Exploitation
Introduction
During the Exploitation stage, we look for ways that these weaknesses can be adapted to our use case to obtain the desired role (i.e., a foothold, escalated privileges, etc.).
Prioritization of Possible Attacks
Which of those attacks we prioritize higher than the others depends on the following factors:
Probability of Success: CVSS Scoring can help us here, using the NVD calculator better to calculate the specific attacks and their probability of success.
Complexity: Complexity Represents the effort of exploiting a specific vulnerability. This is used to estimate how much time, effort, and research is required to execute the attack on the system successfully. Our experience plays an important role here
Probability of Damage: Estimating the probability of damage caused by the execution of an exploit plays a critical role, as we must avoid any damage to the target systems.
Prioritization Example
1. Probability of Success |
| 10 | 8 |
2. Complexity - Easy |
| 4 | 0 |
3. Complexity - Medium |
| 0 | 3 |
4. Complexity - Hard |
| 0 | 0 |
5. Probability of Damage |
| 0 | -5 |
Summary |
| 14 | 6 |
Based on the above example, we would prefer the remote file inclusion attack. It is easy to prepare and execute and should not cause any damage if approached carefully.
Preparation for the Attack
Sometimes we will run into a situation where we can't find high-quality, known working PoC exploit code. Therefore, it may be necessary to reconstruct the exploit locally on a VM representing our target host to figure out precisely what needs to be adapted and changed.
If ever in doubt before running an attack, it's always best to check with our client, providing them all necessary data so they can make an informed decision on whether they would like us to attempt exploitation or just mark the finding as an issue.
If they opt for us not to proceed with exploitation, we can note in the report that it was not confirmed actively but is likely an issue that needs to be addressed.
Last updated