Time
7 minutes
Difficulty
Intermediate

Video Transcription

00:02
Hello, everyone. And welcome back to breaking stuff with Joe. I as always and you're eponymous hosts Joe Perry, director of research here at Psy Bury. Today we're gonna be talking about something that's a little bit off the beaten path for honorable breaking stuff with Joe videos. Because what we're describing today isn't really a tool
00:19
so much as it is just a clearing house of information. And the tool or the
00:23
topic of today's video is the exploit database. Exploit D. B. Now you've never heard of this. The Exploit database is run by Offensive Security, which is the same company that is respond that manages Callie and manages all of its distributions, as well as the O. S. C. P certain and all sorts of other Callie and Pen testing related Certs Phenomenal Company,
00:42
great utility of the pen testing world.
00:44
And this tool. This exploit database is one of their best products. The Exploit database is a massive collection of C. E. V E's and related shell code, or exploit our techniques that take advantage off those C V E s A. C V e. A common vulnerability and exposure. We're gonna discuss those and understand what they are in sort of the submission process and why they're important.
01:03
This video is gonna be good. Unlike breaking stuff, Joe videos normally, which are mainly for pen testers.
01:08
This is for everyone. If the security of a network or a system is important to you, this database is important as well, because what it does is it provides you with information not only on what vulnerabilities exist, but whether or not someone actually has a product I exploit for them. Now, obviously, it's not exclusive. It is possible that someone just didn't upload to the exploit. Maybe.
01:29
But, you know, if you find a technique there,
01:30
you're probably in trouble. So it's a really useful utility across the security spectrum, and it's one that you should definitely make use up over the course. This video again, we're gonna discuss CVS what they are, why they're important, how we can understand and read them. We're gonna navigate the exploit d B. And we're going to see what various options and utilities are available to us through that service.
01:49
So stay tuned. It's gonna take about eight minutes, and we're gonna knock this thing out.
01:53
And, of course, by the end of this, you will know how to use the exploit database, toe break stuff every day.
02:00
So this video is a little bit different from most of the breaking stuff with Joe videos, because instead of walking through a given tool, we're actually going to be going to a website, and you can see that, obviously, on your screen. Now this website is the exploit database or exploit DP. It's actually run by offensive security, which is the same group of people who maintain Callie and make it available for all of us.
02:19
It's a spectacular resource, one of the best resources in the world for a penetration, testing
02:23
and what this actually is. What the expert D. B is actually, four is. It goes through in all the different CV ease that used to get published. All of the vulnerability reports that you see very often when you're performing penetration desk. You'll find one of those CDs, but you won't actually have any way to take advantage of it. Short of, you know, manually riding out your own shell code or grown attack.
02:42
And when you're doing the security examination against a large system, you're performing analysis against a massive organization.
02:47
It could be extremely time consuming and prohibitively difficult to find it to create an exploit for every vulnerability that's out there
02:54
and you're the exploit. BB. What this
02:58
wonderful utility fantastic tool does is just collect all of the published exploits for those CVS so you can see here on the on the side. It's got a bunch of different options. It's got it's got just the list of exploits. It's got the database paper shell code. This again is just the street shell code that you can insert into whatever your attack is in order to actually
03:17
perform the operation.
03:21
So if we wanted to do a search, we can use the search split manual that'll give us information on how we could perform searches.
03:27
Click that Wait for it to load
03:30
VM on isn't terribly fast, so it might take just a couple seconds to load.
03:35
There we go,
03:36
and here you can see it's got all of the information sort of the command line search tool you need for the exploit D. B. And this actually comes with a full manual of how to use it and how to actually perform searchers I tend just to use the Web browser interface depends on kind of a person as to whether or not used
03:53
the Web browser to find your tool or if you use the command line.
03:55
Using the command line is nice, because you can just very quickly download using that tool. But using the Web browsers a little bit, I think easier to navigate, especially if you don't know exactly what I split you're looking for. We could much more easily track it down. And then, of course, you could always pull down that given exploit
04:13
from the command line. Once you found it on here.
04:15
Let's go back here. We just want to search the database.
04:18
Let's say we want to look for we don't have a specific CV in mind.
04:23
Let's say we want to look for something targeting.
04:28
Let's say Mac OS, because there aren't a ton of those out there and it's always nice to see if it's always nice to find one.
04:33
And you could see there a few different options on what kind of attacks of denial of service, local attack, remote shell code. In this case, I think we're gonna go ahead and see if there's anything that'll give a shell code
04:44
and they're different tagging options that we would look at buffer overflows, code injection process, your request, forgery, all sorts of different attacks like that.
04:51
No need to go too far into it. And we can go ahead and just hit search with just our information on Mac OS and Shell Code and see what we get back.
05:00
And like I said, there aren't tons and tons of exploits against Mac OS there in this case that we've only got a
05:06
a small handful. Looks like the date on each of these is the same day in February, and they were all published by the same author. So whoever this is, they definitely found something great and decided to run with it
05:17
once we actually find the expert that we're looking for. So in this case, a reverse TCP show. We'll just open up
05:24
and you can see that it's got essentially just a straightforward
05:27
get hub sort of code readout. You can see that this is all done. An assembly and they've gotta straighten, will not a straightforward, but they've got their process sort of built out in this so you can either figure it out yourself and run it down here. Below that, we've got some C code. You another figure out, you know, sort of piece by piece what all this is doing and replicate it yourself or much more easily.
05:46
You can just download this source code and add it to whatever you're attacking. Method is
05:49
it's a very, very quick way to perform your operation. You can see it's got a G C. It's got compilation information. This can get a horror, was absolutely phenomenal and actually put in really high quality code. That makes it very easy to see what you're trying to do.
06:04
So that's how easy it is. If you've got a specific CV you're looking for, you can just type it into this box here. For some reason, you know what you're looking for. Just by title. You're a very strange person if you know the title faster than you're the C, V E or any of the content. But hey, maybe that's you.
06:19
But it's a very easy tool to use. And, as I showed it, just a massive database of all sorts of information. Every single explore every vulnerability you could really hope to find there is an exploit for it here. Generally speaking, if a C V e goes up, that's of any meaningful severity like even just like a six or above. You're going to see exploit code up on the exploit d B
06:39
within 24 to 48 hours.
06:41
It's a phenomenal tool and I highly recommend you use it. Which is why we took a break for doing a proper sort of cool video to just check out this exploit Devi website.
06:49
So that's gonna be all there is for this video. Thank you all so very much for watching. And we hope to see you back on breaking stuff with Joe here on Cyber eri on demand.

How to Use ExploitDB (BSWJ)

Maintained by Offensive Security (the organization behind Kali Linux), the ExploitDB is the most complete collection of exploit code in the world. It's an invaluable resource to any penetration tester. With this video, you'll become familiar with this database, and you'll better understand how to leverage it in your security work.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor