Exploit-db quick navigation tutorial

[Lincoln]

This is just a little writeup on using exploit-db.

Adding Exploit-DB to browser:

Exploit-DB Search Browser Plugin

Updating:

This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb

or by

Code:

svn co svn://devel.offensive-security.com/exploitdb

Navigating:

The searchsploit script makes finding exploits very easy!

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit
Usage: searchsploit [term1] [term2]
Example: searchsploit apache local
Use lower case in the search terms; second term is optional

Looking for ms08-067:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
MS Windows Server Service Code Execution PoC (MS08-067)                     /windows/dos/6824.txt
MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)          /windows/remote/6841.txt
MS Windows Server Service Code Execution Exploit (MS08-067)                 /windows/remote/7104.c
MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)        /windows/remote/7132.py

Looking for Apache exploits on Windows platform:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
Apache HTTP Server 2.x Memory Leak Exploit                                  /windows/dos/9.c
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)               /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)                  /windows/remote/3996.c
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)        /windows/remote/5330.c
Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit         /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)                 /windows/remote/6100.py
Apache Tomcat  runtime.getRuntime().exec() Privilege Escalation (win)       /windows/local/7264.txt

Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit                  /windows/local/9223.txt
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)             /windows/local/9272.py
 
root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py

[sygo_]

great work Lincoln!

just a word of advice: the script scans each line in the csv file left to right (but only the description and path in each line), so be ware of the order by which you issue your search arguments (i.e.: "oracle 9i" will return about a dozen exploits, but "9i oracle" will not return a single one)

I'll fix this in the near future, but for the time being please use a few more brain cycles while searching.

[bobg2010]

This is just a little writeup on using exploit-db.

Adding Exploit-DB to browser:

Exploit-DB Search Browser Plugin

Updating:

This can be done either in the menu -> Backtrack -> Penetration -> ExploitDB -> Update Exploitdb

or by

Code:

svn co svn://devel.offensive-security.com/exploitdb

Navigating:

The searchsploit script makes finding exploits very easy!

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit
Usage: searchsploit [term1] [term2]
Example: searchsploit apache local
Use lower case in the search terms; second term is optional

Looking for ms08-067:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit ms08-067
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
MS Windows Server Service Code Execution PoC (MS08-067)                     /windows/dos/6824.txt
MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)          /windows/remote/6841.txt
MS Windows Server Service Code Execution Exploit (MS08-067)                 /windows/remote/7104.c
MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)        /windows/remote/7132.py

Looking for Apache exploits on Windows platform:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit apache windows
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
Apache HTTP Server 2.x Memory Leak Exploit                                  /windows/dos/9.c
Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)               /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)                  /windows/remote/3996.c
mod_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)        /windows/remote/5330.c
Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit         /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)                 /windows/remote/6100.py
Apache Tomcat  runtime.getRuntime().exec() Privilege Escalation (win)       /windows/local/7264.txt

Looking for Adobe 9.1.2 exploit and copying it to our root directory and renaming it to adobe:

Code:

root@bt:/pentest/exploits/exploitdb# ./searchsploit adobe 9.1.2
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit                  /windows/local/9223.txt
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)             /windows/local/9272.py
 
root@bt:/pentest/exploits/exploitdb# cp platforms/windows/local/9272.py /root/adobe.py

Thanks for much for this... this is a great help.

I'm a bit of a n00bie though and thought my question was relavent and thought I'd ask here. In the pentest/exploits/exploitdb/platforms folder there are a bunch of .rb scripts.

Once I have search for the one I'm interested in using, can I load them in metasploit?

I've tried but I'm not sure if I'm doing it right because it states it 'Failed to load module'

I'm using for example 'msf > use /pentest/exploits/exploitdb/platforms/windows/remote/16824' I've also tried it with the .rb extension.

Many thanks!