Contents
Introduction
Note: This article is a work in progress.
Once you know which services are running, and maybe their version, you have to search for known vulnerabilities. If there isn't any fancy exploit for any running service, you should look for common misconfigurations in each service running.
Browser
Always search in google or others: <service_name> [version] exploit
You should also try the shodan exploit search from https://exploits.shodan.io.
Searchsploit
Useful to search exploits for services in exploitdb from the console.
# Searchsploit tricks searchsploit "linux Kernel" #Example searchsploit apache mod_ssl #Other example searchsploit -m 7618 #Paste the exploit in current directory searchsploit -p 7618[.c] #Show complete path searchsploit -x 7618[.c] #Open vi to inspect the exploit searchsploit --nmap file.xml #Search vulns inside an nmap xml result
Pompem
Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database, etc.
PacketStorm
packetstormsecurity.com is an information security website offering current and historical computer security tools, exploits, and security advisories. It is operated by a group of security enthusiasts that publish new security information and offer tools for educational and testing purposes.
Vulners
vulners.com is a security database containing descriptions for a large amount of software vulnerabilities in a machine-readable format. Cross-references between bulletins and continuously updating database keep you abreast of the latest security threats.
Sploitus
sploitus.com is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.