Locating Public Exploits

• Online sites and offline tools which contain exploits

A Word of Caution

• Carefully read the documentation and code to ensure no negative effects

• e.g.: 0pen0wn exploit contained an encoded string which read out to rm -rf ~ /* 2> /dev/null & which would effectively wipe the attacker's system

• The following resources analyse the submitted exploits before publishing them, but mistakes still happen!

Searching for Exploits

• Cross-check the enumerated software versions for vulnerabilities

Online Exploit Resources

• The Exploit Database
• Packet Storm
• Google Search Operators

Offline Exploit Resources

• SearchSploit
  • update: sudo apt update && sudo apt install exploitdb
    • files are stored in: ls -1 /usr/share/exploitdb/
  • usage: searchsploit
    • e.g: searchsploit remote smb microsoft windows
• Nmap NSE Scripts
  • list: cd /usr/share/nmap/scripts && grep Exploits *.nse
  • details: nmap --script-help=<file-name-of-the-script>.nse
• Browser Exploitation Framework (BeEF)
  • start the service: sudo beef-xss
  • open the Web UI
    • pass: beef
    • user: beef
  • once a target is hooked (this can be tested with the demo)
    • click on the IP under "Online Browsers" aka "Zombies" and select "Commands" to list the available exploits
• Metasploit Framework
  • start: sudo msfconsole -q
  • search: search -h
    • e.g.: search ms08_067
    • More: The Metasploit Framework

Relevant Note(s): Exploitation Fixing Exploits