Introduction to exploits (in plain english please) 1- What is an exploit? An exploit is a way to gain a higher access into a system.It can be either from non-authorized to simple user or from simple user to administrator level.It also includes crashing servers because this might be part of an exploit. 2- What is a local exploit? A local exploit is a way to gain a higher access into a targeted system when someone already have a physical access to a terminal of the network or when there is a similar point of entry available for the attacker i.e. a trojaned computer on a network. Useful when you are a simple worker and you want to have admin rights. 3- What is a remote exploit? A remote exploit is a way to gain a higher access into a computer from a distant location.It's the kind of exploits you're looking for when hacking on the web. 4- What is the cgi exploit, the NT exploit ... ? This kind of question reveal a deep misunderstanding of exploits. There are already 100's of cgi exploits as well as over 600 known/published exploits for Windows NT. Many exploits exists for all Operating Systems although the Unix-like (BSD) family seems to be much harder to compromise. 5- Where can I learn those wonderful exploits then? There are sites that have huge database of exploits.Take a look at: http://www.attrition.org http://www.rootshell.com http://www.bugtraq.org ...... 6- O.K., I went to these sites and I don't understand anything.Any tips? Exploits are presented this way: -an introduction showing a description of the security hole and the system affected. -the how to or the program in source code -a way to prevent it if it exists. *Note: DON'T BE A LAMER. The author usually leaves his mail addy for comments. It's for people that have something to add to the discussion, not for people who don't understand how it works.* 7- What should I do with these codes? Basically, you have to compile the source into a binary executable.They are almost all in C so you must have the C compiler at hand.Fortunately, Linux comes with a C compiler. (in fact you have to compile all programs on Linux, there's no easy setup.exe , you start to understand now why Linux is mandatary for hacking? ) 8- But I still don't understand, what should I do? First, install Linux on your computer and play with it for a while. You can install Redhat 6.2 Version or Mandrake 7.1, both are good for newbies, easy to install and user friendly. You can find a little "How to install" here: http://newdata.box.sk/raven/linux.txt. Then, read a lot on TCP/IP and learn some basic stuff. You can find a tutorial here: http://www.fortunecity.com/roswell/elm/279/work/tcpindex.html. An introduction to programming is highly recommended, above all something on C and Pearl Language :-) You can find basic manuals around, you know how to search. 9- Is there any proggies out there that can help me? As you should have noted,the exploits are listed under their Operating Systems so the first thing you have to do is find the target O/S . A very good scanner named NMAP is a must.The 7th sphere port scanner is also a nice one (it's for wind0ze).Voidexe scanner is a potent one for cgi scans (wind0ze too). Good luck guyz , Just1ce & Jobbe.