Search exploit-db exploits in backtrack

In penetration testing or hacking, it is a common task to search for exploits and vulnerabilities for a give platform/application. The search is done on google, or various exploit database websites. One of them is exploit-db.com.

Backtrack includes lots of exploits from exploit-db in a searchable database that can be used offline. In backtrack 5 its located in the following directory

/pentest/exploits/exploitdb

In the backtrack menu, it can be found at Exploitation Tools > Open Source Exploitation > Exploit-DB > exploitdb search
The menu option will launch a terminal. The directory has a bash script called searchsploit and a database file called files.csv which contains a list of all the exploits. Another directory called platform contains the specific exploit files. The searchsploit command takes search parameters and searches the database.

[email protected]:/pentest/exploits/exploitdb# ./searchsploit 
Usage: searchsploit [term1] [term2] [term3]
Example: searchsploit oracle windows local

Use lower case in the search terms; second and third terms are optional.
searchsploit will search each line of the csv file left to right so order your search terms accordingly.
(ie: 'oracle local' will yield better results than 'local oracle')

Using the command searchsploit is quite simple. Here is a quick example that looks for known file upload vulnerabilities in wordpress and its plugins

[email protected]:/pentest/exploits/exploitdb# ./searchsploit wordpress File Upload
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit                    /php/webapps/4113.pl
Wordpress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability             /php/webapps/4844.txt
Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit         /php/webapps/6127.htm
Wordpress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit            /php/webapps/6867.pl
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution    /php/webapps/10089.txt
WordPress User Photo Component Remote File Upload Vulnerability             /php/webapps/16181.txt
EditorMonkey WordPress plugin (FCKeditor) Arbitrary File Upload             /php/webapps/17284.txt

Along with the vulnerability description, the path to the relevant exploit file is also shown. These files are inside the platform directory. Navigate to the path or open directly from terminal.







[email protected]:/pentest/exploits/exploitdb# gedit platforms/php/webapps/17284.txt

The file contains all details and proof-of-concept code for the exploit if available.

If you want to search for remote java exploits for windows, use a simple search term like this

[email protected]:/pentest/exploits/exploitdb# ./searchsploit windows remote java
 Description                                                                 Path
--------------------------------------------------------------------------- -------------------------
MS Internet Explorer (javaprxy.dll) COM Object Remote Exploit               /windows/remote/1079.html
Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (win32)               /windows/remote/1264.pl
Sun Microsystems Java GIF File Parsing Memory Corruption Exploit            /windows/remote/3168.java
Oracle JRE - java.net.URLConnection class ? Same-of-Origin (SOP) Policy Bypass /windows/remote/15288.txt

So search for exploits!!

Last Updated On : 29th April 2013

Subscribe to get updates delivered to your inbox

Leave a comment