update-milw0rm

[napoleon0di0bonaparte]

hi I found it hard trying to see if the fix had been posted so mediator please forgive if this is a repost... no offense taken if you delete. Please just don't ban... i just got here

Okay {what thought okay was a word}I have been trying out /pentest/fast-tack and the update-milw0rm is missing so here is my solution i scrabbled it up together from feed on the net well I will use the milw0rm archive so if to have cisco staff they will dis sapper when you do your cat spoiltlist.txt | grep cisco

anyway here it is

#=======Start expolitsearch
#!/bin/sh
case "$#" in
0)
echo ""
echo "============================="
echo "Exploit Archive Search Script"
echo "======Created By: Firox======"
echo ""
echo "Usage: $0 [keyword]"
echo ""
echo "Example:"
echo "$0 apache"
echo ""
exit 1
;;
*)
EXPLOIT="$1"
echo ""
echo "============================="
echo "Exploit Archive Search Script"
echo "======Created By: Firox======"
echo ""
echo "*** Searching Milw0rm for [$1]"
echo ""
cat /pentest/exploits/milw0rm/sploitlist.txt |grep -i "$1"
echo ""
echo "*** Searching SecFocus for [$1]"
echo ""
cat /pentest/exploits/secfocus/sploitlist.txt |grep -i "$1"
echo ""


;;
esac
#===============End Thanks to Firox
#its not like i know the guy nor did i ask for permission but ahhh it was on a public #post

-----------------------------------------------------------------------------------
#============Start update-milw0rm
#!/bin/bash
echo "Downloading Milw0rm Exploit tar ball"
proz -f {milworm officialsite}/sploits*/milw0rm.tar.bz2
echo "Extracting tar ball contents"
tar -jxvf milw0rm.tar.bz2
echo "Generating Local Database, please Wait"
cp bin/makeindex-milw0rm milw0rm/
cd milw0rm
./makeindex-milw0rm
#===========================

Note on line "proz -f {milw0rm site}/sploits/milw0rm.tar.bz2" I use prozilla instead of wget coz it is download accelerator and i don't now how to make wget override existing file without appending some number at the end. beside do you know in they charge africa an arm and leg per min for internet usage so lets try and size all the bytes we can and forget about bandwidth hogging. oh yah {milw0rm site} part... lets just say i am a newbie hence i can not post urls

#==============/pentest/expoilts/milw0rm/makeindex-milw0rm
#!/bin/bash
rm -rf sploitlist.txt
find . -xtype f |grep -v makeindex-milw0rm |grep -v "/CVS/" > allfiles.txt
for file in $(cat allfiles.txt);do
echo $file $(head -n 1 $file | cut -d " " -f 2-30) >> sploitlist.txt
done
rm -rf allfiles.txt
echo "Done!"
echo "You can \"cat sploitlist.txt\""

#=======================================

oh make sure you have the [dir] created the
/pentest/exploits/bin
/pentest/exploits/milw0rm

wel that all she wrote

[DigiP]

As for wget downloads, why can't you can just delete the local archive first before using wget to redownload it

Code:

rm -f milw0rm.tar.bz2

Then run wget to redownload the archive. (Is prozilla installed on bt3 by default? I never bothered to look...)

[napoleon0di0bonaparte]

No its not installed by default. and rm -f just looks like a receipt for a file not found error thanks for the tip though

[brokentesting]

Napoleon,


YOU ARE THE MAN! THANKS SO MUCH FOR THIS!!

I have been looking for a solution to the Milw0rm update for awhile now.

But I get the following problems:

bt / # #============Start update-milw0rm
bt / # #!/bin/bash
bt / # echo "Downloading Milw0rm Exploit tar ball"
Downloading Milw0rm Exploit tar ball
bt / # proz -f {milworm officialsite}/sploits*/milw0rm.tar.bz2

bt / # (YES I CAN SUCCESSFULLY DOWNLOAD THE FILE AND EXTRACT)
BUT.............. I CANT GET PAST THE FOLLOWING..........)

bt / # echo "Generating Local Database, please Wait"
Generating Local Database, please Wait
bt / # cp bin/makeindex-milw0rm milw0rm/
cp: cannot stat `bin/makeindex-milw0rm': No such file or directory
bt / # cd milw0rm
bt milw0rm # ./makeindex-milw0rm [/code]
-bash: ./makeindex-milw0rm: No such file or directory
bt milw0rm #

I get to the / of my harddrive at the commandline and do a " Locate makeindex-milw0rm " and I cant find *^(#^(&#$^%#&(%

Napoleon, what I am doing wrong?

Thanks again for the script, this resolves alot of problems for me, but I dont
understand what I am doing wrong. And yes I have a Native install of BT3 to the harddrive. It is actually Dual booted with Windows, but that means nothing.

Awaiting your reply and thanks again...

[napoleon0di0bonaparte]

create update-milw0rm in /pentest/exploits or parent folder of the milw0rm folder. also create bin folder in same location and create the makeindex-milw0rm file in the bin folder.

that should solve your troubles umless I failed to understand your question or I have smoked too much tweed and am seeing thngs

[napoleon0di0bonaparte]

As for wget downloads, why can't you can just delete the local archive first before using wget to redownload it

Code:

rm -f milw0rm.tar.bz2

Then run wget to redownload the archive. (Is prozilla installed on bt3 by default? I never bothered to look...)

I have tried to improve it my new I just found out I passed a cisco network and forgot milw0rm update lossed the last cisco vans..

new update-milw0rm

Code:

#!/bin/bash
echo "Downloading Milw0rm Exploit tar ball"
cp --backup milw0rm.tar.bz2 milw0rm.tar.bz2.bak
rm milw0rm.tar.bz2
wget h**p://milw0rm.com/sploits/milw0rm.tar.bz2
echo "Extracting tar ball contents"
tar -jxvf milw0rm.tar.bz2
echo "Generating Local Database, please Wait"
cp bin/makeindex-milw0rm milw0rm/
cd milw0rm
./makeindex-milw0rm

I would appreciate if somebody could show me how to compare local version with the server version before downloading... I could not find the md5.txt on the milw0rm server

how ever I noticed if i put a

Code:

wget -c h:confused::confused:p://milw0rm.com/sploits/milw0rm.tar.bz2

instead of

Code:

wget h:rolleyes::rolleyes:p://milw0rm.com/sploits/milw0rm.tar.bz2

damn thing actuall appends and does not lose the good stuff... may some please explain.

[napoleon0di0bonaparte]

It is actually Dual booted with Windows, but that means nothing.

Awaiting your reply and thanks again...

now install vmware in your windows and then boot that HARD Installed BT3 in windows... that should mean somthing... he he he he...
Oh yah please always shutdown your vm's... why you may ask well microshity always crashes and I hate always having to reboot...

[hawaii67]

I presume you are speaking about this link:

http://www.governmentsecurity.org/fo...howtopic=23009

It's a little bit outdated I think.
But what exactly is the issue?

[crweedon]

problem solved: ezpwn does this all for you, and really who doesn't like to clutter their screen up with multiple terminal windows... ie "fasttrack, ezpwn, packetstorm, exploittree, etc.."

[*YAPP*]

were do I get ezpwn?