Terminologies used in Penetration testing

Exploit :-

An exploit is the means by which an attacker, or pen tester for that matter, takes  

advantage of a flaw within a system, an application, or a service. 

An attacker  

uses an exploit to attack a system in a way that results in a particular desired  

outcome that the developer never intended. 

Common exploits include buffer  

overflows, web application vulnerabilities (such as SQL injection), and con- 

figuration errors.

Payload :-

A payload is code that we want the system to execute and that is to be selected  

and delivered by the Framework. 

For example, a reverse shell is a payload that  

creates a connection from the target machine back to the attacker as a Win- 

dows command prompt (see Chapter 5), whereas a bind shell is a payload that  

“binds” a command prompt to a listening port on the target machine, which  

the attacker can then connect. A payload could also be something as simple as  

a few commands to be executed on the target operating system.

Shellcode :-

Shellcode is a set of instructions used as a payload when exploitation occurs.  

Shellcode is typically written in assembly language. 

In most cases, a command  

shell or a Meterpreter shell will be provided after the series of instructions  

have been performed by the target machine, hence the name.

Listener :-

A listener is a component within Metasploit that waits for an incoming connection  

of some sort. 

For example, after the target machine has been exploited, it may  

call the attacking machine over the Internet. 

The listener handles that connec- 

tion, waiting on the attacking machine to be contacted by the exploited system.

💢 Share and support us❗️