Skip to main content

Fixing Exploits

Goal: Modify a public exploit to meet our need, making life easier.

Examining the Exploits

Verify that some existing exploits works.

Cross-Compiling the Exploit Code

Some exploit code are in programming languages that need to be compiled, such as C.

If the code is to designed for a windows machine which needs to be compiled on Windows, we use cross-compiling to compile it on Kali.

sudo apt install mingw-w64

Use mingw-w64 to compile windows C code on Kali.

First step is to compile exploit code without error.

i686-w64-mingw32-gcc source_file.c -o output_file.exe

If error: search error with google.

Use wine to run a windows exe file on Kali.

Fixing Web Exploits

Easier since they are not related to memory thus not protected by the OS.

Considerations and Overview

Read the code.

Questions to ask:

  1. Does it initiate an HTTP or HTTPS connection?

  2. Does it access a web application path or route?

  3. Does the exploit leverage a pre-authentication vulnerability?

  4. If not, how does the exploit authenticate to the web application?

  5. How are the GET or POST requests crafted to trigger and exploit the vulnerability?

  6. Does it reply on default application settings that may have been changed after installation?

  7. Will offities such as self-signed certificates disrupt the exploit?