Mulele seven public exploits
where to look for public exploits
are learning objectives are to identify resources for finding exploit code for vulnerabilities, understand the benefits of finding public exploit code
and know how to download this code or use Callie's search Split
exploit DB. So if you've been with me this far, you have seen me use exploit DB on a few occasions and using the exploit code within exploit DB or finding vulnerabilities
based off google, I'll use google searches for like in this case Konica Minolta and exploit DB. If you know, google dorking, you could do site colon exploit dB and it will give you all the Konica Minolta vulnerabilities and exploit DB. Or you can just go to exploit DB and search in their search function
for a exploit for whatever service that you found vulnerable. Service that you found
or hope that is vulnerable.
So it's not always verified by exploit DB. If it is, it will have that check mark, you'll see that he? D be verified checkmark, Which means that they verify the code.
Um I found on, you know, they try to do their good job of verifying the exploits in the database.
Um but many are not verified and I found many that do work that are not verified by exploit DB.
So you can download the code itself
or and I should say you can download the vulnerable application. This is how I build my labs. As I find an exploit that has the exploit code and the vulnerable haP I download the app and then I use the exploit code to exploit it and see how it works.
Keep keep in mind that the exploit code some are better than others. Some have comments in them that are very helpful
in this case. You see that their comments in this script that say how to set up your Net cat listener. Not all of them are that user friendly. Some are
you know, the bare bones exploit code or some exploit code. I've seen do things that I'm wondering why,
you know, why did you add that? Why did you add that sequel map command in there? Which you you should have seen in the in the web attack lab?
Um that sequel map had a it drops you into a sequel shell. I don't know why it did that. So keep in mind that the exploit code that you find and exploit DB um
you know, it is useful but understand what the code does and I think I keep coming back to that, understand what the code does.
Um The offline version of exploit DB is searchlight. So everything that's an exploit DB should also be in search flight. Of course, search Floyd is an offline database. So you'd have to update it if it's a very recent vulnerability and you can do that with searchlight attack you to update.
And speaking of certain exploit here, it is is the command line tool
in Cali Lennox. The offline exploit dB that you can search for keywords.
Um you can also, as you'll see here, I'm just printing what this kind of communal to vulnerability is with attack. P. A useful thing I found is you can do tack em and it will copy that exploit in the current working directory so you don't have to find it, you know, here's the path users share exploit. DB exploits. Windows remote
39215 dot py If you if you're in desktop and you do the attack m option and the dot for your current working directory, they will put on your desktop so you don't have to fish for that specific file.
Cbe details. We've seen this before, but I really do like cv details because it gives you everything. It gives you a CVS s score that you can use in your report. Uh it gives you different references whether it's the exploit itself. As you see here, it has the exploit. DB link
and also the security patches. Because of course when you're writing your report, it's not only the vulnerability or the exploit, it's also how to fix the vulnerability. Also gives you the Konica Minolta ftp utility, one point Oh, medicine Floyd module. So, you know as well that this is also in medicine flight.
So I find cv details to be very, very helpful.
packet storm reminds me of exploit dB um it does have exploit code in there and there are search functions in there to search for specific vulnerabilities. Um you know, you can download and check that, it does give you an MD five hash, so you can check that the file that you're downloading is in fact not
malicious or hasn't changed.
Um So I've used some code from packet storm, I find it to be very similar to exploit DB, I don't know if they share the exact same code
um but in many cases I find the same code snippets in exploit DB that are also in packet storm.
Git hub. So I've also found exploits in GIT hub as well. Just keep in mind that these aren't vetted, these are not vetted, like exploit DB. So anyone can post their code and Git hub and of course it could be malicious, it could be something that removes all of your files
um causes a back door in your system and that's why I always go back to
know what the code does. Of course you see here in Git hub, this is Rapid Sevens GIT repo for medicine flights. So we know that, you know, that's not going to have any kind of malware and we hope,
but we also see that is it is a medicine plate module for the Konica Minolta vulnerability. So, you know, I've I've used people's codes in GIT hub and found it to be pretty useful. Um But again, just know where you're downloading from.
CTF write ups, believe it or not, I found a lot of helpful walk throughs and guides
in C. T. F write ups. Specifically things like hack the box where you can look at a full right up as how this person and you see here machines in preparation for the osc P. So they do full walk throughs from scanning to exploitation to privilege escalation.
You know, I find these to be very very helpful. So don't discount
um exploit code or paths from the CTF write ups.
So also medium, the website.
I find it very helpful as well that they have also they also have all these write ups that you can look at for things like hack the box or other CTF challenges. Um I subscribe to medium, so I usually every morning get an email with Cts and things like that. So I I typically check that because
there are people on medium who write about the most recent
pen testing techniques. So I like Medium a lot.
So here's our quiz question, which website is also owned by offensive security and can be searched locally within Callie, is it packet storm
cV details or exploit DB?
And another quiz question, what is the name of the offline database of exploit code within Cali?
Is it search exploit? Search exploit or search Cali?
So in summary, we should now be able to be able to identify resources for finding exploit code for vulnerabilities, understand the benefits of finding public exploit code and know how to download this code or use Callie's search flight.