Locating Public Exploits

Introduction

  • An exploit is a program or script that can leverage a flaw or vulnerability of a target system.

  • A common process of a penetration testing engagement is the use of publicly available exploits, and searching for appropriate exploits becomes a critical skill when this need arises.

We must understand that by downloading and running public exploits, we can greatly endanger a system or environment. With this in mind, we need to carefully read and understand the code before execution to ensure no negative effects.

  • Exploits that are written in a low-level programming language and require compilation are often hosted in both source code and binary format. While cumbersome to compile, source code is easier to inspect than binaries (without the assistance of specialized skills and tools).

  • If code inspection or compilation is too complex, we can set up a virtual machine environment with clean snapshots as an exploit testing ground, or sandbox.

Online Exploit Resources

  • ExploitDB: It is a free archive of public exploits that are gathered through submissions, mailing lists, and public resources.

  • Packet Storm: an information security website that provides up-to-date information on security news, exploits, and tools (published tools by security vendors).

  • GitHub: is an online code hosting platform for version control and collaboration. This allows anyone to create and share code, including exploits.

Due to its open nature, using exploits from GitHub presents a large security risk and caution is advised.

  • OffSec Github Repo: a GitHub account where we can find different repositories like exploitdb-bin-sploits, which contains pre-compiled exploits for easy execution.

  • In addition to the individual websites that we covered above, we can search for additional exploit-hosting sites using popular search engines.

Offline Exploit Resources

  • Kali Linux distribution comes with various tools that provide offline access to exploits.

  • An exploit framework is a software package that contains reliable exploits for easy execution against a target.

  • Metasploit is an excellent framework built to assist in the development and execution of exploits. It was created by H D Moore in 2003 and is owned by Rapid7.

  • Core Impact is another exploit framework owned by HelpSystems and there are no free versions for this framework.

  • Canvas made by Immunity, is another exploit framework. Once the product is paid for, exploits are regularly updated every month.

  • The Browser Exploitation Framework (BeEF) is a penetration testing tool focused on client-side attacks executed within a web browser.

  • The Exploit Database provides a downloadable archived copy of all the hosted exploit code. This archive is included by default in Kali in the exploitdb package.

  • Nmap Scripting Engine (NSE) introduces the ability to automate various tasks using scripts.

PreviousClient Side AttacksNextExploiting Walkthrough

Last updated