View Full Version : Finding the right exploit to use for a known vulnerability
I've been testing out the metasploit framework and nexpose on my own network, playing around with pentesting, and nexpose showed two main vulnerabilities in my windows 8.1 64bit system, (cifs-smb-signing-disabled) and (cifs-smb-signing-not-required). I've spent a good chunk of time searching on how to exploit those vulnerabilities, but im coming up with nothing relevant. Im new to all this, so my question is, how do you guys find the correct exploit to use?
There's no easy answer to this question. It really boils down to research, hard work, and sometimes luck. :)
By design, exploits are making software do what it wasn't intended to do. You might strike out with canned exploits a number of times before you find one that works.
Has anyone had decent success with Armitage's Hail Mary attack? Noisy, but if nobody is paying any attention, shouldn't matter
I've honestly never tried it.
Very true :)