M7L3: Easily Find an Exploit in Exploit DB and Get It Compiled All from Your Terminal

I need to share with you an easy method of locating an appropriate exploit from the Exploit Database (EDB), getting it compiled, and running it all inside the terminal. Copies of all exploits that are listed on the Exploit Database are already saved on our file systems. Once another new exploit is published on the database, it will be auto-populated into our files when we update the VM.

Step 1: ./Searchsploit

My example below shows a target that’s running Apache 2.0.x., that’s no longer supported, as the most recent Apache versions are 2.4.x and 2.2.x. Navigate to /usr/share/exploitdb

# ./searchsploit apache 2.2

Several exploits are returned. I narrow down to most appropriate exploits depending on the kind of platform in use plus any other relevant factors I learned in the recognizance phase.

Step 2: Select Exploit and Copy to Root

Step 2: Choose your Exploit and Copy it to the Root

I will try to use and exploit 3996.c as my target of choice runs Windows; therefore, I will try using exploit 3996.c. Next, I will copy the exploit on over to my root directory for ease of use

cp /usr/share/exploitdb/platform/windows/remote/3996.c /root/3996.c

Step 3: Review File Using Gedit

Move to /root and gedit the exploit.
gedit 3996.c
Analyze the exploit to acquire more information including requirements and usage.

Step 4: Compile the Exploit

The next step is compiling the exploit. My file in this example is written in C+, as signified by the ‘.c’. I will similarly retitle my exploit ‘apache’ with the use of switch ‘-o’

gcc 3996.c -o apache.

To execute I need to enter:

Step 5: Permissions

I don’t see this example giving you any problems with permissions for any reason, however, if it does, take permission of the file by issuing the following command, using the above example.

chmod +x ./apache

Hope you enjoyed!

Back to: Ultimate Hacklab Self Paced > Module 7: Compiling/Modifying Exploit code