How to Search For Vulnerabilities

November 22, 2014
Hello Friends Today i am gonna show you how to search for vulnerabilities to hack into anything 




THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY 
ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY



What are Vulnerabilities: 

In Computer Security, a vulnerability is a weakness which allows an Attacker to reduce a system's Information Assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the Attack Surface.
Vulnerability Management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to Software Vulnerabilities in computing systems.
A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an Exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled
Security Bug (Security Defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs 


Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn’t any, he would move onto another open port and try again on a different service.  
Some of the most popular exploit databases are:
• Milw0rm
• SecurityFocus
• osvdb

By searching “filezilla” on milw0rm, fortunately the hacker won’t find any exploits for my current version of the FTP software. Now most people would move on to another port to try and find another possible vulnerability, but this doesn’t mean every hacker will. If a skilful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it. In the hacker community, this new vulnerability would be called a “0-day”. 0-day vulnerabilities are very valuable in the hacker community for a few reasons.

 • No one knows about the vulnerability, so the hacker could start hacking hundreds of websites before the vulnerability is discovered and patched.

• The hacker could sell the vulnerability for thousands of dollars

• Discovering vulnerabilities and creating an exploit for it shows that the hacker is very skilful and raises his ranks in the hacker community. You might be wondering why 0-days are worth so much. It’s very simple. I’ll explain it with a simple equation.

Hacker + 0-Day + Company Servers = Bad Reputation = Loss of Money 

 Now before we get into the actual penetrations, I will discuss a couple of the common type of attacks used against discovered vulnerabilities.

Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it.

Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code  created by the hacker. Once this code is executed, the hacker can receive full control of the server.
If you search the Milw0rm exploit database, you will see that in many exploit titles it reads local exploit or remote exploit. Below are their definitions:


Local Exploit – To run a local exploit, you must first have access and privileges on the machine. Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges. Remote Exploit – A remote exploit is pretty much the same thing as a local exploit except that it isn’t run locally, but launched from anywhere across the internet. A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit.  


===============  Hacking Don't Need Agreements   ===============
Just Remember One Thing You Don't Need To Seek Anyone's Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
            Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At BhanuHacks@gmail.com


,
By:
Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment