An exploit is the systematic exploitation of a vulnerability in a system using program code. It contains a so-called payload, which can be determined and executed by the attacker.
Such payloads are, for example, various types of shells, rootkits, Ransomware (Wannacry) or droppers (e.g. Emotet). An exploit can be used both in the form of a cyber attack to gain access to or even damage systems, or as a precautionary measure to become aware of any security gaps and then close them. In the following, you will find out exactly how this works and what needs to be considered and known.
You can find more interesting and worth knowing information on the subject of “exploit” in our Wiki.
The Exploit Framework is a collection of tools that can be used to detect, exploit known vulnerabilities to further spread, and manage and control infected devices.
Put simply, exploit frameworks are a kind of "toolbox" that every penetration tester uses today for modern and agile penetration tests. By combining different modules under a common user interface, they make this much easier vulnerability testing. Well-known exploit frameworks include the Metasploit Framework, the Browser Exploitation Framework (BeEF) and the Social Engineer Toolkit (SET).
Some are focused on a certain aspect, while others try to cover as broad a spectrum as possible.
In this phase, an attempt is made to specifically exploit identified vulnerabilities. Exploits are used with which, for example, information disclosures can be brought about and systems or applications can be compromised or brought under control.
After the system has been compromised by an attacker, the post-exploitation phase follows.
With the help of the exploit framework, an attempt is now made to gain permanent, fixed access to the application or the system and from here to work further and collect further information.
An important part of the task that an exploit framework fulfills is to make the individual exploitation phases (pre-exploitation, exploitation, post-exploitation) as easy to use and manage as possible.