Book of Eopi
  • 😍About the Author
  • πŸ€–ChatGPT for Cybersecurity
  • πŸ“˜CERTIFICATIONS
    • Certified Ethical Hacker (C|EH)(Practical)
      • Reconnaissance (Footprinting)
      • Scanning Networks
      • Vulnerability Analysis
      • System Hacking
      • Sniffing
      • SQL Injection
      • Remote code execution
      • Hacking Web Applications & Servers
        • Local and remote file inclusion
        • File upload bypass
        • Cross-site scripting
        • Cross-site request forgery
        • Server-side request forgery
      • Exploitation
        • Working with exploits
        • Password cracking
        • Metasploit
        • Buffer overflow
      • Cloud Computing
      • Cryptography
      • Mobile Pentesting Resources
      • Learning resources
  • 🏁My Hacking Materials
    • My Most Frequently Used Hacking Commands
    • RickdiculouslyEasy: 1 VulnHub WriteUp
    • Corrosion: 2 VulnHub WriteUp
    • Hackable: 3 VulnHub WriteUp
    • Empire: LupinOne Vulnhub WriteUp
  • 🐧101 Labs for Linux
    • πŸ’»Hardware and System Configuration
      • LAB 1 - Boot Sequence
  • πŸ”§Mod Nintendo Switch Game
    • πŸ”ΉPokΓ©mon Brilliant Diamond and Shining Pearl
      • πŸŸ₯Install mods on Nintendo Switch
      • 🟦Install mods on Yuzu/Ryujinx Emulator
      • πŸ” Custom font for PokΓ©mon BDSP
  • πŸ“–SHARE TΓ€I LIỆU NVSP
    • 1️⃣HỌC PHαΊ¦N 1
    • 2️⃣HỌC PHαΊ¦N 2
    • 3️⃣HỌC PHαΊ¦N 3
    • 4️⃣HỌC PHαΊ¦N 4
    • 5️⃣HỌC PHαΊ¦N 5 (chΖ°a hoΓ n thiện)
    • 6️⃣HỌC PHαΊ¦N 6
  • βš”οΈTα»•ng Hợp VΓ΅ LΓ’m 2
    • πŸ’°Server JX2 2014 - BαΊ£n Kinh Doanh
    • πŸ‘‘Server JX2 2014 - PhiΓͺn bαΊ£n Offline
    • πŸ‘‘Server JX2 2017 - PhiΓͺn BαΊ£n Offline
    • πŸ‘‘Server JX2 2021 - PhiΓͺn BαΊ£n Offline
Powered by GitBook
On this page
  • Compiling exploits
  • Basic technique
  • 32-bit exploits
  • Cross-compiling
  • Python exploits
  • Python on Windows
  • Further reading
  1. CERTIFICATIONS
  2. Certified Ethical Hacker (C|EH)(Practical)
  3. Exploitation

Working with exploits

This section is mostly about local exploits, because they're annoying. Remote python exploits are usually point-and-shoot and web exploits have their own section.

PreviousExploitationNextPassword cracking

Last updated 2 years ago

Compiling exploits

First, the usual warning about randomly downloading exploits from the internet: watch out for backdoors. is reliable.

Second, always read the exploit comments carefully:

  • Compiler options to use

  • Architecture of the victim machine (32-bit or 64-bit)

  • Steps to complete on the victim machine

  • Code modifications

Third, if you get error messages during compilation or runtime, google them. Usually this is because the binary was compiled on the attack machine and there are quirks in architecture that can be solved by modifying compile options.

Basic technique

For Linux exploits, the compile command looks like this:

gcc filename.c -o executablename

Before you can run it, you'll need to transfer it to the victim machine and give it the right permissions:

chmod u+x executablename

To run the executable:

./executablename

32-bit exploits

Sometimes the victim machine will be 32-bit and can't accept a 64-bit compiled binary. To determine the architecture of your target on Linux:

uname -a
cat /proc/version
dpkg --print-architecture
arch
file /sbin/init

32-bit is usually represented by i686 and 64-bit is usually represented by x86_64.

If a C compiler is missing or inaccessible on your victim machine, you can compile the exploits on your Kali machine but you need some extra libraries on Kali:

apt-get install gcc-multilib
apt-get install g++-multilib

You will also need to add the -m32 flag to your compile command.

Cross-compiling

You'll probably discover at some point that you can't just compile Windows C exploits on a Kali machine and expect them to work. This is where cross-compiling tools come in, but don't expect them to work perfectly. There are all sorts of dumb platform quirks that still get in the way, like missing libraries. When cross-compiling, be prepared to google a lot of error messages.

Download and install a cross-compiler for Linux:

apt-get install mingw-w64

To compile code for a 64-bit Windows target:

x86_64-w64-mingw32-gcc shell.c -o shell.exe

To compile code for a 32-bit Windows target:

i686-w64-mingw32-gcc shell.c -o shell.exe

Python exploits

On Linux, running python exploits is pretty easy:

python exploit.py

Python on Windows

Create a Windows PE executable:

python pyinstaller.py --onefile ms11-080.py

The executable can then be transferred to the victim machine and run.

Further reading

Interestingly, some popular Windows exploits, such as , are written in python (why?). To use these, you'll need to create a standalone executable from the python file. This is done by installing PyWin32 on a Windows machine and then the PyInstaller module.

πŸ“˜
Exploit-DB
MS11-080
Use MinGW to Compile Windows Exploits on Kali Linux
How to install PyInstaller