Results 1 to 4 of 4

Thread: Finding which exploit will do the job!!!

  1. #1

    Finding which exploit will do the job!!!

    Hi,

    I have built my security lab and i`m enjoying messing about with it, although iv come to a bit of a problem, I can recognise exploits using nessus, but then how can you find out which exploit is the best to use for this perticular task, obviosly in the real world you cant trial them. Is it a case of just trying them, or googling and finding info on the spoit first???

    Thanx

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    There is not a great deal of exploits available for individual services. You will usually need to find the type of service and revision number at a minimum, most exploits will also need the OS version and patch state to be of a certain type and at a certain level, others need all of the above and maybe things like a directory, valid login account etc.

    Sites like milw0rm offer a searchable index of exploits however be careful as there are some on there that actually attack your machine..

    Start off searching for exploits that are used against the service you want to attack, then narrow these down to the ones that work with the revision of your service - more than likely you will only have one or two that are usable - then read the headers of them to find out what additional parameters you need to provide...if you don't have all the info needed, then you will need to do a bit more groundwork against your target to get it.
    Last edited by Nokia; September 19th, 2007 at 01:38 PM.

  3. #3
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  4. #4

Similar Threads

  1. Exploit already available for Windows vulnerability
    By Black Cluster in forum Microsoft Security Discussions
    Replies: 3
    Last Post: October 14th, 2005, 08:44 AM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. finding a bug or a exploit in unix flavours
    By enjoy_lovelife in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: August 7th, 2002, 11:47 AM
  4. Cloaked Exploit Scanner II
    By ntsa in forum The Security Tutorials Forum
    Replies: 3
    Last Post: July 21st, 2002, 04:00 PM
  5. Finding Exploit Lists
    By Montezuma in forum Microsoft Security Discussions
    Replies: 5
    Last Post: March 29th, 2002, 02:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •