searchicon
Web | Images | Music | Videos | News

Exploits

Exploits are a sequence of programs or commands that attacks a computer hardware or software, through a bug in it. Exploits causes flaws to a software, if it is syntactically easy for a hacker or a cracker to modify it. This obviously causes to gain the control of a computer system and leads to security attacks and threats to the information stored in the system. Exploits can also be done by unauthorized access to a service, code execution and also by denial of service. The Exploits contacts the software that is vulnerable by many ways.

1. A Remote Exploit, by not using any prior access to the vulnerable system, it can exploit the security vulnerability over a network

2. A Local Exploit can do the process of exploiting by accessing the prior system and by increasing privileges of the user running the exploit. This can be done when the System Administrator permits the exploit.

3. In client applications, the servers that are modified can send exploits when accessed by client applications. It also requires communications with the users of the system.

There are many types of Exploits, and these are classified on the basis of vulnerabilities.

Some of these are,

  • Race condition.
  • Buffer overflow.
  • Code injection.
  • Heap overflow.

Exploits are designed in order to obtain super-user level access of a computer system. This can be easily done once the person gains the lower level of access to the system. Later, breaking the vulnerabilities of privacy can widen this. Basically when an exploit is fixed or published, it is put on to use for newer versions of the software too. That is why some of the hackers never publish the exploits. When an exploit weakens the operating system, it is necessary to fix it as early as possible. Otherwise it will make intruders to gain access to the system very easily and later it might become a security problem.


Categories

Mac

 
Sponsored results

Links
  • PullThePlug WarGames
    Place for Programmers and Hackers to hone their technical skills by completing challenging wargames and Programming Challenges. Including Network Programming, Defeating PaX, Buffer/Heap Overflows, Format Strings etc.
    http://www.pulltheplug.org/
  • Phenoelit
    Custom built network tools designed to take advantage of the exploits within many network hardware systems. Also the home of the k0ld LDAP brute force utility. A must have for many professional penetration testers.
    http://phenoelit.de/fr/tools.html
  • PacketStorm Security
    Packet Storm is a non-profit organization comprising computer security professionals that are dedicated to providing the information necessary to secure the networks world-wide. It publishes new security information on a global network of websites. The organization offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. It provides network security professionals, researchers, and all other interested individuals with the ability to analyze and learn from the tools, processes and mindsets of their opponents, as well as offering the tools needed to build and test defenses against them.
    http://www.packetstormsecurity.org/
  • Network Security Archive
    A collection of mailing list archives dealing with exploits, vulnerability development and hacking
    http://www.networksecurityarchive.org
  • Rosiello Security
    Advisories, exploits, shellcodes, whitepapers, free software.
    http://www.rosiello.org
  • Security Focus
    SecurityFocus is the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
    http://www.securityfocus.com
  • Trivia Security Exploits Archive
    Latest Security Exploits and codes. Updated daily.
    http://www.triviasecurity.net/exploits.php
  • SecWatch
    A site dedicated to the latest in security - all the latest and archived exploits and vulnerabilities.
    http://www.secwatch.org
  • Security-Protocols Exploit News
    A up to date security and exploit portal, provides commentary on many popular exploits as they develop in the wild.
    http://www.security-protocols.com
  • Security Tracker
    Archive of exploits and security advisories
    http://www.securitytracker.com
  • milw0rm.com
    Exploit database separated by exploit type (local, remote, DoS, etc.)
    http://www.milw0rm.com
  • Metasploit Project
    The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
    http://metasploit.org
  • Exploiting Caller ID
    The Software Orange Box is a free proof-of-concept tool which can spoof most forms of North American Caller ID.
    http://www.artofhacking.com/orange.htm
  • Ethical Hacking Course
    Commercial hacker training course on how to write and use exploits.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
  • 0-Day Exploits and Tutorials
    DataStroghold.com Unveils how exploits and other hacking techniques are performed, in a clear and concise method. Frequently updated and always interesting.
    http://www.datastronghold.com
  • Canvas Exploit Platform
    A commercial exploit platform similar to metasploit. Has built in memory resident shells that are cleared when the machine is rebooted. Perfect for cleaning up after a penetration test.
    http://www.immunitysec.com/index.shtml
  • FrSIRT Exploits Archive
    Archive of current 0day exploits from European and Asian sources. French and English language content provided.
    http://www.frsirt.com/exploits/
  • Fyodor's Exploit World
    A large and descriptive exploit archive organized by affected operating systems.
    http://insecure.org/sploits.html
  • malware.com
    A group that develops as well as discloses software exploits on many of the security mailing lists. Mainly specializing with Microsoft Office and Internet Explorer Vulnerabilitys.
    http://www.malware.com/
  • Ill Mob
    Home of a number of 0-day exploit authors. Many creative Trojan droppers and methods are released here.
    http://www.illmob.org/
  • Hack A Day
    A hardware hack every day.
    http://www.hackaday.com/

 

The Computer Science Directory currently has categories, which include links along with indexed pages.