Results 1 to 10 of 11

Thread: Choosing the correct exploit

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    8

    Question Choosing the correct exploit

    Hi Guys,

    I'm getting start in the Pen testing field of security and have been
    playing with Backtrack (4 R2).

    I'm working through the 'metasploit unleashed' and have been watching
    some video's here and there.

    The one thing I'm trying to understand is how best to determine which
    exploit to use based on the results from basic information gathering.

    For example I can use NMAP to determine hosts,services and do some basic
    OS and application finger printing and from that, and from there I guess
    its possible to kind of line up what exploits to try.

    So if its a windows box I can 'use' exploit/windows/......

    For the testing I'm doing I'm not able to use any type of auto_pwn feature.

    The other thing I guess I can do is use a tool like nessus or nexpose to try to get the 'MS' vulnerability
    numbers and look for exploits?

    Are there any other tips that anyone can provide a n00bie with?

    Many thanks.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Choosing the correct exploit

    Well, as you said you could do an nmap scan to determine the services and their versions or telnet or nc, after you get the service and the version you could actually check them on exploit-db to see if there are some exploits for them or use the search function from metasploit, there also is SHODAN who can search for such things.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: Choosing the correct exploit

    bobg2010 you pretty much got the idea, the other option is once services are identified to start coding your own exploits, using buffer over flows and under runs etc to exploit an architecture may sound daunting at first but theres plenty of good reads and tutorials. Learning python will give you a massive advantage in mostly what ever you do, however, once paired with the knowledge of a low level language like c++ ,(debatable), the world of exploitation really is open to your imagination.
    Last edited by killadaninja; 04-10-2011 at 06:29 PM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    8

    Default Re: Choosing the correct exploit

    Thanks to both of you, your feedback is very much appreciated.

    I'll definitely have a look at SHODAN and down the track once I have the basics out of the way at developing my own exploits( I have a C/ASM background)

    I had a question in regards to this

    "after you get the service and the version you could actually check them on exploit-db to see if there are some exploits for them or use the search function from metasploit"

    When I do a 'search' in metasploit it is only searching the exploits form within the framework3 directory correct? i.e on the backtrack install there is an 'exploitdb' directory as well which has the source code to a lot of exploits PLUS some metasploit ones ( .rb files)

    If I want to use some of the prebuilt .rb files from the exploit directory what is the best way to call them from metasploit? Do I have to copy them across to the metasploits exploit directory first?

    cheers.

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Футболки, тру&

    Actually you should look at the Metasploit Unleashed guide from offsec, that might give you the info you need on this.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    8

    Default Re: Футболки, тру&

    Quote Originally Posted by sickness View Post
    Actually you should look at the Metasploit Unleashed guide from offsec, that might give you the info you need on this.
    Thanks it doesn't. but thanks anyway.

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Футболки, тру&

    Please learn to read before actually saying "it doesn't"

    http://www.offensive-security.com/me...rting_Exploits
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  8. #8
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    8

    Default Re: Choosing the correct exploit

    My question was.

    "If I want to use some of the prebuilt .rb files from the exploit directory what is the best way to call them from metasploit? Do I have to copy them across to the metasploits exploit directory first? "

    That section which I had already read through talks about porting over exploits.
    I was just asking if you can call the existing .rb files which are already porter from metasploit directly without having to copy them accross.

  9. #9
    Senior Member
    Join Date
    Jan 2011
    Location
    over the under
    Posts
    197

    Default Re: Choosing the correct exploit

    sickness, excellent mention on shodan, I'll second that.

Similar Threads

  1. Replies: 1
    Last Post: 02-10-2011, 12:52 AM
  2. Choosing Swap & Grub during installation
    By zoyya in forum Beginners Forum
    Replies: 1
    Last Post: 10-28-2010, 08:47 PM
  3. choosing a laptop: how much power do I really need?
    By nokuku4u in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-08-2009, 05:26 PM
  4. can't boot bt3 after choosing the option
    By badbrains in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-30-2008, 07:23 AM
  5. Error on dual boot when choosing BackTrack 2
    By jackol in forum OLD BackTrack v2.0 Final
    Replies: 10
    Last Post: 03-31-2007, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •