Online Exploit Research & Methods

Online Exploit Research & Methods

In the world of cybersecurity, vulnerability research is a critical skill, especially when you're tasked with identifying potentially exploitable vulnerabilities in systems, services, and plugins. One of the most widely used resources for exploit research is Exploit-DB, which provides a comprehensive database of known vulnerabilities and exploits. In this tutorial, we’ll explore how to use Exploit-DB, SearchSploit, Google Dorking, GitHub, and other tools to assist in your exploit research process.

1. Exploit-DB: The Core Database for Exploit Research

Exploit-DB is a massive collection of publicly available exploits. It’s an essential resource for anyone researching vulnerabilities, whether for penetration testing, ethical hacking, or academic purposes. The database includes various types of vulnerabilities, including remote code execution (RCE), privilege escalation, denial of service (DoS), and others.

Using Exploit-DB for Online Exploit Research

To get started, head to Exploit-DB. The website allows you to search for vulnerabilities by service, software version, operating system, or CVE (Common Vulnerability and Exposure) identifiers.

Here’s how to use Exploit-DB:

1. Search for a Specific Vulnerability: You can enter the name of a service or software version in the search bar. For example, searching for “WordPress 5.3” would return exploits that target WordPress version 5.3.

2. Filter by Platform: Exploit-DB offers filters to refine your search by platform, type of exploit, and even the date it was added to the database. This helps you find the most recent or relevant exploits for your target system.

3. Review Exploit Details: Each exploit entry provides crucial details such as:

   • Description of the vulnerability

   • Affected versions

   • Proof of concept (PoC) or code

   • References (e.g., links to other resources like CVE entries, advisories, or forums)

Practical Example:

Let’s say you're testing a WordPress installation and you know it's running version 5.3. By searching "WordPress 5.3" in Exploit-DB, you might discover an exploit that allows attackers to bypass authentication mechanisms.

2. SearchSploit: Local Search for Offline Exploit Research

SearchSploit is a local command-line tool that provides an offline method for searching the Exploit-DB database. It’s perfect for situations where you don’t have internet access or want to avoid browsing the online interface.

How to Use SearchSploit

1. Installation: SearchSploit comes pre-installed on Kali Linux and other penetration testing distributions. If you're on another system, you can clone it from GitHub using:

   git clone https://github.com/offensive-security/exploitdb.git

2. Search for Exploits: To search for a specific exploit locally, run:

   searchsploit <search_term>

   For example, to search for vulnerabilities related to "WordPress 5.3", you’d run:

   searchsploit WordPress 5.3

   This command will return a list of exploits related to WordPress 5.3 that you can review further.

3. View Exploit Details: To see more detailed information about an exploit, use the -x option to view the file:

   searchsploit -x <exploit_filename>

   Example:

   searchsploit -x exploits/wordpress/remote/50532.py

4. Copy the Exploit to Your Working Directory: Once you’ve found the exploit you want to use, you can copy it to your current working directory using the -m flag. For example, if you want to copy an exploit located at /usr/share/exploitdb/exploits/webapps/wordpress/, use this command:

   searchsploit -m 12345 .

   This will copy the 12345.py exploit to your current directory, allowing you to review and modify it as needed.

3. Searching for Public Exploits Using Google

Google search is a powerful tool for uncovering public Proof of Concepts (POCs), exploits, and related resources. By using the right search queries, you can find a wealth of information that may help with your penetration testing research. Here’s how to do it:

Basic Google Search for POCs

1. Search by Vulnerability or Service Version: When you know the version of the service you’re targeting (e.g., "WordPress 5.3"), use Google to search for related POCs or exploits. For instance, if you’re looking for exploits for WordPress 5.3, simply search:

   WordPress 5.3 exploit

   This will give you a list of results, including blog posts, forums, and sometimes even GitHub repositories with working exploits.

2. Using Quotations for Exact Phrases: If you want more precise results, you can wrap specific keywords in quotation marks. This is useful when looking for a very specific exploit or vulnerability:

   "CVE-2019-12345" exploit

   This will limit the search results to pages containing the exact phrase "CVE-2019-12345", helping to refine your search to only those resources discussing that CVE.

3. Refining with Specific Keywords: To narrow down your search, you can use additional keywords like "GitHub", "POC", or "Proof of Concept":

   WordPress 5.3 POC GitHub

   This will direct Google to show results that are more likely to include working POCs on platforms like GitHub or personal blogs.

4. Looking for Exploit Discussions: Google can also help you find discussions in forums or security-related websites, which might have valuable exploit code shared by other researchers. For example:

   WordPress 5.3 exploit forum

   This will yield results from forums where security professionals or hackers might discuss and share exploits.

---

Searching on GitHub

While Google is great for broad searches, you can also refine your search directly within GitHub to find public repositories containing exploits or POCs. However, GitHub's search isn’t always as effective as Google in finding precise results across the entire web, so it's often best used as a secondary step.

1. Search GitHub for Public POCs: You can search directly on GitHub for repositories related to the service or version you're targeting. For instance, searching for WordPress 5.3:

   WordPress 5.3 exploit POC

   GitHub will show repositories that include those keywords. However, keep in mind that the search results may be less relevant compared to a more general Google search.

2. Use GitHub’s Filters: If you want to refine your search, you can filter results on GitHub by type, language, or stars, which can help in identifying high-quality public POCs.

Keep in mind, there are lots of ways to filter the web for exploits. Just ensure you VALIDATE what you pull from the web is legit- read and understand what the public exploits are doing if they're not from a reputable vendor that does a review process like ExploitDB, even then, do your research and due diligence in ensuring you are staying safe while performing penetration testing within all legal purposes.