Locating Public Exploits

Introduction

  • An exploit is a program or script that can leverage a flaw or vulnerability of a target system.

  • A common process of a penetration testing engagement is the use of publicly available exploits, and searching for appropriate exploits becomes a critical skill when this need arises.

  • Exploits that are written in a low-level programming language and require compilation are often hosted in both source code and binary format. While cumbersome to compile, source code is easier to inspect than binaries (without the assistance of specialized skills and tools).

  • If code inspection or compilation is too complex, we can set up a virtual machine environment with clean snapshots as an exploit testing ground, or sandbox.

Online Exploit Resources

  • ExploitDB: It is a free archive of public exploits that are gathered through submissions, mailing lists, and public resources.

  • Packet Storm: an information security website that provides up-to-date information on security news, exploits, and tools (published tools by security vendors).

  • GitHub: is an online code hosting platform for version control and collaboration. This allows anyone to create and share code, including exploits.

  • OffSec Github Repo: a GitHub account where we can find different repositories like exploitdb-bin-sploits, which contains pre-compiled exploits for easy execution.

  • In addition to the individual websites that we covered above, we can search for additional exploit-hosting sites using popular search engines.

Offline Exploit Resources

  • Kali Linux distribution comes with various tools that provide offline access to exploits.

  • An exploit framework is a software package that contains reliable exploits for easy execution against a target.

  • Metasploit is an excellent framework built to assist in the development and execution of exploits. It was created by H D Moore in 2003 and is owned by Rapid7.

  • Core Impact is another exploit framework owned by HelpSystems and there are no free versions for this framework.

  • Canvas made by Immunity, is another exploit framework. Once the product is paid for, exploits are regularly updated every month.

  • The Browser Exploitation Framework (BeEF) is a penetration testing tool focused on client-side attacks executed within a web browser.

  • The Exploit Database provides a downloadable archived copy of all the hosted exploit code. This archive is included by default in Kali in the exploitdb package.

  • Nmap Scripting Engine (NSE) introduces the ability to automate various tasks using scripts.

Last updated