control – exploitdb

Backtrack 5R1

/pentest/exploits/exploitdb

Manual update when required

wget http://www.exploit-db.com/archive.tar.bz2
tar -xvjf /pentest/exploits/exploitdb/archive.tar.bz2
rm /pentest/exploits/exploitdb/archive.tar.bz2

—————————————————————————
To search for exploits

root@bt:/pentest/exploits/exploitdb# ./searchsploit splunk
Description Path
————————————————————————— ————————-
Splunk Remote Root Exploit /multiple/remote/18245.py
Splunk Remote Root Exploit /multiple/remote/18245.py
Splunk Remote Root Exploit /multiple/remote/18245.py
Splunk Remote Root Exploit /multiple/remote/18245.py

—————————————————————————
Usage example

root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# python 18245.py -h

Usage: Run 18245.py -h to see usage options

Options:
–version show program’s version number and exit
-h, –help show this help message and exit
-t TARGETHOST IP Address or hostname of target splunk server
-c Generate CSRF URL only
-f Target is configured to use a Free licence and does not
permit remote auth
-w SPLUNKWEB_PORT The Splunk admin interface port (Default: 8000)
-d SPLUNKD_PORT The Splunkd Web API port (Default: 8089)
-u USERFILE File containing usernames for use in dictionary attack
-p PASSFILE File containing passwords for use in dictionary attack
-U USERNAME Admin username (if known)
-P PASSWORD Admin pasword (if known)
-e USERPAIR Attempt to add admin user via priv up directory traversal
magic. Accepts username:password
—————————————————————————
Other example

root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# python 17969.py -h

CVE-2011-3368 proof of concept by Rodrigo Marcos
http://www.secforce.co.uk

usage():
python apache_scan.py [options]

[options]
-r: Remote Apache host
-p: Remote Apache port (default is 80)
-u: URL on the remote web server (default is /)
-d: Host in the DMZ (default is 127.0.0.1)
-e: Port in the DMZ (enables ‘single port scan’)
-g: GET request to the host in the DMZ (default is /)
-h: Help page

examples:
– Port scan of the remote host
python apache_scan.py -r http://www.example.com -u /images/test.gif
– Port scan of a host in the DMZ
python apache_scan.py -r http://www.example.com -u /images/test.gif -d internalhost.local
– Retrieve a resource from a host in the DMZ
python apache_scan.py -r http://www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html

 

—————————————————————————
To run other languages

root@bt:/# perl 4530.pl (ip-address)

—————————————————————————

root@bt:/pentest/exploits/exploitdb/platforms/windows/remote# php 3738.php remote-ip

—————————————————————————

shell script

root@bt:/pentest/exploits/exploitdb/platforms/windows/remote# chmod +x 4016-test.sh

root@bt:/pentest/exploits/exploitdb/platforms/windows/remote# ./4016-test.sh
USAGE: ./4016-test.sh
Example: ./4016-test.sh http://www.microsoft.com /en/us/default.aspx

One thought on “control – exploitdb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s