Where to Look for Public Exploits

00:01

Mulele seven public exploits

00:04

where to look for public exploits

00:06

are learning objectives are to identify resources for finding exploit code for vulnerabilities, understand the benefits of finding public exploit code

00:15

and know how to download this code or use Callie's search Split

00:19

exploit DB. So if you've been with me this far, you have seen me use exploit DB on a few occasions and using the exploit code within exploit DB or finding vulnerabilities

00:31

based off google, I'll use google searches for like in this case Konica Minolta and exploit DB. If you know, google dorking, you could do site colon exploit dB and it will give you all the Konica Minolta vulnerabilities and exploit DB. Or you can just go to exploit DB and search in their search function

00:50

for a exploit for whatever service that you found vulnerable. Service that you found

00:56

or hope that is vulnerable.

00:58

So it's not always verified by exploit DB. If it is, it will have that check mark, you'll see that he? D be verified checkmark, Which means that they verify the code.

01:07

Um I found on, you know, they try to do their good job of verifying the exploits in the database.

01:15

Um but many are not verified and I found many that do work that are not verified by exploit DB.

01:22

So you can download the code itself

01:25

or and I should say you can download the vulnerable application. This is how I build my labs. As I find an exploit that has the exploit code and the vulnerable haP I download the app and then I use the exploit code to exploit it and see how it works.

01:40

Keep keep in mind that the exploit code some are better than others. Some have comments in them that are very helpful

01:47

in this case. You see that their comments in this script that say how to set up your Net cat listener. Not all of them are that user friendly. Some are

01:57

you know, the bare bones exploit code or some exploit code. I've seen do things that I'm wondering why,

02:04

you know, why did you add that? Why did you add that sequel map command in there? Which you you should have seen in the in the web attack lab?

02:10

Um that sequel map had a it drops you into a sequel shell. I don't know why it did that. So keep in mind that the exploit code that you find and exploit DB um

02:22

you know, it is useful but understand what the code does and I think I keep coming back to that, understand what the code does.

02:29

Um The offline version of exploit DB is searchlight. So everything that's an exploit DB should also be in search flight. Of course, search Floyd is an offline database. So you'd have to update it if it's a very recent vulnerability and you can do that with searchlight attack you to update.

02:46

Mhm.

02:47

And speaking of certain exploit here, it is is the command line tool

02:52

in Cali Lennox. The offline exploit dB that you can search for keywords.

02:57

Um you can also, as you'll see here, I'm just printing what this kind of communal to vulnerability is with attack. P. A useful thing I found is you can do tack em and it will copy that exploit in the current working directory so you don't have to find it, you know, here's the path users share exploit. DB exploits. Windows remote

03:17

39215 dot py If you if you're in desktop and you do the attack m option and the dot for your current working directory, they will put on your desktop so you don't have to fish for that specific file.

03:34

Cbe details. We've seen this before, but I really do like cv details because it gives you everything. It gives you a CVS s score that you can use in your report. Uh it gives you different references whether it's the exploit itself. As you see here, it has the exploit. DB link

03:50

and also the security patches. Because of course when you're writing your report, it's not only the vulnerability or the exploit, it's also how to fix the vulnerability. Also gives you the Konica Minolta ftp utility, one point Oh, medicine Floyd module. So, you know as well that this is also in medicine flight.

04:10

So I find cv details to be very, very helpful.

04:14

Mm

04:15

packet storm,

04:16

packet storm reminds me of exploit dB um it does have exploit code in there and there are search functions in there to search for specific vulnerabilities. Um you know, you can download and check that, it does give you an MD five hash, so you can check that the file that you're downloading is in fact not

04:34

malicious or hasn't changed.

04:38

Um So I've used some code from packet storm, I find it to be very similar to exploit DB, I don't know if they share the exact same code

04:46

um but in many cases I find the same code snippets in exploit DB that are also in packet storm.

04:54

Git hub. So I've also found exploits in GIT hub as well. Just keep in mind that these aren't vetted, these are not vetted, like exploit DB. So anyone can post their code and Git hub and of course it could be malicious, it could be something that removes all of your files

05:11

um causes a back door in your system and that's why I always go back to

05:15

know what the code does. Of course you see here in Git hub, this is Rapid Sevens GIT repo for medicine flights. So we know that, you know, that's not going to have any kind of malware and we hope,

05:26

but we also see that is it is a medicine plate module for the Konica Minolta vulnerability. So, you know, I've I've used people's codes in GIT hub and found it to be pretty useful. Um But again, just know where you're downloading from.

05:42

CTF write ups, believe it or not, I found a lot of helpful walk throughs and guides

05:47

in C. T. F write ups. Specifically things like hack the box where you can look at a full right up as how this person and you see here machines in preparation for the osc P. So they do full walk throughs from scanning to exploitation to privilege escalation.

06:04

You know, I find these to be very very helpful. So don't discount

06:10

um exploit code or paths from the CTF write ups.

06:15

So also medium, the website.

06:19

I find it very helpful as well that they have also they also have all these write ups that you can look at for things like hack the box or other CTF challenges. Um I subscribe to medium, so I usually every morning get an email with Cts and things like that. So I I typically check that because

06:39

there are people on medium who write about the most recent

06:42

pen testing techniques. So I like Medium a lot.

06:46

So here's our quiz question, which website is also owned by offensive security and can be searched locally within Callie, is it packet storm

06:54

cV details or exploit DB?

06:59

And the answer

07:00

exploit dB.

07:02

And another quiz question, what is the name of the offline database of exploit code within Cali?

07:08

Is it search exploit? Search exploit or search Cali?

07:13

And the answer

07:15

is search flight

07:15

between.

07:16

So in summary, we should now be able to be able to identify resources for finding exploit code for vulnerabilities, understand the benefits of finding public exploit code and know how to download this code or use Callie's search flight.