Jump to content

how do I get to know the working of an exploit


Recommended Posts

I am fuzzing around with Metasploitable and I ran a vulnerability scan with Nessus. I obviously got a bunch of critical vulnerabilities but I am clueless on what they are and how the exploit works. I did google it but their explanations are rather vague or just complex for me to understand (I am a stereotypical Script Kiddie, feel free to call me dumb).  Can someone please tell me how and from where do I search more about the vulnerability and the exploit. Often the exploits are written in ruby (or languages that I am not fluent in, even the pro's aren't good in every language are they?) and I am just starting to learn it. (I am good in python though, I can understand most of the code). I am reading networking books along the lines and am good with Linux. Other than researching exploits and vulnerabilities can you explain how you got into and better with penetration testing? Thank you.

Edited by sahil
Link to comment
Share on other sites

Oh I already did that and it was really insightful but I am talking about vulnerabilities in general. I want to make it as a peniteration tester, I am not asking for a go to place everytime I see a vulnerability just point me in a helpful direction. Also,  does reading books such as The hacker's Playbook and books like that?

Link to comment
Share on other sites

If you want to understand how exploits actually work then for a lot of them you'll need to learn to at least read different languages. Get yourself comfortable with Ruby and Python then go to exploit-db and pick some to play with. Most will have a link to the write up on how they were found and what they do. If you can read the source you should be able to start to understand what they are actually doing.

If you have some cash to spend, look at the courses on SecurityTube, they do all sorts of good stuff.

Link to comment
Share on other sites

Thank you, I am comfortable in Python and able to understand most of the code and will fasten the pace for ruby. Could you tell me about the books weather they are helpful or am I just wasting my time reading those. 

Link to comment
Share on other sites

  • 2 weeks later...
On ‎27‎/‎03‎/‎2017 at 9:57 PM, sahil said:

Could you tell me about the books weather they are helpful or am I just wasting my time reading those. 

Books are OK to have for reference, for pentesting, but nothing beats real experience.

I'd recommend PluralSight, if you can afford the license. Very good training video site, they cover Ruby, Python and PowerShell in-depth, as well as all of the infrastructure you'll ever need to know. And they have a huge amount of dedicated courses/paths for pentesting itself.

Codecademy is also excellent for actually getting you to write code in real-time, in the browser, and is free.

Edited by haze1434
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...