More than 38,000 files are stored in these directories. That’s
a lot of data to go sifting
through. You can dig through the directories, trying to find an exploit you are look‐
ing for, or you can use a search tool. Although something like
grep
may work, it won’t
provide the details you really need to determine which vulnerability you are looking
for. Kali Linux comes with a utility that will search
through the details of these
exploits. The program
searchsploit
is easy to use and provides a description of the
exploit code as well as the path to it. Using
searchsploit
requires
search terms you
want to look for.
Example 5-6
shows the results of a search for vulnerabilities related
to the Linux kernel.
Example 5-6. Linux kernel exploits in the Exploit database repository
root@yazpistachio:/usr/share/exploitdb/exploits# searchsploit linux kernel
--------------------------------------------- ----------------------------------
Exploit Title | Path
|
(
/usr/share/exploitdb/
)
--------------------------------------------- ----------------------------------
BSD/Linux Kernel 2.3
(
BSD/OS 4.0 /
FreeBSD
3
| exploits/bsd/dos/19423.c
CylantSecure 1.0 - Kernel Module Syscall Rer | exploits/linux/local/20988.c
Grsecurity Kernel PaX - Local Privilege Esca | exploits/linux/local/29446.c
Grsecurity Kernel Patch 1.9.4
(
Linux Kernel
)
| exploits/linux/local/21458.txt
HP-UX
11
/ Linux Kernel 2.4 / Windows 2000/N | exploits/multiple/dos/20997.c
Linux -
'mincore()'
Uninitialized Kernel Hea | exploits/linux/dos/43178.c
Linux
Kernel
(
Debian 7.7/8.5/9.0 / Ubuntu
14
| exploits/linux_x86-64/local/42275.c
Linux Kernel
(
Debian 7/8/9/10 / Fedora 23/24 | exploits/linux_x86/local/42274.c
Linux Kernel
(
Debian 9/10 / Ubuntu 14.04.5/1 | exploits/linux_x86/local/42276.c
Linux Kernel
(
Fedora 8/9
)
-
'utrace_control'
| exploits/linux/dos/32451.txt
Linux Kernel
(
Solaris
10
/ < 5.10 138888-01
)
| exploits/solaris/local/15962.c
Linux Kernel
(
Ubuntu / Fedora /
RedHat
)
-
'O | exploits/linux/local/40688.rb
Linux Kernel (Ubuntu 11.10/12.04) - binfmt_s | exploits/linux/dos/41767.txt
Linux Kernel (Ubuntu 14.04.3) - '
perf_event_ | exploits/linux/local/39771.txt
Linux Kernel
(
Ubuntu 16.04
)
- Reference Coun | exploits/linux/dos/39773.txt
You’ll find these exploits in various languages including Python, Ruby, and, of course,
C. Some source code will give a lot of details about the
vulnerability and how the
exploit works. Some will require you to be able to read code.
Example 5-7
shows a
fragment of a Ruby program that exploits a vulnerability in Apple’s Safari web
browser. This particular code fragment includes only the HTML fragment that causes
the crash. The code that wraps around it is just a listener that you would point your
web browser to. The program
sends the HTML to the browser, and the browser then
crashes.
