An "exploit" is a computer program that "exploits" a vulnerability, whether or not it is published. Each exploit is specific to a version of an application as it exploits flaws in that version. There are various types of exploits:
- Privilege escalation. The most formidable exploits make it possible to take control of executed programs with administrator privileges (root privileges on UNIX type systems);
- Generation of a system error. The goal of some exploits is to flood a computer program to make it "crash".
Most of the time, exploits are written in C language or Perl. They may however be written in any language for which there is an interpreter on the target machine. The hacker who uses an exploit therefore needs to have minimum knowledge of the target system and programming bases to achieve his goals.
To be able to use it, the hacker usually needs to compile it on the target machine. If the execution is a success, the hacker can, depending on the role of the exploit, obtain access to the remote machine's command interpreter (shell).
To not fall victim to this type of program, a system's administrator needs to keep informed of vulnerabilities relating to the applications and operating systems he manages by regularly visiting websites that index flaws and by subscribing to specialized distribution lists.
Here are a few sites that index flaws along with their exploits and patches:
Latest update on October 16, 2008 at 09:43 AM by Jeff.