Chapter 5. Automated Exploits

Vulnerability scanners provide information. They don’t provide a guarantee that the vulnerability exists. They don’t even guarantee that what we find is the complete list of vulnerabilities that may exist within an organization’s network. A scanner may return incomplete results for many reasons. The first one is that network segments or systems may be excluded from the scanning and information gathering. That’s common with performing some security testing. Another may be that the scanner has been blocked from particular service ports. The scanner can’t get to those ports, and as a result, it can’t make any determination about the potential vulnerabilities that may exist within that service. Of course, vulnerabilities that aren’t previously known can’t be identified either.

The results from the vulnerability scanners we have used are just starting points when it comes to a full security test. Testing to see whether they are exploitable not only provides veracity to the finding, but on top of that, you will be able to show executives what can be done as a result of that vulnerability. Demonstrations are a powerful way of getting people’s attention when it comes to security concerns. This is especially true if the demonstration leads to a clear path to destruction or compromise of information resources.

Exploiting vulnerabilities is a way to demonstrate that the vulnerabilities exist and show the potential impact of an exploit. Additionally, exploiting ...