Hello everyone! Hope everyone having good day!! I wanted to share an easy way to locate an appropriate exploit from the EDB, get it compiled, and run it all from inside the terminal.
A copy of every exploit listed on the Exploit Database, is already saved to our file systems. When a new exploit is published on the database, it will be auto-populated into our files when we update the VM.
In my example, I have a target I see is running Apache 2.0.x., which is no longer maintained, as the current versions are Apache 2.4.x and 2.2.x. Navigate to /usr/share/exploitdb
# ./searchsploit apache 2.2
A number of exploits are returned. I narrow the appropriate exploits down based on the type of platform being used and any other applicable factors i learned during the recognizance phase.
My target is running Windows, so I'm going to try, exploit 3996.c. I'm going to copy the exploit on over to my root directory so it's easier to work with.
cp /usr/share/exploitdb/platform/windows/remote/3996.c /root/3996.c
Navigate to /root and gedit the exploit.
Review the exploit for additional information such as usage and requirements..
Finally, compile the exploit. In this example, my file is written in C+, as indicated by the '.c'. I'm also going to rename my exploit 'apache' by using switch '-o'
gcc 3996.c -o apache.
To run it I enter:
I don't think you'll have any issues with permissions at all in this example, but for some reason if you do, take permission of the file by issuing the following command, using the above example.
chmod +x ./apache
Hope you enjoyed!
Want to start making money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.