A script or programmed software which enables the hackers to take over the control of a system and exploit its vulnerabilities is known as Exploitation. These vulnerabilities are found with some of the vulnerabilities scanners like Nexpose, OpenVAS, etc.
Metasploit is a powerful tool to locate vulnerabilities in a system.
Exploits are identified based on the vulnerabilities.
Vulnerability search engines :
1. Exploit Database : All the exploits related to a vulnerability can be available at www.exploit-db.com.
2. Common Vulnerabilities and Exposures : Common Vulnerabilities and Exposures (CVE) is the standard for information security vulnerability names. For publicly known information security vulnerabilities and exposures CVE is a dictionary. The link for CVE is https://cve.mitre.org
3. National Vulnerability Database : National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data. The automation of the vulnerability management, security measurement and compliance is facilitated by NVD. The official link of this database is https://nvd.nist.gov. NVD includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.
Different types of Exploits :
Remote Exploits − These are the type of exploits where access to a remote system or a network is not possible. Remote exploits are used to get access to a remote system.
Local Exploits − Local exploits are generally used by a system user having access to a local system, but who wants to overpass his rights.
Quick Fix :
Missing of the updates usually leads to Vulnerabilities. So it is suggested to update the system regularly. Automatic updation can be activated in Windows by using the option from the Control Panel → System and Security → Windows Updates.
In Linux Centos, the following command can be used to install the automatic update package.