by Andrea Cavallini
Exploit is the goal that an attacker has in order to compromise a system, a service or an infrastructure. Finding a vulnerability and trying to exploit it in a specific context or perimeter is one of the cyber criminal’s major activities, with various methodologies used to get a breach or a leak for a compromise. Controlling a compromised system and maintaining access to it after the breach is the dream for every attacker: GUI can be affected by buffer overflow, for example, web service can be vulnerable to remote command execution or SQL/XSS injections and, in general, an attacker can use these vectors manually, by scripting or program languages, such as Python.
Python is one of the most powerful programming languages used to build hacking frameworks. In addition to the modularity, its strength is the simplicity that allows, with the use of a large set of libraries, one to run low-level actions at the operating system level (for example, a module request is used to perform TCP calls, such as HTTP or HTTPS, like the curl command is usually done), manage file or string encryption (by module cryptography or something else) or execute particular and directed operating system commands (using module subprocess). Joining these modules together and writing custom code, it can be possible to exploit vulnerabilities evidenced, for example, in specific CVE (the Common Vulnerabilities and Exposures system used to....
Author
Latest Articles
OfficialFebruary 24, 2023ESXi - VM exploited with Python
OfficialFebruary 24, 2023RAT: Trojan Access Remote
It almost reminds me of the feeling I get when playing Python,that sense of sudden change and not knowing what’s going to happen next.
Thanks for sharing this valuable info!
It’s so important to me
Python seems like a cool tool for that. Thanks for sharing! this is a really interesting read!
Explains the basics clearly and makes me wanna dive deeper into scripting exploits. Good stuff!