Vulnerability | Looking | Exploiting | Links

What Is a Vulnerability?

A 'vulnerability' is anything about a computer system that will allow someone to either keep it from operating correctly, or that will let unauthorized people take it over. There are many types of vulnerabilities. They may be a misconfiguration in the setup of a service, or a flaw in the programming of the service.

An example of a setup misconfiguration is leaving the 'wiz' or 'debug' commands operational in older versions of sendmail, or incorrectly setting directory permissions on your FTP server so people can download the password file. In these cases, the vulnerability is not how the program was written, but with how the program is configured. Allowing file sharing on your Windows 95 or 98 computer when it is not necessary, or failing to put a
password on file sharing, is another example.

Examples of errors in the programming of services are the large number of buffer overflow vulnerabilities in the programs that run services on port of Internet host computers. Many of these buffer overflow problems allow people to use the Internet to break into and take control of host computers

What Is an Exploit?

An 'exploit' is a program or technique that takes advantage of a
vulnerability. For example, the FTP-Bounce vulnerability occurs when an FTP server (used to allow people to upload and download files) is configured to redirect FTP connections to other computers. There really is no good reason to allow this feature. It has become a vulnerability because this 'bounce' feature allows someone to use it to port scan other computers on the same
local area network (LAN) as that FTP server. So even though a firewall may be keeping port scanners form directly scanning other computers on this LAN, the FTP server would bounce a scan past the firewall.

So really an exploit is any technique that takes advantage of a
vulnerability to enable you to carry out your own schemes, despite the wishes of the sysadmin of your target. Exploits depend on operating systems and their configurations, the configurations of programs running on computer systems, and of the LAN they are on.

Operating systems such as NT, VMS and Unix are very different, and the various versions of Unix have their differences, as well. (Examples of Unix operating systems include BSD, AIX, SCO, Irix, Sun OS, Solaris, and Linux). Even the various versions of the Linux form of Unix are different.

This means exploits that will work against NT systems will probably not work against Unix systems, and exploits for Unix systems will probably not work against NT. NT services are run by different programs from what you may find on Unix type computers. Further, different versions of the same service
running on any particular operating system will probably not be vulnerable to the same exploit, because each version of a service is run by a different program. Sometimes this different program may have the same name but only have a different version number. For example sendmail 8.9.1a is different from 8.8.2. Many of the differences are that 8.9.1a has been fixed so that none of the old sendmail exploit programs will work on it.

For example, the "Leshka" exploit explained in the GTMHH on advanced shell programming clearly explains that it only works on versions 8.7-8.8.2 of the SMTP service program called 'sendmail.' We observed a number of people who were playing the hacker wargame trying to run the Leshka exploit against a later, fixed version of sendmail.

So remember, an exploit for one operating system or service is unlikely to work against another operating system. This isn't to say that it definitely won't...it's just not likely. However, you are pretty much guaranteed that any Win95 or NT exploit will not work against any kind of Unix.