Comment on page
Working with exploits
This section is mostly about local exploits, because they're annoying. Remote python exploits are usually point-and-shoot and web exploits have their own section.
Second, always read the exploit comments carefully:
- Compiler options to use
- Architecture of the victim machine (32-bit or 64-bit)
- Steps to complete on the victim machine
- Code modifications
Third, if you get error messages during compilation or runtime, google them. Usually this is because the binary was compiled on the attack machine and there are quirks in architecture that can be solved by modifying compile options.
For Linux exploits, the compile command looks like this:
gcc filename.c -o executablename
Before you can run it, you'll need to transfer it to the victim machine and give it the right permissions:
chmod u+x executablename
To run the executable:
Sometimes the victim machine will be 32-bit and can't accept a 64-bit compiled binary. To determine the architecture of your target on Linux:
32-bit is usually represented by
i686and 64-bit is usually represented by
If a C compiler is missing or inaccessible on your victim machine, you can compile the exploits on your Kali machine but you need some extra libraries on Kali:
apt-get install gcc-multilib
apt-get install g++-multilib
You will also need to add the
-m32flag to your compile command.
You'll probably discover at some point that you can't just compile Windows C exploits on a Kali machine and expect them to work. This is where cross-compiling tools come in, but don't expect them to work perfectly. There are all sorts of dumb platform quirks that still get in the way, like missing libraries. When cross-compiling, be prepared to google a lot of error messages.
Download and install a cross-compiler for Linux:
apt-get install mingw-w64
To compile code for a 64-bit Windows target:
x86_64-w64-mingw32-gcc shell.c -o shell.exe
To compile code for a 32-bit Windows target:
i686-w64-mingw32-gcc shell.c -o shell.exe
On Linux, running python exploits is pretty easy:
Interestingly, some popular Windows exploits, such as MS11-080, are written in python (why?). To use these, you'll need to create a standalone executable from the python file. This is done by installing
PyWin32on a Windows machine and then the
Create a Windows PE executable:
python pyinstaller.py --onefile ms11-080.py
The executable can then be transferred to the victim machine and run.