All Topics  
Exploit (computer security)

 

 
   Email Print
   Bookmark   Link
 

 

Exploit (computer security)
 
 
  Topics Exploit (computer security) Topic Home

An exploit (from the same word in the French language
French language

French is a Romance language spoken around the world by around 80 million people as first language, by 190 million as second language, and by about another 200 million people as an acquired tongue, with significant speakers in 54 countries....
, meaning "achievement", or "accomplishment") is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug
Software bug

A software bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended . Most bugs arise from mistakes and errors made by people in either a program's source code or its software architecture, and a few are caused by compilers producing incorrect code....
, glitch
Glitch

A glitch is a short-lived fault in a system. The term is particularly common in the computing and electronics industries, and in circuit bending, as well as among players of video games, although it is applied to all types of systems including human organizations and nature....
 or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation
Privilege escalation

Privilege escalation is the act of exploiting a Computer bug or design flaw in a software application to gain access to resource which normally would have been protected from an application or user ....
 or a denial of service attack.

Classification
There are several methods of classifying exploits.






Discussion
Ask a question about 'Exploit (computer security)'
Start a new discussion about 'Exploit (computer security)'
Answer questions from other users
Full Discussion Forum



Encyclopedia


An exploit (from the same word in the French language
French language

French is a Romance language spoken around the world by around 80 million people as first language, by 190 million as second language, and by about another 200 million people as an acquired tongue, with significant speakers in 54 countries....
, meaning "achievement", or "accomplishment") is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug
Software bug

A software bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended . Most bugs arise from mistakes and errors made by people in either a program's source code or its software architecture, and a few are caused by compilers producing incorrect code....
, glitch
Glitch

A glitch is a short-lived fault in a system. The term is particularly common in the computing and electronics industries, and in circuit bending, as well as among players of video games, although it is applied to all types of systems including human organizations and nature....
 or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation
Privilege escalation

Privilege escalation is the act of exploiting a Computer bug or design flaw in a software application to gain access to resource which normally would have been protected from an application or user ....
 or a denial of service attack.

Classification


There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A 'local exploit' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator
System administrator

A system administrator, systems administrator, or sysadmin, is a person employed to maintain and operate a computer system and/or computer network....
. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering method.

Another classification is by the action against vulnerable system: unauthorized data access, arbitrary code execution, denial of service.

Many exploits are designed to provide superuser
Superuser

On many computer operating systems, the superuser, or root, is a special user account used for system administration.Many older operating systems on computers intended for personal and home use, including MS-DOS and Windows 9x, do not have the concept of multiple accounts and thus have no separate administrative account; anyone using...
-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root.

Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch
Patch (computing)

A patch is a small piece of software designed to fix problems with or update a computer program or its supporting data. This includes fixing computer bug, replacing graphics and improving the usability or performance....
 and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers
Black hat

A black hat is the villain or bad guy, especially in a Western in which such a character would wear a black hat in contrast to the hero white hat....
 do not publish their exploits but keep them private to themselves or other malicious crackers. Such exploits are referred to as 'zero day exploits' and to obtain access to such exploits is the primary desire of unskilled malicious attackers, often nicknamed script kiddie
Script kiddie

In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile , or similar, is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks....
s.

Types


Exploits are commonly categorized and named by these criteria:
  • The type of vulnerability they exploit (See the article on vulnerabilities
    Vulnerability (computing)

    In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system....
     for a list)
  • Whether they need to be run on the same machine as the program that has the vulnerability (local) or can be run on one machine to attack a program running on another machine (remote).
  • The result of running the exploit (EoP, DoS, Spoofing
    Spoofing attack

    In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage....
    , etc...)


See also


  • Computer security
    Computer security

    Computer security is a branch of technology known as information security as applied to computers. The objective of computer security can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy....
  • Computer insecurity
    Computer insecurity

    Many current computer systems have only limited security precautions in place. This computer insecurity article describes the current battlefield of computer security exploit s and defenses....
  • Crimeware
    Crimeware

    Crimeware is a class of malware designed specifically to automate financial crime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs....
  • Shellcode
    Shellcode

    In computer security, a shellcode is a small piece of code used as the Payload in the exploit of a software Vulnerability . It is called "shellcode" because it typically starts a Shell from which the attacker can control the compromised machine....
  • Computer virus
    Computer virus

    A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability....
  • Metasploit
    Metasploit Project

    The Metasploit Project is a computer security project which provides information about vulnerability and aids in penetration testing and Intrusion-detection system development....


External links


has an extensive archive of public exploits. has over 10 years worth of exploits available. has a small archive of public web application vulnerabilities. Vulnerability and Exploit Information. Vulnerability and Virus Information.