# Public exploits

### Exploit Sources

#### Online exploit sources

* Exploit Database <https://www.exploit-db.com/>
* SecurityFocus Exploit Archives <https://bugtraq.securityfocus.com/archive>
* Packet Storm <https://packetstormsecurity.com/files/tags/exploit/>

#### Offline exploit resources

* Searchsploit
* Nmap NSE scripts
* The Browser Exploitation Framework (BEEF)
* Metasploit

### Fixing exploits

When using publicly available exploits it is rare that these exploits will work without at least some minor modifications. Others may require more extensive modifications such as updating the payload.

#### Importing and examining exploits

* Searchploit includes a mirror function that will copy an exploit into the current working directory `searchsploit -m 43321`
* Headers such as 'winsock' are hints that c programs were intended for compilation on windows and require cross-compilation

#### Items that commonly require modification

* Target IP address and port
* Attacking machine IP address and port
* Return address for memory corruption exploits
* Payload (typically generated with msfvenom)

#### Cross compiling exploit code

* mingw-w64 is a popular cross compiler available on Linux
* install mingw using `sudo apt install mingw-w64`
* After installation, mingw-w64 can be used to compile Windows PE files
  * `i686-w64-mingw32-gcc 42341.c -o syncbreeze.exe`

#### Fixing web exploits

There are several additional consideration for modifying web exploits

* Does the exploit initiate an HTTP or HTTPS connection?
* Does the exploit access a web application through a specific path or route?
* Does the exploit leverage a pre-authentication vulnerability, or are credentials required?
* How are the GET and POST requests crafted to trigger and exploit the vulnerability?
* Does the exploit rely on default application settings that might have been changed at install?
* Will oddities such as self-signed certificates disrupt the exploit?


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.oncyberwar.com/4.-exploitation/public-exploits.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.