-
September 13th, 2007, 03:33 AM
#1
Member
after checking securityfocus for vulnerability...
after I scan a host and go to securityfocus and identify a given vulnerability..how do I use the exploit?....the come in form of .pl(perl), or .c(C) and even in .exe. How do you run this exploits agains the target machine?
thanks in advance
-
September 13th, 2007, 09:33 AM
#2
I do not think that we are in the business of giving coaching sessions on how to run exploits against vulnerabilities.
Please bear in mind that this is a public forum and that anybody and their cat can read it. This includes every script kiddie in cyberspace
If anyone wishes to respond, please use the PM system and keep it private.
My personal view is that if someone doesn't know how to run an exploit against a target; they are trying to run before they have learned how to walk.
Last edited by nihil; September 13th, 2007 at 11:55 AM.
-
September 13th, 2007, 11:08 AM
#3
If it is a C exploit then you need to compile it - depending on your Operating System this is done in different ways. Linux has the GCC app that comes natively with most installations. With windows you will have to download one of your choice (googleing for 'free windows C compilers' gives you a huge list')
Perl, Python etc all need the respective libraries installing - going to the relevant home page for the language will invariably lead to a downloads section with the relevant libraries for your operating system.
Usually the exploit will have a small paragraph at the top explaining what it does and how to use it - if it doesn't, reading the source code will give you more of a hint of what information is needed (you don't need to understand the source code to read it - just look out for thing like 'enter the remote IP' etc)
Failing that, run the exploit (usually from the command line) and it will ask you to enter the relevant details which are usualy the remote IP address, remote port and the local IP and port (if a reverse shell is to be created.), other exploits such as those against web server may ask for directories etc.
Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.
It always pays to read through the source code - even if you know nothing about the language you will be able to spot references to your own system....
Last edited by Nokia; September 13th, 2007 at 11:17 AM.
-
September 13th, 2007, 11:53 AM
#4
Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.
That is very true!
Also, you may be required to understand the operating system and application/service that you are trying to exploit, as well as the nature of the exploit.
IMO those "this is for educational and research purposes" disclaimers would not stand up in many courts.
Because of this, the author may well have posted a slightly incomplete or "neutered" version that will not work "out of the box".
That way they ensure that only people who know what they are doing can make it work, and that anyone who does so takes at least the major part, if not all of the responsibility for the consequences.
It is a much stronger defence to be able to say that what you published could not be used for malicious purposes as it stands.
-
September 14th, 2007, 12:33 AM
#5
Member
well I'm doin it for learning proposes, against my vmware machines.....I guess that once you find an exploit in the security focus website and it will generate the code for you....you just copy and pasted into your metasploit directory and run it against your target machine, and of course in case of the .c file you'll have to compile it first....
also I notice that most of the exploits in the /pentest/framework3 or 2 have the .rb extension I'm assuming is for ruby....once I have selected a source code for a new exploit and compile should I drop it on the framework3 directory? and where b/c in that directory there are two files that seem to have exploits in them the /exploits and the /modules directory they both contain .rb files or it doesn't matter......any input appreciated
________
Last edited by k_tech; September 14th, 2007 at 07:19 AM.
-
September 14th, 2007, 04:53 PM
#6
Metasploit is a framework.. It has nothing to do with the exploits posted at sec.focus. The exploits found at sec.focus aren't "generated" they are posted by the user community and they may or may not use the metasploit framework. Most of them are basically used "stand-alone".
If you don't know what to do with it then you need to read up.. As Nihil said, you're trying to run before you can walk.
Start by reading up on the various ways to exploit bugs, things like buffer overflows, format string exploits, sql/command injections etc. Once you know how the basics work you can move on to the more or less "real world" scenario you're trying now.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By SDK in forum Web Security
Replies: 9
Last Post: January 15th, 2005, 07:28 AM
-
By t3gilligan in forum *nix Security Discussions
Replies: 18
Last Post: February 28th, 2004, 02:31 AM
-
By cheyenne1212 in forum *nix Security Discussions
Replies: 7
Last Post: August 21st, 2003, 05:03 AM
-
By draziw in forum Miscellaneous Security Discussions
Replies: 12
Last Post: July 21st, 2002, 06:41 AM
-
By DjM in forum Security Archives
Replies: 0
Last Post: November 22nd, 2001, 03:55 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|