Book Image

Learning Penetration Testing with Python

By : Christopher Duffy
Book Image

Learning Penetration Testing with Python

By: Christopher Duffy

Overview of this book

Table of Contents (19 chapters)
Learning Penetration Testing with Python
Credits
Disclaimer
About the Author
Acknowlegements
About the Reviewers
www.PacktPub.com
Preface
Index

Chapter 5. Exploiting Services with Python

One of the big misconceptions with penetration testing and exploitation of services today, is the prevalence of exploitable Remote Code Execution (RCE) vulnerabilities. The reality is that, the days of finding hundreds of easily exploitable services that only required an Internet Protocol (IP) address to be plugged into a tool are pretty much gone. You will still find vulnerabilities that can be exploited by overflowing the stack or heap, they are just significantly reduced or more complex. We will explain the reasons why, these are more difficult to exploit in today's software in Chapter 8, Exploit Development with Python, Metasploit, and Immunity, don't worry we will get to that.

So if you are expecting to walk into a network every time and exploit Microsoft Security Bulletins MS08-067, MS03-024, or MS06-40 to get your foothold, you are sorely mistaken. Do not fret, they are still out there, but instead of finding it on every host, there might...