An exploit is a program designed to demonstrate the presence of a specific vulnerability usually by executing commands on the target. Penetration testing works by running a series of exploits that are chosen based on the target’s operating system and running services. There are three basic types of exploits: (1) Remote – an initial break-in; exploitable by a remote user through a network service; (2) Local – privilege elevation; exploitable by an attacker who is already on the system; and (3) Client – exploitable when a user is tricked into loading an attacker-supplied file.