• Exploit Database
    		•

    | Chapter 5: Automated Exploits




    Download 22,59 Mb.
    Pdf ko'rish
    bet145/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   141   142   143   144   145   146   147   148   ...   225
    Bog'liq
    learningkalilinux

    154 | Chapter 5: Automated Exploits

    exploits/netgear/n300_auth_bypass
    exploits/netgear/prosafe_rce
    exploits/zte/f609_config_disclosure
    exploits/zte/f460_f660_backdoor
    exploits/zte/f6xx_default_root
    exploits/zte/f660_config_disclosure
    exploits/comtrend/ct_5361t_password_disclosure
    exploits/thomson/twg849_info_disclosure
    exploits/thomson/twg850_password_disclosure
    exploits/asus/infosvr_backdoor_rce
    exploits/asus/rt_n16_password_disclosure
    As you can see, many smaller device manufacturers are targeted with exploits. The
    different exploit modules listed have vulnerabilities associated with them. As an
    example, the Comtrend module in the list has a 
    vulnerability announcement
    associ‐
    ated with it. If you want more details about the vulnerabilities to get an idea of what
    you may be able to accomplish by running the exploit, you can look up the exploit
    listed and find the security announcement providing details, including remediations,
    for the vulnerability.
    Exploit Database
    When vulnerabilities are discovered, a proof of concept may be developed that will
    exploit it. Whereas the vulnerability is often announced in multiple places, such as
    the Bugtraq mailing list, the proof-of-concept code is generally stored at the 
    Exploit
    Database website
    . The site itself is a great resource, with a lot of code you can learn
    from if you want to better understand how exploits work. Because it’s a great
    resource, the code from the website is available in Kali Linux. All of the exploit source
    code is available in 
    /usr/share/exploitdb

    Example 5-5
    shows a listing of the categories/
    directories in 
    /usr/share/exploitdb
    .
    Example 5-5. Directory listing of exploits
    root@yazpistachio:/usr/share/exploitdb/exploits# ls
    aix freebsd linux_mips osx solaris_x86
    android freebsd_x86 linux_sparc osx_ppc tru64
    arm freebsd_x86-64 linux_x86 palm_os ultrix
    ashx hardware linux_x86-64 perl unix
    asp hp-ux macos php unixware
    aspx immunix minix plan9 windows
    atheos ios multiple python windows_x86
    beos irix netbsd_x86 qnx windows_x86-64
    bsd java netware ruby xml
    bsd_x86 json nodejs sco
    cfm jsp novell solaris
    cgi linux openbsd solaris_sparc

    Download 22,59 Mb.
    1   ...   141   142   143   144   145   146   147   148   ...   225




    Download 22,59 Mb.
    Pdf ko'rish