Exploitation Methodology

Exploitation Methodology

Navigation

Sections in This Note


Exploitation Methodology

  1. Identify Vulnerable Services
  2. Identify & Prepare Exploit Code
  3. Gaining Access
    • Automated - MSF
    • Manual
  4. Obtain remote access on target system
  5. Bypass AV detection
  6. Pivot on to other systems

Searching for Public Exploits

After identifying a potential vulnerability, the next step is searching for exploit code. Exploit code can be found online, but downloading and running exploit code against a target can be dangerous — analyze the exploit code closely to ensure it works as intended.

Legitimate and vetted exploit databases:

In cases without internet access, use exploit sources available locally/offline. The entire Exploit-DB database comes pre-packaged with Kali Linux, and can be accessed/queried with SearchSploit.

External Sources


Migrated from Unsorted Notes — Privilege Escalation on Windows Typically Follows These Methods

Privilege Escalation on Windows Typically Follows These Methods


Migrated from Unsorted Notes — Host & Network Penetration Testing: Exploitation

Host & Network Penetration Testing: Exploitation

Exploitation consists of techniques and tools used by adversaries/penetration testers to gain an initial foothold on a target system or network. Successful exploitation heavily depends on the nature and quality of information gathering and service enumeration performed on the target. We can only exploit a target if we know what is vulnerable.

Powered by Forestry.md