Locating and verifying publicly available exploits

Many a time, penetration testers find a zero-day exploit during their tests, which they normally inform the company of. However, in the real case of attackers, any vulnerabilities that are found will be made into an exploit, which is then sold for money/fame. One of the important aspects of penetration testing is to find publicly available exploits on the internet and provide proof of concept.

The initial exploit database that was born on the internet was Milw0rm. Using the same concept, we can see multiple similar databases that can be utilized by the penetration testing community. The following are the list of places where attackers would primarily look for exploits:

  • Exploit-DB (EDB): The name says it all—it is a database archive of public exploits on the internet, along with the software versions that are vulnerable. EDB was developed by vulnerability researchers and penetration testers, who are driven by the community. Penetration testers often use Exploit-DB as a proof of concept rather than an advisory, making it more valuable during a penetration test or Red teaming exercise:
    • EDB is embedded into Kali Linux 2.0 as part of the build release and it has made it fairly simple to search for all the available exploits through searchsploit. The advantage of EDB is that it's also common vulnerabilities and exposures (CVEs) compatible. Wherever applicable, the exploits will include the CVE details.
  • Searchsploit ftp windows remote: Searchsploit is a simple utility in Kali Linux for finding all the exploits from EDB, with a keyword search to narrow down an attack. Once you open the Terminal and type searchsploit, you should be able to see the following:
  • SecurityFocus: SecurityFocus is another source of information where all of the publicly disclosed vulnerabilities are published, along with their CVEs:
    • Let's start by navigating to www.securityfocus.com and searching all of the vulnerabilities. Now, the attackers should be able to see the following screenshot, which allows the penetration testers to find all of the disclosed vulnerabilities for all of the products:
    • In SecurityFocus, all of the reported vulnerabilities are stored in the form of a bid. It mainly includes the sections that are shown in the following screenshot for every vulnerability:

The various sections in SecurityFocus can be explained as follows:

  • info: This provides information details about the vulnerabilities and the affected platform, along with the bugtrack ID
  • discussion: This provides details about the reported vulnerability
  • exploit: If there is any public exploit code written, it will be available for download
  • solution: This provides the latest service pack details and the hotfix details
  • references: This includes all the discussions, bugtrack references, and solution references to the reported vulnerability
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
54.147.30.127