Searching For Publicly Available Exploits
Searching For Public Exploits
After identifying a potential vulnerability within a target or a service running on a target, the next logical step will involve searching for exploit code that can be used to exploit the vulnerability.
Exploit code can easily be found online, however, it is important to note that downloading and running exploit code against a target can be quite dangerous. It is therefore recommended to analyze the exploit code closely to ensure that it works as intended.
There are a handful of legitimate and vetted exploit databases that you should use when searching for exploits online:
- Exploit-db
- Rapid 7
搜索公开可用的漏洞
搜索公共漏洞利用
在确定目标或目标上运行的服务中的潜在漏洞后,下一个合乎逻辑的步骤将涉及搜索可用于利用该漏洞的漏洞利用代码。
可以很容易地在网上找到漏洞利用代码,但是,请务必注意,针对目标下载和运行漏洞利用代码可能非常危险。 因此,建议仔细分析漏洞利用代码以确保其按预期工作。
在在线搜索漏洞利用程序时,您应该使用一些合法且经过审查的漏洞利用数据库:
- Exploit-db
- Rapid 7
Demo: Searching For Publicly Available Exploits(演示:搜索公开可用的漏洞)
https://www.exploit-db.com/
Verified
: There is a verification filter here, that allows you to only display exploits that have been verified.
Filters
We can Filter by Type
. We can specify the type of exploit.
If we’re trying to exploit a target remotely, the remote
option is what we would typically be utilizing in terms of a search filter.
If we’re trying to perform privilege escalation, then we would typically click on local
.
Search
1
2
vsftpd 2.3.4
eternalblue
Make sure that you’re only using verified exploit code, you can click on Verified
here.
For example, if I wanted to test out this exploit, it provides me with the actual affected version of vsftpd, which I can then install and run the exploit code against to perform local testing to ensure that this particular exploit does indeed work.
Has App
: To only display the exploits that have the available, vulnerable application.
EDB-ID
: It also has a unique exploit database id, this will come in handy when we will be utilizing searchsploit.
GHDB
: Google Hacking Database, which contains a series of Google Docs or Google search filters that allow you to search for affected websites or services that are publicly exposed.
SearchSploit – The Manual
https://www.rapid7.com/db/
Rapid 7 is probably the best way to identify Metasploit modules or exploits that have been ported into Metasploit modules to automate the exploitation process.
1
2
vsftpd Module
eternalblue Module
Utilize Google Docs to fine tune your searches with Google.
1
2
3
4
vsftpd 2.3.4 site:exploit-db.com
openssh 7.2 site:exploit-db.com
vsftpd 2.3.4 site:rapid7.com
vsftpd 2.3.4 site:github.com
Packet Storm
https://packetstormsecurity.com/
Tools