Results 1 to 3 of 3

Thread: Exploit-db quick navigation tutorial

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default Exploit-db quick navigation tutorial

    This is just a little writeup on using exploit-db.

    Adding Exploit-DB to browser:

    Exploit-DB Search Browser Plugin

    Updating:

    This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb

    or by
    Code:
    svn co svn://devel.offensive-security.com/exploitdb
    Navigating:

    The searchsploit script makes finding exploits very easy!

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit
    Usage: searchsploit [term1] [term2]
    Example: searchsploit apache local
    Use lower case in the search terms; second term is optional
    Looking for ms08-067:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    MS Windows Server Service Code Execution PoC (MS08-067)                     /windows/dos/6824.txt
    MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)          /windows/remote/6841.txt
    MS Windows Server Service Code Execution Exploit (MS08-067)                 /windows/remote/7104.c
    MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)        /windows/remote/7132.py
    Looking for Apache exploits on Windows platform:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    Apache HTTP Server 2.x Memory Leak Exploit                                  /windows/dos/9.c
    Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)               /windows/remote/3680.sh
    Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)                  /windows/remote/3996.c
    mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)        /windows/remote/5330.c
    Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit         /windows/remote/6089.pl
    Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)                 /windows/remote/6100.py
    Apache Tomcat  runtime.getRuntime().exec() Privilege Escalation (win)       /windows/local/7264.txt
    Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit                  /windows/local/9223.txt
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)             /windows/local/9272.py
     
    root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py
    Last edited by Lincoln; 03-19-2010 at 01:21 AM.

  2. #2
    Moderator sygo_'s Avatar
    Join Date
    Aug 2006
    Posts
    28

    Default Re: Exploit-db quick navigation tutorial

    great work Lincoln!

    just a word of advice: the script scans each line in the csv file left to right (but only the description and path in each line), so be ware of the order by which you issue your search arguments (i.e.: "oracle 9i" will return about a dozen exploits, but "9i oracle" will not return a single one)

    I'll fix this in the near future, but for the time being please use a few more brain cycles while searching.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    8

    Default Re: Exploit-db quick navigation tutorial

    Quote Originally Posted by Lincoln View Post
    This is just a little writeup on using exploit-db.

    Adding Exploit-DB to browser:

    Exploit-DB Search Browser Plugin

    Updating:

    This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb

    or by
    Code:
    svn co svn://devel.offensive-security.com/exploitdb
    Navigating:

    The searchsploit script makes finding exploits very easy!

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit
    Usage: searchsploit [term1] [term2]
    Example: searchsploit apache local
    Use lower case in the search terms; second term is optional
    Looking for ms08-067:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    MS Windows Server Service Code Execution PoC (MS08-067)                     /windows/dos/6824.txt
    MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)          /windows/remote/6841.txt
    MS Windows Server Service Code Execution Exploit (MS08-067)                 /windows/remote/7104.c
    MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)        /windows/remote/7132.py
    Looking for Apache exploits on Windows platform:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    Apache HTTP Server 2.x Memory Leak Exploit                                  /windows/dos/9.c
    Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)               /windows/remote/3680.sh
    Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)                  /windows/remote/3996.c
    mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)        /windows/remote/5330.c
    Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit         /windows/remote/6089.pl
    Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)                 /windows/remote/6100.py
    Apache Tomcat  runtime.getRuntime().exec() Privilege Escalation (win)       /windows/local/7264.txt
    Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:

    Code:
    root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
     Description                                                                 Path
    --------------------------------------------------------------------------- -------------------------
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit                  /windows/local/9223.txt
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)             /windows/local/9272.py
     
    root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py
    Thanks for much for this... this is a great help.

    I'm a bit of a n00bie though and thought my question was relavent and thought I'd ask here. In the pentest/exploits/exploitdb/platforms folder there are a bunch of .rb scripts.

    Once I have search for the one I'm interested in using, can I load them in metasploit?

    I've tried but I'm not sure if I'm doing it right because it states it 'Failed to load module'

    I'm using for example 'msf > use /pentest/exploits/exploitdb/platforms/windows/remote/16824' I've also tried it with the .rb extension.

    Many thanks!

Similar Threads

  1. B4$ final using metasploit 3.3.4-dev to exploit IE6
    By bostonlink in forum BackTrack Videos
    Replies: 0
    Last Post: 01-24-2010, 06:14 AM
  2. Replies: 6
    Last Post: 01-23-2010, 01:07 AM
  3. Replies: 1
    Last Post: 01-21-2010, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •