Searching For Exploits

Searching For Publicly Available Exploits

After identifying a potential vulnerability within a target or a service running on a target, the next logical step is to search for exploit code that can be used to exploit the vulnerability.

• Exploit Code: Exploit code can easily be found online. However, it is important to note that downloading and running exploit code against a target can be quite dangerous. It is recommended to analyze the exploit code closely to ensure that it works as intended.

• Legitimate Exploit Databases: There are a handful of legitimate and vetted exploit databases that you should use when searching for exploits online:

  • Exploit-db

  • Rapid7

  • Packet Storm (Cyber News + Exploits + More)

Searching For Exploits With SearchSploit

• Offline Exploits: In some cases, access to online exploits may not be available, requiring the use of locally available exploit sources.

• Exploit-db Database: The entire Exploit-db database of exploits is pre-packaged with Kali Linux, providing access to all exploits locally.

• SearchSploit Tool: The Exploit-db offline database of exploits can be accessed and queried using a tool called SearchSploit.

• Storage Location: All exploits are stored in /usr/share/exploitdb.

Fixing Exploits

Before executing any exploit sourced from external or internal origins, it is imperative to conduct a comprehensive review of both the code and accompanying documentation. Understanding the exact functionality and prerequisites of the exploit is crucial for successful server exploitation.

Always ensure a thorough grasp of the exploit's operations and potential implications prior to proceeding. Unauthorized or careless use of exploits can result in significant consequences.

Cross-Compiling Exploits

• Executable Code Development: Exploit code may often be developed in languages like C, C++, or C#. Consequently, it will need to be compiled into a Portable Executable (PE) or binary format.

• Cross-Compilation Definition: Cross-compiling refers to the process of compiling code intended for one platform on a different platform.

• Penetration Testing Skills: As a penetration tester, it's essential to possess the necessary skills for compiling exploit code written in C and its variants.

Compiling Exploit Code Using MinGW-w64 and GCC

1. 64-bit Compilation:

   Copy

   i686-w64-mingw32-gcc <exploit_code> -o <output_name>

2. 32-bit Compilation (with Winsock library):

   Copy

   i686-w64-mingw32-gcc <exploit_code> -o <output_name> -lws2_32

3. Compiling ELF Binary (for Linux/Unix):

   Copy

   gcc -pthread <exploit_code> -o <output_name> -lcrypt

You can also access pre-compiled exploits on the Exploit Database GitHub repository.

Hacker's Mantra: I look like a geek hacker, but I don’t know anything about computers. - Justin Long