Terminologies used in penitration testing
Terminologies used in penitration testing:
Exploit:
An exploit is the means by which an attacker, or pen tester for that matter, takes
advantage of a flaw within a system, an application, or a service. An attacker
uses an exploit to attack a system in a way that results in a particular desired
outcome that the developer never intended. Common exploits include buffer
overflows, web application vulnerabilities (such as SQL injection), and con-
figuration errors.
Payload:
A payload is code that we want the system to execute and that is to be selected
and delivered by the Framework. For example, a reverse shell is a payload that
creates a connection from the target machine back to the attacker as a Win-
dows command prompt (see Chapter 5), whereas a bind shell is a payload that
“binds” a command prompt to a listening port on the target machine, which
the attacker can then connect. A payload could also be something as simple as
a few commands to be executed on the target operating system.
Shellcode:
Shellcode is a set of instructions used as a payload when exploitation occurs.
Shellcode is typically written in assembly language. In most cases, a command
shell or a Meterpreter shell will be provided after the series of instructions
have been performed by the target machine, hence the name.
Listener:
A listener is a component within Metasploit that waits for an incoming connection
of some sort. For example, after the target machine has been exploited, it may
call the attacking machine over the Internet. The listener handles that connec-
tion, waiting on the attacking machine to be contacted by the exploited system.
Comments
Post a Comment