Malware

System hacking

Warning: Do not execute these on a network or system that you do not own. Execute only on your own network or system for learning purposes. Do not execute these on any production network or system, unless Rules of engagement have been agreed on, and you have a Get out of jail free card.

What?

Gaining access to the host and its files (but the ultimate target is the user).

Why?

To gain elevated privileges in order to be able to take action, like install software, get user data that can possibly give access to other sites or systems, destroy or alter audit trails to hide tracks of having been there, etc.

How?

Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)

  • Exploiting vulnerabilities (not always effective).
  • Authenticating with credentials (effective).

Concretely