Saturday, 10 May 2014

Exploits, What are They, How to Use and Where To Get ???

// Exploit 

An Exploit is a piece of code or program that take Advantage of a bug , weakness or vulnerability in specific software, leading to privilege escalation or DoS attacks on the target.

Well to explain this simply, a Exploit is a program that 'exploits' a bug in a specific software

All exploits are different, they do different things exploit different bugs, thats why exploits are allways program specific.Exploits are made to get root on different operating systems. They achieve this by exploiting a bug in software when the software is running as root.
In UNIX type OS's, software may have to run as root ( or UID 0 ) in order to perform a specific task that cannot be performed as another user. So basically the exploit crashes the software while running as root to give you the beautiful root prompt.


// How to Use Exploits


First Of All You should Know that Exploits are Coded In Different Languages Like Perl, PHP, Python and Mostly in C++ And if You are Using Windows OS then you have to install all these Programming Languages to Run these Exploits, Otherwise I will recommended You to Use Backtrack Or Kali Linux, Because all these Programming Languages are Preinstalled so that you can run all these Exploits Easily without any Installations .



   So here I am Using Kali Linux to Run Exploits on My Target :D.


//* Using PHP Exploits


1) PHP exploit code usually starts with


2) Copy  the PHP exploit code into notepad, Edit Code as per your Target and save it as “exploit.php”, on your desktop.

3) Next open up the terminal and go to your Desktop  by using the CD (change directory)
command 


cd Desktop


4) Now run the Exploit 

php exploit.php

//* Using PERL Exploits

Paste The Perl Exploit in notepad, Edit the options like the target server and others as needed.Then save the file as “exploit.pl”.
As you can see Pearl exploits begin with “!/usr/bin/perl”.

Open Terminal and change into the directory with the exploit using the CD (change directory command). Then run the exploit by typing:
“perl exploit.pl”.
 


//* Using PYTHON Exploits


1) As you can see Python exploits begin with As  "# usr/bin/python"
 

2) Paste the python exploit into notepad and save it as “exploit.py" on your desktop.

3) Open Terminal and change into the directory with the exploit using the CD (change directory command).
Then run the exploit by typing:
“exploit.py”.


//* Using C\C++ Exploits


C/C++ are the most popular programming languages used in developing exploit code.
Some C/C++ code can be compiled with any compiler and on any operating system. There are also C/C++ scripts that are made to be compiled by a particular compiler, or in a particular operating system.
Since exploits are coded in C 99% of the time, you need a shell on the box you are going to use the exploit on, OR, you need to be running the same OS as the box you are attempting to hack. So basically, you need to put the source code, or the binary in your shell accounts dir, ( you want to use a hacked, or a shell not yours for this :) ) to put it on your shell, you can ftp to your account and upload it that way, or you can use earz if you are using a dialup shell.
either way, i shouldn't have to explain those to things to much, its pretty easy.

Once you have the exploit on the box you just need to compile it. Usually you
would compile the exploit like so;

Save exploit as exploit.c
run the terminal and compile it:
#gcc -o whatever exploit.c
To run the exploit, simply type “./whatever
”.

run this script against a vulnerable box and you will got root acces

 that should compile your exploit. However, be aware that some exploit coders
are sneaky pests, and like to pick on people who don't know C, so they will
sometimes insert bugs into the exploit, thus uninabiling it to be compiled. So
it does help to know C, when playing with C :)

 After the compiling is done, you should be able to just run the exploit and its
work will be done when you see the root prompt. however, not all exploits are
the same, and might require different command lines to get them to work.


Conclusion:


The more exploits you run, the more you will notice that half of

them may not work. Many exploits are created and tested in specific
environments and the expected outcome only happens when the exploit
is run in the exact same environment.That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you.

// Where To Get Exploits.


http://www.exploit-db.com/


http://www.securityfocus.com/


http://1337day.com/





1 comment:

  1. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete