Goal: Modify a public exploit to meet our need, making life easier. ## Examining the Exploits Verify that some existing exploits works. ## Cross-Compiling the Exploit Code Some exploit code are in programming languages that need to be compiled, such as C. If the code is to designed for a windows machine which needs to be compiled on Windows, we use cross-compiling to compile it on Kali. ```bash sudo apt install mingw-w64 ``` Use `mingw-w64` to compile windows C code on Kali. First step is to compile exploit code without error. ```bash i686-w64-mingw32-gcc source_file.c -o output_file.exe ``` If error: search error with google. Use `wine` to run a windows exe file on Kali. ## Fixing Web Exploits Easier since they are not related to memory thus not protected by the OS. ### Considerations and Overview Read the code. Questions to ask: 1. Does it initiate an HTTP or HTTPS connection? 2. Does it access a web application path or route? 3. Does the exploit leverage a pre-authentication vulnerability? 4. If not, how does the exploit authenticate to the web application? 5. How are the GET or POST requests crafted to trigger and exploit the vulnerability? 6. Does it reply on default application settings that may have been changed after installation? 7. Will offities such as self-signed certificates disrupt the exploit?