Results 1 to 10 of 10

Thread: Adding Explot-DB to Kali Linux

  1. #1
    Join Date
    2013-Aug
    Posts
    1

    Adding Explot-DB to Kali Linux

    After google searching, finding some examples. and failing, I was hoping to find some help here. I'm currently trying to add the entire Exploit-DB to my Metasploit framework inside the .msf4 found in the home folder, except I see to be running in to an error after adding the database. I'm currently downloading the database from the following URL: http://www.exploit-db.com/archive.tar.bz2

    Inside the archive is the following:


    Inside Platforms, you find all your modules categorized.


    I go in to /root/.msf4/modules/, and create a new directory called 'exploits', where I copy everything from platforms.


    After a reboot, and running metasploit from the applications menu, this is what happens in terminal.



    To me that looks like instead of loading the module in to metasploit, it's trying to run one of the exploits right then and there. What exactly am I doing wrong in this process? Any help is appreciated!

  2. #2
    Join Date
    2013-Jul
    Posts
    5
    Hi dboy1612,

    Why are you trying to install the exploit-db inside of Metasploit? There is a copy of exploit-db already in Kali and the format of the exploits within range from php file to C code that needs complying. Most of which won't actually work directly within Metasploit as it's Ruby based and requires a certain folder/file structure.

    If you run:

    searchsploit [software]

    It searches the local copy of exploit-db which I believe is updated as part of the normal update cycle.
    OSCP, OSWP, Packet Monkey

  3. #3
    Join Date
    2013-Sep
    Posts
    6
    If you run:
    searchsploit [software]
    It searches the local copy of exploit-db which I believe is updated as part of the normal update cycle.
    yes but, how could this work with armitage's "FIND ATTACKs" and "HAIL MARY", which searces ALL the exploits of the metasploit? is this possible to run the whole exploit-db with armitage for finding attacks automatically?

  4. #4
    Quote Originally Posted by satriani1 View Post
    yes but, how could this work with armitage's "FIND ATTACKs" and "HAIL MARY", which searces ALL the exploits of the metasploit? is this possible to run the whole exploit-db with armitage for finding attacks automatically?
    No this is not possbile. Time to give armitage a break and get back to doing things the hard way.

  5. #5
    Join Date
    2013-Sep
    Posts
    6
    ow.. ok !!
    i just thought it would be easier if it was possible..
    But, can you share a small piece of your knowledge here? i mean... how..or what should be the 1st step when you wanna try an attack? how you know which is the right one exploit?? ?!!

  6. #6
    Information gathering is the first step. Just to give a little perspective, you want to identify your target(s) (ex: obtain IP of target), then identify the operating system on your target (linux, Mac, Windows, etc.). You also want to identify what ports or open on the target(ex: port 80); what service/program is listening for connections (ex: apache); what version of the service is running (ex: apache version 1.4).

    Now with such information you can research/goolge for known vulnerabilies in, as in our example, apache version 1.4. Search exploitDB for proof of concept code for the version of apache with the appropriate supported OS. Once you found a proof of concept code, determine how it is supposed to work and what conditions are required in order for it to work. With the knowledge at hand, you can try the exploit in a controlled virtual environment and see if it works. Exploits are not always 100%. Sometimes you may need to modify the exploit code, especially those found in the exploitdb database, to get them to work, and even then its not guarateed to work lol.

    Hope this helps.

  7. #7
    Join Date
    2013-Sep
    Posts
    2
    also "grep [software] files.csv" works as well from within the exploit-db directory.

  8. #8
    Join Date
    2013-Sep
    Posts
    6
    thank you guys! yeah, it helped me a bit!!

  9. #9
    the best way to do that is :
    cd /usr/share/exploitdb
    wget http://www.exploit-db.com/archive.tar.bz2
    tar –xvjf archive.tar.bz2
    rm archive.tar.bz2

  10. #10
    Quote Originally Posted by McNightstricker View Post
    the best way to do that is :
    cd /usr/share/exploitdb
    wget http://www.exploit-db.com/archive.tar.bz2
    tar –xvjf archive.tar.bz2
    rm archive.tar.bz2
    Kali comes with the exploit-db package by default.
    There isn't a need todo this.
    Code:
    cd /usr/share/exploitdb/
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: https://tools.kali.org/

Similar Threads

  1. Adding PPA repository in kali linux 2017.1
    By abhijeet in forum General Archive
    Replies: 5
    Last Post: 2017-08-07, 11:31

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •