What is "exploit"

An exploit (meaning "to use something to your own advantage") is a piece of software, a piece of data, or a sequence of commands that take advantage of a defect, failure or vulnerability to cause accidental or unforeseen behavior to occur in the software or hardware of a computer or in any electronic (usually computerized). Such behavior often includes things like gaining control of a computer system, allowing privilege elevation or a denial of service attack. They are usually devised by hackers as programs to demonstrate vulnerabilities in order to fix faults, or by crackers in order to gain unauthorized access to systems. Therefore many crackers do not publish their exploits, known as 0 days, and their mass use is due to the kiddies script.

Types

Exploits are commonly classified using the following criteria:

  • The type of vulnerability they exploit
  • Whether they need to run on the same machine as the program that has the vulnerability (local) or can be run on one machine to attack a program running on another machine (remote).
  • The result of exploit execution (Eop, Dos, spoofing, etc).

Bibliographic References:

  • Goodrich, Michael T. "Chapter 9: Security and Practice Models". Introduction to Computer Security, First Edition. Porto Alegre: Bookman, 2013. p. 460.
  • Whitman,Michael (2012). "Chapter 2: The Need for Security". Principles of Information Security, Fourth Edition. Boston, Mass: Course Technology. p. 53.