Terminologies used in penitration testing

Terminologies used in penitration testing:

Exploit
An exploit is the means by which an attacker, or pen tester for that matter, takes  
advantage of a flaw within a system, an application, or a service. An attacker  
uses an exploit to attack a system in a way that results in a particular desired  
outcome that the developer never intended. Common exploits include buffer  
overflows, web application vulnerabilities (such as SQL injection), and con- 
figuration errors.

Payload
A payload is code that we want the system to execute and that is to be selected  
and delivered by the Framework. For example, a reverse shell is a payload that  
creates a connection from the target machine back to the attacker as a Win- 
dows command prompt (see Chapter 5), whereas a bind shell is a payload that  
“binds” a command prompt to a listening port on the target machine, which  
the attacker can then connect. A payload could also be something as simple as  
a few commands to be executed on the target operating system.

Shellcode
Shellcode is a set of instructions used as a payload when exploitation occurs.  
Shellcode is typically written in assembly language. In most cases, a command  
shell or a Meterpreter shell will be provided after the series of instructions  
have been performed by the target machine, hence the name.

Listener
A listener is a component within Metasploit that waits for an incoming connection  
of some sort. For example, after the target machine has been exploited, it may  
call the attacking machine over the Internet. The listener handles that connec- 
tion, waiting on the attacking machine to be contacted by the exploited system.


Comments

Popular posts from this blog

​​CRACKING HACKING SPAMMING TOOLS FREE DOWNLOAD

Dedsec All Courses Free Download

HOW TO BYPASS SOFTWARE REGISTRATIONS