search
githubEdit

Module 12: Locating Public Exploits

hashtag
Getting Started

hashtag
A Word of Caution

circle-exclamation

Read code before executing it if you didn't write it. Don't be stupid.

hashtag
Online Exploit Resources

hashtag
The Exploit Database

LogoOffSec’s Exploit Database Archivewww.exploit-db.comchevron-right

Useful columns on the Exploit-DB outside the obvious.

  1. D: Download the exploit.

  2. A: Download the application files for investigation/review.

  3. V: Specifies if the exploit is verified.

hashtag
Packet Storm

LogoPacket Stormpacketstormsecurity.comchevron-right

hashtag
GitHub

LogoGitHub · Change is constant. GitHub keeps you ahead.GitHubchevron-right

hashtag
Google Search Operators

Google Dorking, pretty straight-forward.

hashtag
Offline Exploit Resources

hashtag
Exploit Frameworks

Some exploit frameworks:

  • Metasploit

  • Core Impact

  • Canvas

  • Browser Exploitation Framework (BeEF)

hashtag
SearchSploit

Local copy of the exploit database is stored in /usr/share/exploitdb/. This directory is split into exploits and shellcodes. It contains CSV files for each of the directories with information on all files in the two subdirectories.

Copy an exploit to your current directory: searchsploit -m path/to/exploit.py or searchsploit -m edb-id

hashtag
Nmap NSE Scripts

Nmap's Scripting Engine directory can be found at /usr/share/nmap/scripts/. Information on the scripts can be found by running nmap --script-help=script-name.nse.

hashtag
Exploiting a Target

hashtag
Putting It Together

Nothin' specific to this section, note-wise. This was a walkthrough of using what was covered in the module to exploit a target.

Automatic URL encoding for those pesky web RCEs: curl http://target/path/to/backdoor.php --data-urlencode "cmd=which nc"

PreviousModule 11: Client-side AttacksNextModule 13: Fixing Exploits

Last updated