Exploit
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in a system to cause unintended behavior.
Types: 1. Remote code execution. 2. Privilege escalation. 3. Denial of Service (DoS). Phases: 1. Reconnaissance. 2. Triggering vulnerability. 3. Payload delivery.
graph LR
Center["Exploit"]:::main
Pre_class["class"]:::pre --> Center
click Pre_class "/terms/class"
Rel_class["class"]:::related -.-> Center
click Rel_class "/terms/class"
Rel_graph_data_structure["graph-data-structure"]:::related -.-> Center
click Rel_graph_data_structure "/terms/graph-data-structure"
Rel_hash_table["hash-table"]:::related -.-> Center
click Rel_hash_table "/terms/hash-table"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Imagine a toy that is supposed to only make a sound when you press the blue button. You discover that if you wiggle the toy's tail in a very specific way, it will open its secret battery compartment. That 'specific wiggle' is an exploit. It's a trick used to make a machine do something the designers never intended.
🤓 Expert Deep Dive
Technically, exploits are classified by the vector of attack: 'Remote exploits' work over a network without prior access, while 'Local exploits' require access to the system first to escalate privileges. The goal of most sophisticated exploits is 'Remote Code Execution' (RCE), where the attacker can run any command they want on the victim's server. To prevent this, modern operating systems use defenses like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). A 'Weaponized' exploit often includes a 'Payload'—the actual malicious code (shellcode) that runs after the exploit has successfully bypassed security. Security teams use 'Red Teaming' and 'Penetration Testing' to find and use exploits against their own systems before the real hackers do.