Tuesday, 24 July 2012

Network Hacking (Searching for Vulnerabilities)

Searching for Vulnerabilities 

Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn’t any, he would move onto another open port and try again on a different service.

Some of the most popular exploit databases are:


By searching “filezilla” on milw0rm, fortunately the hacker won’t find any exploits for my current version of the FTP software. Now most people would move on to another port to try and find another possible vulnerability, but this doesn’t mean every hacker will. If a skillful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it. In the hacker community, this new vulnerability would be called a “0-day”. 0-day vulnerabilities are very valuable in the hacker community for a few reasons.

• No one knows about the vulnerability, so the hacker could start hacking hundreds of websites before the vulnerability is discovered and patched.
• The hacker could sell the vulnerability for thousands of dollars.
• Discovering vulnerabilities and creating an exploit for it shows that the hacker is very skillful and raises his ranks in the hacker community.

You might be wondering why 0-days are worth so much. It’s very simple. I’ll explain it with a simple equation.

Hacker + 0-Day + Company Servers = Bad Reputation = Loss of Money

Now before we get into the actual penetrations, I will discuss a couple of the common type of attacks used against discovered vulnerabilities.

Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it. 

Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker. Once this code is executed, the hacker can receive full control of the server.

If you search the Milw0rm exploit database, you will see that in many exploit titles it reads local exploit or remote exploit. Below are their definitions:

Local Exploit – To run a local exploit, you must first have access and privileges on the machine. Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges.

Remote Exploit – A remote exploit is pretty much the same thing as a local exploit except that it isn’t run locally, but launched from anywhere across the internet.

A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit.


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More