• Email info@cyberry.co.uk
  • using searchsploit to find exploits

  • When people search for exploits, they often turn immediately to google, which is fine, however they often bypass the extremely useful tool already built into Kali, which is “searchsploit”, and is an offline version of exploitdb.com

    The problem is that the exploits hosted on Exploit-DB are submitted from the exploit authors, and their exploit title tend to differ slightly. This means it can often take multiple different search terms to find the exploit you are looking for.

    Lets take an example:

    So we’re on a box and we check to see what the version and distribution type of linux is running, so we issue the following:

    root@kali:~$ cat /etc/lsb-release
    cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=12.04
    DISTRIB_CODENAME=precise
    DISTRIB_DESCRIPTION=”Ubuntu 12.04.5 LTS”

    OK so I know exactly what version of Ubuntu I’m running – 12.04.5 LTS

    Lets have a look for an exploit on this version of Ubuntu

     

    I get zero matches! damn…..so does that mean there’s no exploit available for this system?

    Well lets think about this a different way….

    What if the exploit posted on exploit DB that does happen to work on this version of Ubuntu was labelled differently?

    What if the exploiter labelled it as Ubuntu 12.x ?

    What if the exploiter labelled it as Ubuntu <= 13.0 ?

    What if the exploiter labelled it as Ubuntu >= 11.x ?

    There are loads of other ways it could’ve been labelled, but the point is, if we don’t find an exact match on the term we searched for, it doesn’t necessarily mean that there isn’t an exploit available.

    Ok…lets try widening the search a bit

     

    root@kali:~$ searchsploit ubuntu 12

    I now get 8 hits! We’re making some progress! So the next thing will be to try and drill down on those results.

    a couple of these results refer to 64-bit versions. Are we dealing with 64-bit? nope…ok lets get rid of any reference to 64-bit versions then with grep:

    Some of the exploits also mention the Linux Kernel version. What version are we using?

    A quick check with the following:

    uname -r

    Looks like we’re using Kernel version 3.14.0

    Hopefully you can spot the exploits we should be focusing on.

    remember not to narrow your search too much or you might miss something.