Vulnerability Scanners

A vulnerability scanner automatically detects common software vulnerabilities and misconfigurations in a network using predefined plugins, focusing on known issues rather than zero-day vulnerabilities.

These scanners often include network mapping and port scanning capabilities, and may support credentialed scans to assess vulnerabilities from an authenticated perspective.

Note: Vulnerability scanners primarily focus on identifying known vulnerabilities and misconfigurations, rather than zero-day vulnerabilities!

Code Execution

When attackers identify a vulnerability they can exploit, they must choose a payload—the code they intend to deliver through the exploit.

There are various types of payloads an attacker might use, including:

Registering the victim with a Command and Control (C2) server to receive commands.
Creating a new backdoor user account for future access.
Opening a Graphical User Interface (GUI) on the victim’s machine for remote control.
Gaining a command line terminal, or shell, to send commands directly.

A common payload is a bind shell, which causes the victim to listen on a specific port, allowing the attacker to connect and gain shell access.

code execution

Firewalls block attackers from connecting to victims by denying incoming connections on disallowed ports, as only one application can listen on a port. To bypass this, attackers often compel victims to initiate a connection, which many firewalls do not block for outgoing traffic.

In this case, an attacker uses a reverse shell to have the victim connect back to them.

code execution 1

Note: Code execution allows attackers to run their own code on the victim’s system. The specific code deployed is at the attacker’s discretion, but it frequently includes methods for maintaining long-term command access on the victim’s system.