|Exploit Database knowtechno.com|
Hello guys in today’s post we will discuss about what are the things we were not doing to be in the list of modern blackhats and the top in the list is “Not Knowing About The Exploit-db”. Till now we have all been working only on the mainstream exploits which were well known but old enough to sometimes fail mainly for the updated operating systems. But now it is time to move on to the next step. Many of us may have already realized till now that it is pretty hard to break into a fully updated and patched operating systems so to move on to the real world of penetration testing we first have to know about the exploit-db.
What really is exploit-db?
It is simply a database of all the exploits developed till now and they keep updating regularly. Here pentesters write an exploit for the known vulnerability and then they upload their work on the exploit-db for other pentesters to see.The whole site is fully maintained by Offensive Security, they are the mind behind Backtrack, Kali, Metasploit Unleashed etc.the layout of the site is easy enough to navigate and download the desired updated exploits but just downloading them will not do the trick you will have to integrate it to the metasploit framework to make it work.
Lets get to the topic how to get those updated modules:
Now sometimes what a user needs to do is just update the present metasploit framework to get the latest modules without messing up.
Just type in the command:
Hopefully this will update the framework with the latest modules.
But if the above method fails the second alternate is to put the exploits manually in the exploit directory after downloading from the exploit-db.
The downloaded exploit should be placed into the directory /.msf4/modules/exploit/
any exploits placed here will be detected by the metasploit framework and the next time you type use /exploit/exploit_name it will come up.
Downloading the exploit from the Exploit-db:
For example purpose I will be using here Apache Jetspeed Arbitrary exploit from https://www.exploit-db.com/exploits/39643/ what you need to do is to click on the source button in the download exploit part as shown below.
And save the file to local directory.
Now for the downloaded exploit to work we have to move it to the directory of metasploit framework.
You should know yourself on how to do this but I am showing the steps involved for the newbies there.
1. The Command Line Method:
For command line method you will need to know about two commands which are going to do all the work here a.> mkdir b.>cp
Now type the commands given one by one.
Now comes the moving exploit part and for that meet and say hi to “cp” command. Now type in the following command to move the downloaded file to desired location.
In the above command my downloaded file was in the downloads directory assume if your downloaded file was in the root directory then the command would change accordingly like below.
Now comes the final steps verifying the files are in place or not for that simply type in the following two commands one by one.
It will show the list of files and folders in the directory if the moved file name is present in the list then you are done and the exploit is ready to be used with metasploit framework.
2. GUI Methods (Easy method for noob):
1. Go To computer-> root. Now you will not be able to see the .msf4 folder as the folders with “.” prefix are hidden to see that folder click on the button with nine dots just in right of the search button in Kali Sana and in Kali rolling for Kali older version there is a view option in that click on the show hidden files option. Now the folder will be in front of you.
2. Open The folder modules->exploits and create a directory there named what ever you want I am using browser for example purpose open that folder and create another folder named apache or anything you like.
3. Now copy the file downloaded and before from the exploit-db and paste it in the “~/.msf4/modules/exploits/browser/apache” and done. Now restart the msfconsole or type in reload_all in the terminal this will add any new module/modules placed in the directory.
I Hope the info was good enough and please let me know if any doubts in the comments.