Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Exploit (computer security)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Exploitation Techniques == Attackers employ various techniques to exploit vulnerabilities and achieve their objectives. Some common methods include:<ref name=":0" /> * '''[[Buffer overflow|Buffer Overflow]]:''' Attackers send more data to a buffer than it can handle, causing it to overflow and overwrite adjacent memory, potentially allowing arbitrary code execution. * '''SQL Injection:''' Malicious [[SQL]] code is inserted into input fields of web applications, enabling attackers to access or manipulate databases. * '''Cross-Site Scripting (XSS):''' Attackers inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or data theft. * '''Cross-Site Request Forgery (CSRF):''' Attackers trick users into performing actions they did not intend, such as changing account settings, by exploiting the user's authenticated session. === Zero-click === A zero-click attack is an exploit that requires no [[user interaction]] to operate β that is to say, no key-presses or mouse clicks.<ref>{{Cite magazine|title=Sneaky Zero-Click Attacks Are a Hidden Menace|magazine=Wired|url=https://www.wired.com/story/sneaky-zero-click-attacks-hidden-menace/|access-date=2021-09-14|issn=1059-1028}}</ref> These exploits are commonly the most sought after exploits (specifically on the underground exploit market) because the target typically has no way of knowing they have been compromised at the time of exploitation. [[FORCEDENTRY]], discovered in 2021, is an example of a zero-click attack.<ref>{{Cite magazine|title=The Stealthy iPhone Hacks That Apple Still Can't Stop|magazine=Wired|url=https://www.wired.com/story/apple-imessage-zero-click-hacks/|access-date=2021-09-14|issn=1059-1028}}</ref><ref>{{cite web |last=Whittaker |first=Zack |title=A new NSO zero-click attack evades Apple's iPhone security protections, says Citizen Lab |url=https://techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/ |access-date=2025-05-25 |work=[[TechCrunch]] |date=24 August 2021 |archive-date=2021-08-24 |archive-url=https://web.archive.org/web/20210824103937/https://techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/ |url-status=live}}</ref> In 2022, [[NSO Group]] was reportedly selling zero-click exploits to governments for breaking into individuals' phones.<ref>{{cite news |journal=Insurance Journal |url=https://www.insurancejournal.com/news/international/2022/02/18/654917.htm |title=Beware of 'Zero-Click' Hacks That Exploit Security Flaws in Phones' Operating Systems |author=Ryan Gallagher |date=February 18, 2022}}</ref> For mobile devices, the [[National Security Agency]] (NSA) points out that timely updating of software and applications, avoiding public network connections, and turning the device Off and On at least once a week can mitigate the threat of zero-click attacks.<ref>{{Cite web |title=Why you should power off your phone once a week - according to the NSA |url=https://www.zdnet.com/article/why-you-should-power-off-your-phone-once-a-week-according-to-the-nsa/ |access-date=2025-03-01 |website=ZDNET}}</ref><ref>{{Cite web |title=Telework and Mobile Security Guidance |url=https://www.nsa.gov/Press-Room/Telework-and-Mobile-Security-Guidance/ |access-date=2025-03-01 |website=www.nsa.gov}}</ref><ref>{{Cite web |last=Winder |first=Davey |title=NSA Warns iPhone And Android Users To Turn It Off And On Again |url=https://www.forbes.com/sites/daveywinder/2024/06/01/nsa-warns-iphone--android-users-to-turn-it-off-and-on-again/ |access-date=2025-03-01 |website=Forbes}}</ref> Experts say that protection practices for traditional endpoints are also applicable to mobile devices. Many exploits exist only in [[Computer memory|memory]], not in files. Theoretically, restarting the device can wipe malware payloads from memory, forcing attackers back to the beginning of the exploit chain.<ref name="zdnet25021801">{{Cite web |title=Why rebooting your phone daily is your best defense against zero-click attacks |url=https://www.zdnet.com/article/why-rebooting-your-phone-daily-is-your-best-defense-against-zero-click-attacks/ |access-date=2025-03-01 |website=ZDNET}}</ref><ref>{{Cite web |last=Taylor |first=Craig |date=2020-01-10 |title=Exploit Chain - CyberHoot Cyber Library |url=https://cyberhoot.com/cybrary/exploit-chain/ |access-date=2025-03-01 |website=CyberHoot}}</ref> === Pivoting === {{Off topic|date=August 2024|Pivoting (computer security)|Pivoting is a follow-on to an exploit}} Pivoting is a technique employed by both hackers and [[penetration test]]ers to expand their access within a target network. By compromising a system, attackers can leverage it as a platform to target other systems that are typically shielded from direct external access by [[Firewall (computing)|firewalls]]. Internal networks often contain a broader range of accessible machines compared to those exposed to the internet. For example, an attacker might compromise a web server on a corporate network and then utilize it to target other systems within the same network. This approach is often referred to as a multi-layered attack. Pivoting is also known as ''island hopping''. Pivoting can further be distinguished into [[Proxy server|proxy]] pivoting and [[VPN]] pivoting: * Proxy pivoting is the practice of channeling traffic through a compromised target using a proxy payload on the machine and launching attacks from the computer.<ref><!--is this a separate source? Fix (and with separate cite web): [http://www.metasploit.com/redmine/projects/framework/wiki/Pivoting Metasploit Framework Pivoting], -->{{cite web |url=https://www.digitalbond.com/index.php/2010/07/12/metasploit-basics-part-3-pivoting-and-interfaces/ |title=Metasploit Basics β Part 3: Pivoting and Interfaces |work=Digital Bond}}</ref> This type of pivoting is restricted to certain [[Transmission Control Protocol|TCP]] and [[User Datagram Protocol|UDP]] ports that are supported by the proxy. * VPN pivoting enables the attacker to create an encrypted layer to tunnel into the compromised machine to route any network traffic through that target machine, for example, to run a vulnerability scan on the internal network through the compromised machine, effectively giving the attacker full network access as if they were behind the firewall. Typically, the proxy or VPN applications enabling pivoting are executed on the target computer as the [[payload (software)|payload]] of an exploit. Pivoting is usually done by infiltrating a part of a network infrastructure (as an example, a vulnerable printer or thermostat) and using a scanner to find other devices connected to attack them. By attacking a vulnerable piece of networking, an attacker could infect most or all of a network and gain complete control.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)