-
September 15th, 2003, 02:05 AM
#1
Exploits in general
Appearently all members here have a different idea of what an exploit is.....
PS. Could you stop filling this forum with such garbage? Seems like not a day goes by without you posting some exploit that isn't and now you want your name spread around? Why don't you try posting these things on bugtraq/NTbugtraq I am sure they will be more than happy to tell you what is up with these "exploits."
I totall agree with the quote above but i also have seen many "exploit" posts that are considered exploits to me. I consider an exploit as an unkown or unused way of gaining access or information that is not for public view or plainly just making a computer do something that it isn't suppost to. In most cases an exploit will do something bad.
I was just wondering what other people consider an exploit.
-
September 15th, 2003, 02:13 AM
#2
an exploit is, as you stated, making technology do something that it isn't designed to do. This can be applied to all sorts of tech not limited to computers. Not all exploits are bad, some are neither bad nor good, they just are. It's manipulation of technology, plain and simple.
-
September 15th, 2003, 04:22 AM
#3
From the books I've read and the training I've received, I've learned to define an exploit as a weakness that can be taken advantage of in a system.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
September 15th, 2003, 05:07 AM
#4
to me its a mechanism (script or otherwise) to take the advantage of a weakness....
I wont like it to attach it to the purpose (malicious or genuine).....
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
September 15th, 2003, 06:15 AM
#5
Excuse my response, but I'm only a Junior Member. Everybody else may and probably do have their own opinions. I'm just trying to help you.
I totall agree with the quote above but i also have seen many "exploit" posts that are considered exploits to me. I consider an exploit as an unkown or unused way of gaining access or information that is not for public view or plainly just making a computer do something that it isn't suppost to. In most cases an exploit will do something bad.
OK, no offense, but I don't this you really care about what an "exploit" is. I think you're just parading someone's PM or post around cause it wasn't to your liking.
PS. Could you stop filling this forum with such garbage? Seems like not a day goes by without you posting some exploit that isn't and now you want your name spread around? Why don't you try posting these things on bugtraq/NTbugtraq I am sure they will be more than happy to tell you what is up with these "exploits."
You say you agree with the quote above? Me too! What a coincidence! We can both agree that the trash you are posting has to cease. It's piling up, and, quite frankly, it stinks. Everyone knows how to copy-and-paste something from a site.
Once again, I'm only trying to help you. I might get negged for my critical response, but hey, what the heck? We are a community, and as such, we assist each other.
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
Hit it!
-
September 15th, 2003, 06:45 AM
#6
cross is exactly right, it is making the system work outside the scope of its design. This is what seperates exploits from misconfigurations and other such weaknesses.
If I delete all the user accounts on my FreeBSD box and make everything run as root, does this mean an attacker has exploited the system for root access? Of course not. granted this is a very simplified example, but the point is clear, the system gives up root because it is deisgned to. Just like how exploting a service and misusing its permissions doesn't qualify as an operating system exploit. The OS is designed to grant that service the permissions it has, the service is what is being exploited.
catch
-
September 15th, 2003, 11:30 AM
#7
I am inclined to go with NullDevice.
An exploit is the ACTION of making a system do that for which it was not intended or designed. This may require a tool, or just a sequence of actions.
A "weakness" or "vulnerability" is the state or condition of a system that permits an "exploit" to happen, or potentially happen.
I think that the confusion is a semantic one because "a potential exploit" is the same as a vulnerability or weakness.
I would say that "an exploit" only comes about when someone actually creates the tool or determines the sequence of actions.
Just a few thoughts..............
-
September 15th, 2003, 05:44 PM
#8
Member
I agree with Nihil and Catch, with one thing I wanted to make clearer though...
I think that the confusion is a semantic one because "a potential exploit" is the same as a vulnerability or weakness.
I believe this also, and part of where some of the confusion comes from is:
While its true that a 'potential exploit' is a vulnerability or weakness,
a vulnerability or weakness isn't always a 'potential exploit'.
Catch's example works well to explain what I mean by this:
Being that setting up a Linux box to run everything as root is a definate weakness to the system, but someone useing that weakness is not exploiting the system only taking advantage of it. Exploiting the system would be if it were setup right, with users not having root access, and to still gain root privilages...
Or at least that what it means to me...
RRP
-
September 15th, 2003, 06:38 PM
#9
From Dictionary.com -
exploit
<security> A security hole or an instance of taking advantage
of a security hole.
"[...] hackers say exploit. sysadmins say hole"
-- Mike Emke (http://emke.com/)
Emke reports that the stress is on the second syllable. If
this is true, this may be a case of of hackerly zero-deriving
verbs (especially instantials) from nouns, akin to "write" as
a noun to describe an instance of a disk drive writing to a
disk.
(2001-11-24)
Source: The Free On-line Dictionary of Computing, © 1993-2003 Denis Howe
exploit
n. [originally cracker slang] 1. A vulnerability in
software that can be used for breaking security or otherwise
attacking an Internet host over the network. The Ping O' Death is
a famous exploit. 2. More grammatically, a program that exploits an
exploit in sense 1,
Source: Jargon File 4.2.0
http://dictionary.reference.com/search?q=exploit
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
September 15th, 2003, 10:06 PM
#10
Hi bpiedlow!
You are perfectly correct!............It only works in the direction that I describe................if I am sysadmin and walk out of my office with my system logged on and available............that is a weakness, and I am vulnerable................but there is no exploit there...............they would just be using the system AS DESIGNED, INTENDED, AND PAID FOR
I still believe that "exploit" requires the system to be used as NOT designed? In other words, the opposite way round.
Thanks for pointing that out
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|