A guided tour to someone else's network
Step 3: The Attack
A few common attack methods work really well against modern networks and users. The first is attacking exposed servers and services (like DNS), the second is attacking web servers (which are basically application servers now), and the last is attacking through email (which is also the de facto file sharing application for many people).
The first method is pretty well understood; generally speaking, the attacker will scan for vulnerable servers with a tool such as Nmap  or Nessus  and then attack them using exploit code or toolkits like Metasploit . Exploiting these vulnerabilities will generally allow the attacker to run hostile code, like a root shell, on the machine.
Finding All the Attacks
So how do you track down all these individual attacks? Given a specific software package (e.g., Sendmail, WordPress, DokuWiki, or MediaWiki), how do you track down the vulnerabilities affecting it? Your best bets are to check out the CVE  and OSVDB  databases, which have links to resources in each security report, and, for exploit code, Milw0rm  (Figure 3) and PacketStorm Security  (Figure 4). The Metasploit framework actually includes surprisingly few exploits – around 300 at last count. PacketStorm Security carries about 300--400 exploits a month. Chances are that if the site is running out-of-date software, you can find something on Milw0rm or PacketStorm Security that will let you attack it, and if not, the CVE and OSVDB databases often contain enough information to point you in the right direction.
Attacking Web Servers
Web servers are basically application servers now, and where you have applications, you have security flaws. One of the biggest problems is the complexity of these programs. At a minimum, a "basic" application will often include: the application itself, a web server, an operating system, and a back-end database. All of these components can be attacked through flaws in the application, and in many cases, a number of small flaws can be combined to allow for code execution that lets an attacker onto the server.
If you're feeling lazy, you can also just download a web application scanner and point it at your target. Automated tools such as Nessus or like Nikto, which looks for more than 3,500 potentially dangerous files and CGI scripts, can scan a server for vulnerable applications. If these tools don't find anything with known vulnerabilities, the attacker can always use tools like WebScarab to examine and attack web applications directly. Poking around randomly often exposes interesting problems faster than you would think .
Buy this article as PDF
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm