ELI5: What is Exploitation?
This is the step where a tester actually uses a weakness to break in, like finding an unlocked window and climbing through it to prove the building is not secure.
Definition
Exploitation is the phase of penetration testing in which testers actively attempt to leverage identified vulnerabilities to gain unauthorized access to systems, applications, or data. This phase uses the information gathered during reconnaissance and scanning to execute attacks and demonstrate the real-world impact of discovered weaknesses, moving from theoretical to proven risk.
Key Details
- Common exploitation tools: Metasploit Framework, Burp Suite, SQLMap, custom exploit scripts
- Exploits may target software vulnerabilities, configuration weaknesses, or authentication bypasses
- Successful exploitation must be documented: vulnerability used, commands executed, access obtained
- Testers follow rules of engagement — only exploit systems within the defined scope
- Exploitation evidence demonstrates business impact and justifies remediation investment
Connections
- Parent: penetration-testing — exploitation is the active attack phase of penetration testing
- See also: pivoting