Adding More Exploits In Kali Installation.

By -
Exploit Database knowtechno.com
Hello guys in today's post we will discuss about what are the things we were not doing to be in the list of modern blackhats and the top in the list is “Not Knowing About The Exploit-db”. Till now we have all been working only on the mainstream exploits which were well known but old enough to sometimes fail mainly for the updated operating systems. But now it is time to move on to the next step. Many of us may have already realized till now that it is pretty hard to break into a fully updated and patched operating systems so to move on to the real world of penetration testing we first have to know about the exploit-db.

Visit Here For Much Better And Easier Way. or Here!

Exploit-db

From the Devs.
The Exploit Database (EDB) is a CVE compliant archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our goal is to collect exploits from various sources and concentrate them in one, easy to navigate database.

What really is exploit-db?

It is simply a database of all the exploits developed till now and they keep updating regularly. Here pentesters write an exploit for the known vulnerability and then they upload their work on the exploit-db for other pentesters to see.The whole site is fully maintained by Offensive Security, they are the mind behind Backtrack, Kali, Metasploit Unleashed etc.the layout of the site is easy enough to navigate and download the desired updated exploits but just downloading them will not do the trick you will have to integrate it to the metasploit framework to make it work.

Sponsored Links

Lets get to the topic how to get those updated modules:

Now sometimes what a user needs to do is just update the present metasploit framework to get the latest modules without messing up.
Just type in the command:
msfupdate

Hopefully this will update the framework with the latest modules.
But if the above method fails the second alternate is to put the exploits manually in the exploit directory after downloading from the exploit-db.
The downloaded exploit should be placed into the directory /.msf4/modules/exploit/
any exploits placed here will be detected by the metasploit framework and the next time you type use /exploit/exploit_name it will come up.
Note:You can choose any name in place of and it is also very important to use proper directory structure or else the exploit will not work and one more thing the exploit should be put in the sub directory of the ~/.msf4/modules/exploit/ or the exploit may not be detected by the framework.

Downloading the exploit from the Exploit-db:

For example purpose I will be using here Apache Jetspeed Arbitrary exploit from https://www.exploit-db.com/exploits/39643/ what you need to do is to click on the source button in the download exploit part as shown below.
And save the file to local directory.

Sponsored Links

Now for the downloaded exploit to work we have to move it to the directory of metasploit framework.
You should know yourself on how to do this but I am showing the steps involved for the newbies there.

1. The Command Line Method:

 For command line method you will need to know about two commands which are going to do all the work here a.> mkdir b.>cp
Now type the commands given one by one.
mkdir -p ~/.msf4/modules/exploits/browser/apache
Note:Here you can choose you desired name for the directories but you will need to remember to use the exploit

Now comes the moving exploit part and for that meet and say hi to "cp" command. Now type in the following command to move the downloaded file to desired location.
cp /home/knowtechno/Downloads/39643.rb ~/.msf4/modules/exploits/browser/apache
In the above command my downloaded file was in the downloads directory assume if your downloaded file was in the root directory then the command would change accordingly like below.

For root directory:
cp 39643.rb ~/.msf4/modules/exploits/browser/apache

Now comes the final steps verifying the files are in place or not for that simply type in the following two commands one by one.

cd ~/.msf4/modules/exploits/browser/apache
ls

It will show the list of files and folders in the directory if the moved file name is present in the list then you are done and the exploit is ready to be used with metasploit framework.

Sponsored Links

2. GUI Methods (Easy method for noob):


1. Go To computer-> root. Now you will not be able to see the .msf4 folder as the folders with "." prefix are hidden to see that folder click on the button with nine dots just in right of the search button in Kali Sana and in Kali rolling for Kali older version there is a view option in that click on the show hidden files option. Now the folder will be in front of you.



2. Open The folder modules->exploits and create a directory there named what ever you want I am using browser for example purpose open that folder and create another folder named apache or anything you like.


3. Now copy the file downloaded and before from the exploit-db and paste it in the "~/.msf4/modules/exploits/browser/apache" and done. Now restart the msfconsole or type in reload_all in the terminal this will add any new module/modules placed in the directory.

I Hope the info was good enough and please let me know if any doubts in the comments.

Comments

Post a Comment

Popular posts from this blog

Report Suggests Apple iPhone XI to sport Long Distance 3D Camera Calling support.

By -
Image
The next gen camera technology has been in talks for some time now and Sony has been burning night hours in making it ready for mass productions. According to talk between Sony and BloombergQuint, The Sony will be soon be boosting their 3D Camera sensors after getting positive response from the customers and positive response from the market. The Apple Inc. is one of their customers. This new tech may result in huge improvements and a revolution in the smartphone photography. Some rumours also suggest that the Apple is planning to implement augmented reality features to its future Flagships and the future flagships may come with tri-camera setup. And from the rumours one can anticipate that these new camera features will be used to draw potential customer in the year 2019 by Apple Inc.  But the plans may or may not succeed as the most awaited and most anticipated feature the market has been waiting for the year 2019 is the smartphones and flagships with 5G connect...
Read more

Hack WPA/WPA2 WPS Wifi Hack

By -
Image
When it was known that a WEP network could be hacked by any kid with a laptop and a network connection (using easy peasy tutorials like those on our blog), the security guys did succeed in making a much more robust security measure WPA/WPA2. Now hacking WPA/WPA2 is a very tedious job in most cases. A dictionary attack may take days, and still might not succeed. Also, good dictionaries are huge. An exhaustive bruteforce including all the alphabets (uppercase lowercase) and numbers, may take years, depending on password length. Rainbow tables are known to speed things up, by completing a part of the guessing job beforehand, but the output rainbow table that needs to be downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the security folks were at peace. But it was not over yet, as the new WPA technology was not at all easy for the users to configure. With this in mind, a new security measure was introduced to compliment WPA. Wifi Protected Set...
Read more

Affordable Galaxy Home Smart Speakers from Samsung Powered by Bixby

By -
Image
Image Credit: Samsung Recently Samsung introduced their Galaxy Home Smart Speakers powered by Bixby Assistant from Samsung and it is yet to hit the market, but rumours about them planning an affordable version of the speakers which will also be powered by their voice assistant Bixby. Although the full specification of the speaker is not yet known it is expected to have less features being the affordable one than the pricier one i.e. the Galaxy Home Smart Speakers. This could most likely be their strategy as the Galaxy Home Speaker may compete with the Apple HomePod which cost somewhere around 349 USD but for Samsung to compete with more affordable speakers available in the market like Google Home and Amazon Echo which are available at less than 200 USD or so they had to take this approach. Even though the launch Is not yet confirmed, for Samsung to be able to compete in this niche they will have to focus on the potential customers who opt for more affordable kind of appro...
Read more