Ethical Hacking and Penetration Testing Guide
Using Exploit-db with BackTrack
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Using Exploit-db with BackTrack
|
Using Exploit-db with BackTrack
Another advantage of exploit-db is that it is available within BackTrack by default; this means that we can access exploit-db even when offline. The exploit-db database can be found in the /Pentest/exploits/exploitdb directory in BackTrack. Before starting your penetration test, it’s good practice to try updating the exploit database. The archive of all the exploits is available at the following address: www.exploit-db.com/archive.tar.bz2 All you need to do is to download the archive using the following command: wget www.exploit-db.com/archive.tar.bz2 Once the archive is downloaded, we will use the following tar command to extract the contents: tar –xvjf www.exploit-db.com/archive.tar.bz2 So now we have the archive with the latest exploits from exploit-db.com. Vulnerability Assessment ◾ 137 Searching for Exploits inside BackTrack The Offensive Security team has already created a script named “searchsploit”, which helps us search the exploit-db database for the exploit we need. The following is the syntax for searching a particular exploit by using the searchsploit script. You need to issue it from the /Pentest/ exploits/exploitdb directory. ./searchsploit Note : We can only specify up to three search strings. Whenever you look for an exploit, it will look in “files.csv”, which contains the index/location of each exploit. Let’s suppose that we are searching for all the exploits related to Windows remote DOS that could be used to compromise the availability of the target and hence causing denial of service. All we need to do is run the following command, which will return the paths of the exploits from the csv file: ./searchsploit windows remote dos Note : Using lowercase when searching for exploits will show more results. The last step is to append the path to the /platform directory. For example, on executing the command, the following output is returned: As you can see, the path for the “Quick ‘n EasY VER 2.4 FTP remote D.O.S” is /windows/ dos/593.pl. In order to access the proof of concept, we will use the following command: root@root:/pentest/exploits/exploitdb# cat platforms/windows/dos/593.pl The cat command is used to list the contents in the 593.pl, which is the proof of concept of the exploit written in Perl. 138 ◾ Ethical Hacking and Penetration Testing Guide The exploit gives information about the target vulnerable to it, the operating system of which the exploit was tested on (which in this case is Windows XP SP1) and other necessary details to execute the exploit successfully. By performing a service version detection with Nmap or simply by using banner grabbing with netcat, you will come to know that your target is running “Quick ‘n EasY VER 2.4”. Next, you can try running this exploit against the particular target to see if the target machine crashes. However, as mentioned before, oftentimes in a penetration test, you won’t have the privilege to perform a DOS attack. An important thing to remember is never download shellcodes from exploit databases without knowing what they are capable of . It’s common practice for hackers to add a backdoor to their codes, which will result in a full system compromise. We will learn more about shellcodes in the following chapters. Yüklə 22,44 Mb. Dostları ilə paylaş:
|