Exploitation means gaining access through malicious code injection. It takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept threat or by malicious actors for use in their operations. What is an Exploit Kit? Exploit kits are automated threats that use compromised sites to divert web traffic, scan for vulnerable browser-based applications, and run malware. How to protect against exploit kits Here are some tips to help: Keep software up to date . One of the most important reasons software is updated regularly is to patch security vulnerabilities. Don’t click spammy links. As always, you should avoid opening emails from anyone you don’t know and definitely don’t click on suspicious links. Avoid ads and popups . When it comes to popups and ads, it can be difficult to avoid clicking, as many of these are designed to trick you into doing so (for example, the “close” button is difficult to locate or the ad moves around). An adblocker can be helpful, as this will prevent ads and popups from appearing in the first place. Use an antivirus. An antivirus isn’t foolproof by any means, but it can detect and remove many known threats, including viruses and other types of malware that find their way on to your device. Types of Exploits : ❤️Zero-day exploits: A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. 💛Remote Exploits : A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ‘local exploit’ requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. 💜Local exploits: Requires prior access to the vulnerable system and increases the privilege of the attacker past those granted by the security administrator. 💚Client exploits: Exploits against client applications exist and usually consist of modified servers that send an exploit when accessed with a client application. They may also require interaction from the user and rely on social engineering techniques like phishing or spear phishing to spread or adware. Web application exploitation tools Web applications are some of the most used applications today. They have evolved to become more user-friendly, dynamic, responsive and reliable. The integration of services with web applications also allows them to be used together with mobile applications and databases. This has made these applications to be attractive to hackers, who look for various means to abuse this entire stack. The following are some of the tools that hackers use for vulnerability exploitation. BurpSuite: This is a web proxy that is found in Kali Linux. It allows you to intercept traffic between your computer and the web server. Using this proxy, you can change the values that are submitted to the web server, sending anything from malicious characters to unexpected entries, to break the web application. OWASP ZAP: Another web proxy tool is OWASP ZAP. This is an alternative to BurpSuite and is also found in Kali Linux. It can perform well in environments where BurpSuite cannot. When it comes to choosing a proxy tool, it is a matter of preference. Commix: This is an exploitation tool that allows you to exploit command injection vulnerabilities that lead you to run operating system level commands by exploiting web application vulnerabilities. It can be downloaded and set up in Kali Linux. w3af: This tool used to be found in Kali Linux but has been since removed. It scans for vulnerabilities but also lets you exploit discovered vulnerabilities such as operating system command injections, SQL injections, path traversals and more. Jexboss: This tool is compatible with Kali Linux. It allows you to exploit misconfigured JBoss servers, allowing you to take full control over the web server that the JBoss server is installed on. If the server is installed as the “root” user in Linux, then you can run commands as this user, effectively letting you do anything on the web server. Operating system exploitation tools The operating system is the core software that manages the entire computer and all the installed software runs on top of this software. It is therefore very important for the operating system to remain secure or else it runs a risk of being exploited by hackers. These hackers can use the following tools to exploit OSes. Metasploit Framework: This framework of tools comes with Kali Linux. It contains various modules including scanner and exploitation modules. The exploitation module contains thousands of working exploits against operating systems. Mimikatz: Mimikatz is a powerful tool that comes bundled in Kali Linux with the Metasploit Framework. It allows you to perform various password-based attacks against Windows-based operating systems. Nmap: The Nmap tool contains various scripts that can be used to attack operating systems. It comes with Kali Linux and allows you to use these scripts to quickly identify the existence of a vulnerability that affects an OS. John the Ripper: This is a password-cracking tool that comes with Kali Linux. It can be used to attack the LM, NTLM and other passwords that have been collected from various operating systems. It accepts a password file and proceeds to attempt to crack any passwords that you give it. Hashcat: This is a more advanced password cracker that comes with Kali Linux and can be configured to use the GPU of your computer in case you have a powerful machine. This password cracker supports hundreds of formats and is one of the most preferred tools for password cracking by hackers today. Database exploitation tools Databases are used together with web applications because this is mostly where data and information that is required by users are stored. So, when hackers can attack web applications and gain unauthorized access to the backend database, they can alter the contents of the database to their liking. The following tools allow hackers to exploit databases and you can use them too. Sqlmap: This is the most popular tool that allows hackers to perform SQL injection attacks against back-end databases. It comes pre-installed in Kali Linux and works by scanning for various payloads and exploiting different injection points that you specify. DBeaver: This tool can be installed in Kali Linux. It allows you to log into various databases provided you have the credentials to connect to these databases. These credentials can be obtained through other means such as social engineering or phishing attacks. Once logged in, you can alter the contents of the database. SQL ninja: This tool can be installed in Kali Linux. It works by discovering injection points, however, when specified, it can speed up the exploitation process, allowing you to extract information from the SQL server. BSQL Hacker: This tool is designed specifically for exploiting Blind SQL injection vulnerabilities. It is multi-threaded and can be installed in Kali Linux. Multithreading makes it execute faster than most tools. It can exploit Blind SQLi, Time Based SQLi, Deep Blind SQLi and Error based SQLi. Safe3 SQL Injector: This tool is easy to use and leverages the power of Artificial Intelligence to identify injection points and payloads. Otherwise, many of its capabilities are like the previously discussed database exploitation tools. Other tools can be installed in Kali Linux and used to exploit SQL injection, including Mole, Havji and Leviathan. Mobile application exploitation tools Like databases as seen above, mobile applications are the next thing that interfaces with web applications. It is quite possible to secure your web application and leave your mobile applications insecure. Since hackers know this, they will attempt to attack the database from the mobile applications in case the web application vectors fail. The following are some of the tools that hackers commonly use and you can also practice with them. Frida: Frida is a dynamic instrumentation toolkit that you can install in Kali Linux. It allows you to perform dynamic analysis of a mobile application as it runs. You can change components of the mobile application straight from memory and even alter input, allowing you to perform functions that were not otherwise possible. It allows you to write your scripts, is cross-platform and is free. MobSF: This is an automatic code analyzer that is compatible with Kali Linux. It scans the code and provides a report with vulnerable points within the mobile app that you can exploit. Runtime Mobile Security: RMS is another tool that allows you to manipulate android and iOS applications at runtime. It allows you to dump loaded classes and relative methods, hook everything, trace method arguments and return values, load custom scripts and perform many other things. Top Exploit Databases: 🔝Exploit DB This is one of the most popular free exploit databases around, known as ‘Exploit DB.’ This project from Offensive Security aims to be a collection of public exploits and vulnerable software available for vulnerability research and penetration testing purposes. 🔝 Rapid7 The people behind Metasploit are known for high quality in their infosec products, and the same goes for their website’s vulnerability and exploit database.Rapid7 offers a quick and handy way to search for vulnerabilities and exploits. 🔝CXSecurity This database offers direct access to latest exploits from a web-based interface, where you’ll be able to filter and find exploits for local or remote vulnerabilities, get risk level and other details, such as author and publishing date. 🔝Vulnerability Lab Vulnerability Lab offers access to a large vulnerability database complete with exploits and PoCs for research purposes. It includes full details about the vulnerability such as date, risk score, affected version, type of vulnerability (remote or local), author, estimated price, vulnerability class and more. 🔝SecurityFocus SecurityFocus is a Symantec-based community created to share general CVE and exploit information with developers and security researchers in a centralized location. It offers direct access to CVEs and exploits from an easy-to-browse web interface where you can find vulnerabilities and filter the results by vendor, title and software version. 🔝Packet Storm Security Packet Storm Security is an exploit community dedicated to sharing vulnerabilities and advisories, as well as information about PoCs, demos and working exploits for local and remote vulnerabilities. Process of Exploitation : 1. Reconnaissance When it comes to penetration testing, the first natural question to ask is – What is the first phase of hacking? Before performing any actual penetration tests, hackers footprint the system and gather as much information as they can. Reconnaissance is a preparatory phase where the hacker documents the organization’s request, finds valuable configuration and login information of the system and probes the networks. This information is crucial to performing the attacks and includes: Naming conventions Services on the network Servers handling workloads in the network IP Addresses Names and Login credentials of users connected to the network Physical location of target machine 2. Scanning In this stage, the ethical hacker begins testing the networks and machines to identify potential attack surfaces. This involves gathering information on all machines, users, and services within the network using automated scanning tools. Penetration testing typically undertakes three types of scans: Network Mapping This involves discovering the network topology, including host information, servers, routers, and firewalls within the host network. Once mapped, white hat hackers can visualize and strategize the next steps of the ethical hacking process. Port Scanning Ethical hackers use automated tools to identify any open ports on the network. This makes it an efficient mechanism to enumerate the services and live systems in a network, and how to establish a connection with these components. Vulnerability Scanning The use of automated tools to detect weaknesses that can be exploited to orchestrate attacks. While there are a number of tools available, here are a few popular ethical hacking tools commonly used during the scanning phase: SNMP Sweepers Ping sweeps Network mappers Vulnerability scanners 3. Gaining Access Once ethical hackers expose vulnerabilities through the first and second hacking phases of the process, they now attempt to exploit them for administrative access. The third phase involves attempting to send a malicious payload to the application through the network, an adjacent subnetwork, or physically using a connected computer. Hackers typically use a number of hacking tools and techniques to simulate attempted unauthorized access, including: Buffer overflows Phishing Injection attacks XML External Entity processing Using components with known vulnerabilities If the attacks are successful, the hacker has control of the whole or part of the system and may simulate further attacks such as data breaches and Distributed Denial of Service (DDoS). 4. Maintaining Access The fourth phase of the ethical hacking process involves processes used to ensure the hacker can access the application for future use. A white-hat hacker continuously exploits the system for further vulnerabilities and escalates privileges to understand how much control attackers can gain once they get past security clearance. Some attackers may also try to hide their identity by removing any evidence of an attack and installing a backdoor for future access. 5. Clearing Tracks To avoid any evidence that leads back to their malicious activity, hackers perform tasks that erase all traces of their actions. These include: Uninstalling scripts/applications used to carry out attacks Modifying registry values Clearing logs Deleting folders created during the attack

Exploitation Guide

ChampSumo

Exploitation means gaining access through malicious code injection. It takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept threat or by malicious actors for use in their operations.

What is an Exploit Kit?

Exploit kits are automated threats that use compromised sites to divert web traffic, scan for vulnerable browser-based applications, and run malware.

How to protect against exploit kits

Here are some tips to help:

Keep software up to date. One of the most important reasons software is updated regularly is to patch security vulnerabilities.

Don’t click spammy links. As always, you should avoid opening emails from anyone you don’t know and definitely don’t click on suspicious links.

Avoid ads and popups. When it comes to popups and ads, it can be difficult to avoid clicking, as many of these are designed to trick you into doing so (for example, the “close” button is difficult to locate or the ad moves around). An adblocker can be helpful, as this will prevent ads and popups from appearing in the first place.

Use an antivirus. An antivirus isn’t foolproof by any means, but it can detect and remove many known threats, including viruses and other types of malware that find their way on to your device.

Types of Exploits :

❤️Zero-day exploits: A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.

💛Remote Exploits : A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ‘local exploit’ requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator.

💜Local exploits: Requires prior access to the vulnerable system and increases the privilege of the attacker past those granted by the security administrator.

💚Client exploits: Exploits against client applications exist and usually consist of modified servers that send an exploit when accessed with a client application. They may also require interaction from the user and rely on social engineering techniques like phishing or spear phishing to spread or adware.

Web application exploitation tools

Web applications are some of the most used applications today. They have evolved to become more user-friendly, dynamic, responsive and reliable. The integration of services with web applications also allows them to be used together with mobile applications and databases. This has made these applications to be attractive to hackers, who look for various means to abuse this entire stack. The following are some of the tools that hackers use for vulnerability exploitation.

BurpSuite: This is a web proxy that is found in Kali Linux. It allows you to intercept traffic between your computer and the web server. Using this proxy, you can change the values that are submitted to the web server, sending anything from malicious characters to unexpected entries, to break the web application.
OWASP ZAP: Another web proxy tool is OWASP ZAP. This is an alternative to BurpSuite and is also found in Kali Linux. It can perform well in environments where BurpSuite cannot. When it comes to choosing a proxy tool, it is a matter of preference.
Commix: This is an exploitation tool that allows you to exploit command injection vulnerabilities that lead you to run operating system level commands by exploiting web application vulnerabilities. It can be downloaded and set up in Kali Linux.
w3af: This tool used to be found in Kali Linux but has been since removed. It scans for vulnerabilities but also lets you exploit discovered vulnerabilities such as operating system command injections, SQL injections, path traversals and more.
Jexboss: This tool is compatible with Kali Linux. It allows you to exploit misconfigured JBoss servers, allowing you to take full control over the web server that the JBoss server is installed on. If the server is installed as the “root” user in Linux, then you can run commands as this user, effectively letting you do anything on the web server.

Operating system exploitation tools

The operating system is the core software that manages the entire computer and all the installed software runs on top of this software. It is therefore very important for the operating system to remain secure or else it runs a risk of being exploited by hackers. These hackers can use the following tools to exploit OSes.

Metasploit Framework: This framework of tools comes with Kali Linux. It contains various modules including scanner and exploitation modules. The exploitation module contains thousands of working exploits against operating systems.
Mimikatz: Mimikatz is a powerful tool that comes bundled in Kali Linux with the Metasploit Framework. It allows you to perform various password-based attacks against Windows-based operating systems.
Nmap: The Nmap tool contains various scripts that can be used to attack operating systems. It comes with Kali Linux and allows you to use these scripts to quickly identify the existence of a vulnerability that affects an OS.
John the Ripper: This is a password-cracking tool that comes with Kali Linux. It can be used to attack the LM, NTLM and other passwords that have been collected from various operating systems. It accepts a password file and proceeds to attempt to crack any passwords that you give it.
Hashcat: This is a more advanced password cracker that comes with Kali Linux and can be configured to use the GPU of your computer in case you have a powerful machine. This password cracker supports hundreds of formats and is one of the most preferred tools for password cracking by hackers today.

Database exploitation tools

Databases are used together with web applications because this is mostly where data and information that is required by users are stored. So, when hackers can attack web applications and gain unauthorized access to the backend database, they can alter the contents of the database to their liking. The following tools allow hackers to exploit databases and you can use them too.

Sqlmap: This is the most popular tool that allows hackers to perform SQL injection attacks against back-end databases. It comes pre-installed in Kali Linux and works by scanning for various payloads and exploiting different injection points that you specify.
DBeaver: This tool can be installed in Kali Linux. It allows you to log into various databases provided you have the credentials to connect to these databases. These credentials can be obtained through other means such as social engineering or phishing attacks. Once logged in, you can alter the contents of the database.
SQL ninja: This tool can be installed in Kali Linux. It works by discovering injection points, however, when specified, it can speed up the exploitation process, allowing you to extract information from the SQL server.
BSQL Hacker: This tool is designed specifically for exploiting Blind SQL injection vulnerabilities. It is multi-threaded and can be installed in Kali Linux. Multithreading makes it execute faster than most tools. It can exploit Blind SQLi, Time Based SQLi, Deep Blind SQLi and Error based SQLi.
Safe3 SQL Injector: This tool is easy to use and leverages the power of Artificial Intelligence to identify injection points and payloads. Otherwise, many of its capabilities are like the previously discussed database exploitation tools.

Other tools can be installed in Kali Linux and used to exploit SQL injection, including Mole, Havji and Leviathan.

Mobile application exploitation tools

Like databases as seen above, mobile applications are the next thing that interfaces with web applications. It is quite possible to secure your web application and leave your mobile applications insecure. Since hackers know this, they will attempt to attack the database from the mobile applications in case the web application vectors fail.

The following are some of the tools that hackers commonly use and you can also practice with them.

Frida: Frida is a dynamic instrumentation toolkit that you can install in Kali Linux. It allows you to perform dynamic analysis of a mobile application as it runs. You can change components of the mobile application straight from memory and even alter input, allowing you to perform functions that were not otherwise possible. It allows you to write your scripts, is cross-platform and is free.
MobSF: This is an automatic code analyzer that is compatible with Kali Linux. It scans the code and provides a report with vulnerable points within the mobile app that you can exploit.
Runtime Mobile Security: RMS is another tool that allows you to manipulate android and iOS applications at runtime. It allows you to dump loaded classes and relative methods, hook everything, trace method arguments and return values, load custom scripts and perform many other things.

Top Exploit Databases:

🔝Exploit DB

This is one of the most popular free exploit databases around, known as ‘Exploit DB.’ This project from Offensive Security aims to be a collection of public exploits and vulnerable software available for vulnerability research and penetration testing purposes.

🔝Rapid7

The people behind Metasploit are known for high quality in their infosec products, and the same goes for their website’s vulnerability and exploit database.Rapid7 offers a quick and handy way to search for vulnerabilities and exploits.

🔝CXSecurity

This database offers direct access to latest exploits from a web-based interface, where you’ll be able to filter and find exploits for local or remote vulnerabilities, get risk level and other details, such as author and publishing date.

🔝Vulnerability Lab

Vulnerability Lab offers access to a large vulnerability database complete with exploits and PoCs for research purposes.

It includes full details about the vulnerability such as date, risk score, affected version, type of vulnerability (remote or local), author, estimated price, vulnerability class and more.

🔝SecurityFocus

SecurityFocus is a Symantec-based community created to share general CVE and exploit information with developers and security researchers in a centralized location.

It offers direct access to CVEs and exploits from an easy-to-browse web interface where you can find vulnerabilities and filter the results by vendor, title and software version.

🔝Packet Storm Security

Packet Storm Security is an exploit community dedicated to sharing vulnerabilities and advisories, as well as information about PoCs, demos and working exploits for local and remote vulnerabilities.

Process of Exploitation :

1. Reconnaissance

When it comes to penetration testing, the first natural question to ask is – What is the first phase of hacking?

Before performing any actual penetration tests, hackers footprint the system and gather as much information as they can. Reconnaissance is a preparatory phase where the hacker documents the organization’s request, finds valuable configuration and login information of the system and probes the networks. This information is crucial to performing the attacks and includes:

Naming conventions
Services on the network
Servers handling workloads in the network
IP Addresses
Names and Login credentials of users connected to the network
Physical location of target machine

2. Scanning

In this stage, the ethical hacker begins testing the networks and machines to identify potential attack surfaces. This involves gathering information on all machines, users, and services within the network using automated scanning tools. Penetration testing typically undertakes three types of scans:

Network Mapping

This involves discovering the network topology, including host information, servers, routers, and firewalls within the host network. Once mapped, white hat hackers can visualize and strategize the next steps of the ethical hacking process.

Port Scanning

Ethical hackers use automated tools to identify any open ports on the network. This makes it an efficient mechanism to enumerate the services and live systems in a network, and how to establish a connection with these components.

Vulnerability Scanning

The use of automated tools to detect weaknesses that can be exploited to orchestrate attacks.

While there are a number of tools available, here are a few popular ethical hacking tools commonly used during the scanning phase:

SNMP Sweepers
Ping sweeps
Network mappers
Vulnerability scanners

3. Gaining Access

Once ethical hackers expose vulnerabilities through the first and second hacking phases of the process, they now attempt to exploit them for administrative access. The third phase involves attempting to send a malicious payload to the application through the network, an adjacent subnetwork, or physically using a connected computer. Hackers typically use a number of hacking tools and techniques to simulate attempted unauthorized access, including:

Buffer overflows

Phishing

Injection attacks

XML External Entity processing

Using components with known vulnerabilities

If the attacks are successful, the hacker has control of the whole or part of the system and may simulate further attacks such as data breaches and Distributed Denial of Service (DDoS).

4. Maintaining Access

The fourth phase of the ethical hacking process involves processes used to ensure the hacker can access the application for future use. A white-hat hacker continuously exploits the system for further vulnerabilities and escalates privileges to understand how much control attackers can gain once they get past security clearance. Some attackers may also try to hide their identity by removing any evidence of an attack and installing a backdoor for future access.

5. Clearing Tracks

To avoid any evidence that leads back to their malicious activity, hackers perform tasks that erase all traces of their actions. These include:

Uninstalling scripts/applications used to carry out attacks

Modifying registry values

Clearing logs

Deleting folders created during the attack