Exploit
Exploit的英文意思就是利用,它在黑客眼里就是漏洞利用,有漏洞不一定就有Exploit(利用),有Exploit就肯定有漏洞。
我们几乎每隔几天就能听到最近有一个新发现的可以被利用(exploit)的漏洞(vulnerability),然后给这个漏洞打上补丁。而事实上,这里面的内容比你想象的要多,因为你不可能知道所有软件的漏洞,而且那些可利用的漏洞也只是被少数人所了解。
漏洞是存在于一个程序、算法或者协议中的错误,可能带来一定的安全问题。但不是所有的漏洞都是能够被利用来攻击(exploitable)的,理论上存在的漏洞,并不代表这个漏洞足以让攻击者去威胁你的系统。一个漏洞不能攻击一个系统,并不代表两个或多个漏洞组合就不能攻击一个系统。例如:空指针对象引用(null-pointerdereferencing)漏洞可以导致系统崩溃(如果想做拒绝服务攻击就足够了),但是如果组合另外一个漏洞,将空指针指向一个你存放数据的地址并执行,那么你可能就利用此来控制这个系统了。
一个利用程序(Anexploit)就是一段通过触发一个漏洞(或者几个漏洞)进而控制目标系统的代码。攻击代码通常会释放攻击载荷(payload),里面包含了攻击者想要执行的代码。exploits利用代码可以在本地也可在远程进行。一个远程攻击利用允许攻击者远程操纵计算机,理想状态下能够执行任意代码。远程攻击对攻击者非常重要,因为攻击者可以远程控制他/她的主机,不需要通过其它手段(让受害者访问网站,点击一个可执行文件,打开一个邮件附件等等),而本地攻击一般都是用来提升权限。
- 昨晚跟@Sunshine 请教了下终端机的玩法,顺便翻了翻资料。总结了以下的几种方法... 13-06-19
File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
| File Store PRO 3.2 Blind SQL Injection | |________________________________________| Download from: http://upoint.info/cgi/demo/fs/filestore.zip - N... 08-10-08Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== =======================... 08-10-08Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerability
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ################... 08-10-08DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #==========================================... 08-10-08phpDatingClub (website.php page) Local File Inclusion Vulnerability
######################################################### # # phpDatingClub Local File Include Vulnerability #===============================================... 08-10-08gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability ... 08-10-08Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript> // ... 08-10-08Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4z[at]yahoo.p... 08-10-08IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit
/********************************************************************/ /* [Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit by kralor [Crpt] */ /***********************... 08-10-08IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
/** ** ** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. ** ** Based on exploit by Koshi (written in Perl). This one should be more ** ... 08-10-08Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; ... 08-10-08MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"... 08-10-08MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"... 08-10-08MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"... 08-10-08Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit
#!/usr/bin/perl use IO::Socket; print q{ ----------------------------------------------- Arctic Issue Tracker v2.0.0 exploit by ldma ~ S... 08-10-08Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
____ ____ __ __ / / | | | | ----====####/ /__##/ / ##| |##| |####====---- | | | |__| | | | | | ... 08-10-08IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit
#!/usr/bin/perl # use warnings; use strict; # CMD="c:windowssystem32calc.exe" # [*] x86/alpha_mixed succeeded, final size 344 my $shel... 08-10-08BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
from scapy import * import random # Copyright (C) 2008 Julien Desfossez <ju@klipix.org> # http://www.solisproject.net/ # # This program is free softwa... 08-10-08