In this episode, we search for exploits in Metasploit. Damien covers the search command, CVE’s, Microsoft security bulletins and more. Find the exploit code for WannaCry / WannaCrypt by searching for the CVE, or Microsoft Security Bulletin. Understanding CVE’s and other vulnerability information is a big part of security. This information can help you secure systems and better protect your organization.

Searching for exploits in Metasploit

The show command can list all the exploits.
Using the search command in Metasploit.
Searching for wannacry with MS17-010.
Info on the MS17-010 exploit.

Links

  1. nvd.nist.gov – National Vulnerability Database
  2. us-cert.gov – United States Computer Emergency Readiness Team
  3. CVE-2017-0145 – One of the CVE’s about the SMB vulnerability
  4. MS17-010 – Microsoft security bulletin about the SMB vulnerability
  5. DBPOWER U818A WFI Quadcopter drone allows full filesystem permissions to anonymous FTP
  6. Space Coast Credit Union SCCU Mobile for Android and Iphone fails to properly validate SSL certificates