In my previous tutorial, i was explaining about port scanning, version
detection and which service is running on the target system.
Before we proceed let me clear one thing, To protect yourself against
a hacker, you have to think like a hacker. So which is i am going to share
with you, this is for educational purpose only!
Now once the hacker has the name of the software being used and its
version number, he would take that information and search a couple
vulnerability databases for an exploit.
If there’s an exploit available, he will run it against the server and
take complete control. If there isn’t any, he would move onto another
open port and try again on a different service.
But when there is no exploit available for specific port, then
Most hacker would move on to another port to try and find another
possible vulnerability, but this doesn’t mean every hacker will.
But Remember A skillful hacker is determined, he may try to locate a
vulnerability in the current software version and develop an exploit
for it.
Ohk now let me tell some helpful resources in finding vulnerabilities
and exploits :
1. Searching to SecurityFocus( for Vulnerabilities) :
SecurityFocus database has some handy tools for searching for
vulnerabilities. It will allow us to search by vendor, by title of the
software and by the version. Finally, it will allow us to search by CVE,
which is the Common Vulnerability and Exploit number.
2. Finding Exploits :
Once we've found a vulnerability that virtually every PC will have, the
next step is to find an exploit.
Developing an exploit requires some advanced coding skills, but is not
beyond the capability of a talented, aspiring hacker.
To find the exploit for any specific vulnerability, you can use
You can say it is the king of exploit database ;-)
Or you can use
Now after finding the right exploit, it's time to Penetrating.
The more exploits you run, the more you will notice that half of them
may not work.
That is main reason why programming knowledge is needed, so you
could edit the exploit script to work for you.
Once a skilled hacker gains root to a server he has the ability to do a
lot of damage.
Note : This is for educational purpose only!
No comments:
Post a Comment