Exploits a little confusing
Total Newbie on exploits so sorry (I tried searching but couldn't find a topic)
Now If I understand this correctly Exploits are code written in either C or Shell that exploits a vulnerability on a server that (depending on what exploit) can give you root or super admin access.
I know where to get them.
The problem I'm having is how to execute them
I mean take a exploit in C (ntpd-exp.c)
How do i execute it on a vulnerable server?
Don't I have to have some access to the server (I mean wouldn't I have to log into the server to run it)?
Lets say I don't have access to the server (I don't have an account on it)
How would I exploit it (or run the exploit to get access)?
Maybe I'm missing something here?
How does Shell (a shell account) play a roll in exploits. How can I connect to a Target server with my shell account and run a exploit from there (say I wanted to run an exploit on a system I don't have access to. How would I get access to the target server to run it) ?
So confusing.
Where can I get help? or is someone willing to help a new b who just wants knowledge.
Re: Exploits a little confusing
Quote:
Originally posted by new b
Total Newbie on exploits so sorry (I tried searching but couldn't find a topic)
Now If I understand this correctly Exploits are code written in either C or Shell that exploits a vulnerability on a server that (depending on what exploit) can give you root or super admin access.
I know where to get them.
Exploits are usually the resault of bad programming. they can be writen in any language most of the time they are found in the more powerfull languages like C or assembly. Shell scripting doesn't really deal with upper lv memory control or flags that control access so it's not typicaly looked at for exploits.
Quote:
The problem I'm having is how to execute them
I mean take a exploit in C (ntpd-exp.c)
How do i execute it on a vulnerable server?
Don't I have to have some access to the server (I mean wouldn't I have to log into the server to run it)?
If you had access then you probly wouldn't need to exploit the server.
Quote:
Lets say I don't have access to the server (I don't have an account on it)
How would I exploit it (or run the exploit to get access)?
Maybe I'm missing something here?
that's the basis of almost all cracking.
Quote:
How does Shell (a shell account) play a roll in exploits. How can I connect to a Target server with my shell account and run a exploit from there (say I wanted to run an exploit on a system I don't have access to. How would I get access to the target server to run it) ?
That's the other part of cracking. People study for years to learn this. A few posts on a forum arn't going to sumon the magical hacking lepricans to imput that 1337 haXor knowledge into your head.
Quote:
So confusing.
Where can I get help? or is someone willing to help a new b who just wants knowledge.
Re: Re: Exploits a little confusing
Quote:
Originally posted by zepherin
If you had access then you probly wouldn't need to exploit the server.
Exactly what makes me so confused on how to get the exploit on the server.
And once on the server how do i execute it do I paste the WHOLE xploit and hit enter or do I upload the C file onto the server and use SYST EXEC. Can I execute the Xploit without uploading it on the server ?
Quote:
That's the other part of cracking. People study for years to learn this. A few posts on a forum arn't going to sumon the magical hacking lepricans to imput that 1337 haXor knowledge into your head.
I totaly understand this and that is why I read just about EVERY tut on the subject.
But when it comes to exploits I am so lost. I mean the Tuts I read tell me "To gain access on the box you can run an exploit" well wouldn't I need to gainn access before running the Xploit It seems like a vicous circle - to get access run an exploit - to run an exploit you need to get access - I mean thats where I think I'm misunderstanding something.
as far as executing them (I pretty much understand what they do) Their are tons of sites that explain what the exploit does just not how its executed. I hear sites saying "oh this C Xploit attacks the hole in SMTP" how did they attack it how did they run the Xploit did they connect via Telnet to the SMTP server and just copy and paste the exploit in Telnet and hit enter? How did they EXECUTE the exploit ?
In all honesty I want to get my own server for my design company but this exploit problems are realy seriously troubling me on the security of the server. If I knew how these Xploits are ran on the server I could better understand how to protect my box.