ExploitDB Binary Sploits
Overview
섹션 제목: “Overview”ExploitDB Binary Sploits (exploitdb-bin-sploits) is a collection of pre-compiled exploit binaries maintained by Exploit-DB. These are ready-to-run exploits for various vulnerabilities, organized by platform and application type. Used in authorized penetration testing engagements to quickly deploy exploits without compilation.
Important: Only use these exploits in authorized penetration testing and research. Unauthorized access to computer systems is illegal.
Installation
섹션 제목: “Installation”Linux/macOS
섹션 제목: “Linux/macOS”# Clone the repository
git clone https://github.com/offensive-security/exploitdb-bin-sploits.git
cd exploitdb-bin-sploits
# List directory structure
ls -laWindows
섹션 제목: “Windows”# Using Git Bash or WSL
git clone https://github.com/offensive-security/exploitdb-bin-sploits.git
cd exploitdb-bin-sploitsDocker
섹션 제목: “Docker”# Run in container (useful for isolated testing)
docker pull kalilinux/kali-linux-docker
docker run -it -v /path/to/exploitdb-bin-sploits:/sploits kalilinux/kali-linux-dockerDirectory Structure
섹션 제목: “Directory Structure”# View top-level organization
tree -L 2 exploitdb-bin-sploits/
# Typical structure:
# exploitdb-bin-sploits/
# ├── Linux/
# │ ├── Privilege Escalation/
# │ ├── Local Exploits/
# │ └── Remote Exploits/
# ├── Windows/
# │ ├── Privilege Escalation/
# │ ├── Local Exploits/
# │ └── Remote Exploits/
# ├── macOS/
# ├── Web Applications/
# └── Denial of Service/Integration with searchsploit
섹션 제목: “Integration with searchsploit”Link Binary Sploits to Exploit-DB
섹션 제목: “Link Binary Sploits to Exploit-DB”# Kali Linux automatically integrates binary sploits
searchsploit --nmap /path/to/nmap.xml
# Find binaries matching a vulnerability
searchsploit -t Apache 2.4.49 --binConfigure searchsploit Path
섹션 제목: “Configure searchsploit Path”# Add custom path to searchsploit database
export SEARCHSPLOIT_PATH="/path/to/exploitdb-bin-sploits"
searchsploit apacheUpdate Database
섹션 제목: “Update Database”# Update exploit database (includes binary references)
searchsploit -u
# Sync with Exploit-DB repository
cd /usr/share/exploitdb && git pullFinding Binaries by Platform
섹션 제목: “Finding Binaries by Platform”Linux Exploits
섹션 제목: “Linux Exploits”# List all Linux exploits
ls -la Linux/Local\ Exploits/
ls -la Linux/Privilege\ Escalation/
# Find specific Linux binary
find . -name "*linux*" -type f | head -20
# View binary metadata
file Linux/Privilege\ Escalation/*/exploit_binaryWindows Exploits
섹션 제목: “Windows Exploits”# List Windows exploits (typically .exe files)
ls -la Windows/
# Find by type
find . -path "*Windows*" -name "*.exe" | sort
# Check binary architecture
file Windows/*/exploit.exeWeb Application Exploits
섹션 제목: “Web Application Exploits”# List web app exploits
ls -la "Web Applications/"
# Find by vulnerability type
find . -path "*Web*" -type f
# Common categories
find . -path "*SQL Injection*" -o -path "*XSS*" -o -path "*RCE*"Cross-referencing with CVEs
섹션 제목: “Cross-referencing with CVEs”Match Binary to CVE-ID
섹션 제목: “Match Binary to CVE-ID”# Search Exploit-DB database by CVE
searchsploit CVE-2021-3156
# Find associated binary
searchsploit CVE-2021-3156 --bin
# View full entry with binary path
searchsploit CVE-2021-3156 -pVerify Exploit Details
섹션 제목: “Verify Exploit Details”# Check exploit metadata (if available)
cat "Linux/Privilege Escalation/CVE-2021-3156/README.txt"
# Link to Exploit-DB page
# Format: https://www.exploit-db.com/exploits/[EDB-ID]
# Example: https://www.exploit-db.com/exploits/49488Organize by Vulnerability Class
섹션 제목: “Organize by Vulnerability Class”| CVE Class | Location | Use Case |
|---|---|---|
| Linux Privilege Escalation | Linux/Privilege Escalation/ | Post-exploitation |
| Windows Local Exploit | Windows/Local Exploits/ | Client-side attacks |
| Remote Code Execution | */Remote Exploits/ | Initial access |
| Denial of Service | Denial of Service/ | DoS testing |
| Web App Vulnerability | Web Applications/ | Application testing |
Common Exploit Categories
섹션 제목: “Common Exploit Categories”Local Privilege Escalation
섹션 제목: “Local Privilege Escalation”# Browse local exploits
ls -la "Linux/Local Exploits/"
# Check exploit type
file "Linux/Local Exploits/CVE-*/exploit"
# Common targets: sudo, kernel, SUID binariesRemote Exploits
섹션 제목: “Remote Exploits”# List remote exploitation binaries
ls -la "Linux/Remote Exploits/"
# Target network services
find . -path "*Remote*" -type f
# Check service type (HTTP, SSH, FTP, etc.)Web Application Exploits
섹션 제목: “Web Application Exploits”# Web app specific exploits
ls -la "Web Applications/"
# Common frameworks: WordPress, Joomla, Apache, Nginx
find . -path "*Web*" -name "*WordPress*"Denial of Service (DoS)
섹션 제목: “Denial of Service (DoS)”# DoS attack binaries
ls -la "Denial of Service/"
# Check protocol types (TCP, UDP, DNS, etc.)
file "Denial of Service"/*Standard Exploit Workflow
섹션 제목: “Standard Exploit Workflow”1. Identify Target
섹션 제목: “1. Identify Target”# Scan target system
nmap -sV -p- target.com > nmap_scan.txt
# Identify services and versions
grep "open" nmap_scan.txt2. Search for Matching Exploits
섹션 제목: “2. Search for Matching Exploits”# Method 1: Use searchsploit
searchsploit "Apache 2.4.49"
# Method 2: Browse directory manually
find . -name "*apache*" -o -name "*2.4*"
# Method 3: CVE lookup
searchsploit CVE-2021-417733. Locate Binary
섹션 제목: “3. Locate Binary”# Get full path from searchsploit
searchsploit "Apache 2.4.49" -p
# Or navigate directly
ls -la "Web Applications/Apache 2.4.49/"4. Prepare Exploit
섹션 제목: “4. Prepare Exploit”# Copy to working directory
cp "Web Applications/Apache 2.4.49/exploit" ./
# Make executable
chmod +x exploit
# Check dependencies
ldd exploit5. Execute Exploit
섹션 제목: “5. Execute Exploit”# Run exploit (check documentation first)
./exploit -h
# Execute with parameters
./exploit -t "http://target.com" --payload bind_shell
# Capture output
./exploit -t target.com > exploit_results.txt 2>&16. Document Results
섹션 제목: “6. Document Results”# Record successful exploitation
echo "CVE-2021-41773 | Apache 2.4.49 | RCE successful" >> exploitation_log.txt
# Archive evidence
tar -czf exploitation_evidence.tar.gz exploit_results.txtBinary Preparation and Execution
섹션 제목: “Binary Preparation and Execution”Pre-execution Checks
섹션 제목: “Pre-execution Checks”# Verify binary is executable
ls -la exploit
# Check binary type
file exploit
# Expected output: ELF 64-bit LSB executable (Linux) or PE32 (Windows)
# Check dependencies
ldd exploit
# Verify all dependencies are available
# Inspect for malware (optional)
strings exploit | head -20Architecture Matching
섹션 제목: “Architecture Matching”# Check target architecture
uname -m
# Match binary architecture
file Linux/Privilege\ Escalation/*/exploit
# Look for: x86_64 (64-bit) or i386 (32-bit)
# Cross-compile if needed
gcc -m32 exploit.c -o exploit_32bitExecuting with Parameters
섹션 제목: “Executing with Parameters”# View available parameters
./exploit -h
./exploit --help
# Common parameters
./exploit -t target_host
./exploit -p 80
./exploit -u username -p password
# Background execution (post-exploitation)
./exploit -t target &
nohup ./exploit -t target > output.log &Storage and Organization
섹션 제목: “Storage and Organization”Backup Strategy
섹션 제목: “Backup Strategy”# Create local mirror
rsync -av exploitdb-bin-sploits/ /backup/exploitdb-bin-sploits/
# Compress for storage
tar -czf exploitdb-bin-sploits-backup.tar.gz exploitdb-bin-sploits/
# Verify backup integrity
sha256sum exploitdb-bin-sploits-backup.tar.gzIndex and Catalog
섹션 제목: “Index and Catalog”# Generate index of all binaries
find . -type f -executable > all_exploits.txt
# Index by type
find . -path "*Privilege*" -type f > privesc_exploits.txt
find . -path "*Remote*" -type f > remote_exploits.txt
# Tag with CVE references
grep -r "CVE-" . > cve_index.txtLimitations and Considerations
섹션 제목: “Limitations and Considerations”Compatibility Issues
섹션 제목: “Compatibility Issues”# Binary may not execute on different OS versions
# Test in isolated environment first
# Check glibc requirements
ldd exploit | grep libc
# If dependencies missing, compile from source
# Most exploits available as source code on Exploit-DBDetection and Evasion
섹션 제목: “Detection and Evasion”# Pre-compiled binaries may trigger AV detection
# Scan binary before deployment
clamscan exploit
# Consider obfuscation or custom compilation
# Use polymorphic wrappers if availableEthical Usage
섹션 제목: “Ethical Usage”# Always obtain written authorization before testing
# Document authorized scope in Rules of Engagement (RoE)
# Maintain responsible disclosure timeline
# Log all exploitation attempts
echo "[$(date)] Exploit: CVE-X | Target: Y | Result: Z" >> engagement_log.txtTroubleshooting
섹션 제목: “Troubleshooting”Binary Won’t Execute
섹션 제목: “Binary Won’t Execute”# Check permissions
chmod +x exploit
# Verify correct architecture
file exploit
uname -m
# Check for missing dependencies
ldd exploit
# Run with verbose output
strace ./exploit -t targetSegmentation Fault
섹션 제목: “Segmentation Fault”# Binary compiled for different architecture/OS version
# Find alternative binary
find . -name "exploit*" | xargs file
# Compile from source instead
searchsploit -m 12345 # Download source codeAccess Denied
섹션 제목: “Access Denied”# Check if running with sufficient privileges
whoami
id
# Privilege escalation may be required
# Many local exploits need to run as regular userResources and References
섹션 제목: “Resources and References”| Resource | Purpose |
|---|---|
| Official Exploit-DB | Browse and verify exploits |
| searchsploit man page | CLI usage documentation |
| Kali Linux documentation | Integration guides |
| GitHub repository | Bug reports and updates |