Module 12: Locating Public Exploits

Getting Started

A Word of Caution

Read code before executing it if you didn't write it. Don't be stupid.

Online Exploit Resources

The Exploit Database

Offensive Security’s Exploit Database Archive

Useful columns on the Exploit-DB outside the obvious.

D: Download the exploit.
A: Download the application files for investigation/review.
V: Specifies if the exploit is verified.

Packet Storm

GitHub

GitHub: Where the world builds softwareGitHub

Google Search Operators

Google Dorking, pretty straight-forward.

Offline Exploit Resources

Exploit Frameworks

Some exploit frameworks:

Metasploit
Core Impact
Canvas
Browser Exploitation Framework (BeEF)

SearchSploit

Local copy of the exploit database is stored in /usr/share/exploitdb/. This directory is split into exploits and shellcodes. It contains CSV files for each of the directories with information on all files in the two subdirectories.

Copy an exploit to your current directory: searchsploit -m path/to/exploit.py or searchsploit -m edb-id

Nmap NSE Scripts

Nmap's Scripting Engine directory can be found at /usr/share/nmap/scripts/. Information on the scripts can be found by running nmap --script-help=script-name.nse.

Exploiting a Target

Putting It Together

Nothin' specific to this section, note-wise. This was a walkthrough of using what was covered in the module to exploit a target.

Automatic URL encoding for those pesky web RCEs: curl http://target/path/to/backdoor.php --data-urlencode "cmd=which nc"

PreviousModule 11: Client-side Attacks NextModule 13: Fixing Exploits

Last updated 10 months ago