exploit-research.md

Exploit Research

Top Resources

• https://attackerkb.com/
• https://ippsec.rocks/?#
• Google the service and add exploit to the end!!!

Search services vulnerabilities

searchsploit --exclude=dos -t apache 2.2.3
msfconsole; > search apache 2.2.3

CVE Database

https://cve.mitre.org/cve/search_cve_list.html

National Vulnerability Database (NVD)

• U.S. Government Repository of standards based vulnerability management data represented using the Security Content Automation Protocol.

https://mvd.mist.gov/
https://nvd.nist.gov/general/visualizations

• To show a visualization of CVSS’s Severity over time.

https://nvd.nist.gov/vuln/data-feeds

CVE Details

https://www.cvedetails.com

Exploit Database

• Search by CVE and OSVDB identifier.

https://www.exploit-db.com

Searchsploit by Exploit-db

• Offline source for finding vulnerabilities and exploits.
• To update the database:

searchsploit -u
searchsploit 
searchsploit [key word or service/service version]

• Copy a searchsploit result to your present working directory

searchsploit -m 39446 win_x86-64/local/39525.py

• Alternative copy method

locate 35513.py 
cp /usr/share/exploitdb/platforms/linux/remote/35513.py /root/Desktop/35513.py

• Exclude certain results like DOS or POC

searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

• Can print the file for an exploit

cat /usr/share/exploitdb/exploits/linux/remote/16922.rb

• Exact match to your keyword input

searchsploit -e  

• Always start with specific and move to more general

Working with exploits

• Shebang

Python #!/usr/bin/python
Bash #!/bin/bash
Bourne shell #!/bin/sh
Perl #!/usr/bin/perl