The recent ‘Activity Alert Report’ released by the NCCIC highlights that the majority of the exploits over the globe are mainly caused by publicly available tools. Read our article on the five most frequently used tools used by cybercriminals all over the globe to perform cyber crimes for more details.
Exploiting a vulnerability in a software running on a machine can give access to the entire machine. The vulnerable application can be a service running in the OS or a web server or an SSH server. Any service that opens a port or is accessible in some other way can be targeted.
Exploit development is an extremely time-consuming and complex process. Hence it is difficult to develop your own exploit. In most penetration tests, publicly available exploits are used. The working of the exploit depends on various factors like version number of the vulnerable system, the way it is configured and the OS used.
In this video, Gergely Révay shows how to use public exploits to exploit a vulnerability in a software running on a windows 10 machine.
Watch Gergely’s video below to learn how to use public exploits demonstrated with a practical example using exploit-db.com.
About Gergely Révay
Gergely Révay, the instructor of this course, is a penetration testing Senior Key Expert at Siemens Corporation, Germany. He has worked as a penetration tester since 2011. Before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he performed penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production.
To know more about public exploits and to master various exploits and post exploitation techniques, check out Gergely’s course, ‘Practical Windows Penetration Testing [Video]’