(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities?

- Quora 28.02.18, 10(16

Quora uses cookies to improve your experience. Read more 

Hackers Computer Security Computer Hacking (security) +1 Related Questions

What is the process in which hackers find exploits? What websites do hackers read?
How do they find and identify vulnerabilities?
Where can I find a true hacker community or
This question previously had details. They are now in a comment. forum on the Internet?

Answer Request  Follow 63 Comment 1 Downvote How does one become a hacker?

How do hackers exploit vulnerabilities in software

Promoted by DatadogHQ.com and what tools and tactics do they use to exploit
the main weaknesses of the computer or se...
No visibility into how your Java app is performing?
Monitor the performance of your entire infrastructure. Trace requests from end What's it like being a Criminal Hacker or Vigilante
Hacker?
to end. Try Datadog free.
What makes a hacker a ‘professional’ hacker?
Learn more at datadoghq.com
How vulnerable is my iPhone to a malicious
14 Answers hacker when I have WiFi enabled?

What makes hackers more successful in finding

Lucas Gates, Professional Hacker. 0-day exploits than 10 years ago?
Answered Apr 21, 2016
How do I find website vulnerabilities like a
That is an excellent (and very broad question)! What you are really looking for is
professional hacker?
a vulnerability. A vulnerability is a flaw in a system that someone, like a hacker,
How do hackers find zero day exploits? What
could use to cause the system to behave in ways that it wasn't intended. We like process is there for locating such a specific thing?
to call it a "feature" not a bug :).
 Ask New Question
An exploit, is a piece of code or a process that takes advantage of the More Related Questions
vulnerability to bypass certain restrictions.
Question Stats
An excellent resource to find ready made exploits is the Exploits Database by
Offensive Security . It currently contains over 35,483 exploits. In other words: 63 Public Followers

33,483 Views
Last Asked Mar 24, 2017

1 Merged Question
Edits

The first vulnerability that I recall exploiting, was a command injection in a

web application that offered basic networking tools functionality.

Let's suppose that this is the web form for that vulnerable application:

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 1 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

If you put in an IP address, such as "8.8.8.8", the application would take that
input and create a command for the command line.

It probably looked like this: ping -c 3 8.8.8.8

Accepting user input and generating system commands is generally considered

dangerous... and FUN!

Let's suppose that an attacker inputs the following in the IP address box:

8.8.8.8; cat /etc/passwd

The command that would be generated would be:

ping -c 3 8.8.8.8; cat /etc/passwd

If you don't already know, the ';' is an end of command character. It marks the
end of a command and allows you to start a new one. In other words, after the
ping command completes, the system
2 will run "cat /etc/passwd".
9 6
Home Answer Notifications Search Quora Add Question

Therefore, not only will the web application ping 8.8.8.8 three times, it will also
display the contents of the /etc/passwd file -- an important file that contains a
list of usernames on that system.

How do you find this type of vulnerability? You have a number of different
options:

Look for applications that offer functionality that is typically performed

on the command line.

Learn about vulnerable code and search for them on Github and other
online source code repositories. Hint: for PHP it is system and passthru

Web applications are a great place to start. Not only are web applications
easier to understand (compared to buffer overflows, off-by-one, stack overflow,
and format string vulnerabilities), they are also easier to exploit. Start by reading
the OWASP Top Ten Project .

Go through each of the OWASP top 10 categories and learn everything you can
about it. Once you feel like you understand the vulnerabilities, you can use the
OWASP WebGoat Project to practice what you learned.

WebGoat is a deliberately insecure web application that you can use to practice
finding and exploiting vulnerabilities.

Keep practicing and learning new techniques. If you run out of things to learn,
go back to Exploits Database by Offensive Security and look at the latest
exploits. You will end up finding new hacking techniques that you can
incorporate into your growing tool kit.

And most of all, enjoy the process!

17.7k Views · View Upvoters · Answer requested by Carlos O. Hunter

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 2 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

Add a comment... Recommended All

Promoted by Kleos Token

Looking for the best upcoming ICO in 2018?
Kleos is a blockchain-based rewards platform for question-and-answer websites.
Don't miss your 30% bonus.

Learn more at kleostoken.com

Devesh, studied at Columbia University

Answered Apr 18, 2016

Just to clarify. An exploit is the use of software, data, or commands to “exploit” a

weakness in a computer system or program to carry out some form of malicious
intent, such as a denial-of-service attack, Trojan horses, worms or viruses. The
weakness in the system can be a bug, a glitch or simply a design vulnerability. A
remote exploit exploits the security vulnerability without ever having prior
access
Upvoteto68
the system.
Downvote A local exploit needs prior access to the vulnerable system

and usually involves increasing the privileges of the user account running the
exploit. Those who utilize exploits often use social engineering to gain critical
information needed to access the system. Many crackers (or hackers) take pride
in their knowledge of software exploits and post them to a website to share or
boast with other crackers. Web browsers and media players are often targets by
crackers since they both have access to system information and can download
files from the internet. Patches (or “fixes”) are intended to remedy these
vulnerabilities as soon as they are revealed and are often distributed in software
updates. Hence, it is vital to keep your software up-to-date in order to make sure
that all known vulnerabilities patched. A zero-day exploit is one that the
software’s creator has not yet discovered. To prevent losing data because of an
attack taking advantage of an exploit, is a good idea to keep regular backups of
your data saved on your computer

The Process

-Tricks

A trick is a "mean crafty procedure or practice...designed to deceive, delude, or

defraud.1 " Hackers use tricks to find short cuts for gaining unauthorized
access to systems. They may use their access for illegal or destructive purposes,
or they may simply be testing their own skills to see if they can perform a task.

Given that most hackers are motivated by curiosity and have time to try endless
attacks, the probability is high that eventually they do find a sophisticated
method to gain access to just about any environment. However, these aren't the
types of attacks we address in this article, because most successful intrusions
are accomplished through well-known and well-documented security
vulnerabilities that either haven't been patched, disabled, or otherwise dealt
with. These vulnerabilities are exploited every day and shouldn't be.

-Finding Access Vulnerabilities

What generally happens is that an advanced or elite hacker writes a scanning

tool that looks for well-known vulnerabilities, and the elite hacker makes it

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 3 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

available over the Internet. Less experienced hackers, commonly called "script
kiddies," then run the scanning tool 24 x 7, scanning large numbers of systems
and finding many systems that are vulnerable. They typically run the tool
against the name-spaces associated with companies they would like to get into.

The script kiddies use a list of vulnerable IP addresses to launch attacks, based
on the vulnerabilities advertised by a machine, to gain access to systems.
Depending on the vulnerability, an attacker may be able to create either a
privileged or non-privileged account. Regardless, the attacker uses this initial
entry (also referred to as a "toe-hold") in the system to gain additional privileges
and exploit the systems the penetrated system has trust relationships with,
shares information with, is on the same network with, and so on.

Once a toe-hold is established on a system, the attacker can run scanning tools
against all the systems connected to the penetrated system. Depending on the
system compromised, these scans can run inside an organization's network.

-Finding Operating System Vulnerabilities

As mentioned previously, hackers first look for vulnerabilities to gain access.

Then they look for operating system (OS) vulnerabilities and for scanning tools
that report on those vulnerabilities.

Finding vulnerabilities specific to an OS is as easy as typing in a URL address

and clicking on the appropriate link. There are many organizations that provide
"full-disclosure" information. Full disclosure is the practice of providing all
information to the public domain so that it isn't known only to the hacker
community.

-Attacking Solaris OE Vulnerabilities

Let's use Solaris 2.6 OE as an example. A well-known vulnerability, for which

patches are available, is the

sadmind

exploit. Hackers frequently use this vulnerability to gain root access on Solaris
2.6 OE systems.

Using only a search engine and the CVE number, found by searching through
the Mitre site listed previously, it is possible to find the source code and detailed
instructions on how to use it. The entire process takes only a few minutes. The
hacker finds the source code on the SecurityFocus web site and finds detailed
instructions on the SANS site.
6k Views · View Upvoters

Upvote 6 Downvote

Add a comment... Recommended All

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 4 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

Promoted by Platformax
Is CRM exactly what you need? Sign up for free.
CRM for small and medium businesses, created by salespeople with 40 years of
sales experience.

Learn more at platformax.com

Leonid S. Knyshov, JavaScript developer

Answered Apr 18, 2016

Getting into your system would involve exploiting whatever services exposed to
the world. While nodejs and other custom web servers are gaining popularity,
exploiting Apache web server or whatever insecure web application it runs, is a
tried and true attack vector. If I compromised your WordPress and convinced it
to give me a web shell, I now have access rights of your web server. My next step
is to escalate them to root level.

Let's look at privilege escalation after I somehow gained access to your system,
which are their own exploits, and now have user-level access. I can't modify
restricted files to create a backdoor.

There is a way to mark a system utility to execute with "root" privileges. We refer
to this as "suid root". A typical system today has only a few of them, but in the
past there were many such utilities.

My next goal for that system is to cause of one of these special files to run my
malicious code with system rights. If I am successful in doing that, I found an
exploit for that utility.

Writing an exploit usually involves writing so-called "shell code". You force a
privileged tool to execute this "shell code" and then you get "root" privileges.
Here is some information about that Shellcoding for Linux and Windows
Tutorial

The attacker will usually research vulnerabilities in her own lab running exactly
the same version of software and similar processor architecture as her target.
3.4k Views · View Upvoters

Upvote 9 Downvote

Add a comment... Recommended All

Dan Kaminsky, 20+ years, Well known speaker, DNSSEC Keyholder

Answered Jan 28

Bugs aren’t random. It’s not like every nth line of code has something
exploitable. Software that tries to do certain things, fails in certain ways, over
and over and over again.

So mostly we look for the old problems, and port them over to their new hosts.

There are three main strategies for finding bugs. Design review — just look at
what it’s trying to do, and figure out if it did it wrong. Code review — look at how
it’s built, either as source code or compiled binaries (both help, both matter).
And Fuzzing.

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 5 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

Fuzzing is basically throwing noise at software, and seeing what happens. Bugs
might only show up one out of a million tests, but if you try things a hundred
million times, you’re going to get a hundred bugs.

Fuzzing gets smarter each passing year. What that means is that instead of
throwing random noise at code, we watch what happens as we talk to the
software, and learn from it. Bugs are not random, because software is not
random. You have to *reach* a bug, in order to find it.

Alternatively, if you’re twenty levels deep into a program and you find a
problem, who knows if that problem is even exploitable. Anywhere along those
19 layers above you might be something that stops you. Often it’s a hassle to
figure that out.

SAT and SMT solvers are technologies that automate figuring out if things are
exploitable after all. They’re quite effective. These solvers of course are used in a
variety of ways; they’re probably the most effective “machine learning” tech in
security right now.
292 Views · View Upvoters · Answer requested by Roman Riga

Upvote 1 Downvote

Add a comment... Recommended All

Ryan Rossi
Answered Apr 21, 2017

Most of the answers are great but I want to share educational resources. What
you want to do is do a google search for penetration testing tutorials. The five
phases of a penetration test are recon, scanning, gaining access, maintaining
access, and covering your tracks. You want to learn recon and scanning. A great
place to start is Cybrary - Online Cyber Security Training, Free, Forever . Take
the penetration testing courses they are free. Some tools used for scanning are.
Nmap, OWASP ZAP, Vega, Nessus, and OpenVAS. Once you gain knowledge of
penetration testing go to Vulnerability Assessment & Bug Bounty Programs
and Vulnerability Coordination and participate in their bug bounty programs
to practice. If you find major vulnerabilities you could get paid handsomely.
Does this answer your question?
1.1k Views · View Upvoters

Upvote 3 Downvote

Add a comment... Recommended All

Avery Johnson, former Operations Director at Encrypted Laser Limited

(2016-2017)
Answered Mar 27, 2017

My opinion is that it depends whether you’re talking about white hats or black
hats.

In most cases, white hats can take their time and or use very little effort. For
example, you can sit back and scan ports or brute force a login. This is
commonly very slow but tends to work after some time.

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 6 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

As for black hats; you work under pressure. As soon as you make your first move,
the clock starts ticking. I do pen-testing and ask that the security
team/department don’t know whats about to happen. This allows me to work
under pressure and see if they can catch whats going on. Black hats will find
small exploits; for example spamming a login form or a page querying MySQL
and not caching. The MySQL querying tends only to cause the CPU usage to go
up; yet this can still be damaging to a company. Other methods that shouldn’t
work but still do are trying to find password dumps. Most people still use the
same password for everything, and if you find a single dump with their login
information, you may have gotten his or hers company Point of Sale login
details.

At the end of the day, it comes down to time. As I stated before once a black hat
starts going, they typically need to stay a few steps ahead.

Also Kali Linux; always Kali Linux.

882 Views · View Upvoters · Answer requested by Antonio Niro

Upvote 2 Downvote

Add a comment... Recommended All

Susan Hildebrand, Tech Mentor, WordPress Developer

https://leftbrainzen.com/
Answered Apr 18, 2016

The process whereby a person looks for an exploit is called Hacking.

It's probably derived from Brute-Force password hacking where they figure out
the administrator password by checking it against a list. They just hack it and
hack it until they figure it out.

Those who don't use complex passwords are vulnerable to this type of hack.

One of my newly acquired clients, the hackers guessed correctly that the admin
login was the web designer's name because she posted it on the home page of
the website. Easy enough yea?

SQL Injection is when they go after the database. There are many forms but the
simplest one is when they try to get information from the Users table. The
Administrator is usually the #1 login and so guess what the hackers do? They try
to figure out the name of that login and then they proceed to brute force it.

Recently I saw 560 attempts to login to a friend's website. They were all blocked
by the security plugin though.

I installed WordFence and implemented a very strict policy.

If you want to learn more about hacking, you can take classes in what's called
Ethical Hacking. You will learn everything you want to know PLUS you can
probably make a career out of it.

Here's some good articles on the types of hacks - warning - they are very
technical to read: Learn more about Web Site Security - Acunetix
1.7k Views

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 7 von 8

(9) What is the process in which hackers find exploits? How do they find and identify vulnerabilities? - Quora 28.02.18, 10(16

Upvote Downvote

Add a comment... Recommended All

Top Stories from Your Feed

https://www.quora.com/What-is-the-process-in-which-hackers-find-exploits-How-do-they-find-and-identify-vulnerabilities Seite 8 von 8