138
◾
Ethical Hacking and Penetration Testing Guide
The exploit gives information about the target vulnerable to it, the operating system of which
the exploit was tested on (which in this case is Windows XP SP1) and other necessary details to
execute the exploit successfully. By performing a service version detection with Nmap or simply
by using banner grabbing with netcat, you will come to know that your target is running “Quick
‘n EasY VER 2.4”. Next, you can try running this exploit against the particular target to see if the
target machine crashes. However, as mentioned before, oftentimes in a penetration test, you won’t
have the privilege to perform a DOS attack.
An important thing to remember is
never download shellcodes from exploit databases
without
knowing what they are capable of
. It’s common practice for hackers to add a backdoor to their
codes, which will result in a full system compromise. We will learn more about shellcodes in the
following chapters.
Dostları ilə paylaş: