An exploit is software designed to exploit a flaw in an IT system, normally with malicious aims, such as installing malware.

What is an exploit?

An exploit is an IT program, software or a command sequence that takes advantage of an error or vulnerability to provoke certain behavior in software, hardware or any electronic device.

Such behavior includes, in general, taking control of a system, granting of administrator privileges to an intruder or launching denial of service attacks (DoS or DDoS).


Types of exploits

A remote vulnerability spreads via a network and exploits security flaws without having prior access to the compromised system.

On the other hand, a local vulnerability does need for there to have been prior access to the vulnerable system, normally with the intention of increasing the privileges of the person who will launch the exploit.

There are also specific exploits against client applications (those that require contact with a server) that normally begin by configuring the server to launch the exploit onto a computer. Vulnerabilities on client applications may also require certain interaction with users, and are sometimes used along with social engineering to trick the victims of the attack.


Zero-day exploits

Zero-day exploits are security holes in software that were undiscovered prior to the attack. From the moment of the first attack until the time when the vulnerability is resolved, there is a period when hackers can exploit it to gain the maximum possible impact on programs, data, other computers or the entire network.

Exploits that target this type of vulnerability are therefore called zero-day exploits. The greater the attack scope and the fewer days that have passed since the zero-day, the more probable it is that no solution or workaround will have been developed and the damage will be more extensive.

Even after the fix has been developed, initially not all users will have applied it. The case of WannaCry was a paradigm in this sense: the malware used a Windows exploit developed by the US Security Agency and previously exposed by WikiLeaks.

The problem was initially corrected by Microsoft with a patch, but all computers that had not updated in the following days were still vulnerable. As computers that had not been used over the weekend started up on Monday, a second wave of propagation began.

Hidden threat

When an exploit is made public, the software developers take action: the vulnerability is fixed -often with a patch- and the exploit is rendered unusable. For this reason some black hat hackers, as well as hackers working for the military or intelligence services, do not release details of these exploits in order that they can continue to use them.

Many exploits are designed to provide system access to administrators or superusers. However, it is also possible that hackers can take advantage of exploits to the same end: initially to obtain low level access, then repeatedly gaining higher privileges until they have the highest level of administrator rights (also called root level).