What is a Vulnerability, Payload and Exploitation?

What is a Vulnerability?

A vulnerability is a security hole in a piece of software or hardware which can provide a potential vector to attack a system. Thus to compromise a system the first step is to find a vulnerability in that system. In simple words a vulnerability is just the weakness in the software that allows an attacker to gain control.

Exploit : An exploit is the means by which an attacker, or pentester, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended. In simple words, an exploit is the actual process of leveraging a vulnerability.

Payload: Piece of software that allows an attacker to control the exploited system.

Shell Code : Shell code is a set of instructions used as a payload when exploitation occurs. Shell code is typically written in assembly language.

Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.

There are few common vulnerabilities in web applications:

  • Broken authentication and session management
  • Cross-site scripting
  • Buffer overflow
  • Denial of Service
  • Insecure configuration management
We will discuss about each one in other posts. Now you got these points which makes you move easy when we use Kali linux for pentesting.

No comments:

Post a Comment