in today’s information security landscape, although their popularity has been waning a bit. Distilling things down, exploits are the actual method of the crime that attackers use to commit crimes against organizations.
By understanding known exploits, ethical hackers can harden the security of their organization by finding flaws and vulnerabilities before attackers do and addressing them. And by focusing mainly on what is known, they can narrow their scope down to things like zero-day exploits.
What should you learn next?
Sources
- The Exploit Database, Offensive Security
- Types of Exploits, Brett Leahy
- What are exploits? (And why you should care), Malwarebytes Labs
- Ethical Hacking - Exploitation, Tutorials Point
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Ethical hacking: What are exploits?
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
