Results 1 to 6 of 6

Thread: after checking securityfocus for vulnerability...

  1. #1
    Member
    Join Date
    Oct 2006
    Posts
    63

    after checking securityfocus for vulnerability...

    after I scan a host and go to securityfocus and identify a given vulnerability..how do I use the exploit?....the come in form of .pl(perl), or .c(C) and even in .exe. How do you run this exploits agains the target machine?

    thanks in advance

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I do not think that we are in the business of giving coaching sessions on how to run exploits against vulnerabilities.

    Please bear in mind that this is a public forum and that anybody and their cat can read it. This includes every script kiddie in cyberspace

    If anyone wishes to respond, please use the PM system and keep it private.

    My personal view is that if someone doesn't know how to run an exploit against a target; they are trying to run before they have learned how to walk.
    Last edited by nihil; September 13th, 2007 at 11:55 AM.

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    If it is a C exploit then you need to compile it - depending on your Operating System this is done in different ways. Linux has the GCC app that comes natively with most installations. With windows you will have to download one of your choice (googleing for 'free windows C compilers' gives you a huge list')

    Perl, Python etc all need the respective libraries installing - going to the relevant home page for the language will invariably lead to a downloads section with the relevant libraries for your operating system.

    Usually the exploit will have a small paragraph at the top explaining what it does and how to use it - if it doesn't, reading the source code will give you more of a hint of what information is needed (you don't need to understand the source code to read it - just look out for thing like 'enter the remote IP' etc)

    Failing that, run the exploit (usually from the command line) and it will ask you to enter the relevant details which are usualy the remote IP address, remote port and the local IP and port (if a reverse shell is to be created.), other exploits such as those against web server may ask for directories etc.

    Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.

    It always pays to read through the source code - even if you know nothing about the language you will be able to spot references to your own system....
    Last edited by Nokia; September 13th, 2007 at 11:17 AM.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.
    That is very true!

    Also, you may be required to understand the operating system and application/service that you are trying to exploit, as well as the nature of the exploit.

    IMO those "this is for educational and research purposes" disclaimers would not stand up in many courts.

    Because of this, the author may well have posted a slightly incomplete or "neutered" version that will not work "out of the box".

    That way they ensure that only people who know what they are doing can make it work, and that anyone who does so takes at least the major part, if not all of the responsibility for the consequences.

    It is a much stronger defence to be able to say that what you published could not be used for malicious purposes as it stands.

  5. #5
    Member
    Join Date
    Oct 2006
    Posts
    63
    well I'm doin it for learning proposes, against my vmware machines.....I guess that once you find an exploit in the security focus website and it will generate the code for you....you just copy and pasted into your metasploit directory and run it against your target machine, and of course in case of the .c file you'll have to compile it first....
    also I notice that most of the exploits in the /pentest/framework3 or 2 have the .rb extension I'm assuming is for ruby....once I have selected a source code for a new exploit and compile should I drop it on the framework3 directory? and where b/c in that directory there are two files that seem to have exploits in them the /exploits and the /modules directory they both contain .rb files or it doesn't matter......any input appreciated


    ________
    Last edited by k_tech; September 14th, 2007 at 07:19 AM.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Metasploit is a framework.. It has nothing to do with the exploits posted at sec.focus. The exploits found at sec.focus aren't "generated" they are posted by the user community and they may or may not use the metasploit framework. Most of them are basically used "stand-alone".

    If you don't know what to do with it then you need to read up.. As Nihil said, you're trying to run before you can walk.

    Start by reading up on the various ways to exploit bugs, things like buffer overflows, format string exploits, sql/command injections etc. Once you know how the basics work you can move on to the more or less "real world" scenario you're trying now.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Automates Google hacking
    By SDK in forum Web Security
    Replies: 9
    Last Post: January 15th, 2005, 07:28 AM
  2. Hacked Red Hat 7.3
    By t3gilligan in forum *nix Security Discussions
    Replies: 18
    Last Post: February 28th, 2004, 02:31 AM
  3. Install error
    By cheyenne1212 in forum *nix Security Discussions
    Replies: 7
    Last Post: August 21st, 2003, 05:03 AM
  4. News: Symantec to acquire SecurityFocus
    By draziw in forum Miscellaneous Security Discussions
    Replies: 12
    Last Post: July 21st, 2002, 06:41 AM
  5. News from SecurityFocus
    By DjM in forum Security Archives
    Replies: 0
    Last Post: November 22nd, 2001, 03:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •