The very soul of ethical hacking lies in finding vulnerabilities and weaknesses within an organization’s system using methods and tools that attackers would use (with permission, of course). Going down this path will lead you to exploits – sort of like the twisted pot of gold at the end of the rainbow. This article details exploits in the context of ethical hacking, including:
- What are exploits
- How exploits work
- Their biggest goal
- Types of exploits
- Types of exploit kits
- Where to find information about known exploits
Expect a solid overview of exploits that will make even the greenest novice learn about this fascinating topic.
What are exploits in Ethical hacking?
Simply put, exploits are a way to gain access to a system through a security flaw and use that flaw to your advantage—in other words, take advantage of it. Exploitation usually comes through a piece of programmed software, a piece of code, or a script. They are often shipped as part of a suite, which is a collection of exploits.
You can think of exploitation as the proverbial battering ram in a medieval battle where the security of the organization is the castle wall. The enemy will use a battering ram (or exploit) to attack a weakness in the castle wall, or in this case, a security flaw.
Just as there are different battering rams and ways to breach castle walls, there are different uses for different situations because not all flaws and weaknesses are created equal.
How do exploits work?
Not all exploits work the same. However, I will provide a general explanation for the exploits supplied by the kit.
The most common way to contact exploits is by visiting websites that have been baited by attackers. What’s worse is that it’s not uncommon for attackers to target heavily trafficked sites — including nytimes.com, msn.com, and yahoo.com. Remember that online shopping spree you had a few days ago? Yes, it’s safe to say that you’ve had a high probability of surfing the web with one (or more) phishing devices.
So how does it all work? There are two ways: 1) A piece of malicious code is hidden in plain sight on the site, and 2) An infected ad, or malvertising, appears on the site. When it’s malvertising, you don’t even have to click on the ad for it to appear.
In both cases, the user will be redirected to the exploit kit, which is located on an invisible landing page. If you have a vulnerability and the exploit kit identifies it, the kit will run its exploit and drop its malicious payload. Ransomware has been a popular topic in the news media recently due to its recent plagues around the world.
As you can see, an exploit is a means by which attackers achieve their goal.
The biggest goal
In theory, every software and application is potentially vulnerable to abuse. Security teams spend a lot of resources to find these vulnerabilities every year.
Despite this general observation, the biggest targets for attackers are apps and software with the highest user base. This target-rich environment is indicative of the numbers-game approach that malicious hackers use as their playbook. Common target applications are Microsoft Office, Internet Explorer, Java and Adobe Reader – just imagine how many users use these applications on a daily basis!
Types of exploits
The broadest categorization of exploits divides them into two categories – known and unknown. Known exploits are exploits that have already been discovered and documented by researchers. This means that ethical hackers will have a better chance of fighting them: they are usually covered by subsequent security updates.
Unknown exploits, also known as zero-day exploits, have not yet been discovered or documented. These exploits can sometimes go on for years without being discovered, and updating won’t protect you from them.
Another way to categorize exploits is to define them as client-side or server-side. With client-side exploits, access to the system is gained by some action on the part of the client – this includes clicking on a malicious website, clicking on a malicious link, and social engineering. Server-side exploits gain access through a server application, where a utility scanner scans your system for a bug to gain entry.
Common exploit kits
There are a number of exploit kits out there today. They contain:
Rig: The most popular. It uses website compromise and malvertising. Used to deliver ransomware
Neutrino: Originating in Russia, it uses malvertising to target Internet Explorer and Flash vulnerabilities
Size: Uses malvertising. It mainly focuses on systems in Asia
Where can you find discovered exploits?
As mentioned earlier, known exploits will be discovered and documented (hopefully thoroughly). The Exploit Database maintains a public archive that is said to be the definitive collection of exploits. Usage information is collected from contributions from the public and the information is easy to navigate and freely available. You can find it here.
Exploits are a popular way to gain access to systems in today’s information security landscape, although their popularity is declining somewhat. When things are distilled down, exploits are a real crime method that attackers use to commit crimes against organizations.
By understanding known exploits, ethical hackers can strengthen their organization’s security by finding and addressing bugs and vulnerabilities before attackers do. And by focusing mainly on what is known, they can narrow their scope to things like zero-day exploits.
- The Exploit Database, Offensive Security
- Types of Exploits, Brett Leahy
- What are exploits? (And why you should care), Malwarebytes Labs
- Ethical Hacking – Exploitation, Tutorials Point