Penetration Testing Student v2 Host & Network Penetration Testing Exploitation

Searching For Publicly Available Exploits

Posted by r3kind1e on April 8, 2023

Searching For Publicly Available Exploits

Searching For Public Exploits

After identifying a potential vulnerability within a target or a service running on a target, the next logical step will involve searching for exploit code that can be used to exploit the vulnerability.

Exploit code can easily be found online, however, it is important to note that downloading and running exploit code against a target can be quite dangerous. It is therefore recommended to analyze the exploit code closely to ensure that it works as intended.

There are a handful of legitimate and vetted exploit databases that you should use when searching for exploits online:

  • Exploit-db
  • Rapid 7

搜索公开可用的漏洞

搜索公共漏洞利用

在确定目标或目标上运行的服务中的潜在漏洞后,下一个合乎逻辑的步骤将涉及搜索可用于利用该漏洞的漏洞利用代码。

可以很容易地在网上找到漏洞利用代码,但是,请务必注意,针对目标下载和运行漏洞利用代码可能非常危险。 因此,建议仔细分析漏洞利用代码以确保其按预期工作。

在在线搜索漏洞利用程序时,您应该使用一些合法且经过审查的漏洞利用数据库:

  • Exploit-db
  • Rapid 7

Demo: Searching For Publicly Available Exploits(演示:搜索公开可用的漏洞)

https://www.exploit-db.com/

Verified: There is a verification filter here, that allows you to only display exploits that have been verified.

Filters

We can Filter by Type. We can specify the type of exploit.

If we’re trying to exploit a target remotely, the remote option is what we would typically be utilizing in terms of a search filter.

If we’re trying to perform privilege escalation, then we would typically click on local.

Search

1
2

vsftpd 2.3.4
eternalblue

Make sure that you’re only using verified exploit code, you can click on Verified here.

For example, if I wanted to test out this exploit, it provides me with the actual affected version of vsftpd, which I can then install and run the exploit code against to perform local testing to ensure that this particular exploit does indeed work.

Has App: To only display the exploits that have the available, vulnerable application.

EDB-ID: It also has a unique exploit database id, this will come in handy when we will be utilizing searchsploit.

GHDB: Google Hacking Database, which contains a series of Google Docs or Google search filters that allow you to search for affected websites or services that are publicly exposed.

SearchSploit – The Manual

https://www.rapid7.com/db/

Rapid 7 is probably the best way to identify Metasploit modules or exploits that have been ported into Metasploit modules to automate the exploitation process.

1
2

vsftpd  Module
eternalblue Module

Utilize Google Docs to fine tune your searches with Google.

1
2
3
4

vsftpd 2.3.4 site:exploit-db.com
openssh 7.2 site:exploit-db.com
vsftpd 2.3.4 site:rapid7.com
vsftpd 2.3.4 site:github.com

Packet Storm

https://packetstormsecurity.com/

Tools

CATALOG
    FEATURED TAGS
    Penetration Testing Student Penetration Testing Student v2 Host & Network Penetration Testing The Metasploit Framework (MSF) Post-Exploitation Exploitation Assessment Methodologies System/Host Based Attacks Penetration Testing Professional Resource Development & Initial Access Enumeration Network Attacks TryHackMe Web Attacks Client-Side Attacks Penetration Testing Prerequisites PowerShell for Pentesters Footprinting & Scanning IELTS Information Gathering System Attacks experience 留学 Network-Based Attacks 安全评估工具 C++ Career Python Vulnerability Assessment crypto
    FRIENDS