💾
kurare
  • 🤸Welcome!
  • 🔤Alphabet Soup
  • Training
    • CTFs & Labs
  • Directory Traver
  • Reporting
  • Toolbox
  • Rando Links
  • GRC (The box-checkers)
  • Common Software Repository
  • Social Networking
  • Penetration Testing Frameworks
  • Playbooks
    • Playbook: Figuring out software versions
    • Playbook: web applications
    • Playbook: Finding exploits
    • Playbook: Cloud Environments
  • Testing out credentials
  • Active Directory
  • Checklists
    • Pretest phase
    • Host Discovery
    • Website (external)
    • Black-box External Test
    • Host Enumeration
    • SMB enumeration
    • Page
  • Reporting
  • Services
    • VOIP / SIP
Powered by GitBook
On this page
  1. Playbooks

Playbook: Finding exploits

Metasploit: search for the name of the software and/or version.

Google or other search engines: search for the name of the software and/or version, + "exploit"

Google the CVE + "poc" (proof of concept) to find code for the exploit. (Don't necessarily trust it - verify its functionality and safety.)

PreviousPlaybook: web applicationsNextPlaybook: Cloud Environments

Last updated 1 year ago