Exploit-db quick navigation tutorial
This is just a little writeup on using exploit-db.
Adding Exploit-DB to browser:
Exploit-DB Search Browser Plugin
Updating:
This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb
or by
Code:
svn co svn://devel.offensive-security.com/exploitdb
Navigating:
The searchsploit script makes finding exploits very easy!
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit
Usage: searchsploit [term1] [term2]
Example: searchsploit apache local
Use lower case in the search terms; second term is optional
Looking for ms08-067:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
Description Path
--------------------------------------------------------------------------- -------------------------
MS Windows Server Service Code Execution PoC (MS08-067) /windows/dos/6824.txt
MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) /windows/remote/6841.txt
MS Windows Server Service Code Execution Exploit (MS08-067) /windows/remote/7104.c
MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) /windows/remote/7132.py
Looking for Apache exploits on Windows platform:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
Description Path
--------------------------------------------------------------------------- -------------------------
Apache HTTP Server 2.x Memory Leak Exploit /windows/dos/9.c
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32) /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) /windows/remote/3996.c
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32) /windows/remote/5330.c
Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32) /windows/remote/6100.py
Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win) /windows/local/7264.txt
Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
Description Path
--------------------------------------------------------------------------- -------------------------
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit /windows/local/9223.txt
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py) /windows/local/9272.py
root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py
Re: Exploit-db quick navigation tutorial
great work Lincoln!
just a word of advice: the script scans each line in the csv file left to right (but only the description and path in each line), so be ware of the order by which you issue your search arguments (i.e.: "oracle 9i" will return about a dozen exploits, but "9i oracle" will not return a single one)
I'll fix this in the near future, but for the time being please use a few more brain cycles while searching. :)
Re: Exploit-db quick navigation tutorial
Quote:
Originally Posted by
Lincoln
This is just a little writeup on using exploit-db.
Adding Exploit-DB to browser:
Exploit-DB Search Browser Plugin
Updating:
This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb
or by
Code:
svn co svn://devel.offensive-security.com/exploitdb
Navigating:
The searchsploit script makes finding exploits very easy!
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit
Usage: searchsploit [term1] [term2]
Example: searchsploit apache local
Use lower case in the search terms; second term is optional
Looking for ms08-067:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
Description Path
--------------------------------------------------------------------------- -------------------------
MS Windows Server Service Code Execution PoC (MS08-067) /windows/dos/6824.txt
MS Windows Server Service Code Execution Exploit (MS08-067) (Univ) /windows/remote/6841.txt
MS Windows Server Service Code Execution Exploit (MS08-067) /windows/remote/7104.c
MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) /windows/remote/7132.py
Looking for Apache exploits on Windows platform:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
Description Path
--------------------------------------------------------------------------- -------------------------
Apache HTTP Server 2.x Memory Leak Exploit /windows/dos/9.c
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32) /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3) /windows/remote/3996.c
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32) /windows/remote/5330.c
Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32) /windows/remote/6100.py
Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win) /windows/local/7264.txt
Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:
Code:
root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
Description Path
--------------------------------------------------------------------------- -------------------------
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit /windows/local/9223.txt
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py) /windows/local/9272.py
root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py
Thanks for much for this... this is a great help.
I'm a bit of a n00bie though and thought my question was relavent and thought I'd ask here. In the pentest/exploits/exploitdb/platforms folder there are a bunch of .rb scripts.
Once I have search for the one I'm interested in using, can I load them in metasploit?
I've tried but I'm not sure if I'm doing it right because it states it 'Failed to load module'
I'm using for example 'msf > use /pentest/exploits/exploitdb/platforms/windows/remote/16824' I've also tried it with the .rb extension.
Many thanks!
