Exploiting

What is it that you are trying to accomplish with the exploit you just tested. Keep in mind that the exploit may be one step to the ultimate goal. Also, realize not all exploits directly lead to code execution or shell. Sometimes, all you are trying to do is bypass a login portal in a website. Make sure you have clearly defined what it is that you want this exploit to get you.

At this point you should have tested and validated that the system is vulnerable to this particular exploit. If not, consider creating a simple test. If the exploit itself is simple enough or you have tested the exploit, then fire away.

This may be surprising, but your exploit might still fail! There could be a number of reasons but use your trouble shoot skills to figure it out.

• Carefully check for typos.

• Break the exploit down into small bits to see what part causes the failure.

  • What is causing it to fail? You may have to guess as there may not be any error messages.

    • How can you prove or disprove your hypothesis?

    • How can you bypass the issue?

• Can you manually perform each step of the exploit?

• Does the box need reverted?

• Have you looked at the page?