When people search for exploits, they often turn immediately to google, which is fine, however they often bypass the extremely useful tool already built into Kali, which is “searchsploit”, and is an offline version of exploitdb.com
The problem is that the exploits hosted on Exploit-DB are submitted from the exploit authors, and their exploit title tend to differ slightly. This means it can often take multiple different search terms to find the exploit you are looking for.
Lets take an example:
So we’re on a box and we check to see what the version and distribution type of linux is running, so we issue the following:
I get zero matches! damn…..so does that mean there’s no exploit available for this system?
Well lets think about this a different way….
What if the exploit posted on exploit DB that does happen to work on this version of Ubuntu was labelled differently?
What if the exploiter labelled it as Ubuntu 12.x ?
What if the exploiter labelled it as Ubuntu <= 13.0 ?
What if the exploiter labelled it as Ubuntu >= 11.x ?
There are loads of other ways it could’ve been labelled, but the point is, if we don’t find an exact match on the term we searched for, it doesn’t necessarily mean that there isn’t an exploit available.