HOW TO SEARCH FOR VULNERABILITIES
Hello Friends Today i am gonna show you how to search for vulnerabilities to hack into anything
THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY
ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY
What are Vulnerabilities:
In Computer Security, a vulnerability is a weakness which allows an Attacker to reduce a system's Information Assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the Attack Surface.
Vulnerability Management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to Software Vulnerabilities in computing systems.
A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an Exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled
Security Bug (Security Defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs
Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn’t any, he would move onto another open port and try again on a different service.
Some of the most popular exploit databases are:
• Milw0rm
• SecurityFocus
• osvdb
By searching “filezilla” on milw0rm, fortunately the hacker won’t find any exploits for my current version of the FTP software. Now most people would move on to another port to try and find another possible vulnerability, but this doesn’t mean every hacker will. If a skilful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it. In the hacker community, this new vulnerability would be called a “0-day”. 0-day vulnerabilities are very valuable in the hacker community for a few reasons.
• No one knows about the vulnerability, so the hacker could start hacking hundreds of websites before the vulnerability is discovered and patched.
• The hacker could sell the vulnerability for thousands of dollars
• Discovering vulnerabilities and creating an exploit for it shows that the hacker is very skilful and raises his ranks in the hacker community. You might be wondering why 0-days are worth so much. It’s very simple. I’ll explain it with a simple equation.
Hacker + 0-Day + Company Servers = Bad Reputation = Loss of Money
Now before we get into the actual penetrations, I will discuss a couple of the common type of attacks used against discovered vulnerabilities.
Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it.
Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker. Once this code is executed, the hacker can receive full control of the server.
If you search the Milw0rm exploit database, you will see that in many exploit titles it reads local exploit or remote exploit. Below are their definitions:
Local Exploit – To run a local exploit, you must first have access and privileges on the machine. Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges. Remote Exploit – A remote exploit is pretty much the same thing as a local exploit except that it isn’t run locally, but launched from anywhere across the internet. A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit.
http://www.hackingdream.net/2014/11/how-to-search-for-vulnerabilities.html
Hello Friends, How Are You
Thank You Friend nice To Meet You
the Best And amazing.
Nice To Meet You All #steemians
My Name Ary, Account name @oktaviani Am Coming From Aceh Sumatra National Liberation Front (ASNLF)
I Say Welcome And Happy To You Here #steemit or#eSteem.
Vote @good-karma As Our Witness.
Do not Forget Follow Me Also @oktaviani
I would like to express my gratitude.. :o
Hi. I am @greetbot - a bot that uses AI to look for newbies who write good content.
I found your post and decided to help you get noticed.
I will pay a resteeming service to resteem your post,
and I'll give you my stamp of automatic approval!
Resteemed by @resteembot! Good Luck!
The resteem was payed by @greetbot
Curious?
The @resteembot's introduction post
Get more from @resteembot with the #resteembotsentme initiative
Check out the great posts I already resteemed.