3. What can a script kiddie do?

What can a script kiddie do?

They can use ZAP to find potential format string vulns, which oftentimes can crash a webserver just by typing the character '

Are you sure you're thinking of a format string vuln? ' doesn't have any special meaning in format strings and certainly wouldn't result in a crash like %s%s%s%s%s%s%s%s%s%s%s might.

Using ' sounds more like SQL, LDAP, Command or similar Injection attacks though those don't 'oftentimes' result in crashing a webserver just an error message and at best crashing the handling process/thread but no lasting denial of service like what would happen from crashing the webserver.

Though I'm intrigued, can you elaborate on the type of attack your thinking of? I don't think its a format string vuln but I'm sure you do have something in mind I'm not thinking of.

They have a lot of trouble creating exploits.

More on topic, that's pretty much the catch, the ability to develop your own exploits otherwise your dependent on exploit scripts (like metasploit modules or proper standalone scripts) which is what defines a script kiddie.

There is a far less popular term lamer that I believe better represents those that simply lack understanding of how the attacks work. Script kiddies can have some understanding of the basic attacks but remain dependent on various scripts and tools to exploit anything that isn't an easy target.

/r/AskNetsec Thread Parent
Previous
Next

Recently removed from /r/AskNetsec

Pentesters, what web vulnerability scanner do you use? Web App Pentesting Career Path Is a "security engineer" = a software dev focused on security or is it something uniquely different? What subjects would you take in hackerschool? Most reasonable way to protect Windows laptop from BadUSB? Your recommendations, I have an opportunity to learn netsec but I am at the starting line. I will be traveling to one of the countries hosting a great firewall, will only be using my phone to access anything. What kind of modifications and precaution should I be taking to protect myself from both of privacy and security perspective? Anyone interested in Advanced WiFi Pentesting Webinar? if net neutrality fails, could an online company provide a "neutral net" loophole? GCIH - using braindump questions to test my knowledge. Good or bad? Let's say you find an exploit in a vendors application. What's the best way to inquire about a bug bounty if one isn't already listed? Minimum Requirements For Entry Level Pentesting Job Can someone recommend how I can get into malware research/reverse engineering? Security clearance question Early Career Options?

More Random Comments

Remember 2019, when the crazy news story of the year was “Storm Area 51”? Indian business outlook is the worst in the world, survey finds Wait ... yeah I still don't get it. I’ve always wanted to travel but I’m in a lower-middle class situation with no vacation time from work. I’m wondering what kind of jobs everyone has to enable traveling at least once or twice a year 122 days until the end. Have you been enjoying the adventure thus far? Supporting Mental Illness / Neurodivergence, when it's easy Raising children 14F Really need someone to talk to Anyone can be Racist, Regardless of Skin Color. Kareem Abdul-Jabbar: Where Is the Outrage Over Anti-Semitism in Sports and Hollywood? It is the part of a wise man to resist pleasures, but a foolish man to be a slave to them. - Epictetus Are these bed bugs? (Read comment for more info) FinTech 'Wildcard' to Shutdown Best way to Improve My Fried Rice Anyone know a way to increase the canvas' framerate when drawing?