Exploits in general
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Exploits in general

  1. #1

    Exploits in general

    Appearently all members here have a different idea of what an exploit is.....
    PS. Could you stop filling this forum with such garbage? Seems like not a day goes by without you posting some exploit that isn't and now you want your name spread around? Why don't you try posting these things on bugtraq/NTbugtraq I am sure they will be more than happy to tell you what is up with these "exploits."
    I totall agree with the quote above but i also have seen many "exploit" posts that are considered exploits to me. I consider an exploit as an unkown or unused way of gaining access or information that is not for public view or plainly just making a computer do something that it isn't suppost to. In most cases an exploit will do something bad.

    I was just wondering what other people consider an exploit.

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    an exploit is, as you stated, making technology do something that it isn't designed to do. This can be applied to all sorts of tech not limited to computers. Not all exploits are bad, some are neither bad nor good, they just are. It's manipulation of technology, plain and simple.
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  3. #3
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    From the books I've read and the training I've received, I've learned to define an exploit as a weakness that can be taken advantage of in a system.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    to me its a mechanism (script or otherwise) to take the advantage of a weakness....
    I wont like it to attach it to the purpose (malicious or genuine).....
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Excuse my response, but I'm only a Junior Member. Everybody else may and probably do have their own opinions. I'm just trying to help you.

    I totall agree with the quote above but i also have seen many "exploit" posts that are considered exploits to me. I consider an exploit as an unkown or unused way of gaining access or information that is not for public view or plainly just making a computer do something that it isn't suppost to. In most cases an exploit will do something bad.


    OK, no offense, but I don't this you really care about what an "exploit" is. I think you're just parading someone's PM or post around cause it wasn't to your liking.

    PS. Could you stop filling this forum with such garbage? Seems like not a day goes by without you posting some exploit that isn't and now you want your name spread around? Why don't you try posting these things on bugtraq/NTbugtraq I am sure they will be more than happy to tell you what is up with these "exploits."


    You say you agree with the quote above? Me too! What a coincidence! We can both agree that the trash you are posting has to cease. It's piling up, and, quite frankly, it stinks. Everyone knows how to copy-and-paste something from a site.

    Once again, I'm only trying to help you. I might get negged for my critical response, but hey, what the heck? We are a community, and as such, we assist each other.
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    cross is exactly right, it is making the system work outside the scope of its design. This is what seperates exploits from misconfigurations and other such weaknesses.

    If I delete all the user accounts on my FreeBSD box and make everything run as root, does this mean an attacker has exploited the system for root access? Of course not. granted this is a very simplified example, but the point is clear, the system gives up root because it is deisgned to. Just like how exploting a service and misusing its permissions doesn't qualify as an operating system exploit. The OS is designed to grant that service the permissions it has, the service is what is being exploited.

    catch

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I am inclined to go with NullDevice.

    An exploit is the ACTION of making a system do that for which it was not intended or designed. This may require a tool, or just a sequence of actions.

    A "weakness" or "vulnerability" is the state or condition of a system that permits an "exploit" to happen, or potentially happen.

    I think that the confusion is a semantic one because "a potential exploit" is the same as a vulnerability or weakness.

    I would say that "an exploit" only comes about when someone actually creates the tool or determines the sequence of actions.


    Just a few thoughts..............

  8. #8
    I agree with Nihil and Catch, with one thing I wanted to make clearer though...

    I think that the confusion is a semantic one because "a potential exploit" is the same as a vulnerability or weakness.
    I believe this also, and part of where some of the confusion comes from is:

    While its true that a 'potential exploit' is a vulnerability or weakness,
    a vulnerability or weakness isn't always a 'potential exploit'.

    Catch's example works well to explain what I mean by this:

    Being that setting up a Linux box to run everything as root is a definate weakness to the system, but someone useing that weakness is not exploiting the system only taking advantage of it. Exploiting the system would be if it were setup right, with users not having root access, and to still gain root privilages...

    Or at least that what it means to me...

    RRP

  9. #9
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    From Dictionary.com -

    exploit



    <security> A security hole or an instance of taking advantage
    of a security hole.

    "[...] hackers say exploit. sysadmins say hole"
    -- Mike Emke (http://emke.com/)

    Emke reports that the stress is on the second syllable. If
    this is true, this may be a case of of hackerly zero-deriving
    verbs (especially instantials) from nouns, akin to "write" as
    a noun to describe an instance of a disk drive writing to a
    disk.

    (2001-11-24)



    Source: The Free On-line Dictionary of Computing, 1993-2003 Denis Howe


    exploit

    n. [originally cracker slang] 1. A vulnerability in
    software that can be used for breaking security or otherwise
    attacking an Internet host over the network. The Ping O' Death is
    a famous exploit. 2. More grammatically, a program that exploits an
    exploit in sense 1,



    Source: Jargon File 4.2.0

    http://dictionary.reference.com/search?q=exploit
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi bpiedlow!

    You are perfectly correct!............It only works in the direction that I describe................if I am sysadmin and walk out of my office with my system logged on and available............that is a weakness, and I am vulnerable................but there is no exploit there...............they would just be using the system AS DESIGNED, INTENDED, AND PAID FOR

    I still believe that "exploit" requires the system to be used as NOT designed? In other words, the opposite way round.

    Thanks for pointing that out


    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •