Ethical Hacking 简明教程

Ethical Hacking - Exploitation

Exploit 是一种程序化软件或脚本,它可以让黑客通过利用漏洞来控制某个系统。黑客一般使用漏洞扫描程序(例如 Nessus、Nexpose、OpenVAS 等)来查找这些漏洞。

Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities. Hackers normally use vulnerability scanners like Nessus, Nexpose, OpenVAS, etc. to find these vulnerabilities.

Metasploit 是一个强有力的工具,可以找到系统中的漏洞。

Metasploit is a powerful tool to locate vulnerabilities in a system.

metasploit

根据这些漏洞,我们来查找利用。我们将在此讨论一些可以用来查找漏洞的最好的搜索引擎。

Based on the vulnerabilities, we find exploits. Here, we will discuss some of the best vulnerability search engines that you can use.

Exploit Database

是查找与某个漏洞相关的所有利用的位置。

www.exploit-db.com is the place where you can find all the exploits related to a vulnerability.

exploit

Common Vulnerabilities and Exposures

常见漏洞和曝光 (CVE) 是信息安全漏洞名称的标准。CVE 是一本公开已知的漏洞和暴露的词典。它可以免费供公众使用。

Common Vulnerabilities and Exposures (CVE) is the standard for information security vulnerability names. CVE is a dictionary of publicly known information security vulnerabilities and exposures. It’s free for public use. https://cve.mitre.org

cve

National Vulnerability Database

国家漏洞数据库 (NVD) 是美国政府基于标准的漏洞管理数据的存储库。这些数据可以实现漏洞管理、安全度量和合规的自动化。您可以在以下位置找到此数据库 −

National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. You can locate this database at − https://nvd.nist.gov

NVD 包含安全核对表、与安全相关的软件缺陷、错误配置、产品名称和影响指标的数据库。

NVD includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.

national vulnerability

总体来说,存在两种类型的利用:

In general, you will see that there are two types of exploits −

  1. Remote Exploits − These are the type of exploits where you don’t have access to a remote system or network. Hackers use remote exploits to gain access to systems that are located at remote places.

  2. Local Exploits − Local exploits are generally used by a system user having access to a local system, but who wants to overpass his rights.

Quick Fix

漏洞通常由缺少更新而引起,因此建议您定期更新系统(例如,每周一次)。

Vulnerabilities generally arise due to missing updates, so it is recommended that you update your system on a regular basis, for example, once a week.

在 Windows 环境中,您可以通过使用“控制面板”→“系统和安全”→“Windows 更新”中提供的选项来激活自动更新。

In Windows environment, you can activate automatic updates by using the options available in the Control Panel → System and Security → Windows Updates.

windows environment

在 Linux Centos 中,可以使用以下命令安装自动更新软件包。

In Linux Centos, you can use the following command to install automatic update package.

yum -y install yum-cron