How do remote exploits work?

[ph4nt0m]

This is an extremely noob question, but I assure you I have no malicious intent. I understand how shellcode works, but I don't understand how an attack is used against another computer. I can't write shellcode, but I understand the process of it. From what I gathered if you have an unpatched security hole on you computer someone can exploit it, obviously. I know that metasploit and core impact are used to launch an attack, but wouldn't that work only if you were on the same network? If that is the case, what is the problem with having a unpatched security flaw if you are on a network behind a router? I know I'm probably way off with all this, but I really want to know. Say you (whoever is reading this) wanted remotelly access to my computer. How would you do it? I know there are other ways besides exploits, such as sending a virus in my email or something or the many other ways you could trick me into downloading something. I don't use windows, so the virus thing wouldn't work out so well. But if I was on a windows machine it would obviously work. Say I'm two states away on a windows 2000 machine behind a router. How would you mess with my computer with an exploit? I always thought if someone had your IP they could launch attacks against your system. But from what I've gathered you can only see there ISP and there location for the most part. No I'm not going to screw with people, I just don't understand how it works. I would appreciate if someone would point me in the right direction, maybe something I should read up on. Any feedback would be greatly appreciated.

[Tentra]

First off this should probably be moved to Malware or Networking.

Scenario:
Lets say I want to attack hackthissite.org. First I would do an Nmap scan of the target, from that I learn the server is running Apache 2.0 on port 80. So I go to milw0rm and search "Apache". Now I find an exploit that fits the version, such as Apache 2.0.52 Multiple Space Header DoS (Perl Code). Now I just run that script with the appropriate parameters and the target is DoS'd.

There are many known exploits for various pieces of software if just search around.

The fact that you are behind a router doesn't affect things much. If you have a daemon running that is bound to a port your going to make sure your router isn't blocking that port. If it was having that daemon run would just be pointless.

[ph4nt0m]

First off this should probably be moved to Malware or Networking.

Scenario:
Lets say I want to attack hackthissite.org. First I would do an Nmap scan of the target, from that I learn the server is running Apache 2.0 on port 80. So I go to milw0rm and search "Apache". Now I find an exploit that fits the version, such as Apache 2.0.52 Multiple Space Header DoS (Perl Code). Now I just run that script with the appropriate parameters and the target is DoS'd.

There are many known exploits for various pieces of software if just search around.

The fact that you are behind a router doesn't affect things much. If you have a daemon running that is bound to a port your going to make sure your router isn't blocking that port. If it was having that daemon run would just be pointless.

Thanks for your reply. I was just reading more about ports and whatnot and things became a little clearer. I didn't know exactly what daemon meant so I had to google it. I still don't totally understand what it is. haha I understand how an attack is launched, I just didn't understand how a specific computer is attacked. I just got a big new book on networking, so maybe it will help me understand things a little better. Anyways, thanks again.

[Tentra]

A daemon is just a service, things with names such as HTTPd, FTPd, and IRCd are just daemons, thats what the 'd' stands for.

Usually personal computers are not chosen as targets for attacks since they wont be running much software that one could exploit over the internet. Though there are some mass IP scanners that scan thousands of IP addresses for a security hole or weak SSH logins. Most of the time when a personal computer is attack its to add the computer to a botnet or to use that computer as a base for future attacks.

[ph4nt0m]

Thanks, that makes much more sense.