If you are some guy that’s working in IT or the one who is interested in programming or information security, you might be hearing this exploit word hell lot of times and in this for the last time let’s clear it like the way never. By the end of this article you will understand what is exploit in computer security, types of exploits, how exploit works and the way it works.
What is exploit in a small sentence?
According to definition exploit is nothing but a program or piece of code that takes advantage of a security weakness in an application or system so that the attacker can have access or can benefit the way he wanted to.
What does it mean to an absolute beginner?
Let me explain you with some example. Everything we use in a PC is a code, program (Multiple lines of code), software (Multiple programs). They are meant to do something as per their code. Computer is a shitty machine that does everything as per the instructed. Hackers take this as advantage and instructs it to give the information they wanted.
For example if they wants passwords from SQL server they ask but there is a software between SQL and hacker or any user. User uses it as the way it is to be used but hacker uses it for his benefits. Usually SQL needs queries and the queries give information. When you login into any website your username and password is sent to web application which validates them from the server if some code in the username field is sent to server, a secure program should not accept that code. If it accepts it then the web application is vulnerable(weakness). Usually sanitization is implemented in all forms to prevent this. Here in this example SQL injection is the vulnerability and the code you used to get the details from SQL server is called exploit.
Usually there are many exploits written by many hackers for almost all operating systems that exists till date. Even though a software is vulnerable to attack we can use some mechanisms that helps us to prevent exploitation
What is exploitation?
Exploitation is an action that performed using exploit to get personal benefit.
For example on Windows XP machine exploitation can be performed using NetAPI exploit.
To exploit any target there are many tools available but every hackers favorite is Metasploit. Thanks to H.D. Moore, founder of Metasploit.
Types of computer exploits
There are two types of exploits. They are local and remote.
These are nothing but if target is exploited remotely like using telnet or SSH then it’s called remote exploit. Similarly, if target is exploited locally like if you have physical access to the target then it is called local exploit.
It doesn’t matter it is local or remote, it is exploited over telnet session or SSH or modem or sitting right behind system, exploit is exploit doesn’t matter how it is exploited.
Furthermore, explanation for exploit
In RAM or memory this is how space is utilized(Not going deep just to understand the way attack can happen). Everything in the RAM is stored as a Stack. One layer contains the instructions that needs to be executed and the other layer right after it contains address to next instruction.
For example, if the instruction executing presently takes username input length of 32 bits maximum and if we were able to fill some junk data till 32 bits and at 33 bit if we give the address of the malicious program that connects the target to over system and gives access. That’s it you successfully exploited. This is how buffer overflow works by the way the memory that declared for input is called buffer and we are overflowing it.
Interesting Read:What is block chain techonology. Everything a beginner needs to know
Leave a Reply