More exploit files ...
What Is a Vulnerability?
A 'vulnerability' is anything about a computer system that will
allow someone to either keep it from operating correctly, or that
will let unauthorized people take it over. There are many
types of vulnerabilities. They may be a misconfiguration in the
setup of a service, or a flaw in the programming of the service.
An example of a setup misconfiguration is leaving the 'wiz' or
'debug' commands operational in older versions of sendmail, or
incorrectly setting directory permissions on your FTP server so
people can download the password file. In these cases, the
vulnerability is not how the program was written, but with how
the program is configured. Allowing file sharing on your Windows
95 or 98 computer when it is not necessary, or failing to put
a
password on file sharing, is another example.
Examples of errors in the programming of services are the large
number of buffer overflow vulnerabilities in the programs that
run services on port of Internet host computers. Many of
these buffer overflow problems allow people to use the Internet
to break into and take control of host computers
What Is an Exploit?
An 'exploit' is a program or technique that takes advantage of
a
vulnerability. For example, the FTP-Bounce vulnerability
occurs when an FTP server (used to allow people to upload and
download files) is configured to redirect FTP connections to other
computers. There really is no good reason to allow this feature. It
has become a vulnerability because this 'bounce' feature allows
someone to use it to port scan other computers on the same
local area network (LAN) as that FTP server. So even though
a firewall may be keeping port scanners form directly scanning
other computers on this LAN, the FTP server would bounce a scan
past the firewall.
So really an exploit is any technique that takes advantage of
a
vulnerability to enable you to carry out your own schemes, despite
the wishes of the sysadmin of your target. Exploits depend on
operating systems and their configurations, the configurations
of programs running on computer systems, and of the LAN they are
on.
Operating systems such as NT, VMS and Unix are very different,
and the various versions of Unix have their differences, as well. (Examples
of Unix operating systems include BSD, AIX, SCO, Irix, Sun OS,
Solaris, and Linux). Even the various versions of the Linux form
of Unix are different.
This means exploits that will work against NT systems will probably
not work against Unix systems, and exploits for Unix systems will
probably not work against NT. NT services are run by different
programs from what you may find on Unix type computers. Further,
different versions of the same service
running on any particular operating system will probably not be
vulnerable to the same exploit, because each version of a
service is run by a different program. Sometimes this different
program may have the same name but only have a different version
number. For example sendmail 8.9.1a is different from 8.8.2. Many
of the differences are that 8.9.1a has been fixed so that none
of the old sendmail exploit programs will work on it.
For example, the "Leshka" exploit explained in the
GTMHH on advanced shell programming clearly explains that it only
works on versions 8.7-8.8.2 of the SMTP service program called
'sendmail.' We observed a number of people who were playing
the hacker wargame trying to run the Leshka exploit against a
later, fixed version of sendmail.
So remember, an exploit for one operating system or service is
unlikely to work against another operating system. This isn't
to say that it definitely won't...it's just not likely. However,
you are pretty much guaranteed that any Win95 or NT exploit will
not work against any kind of Unix.
More exploit files-->>
