exploitscan

Note

Bounce exploits only work on routers.

Tip

By default metaxploit calculations are done from the selected library, however specifying the variable lib using the addvar command with the index of the library you want to use for calculations will overwrite this ex: addvar lib 0. This is especially useful for routers where calculations are slow. But can also be used to not damage your own hardware.

Purpose

Scans a service on the host for exploits known to metaxploit.so.

exploitscan [LIB/IP] [PORT] (PASS/LANIP)

Arguments

• LIB — scans a local library located in the /lib folder for exploits
• IP — scans an IPv4 address
• PORT — specify a port on which the service is located
• (PASS) — an optional argument that will specify a password to inject if possible
• (LANIP) — an optional argument that will specify a lan IP used for a bounce exploit

Examples

IPv4 exploitation

exploitscan 177.58.127.159 80

Result:

====================
0xD16B564
--------------------
bool
--------------------
Starting attack... failed!
No guest user found.
objectType type: null
====================

====================
0xD16B564
--------------------
ainesetitlefont
--------------------
Searching required library net.so => found!

Starting attack...success!
Privileges obtained from user: volk
objectType type: file
====================

library exploitation

exploitscan init.so password_to_inject

Result:

====================
0xD16B564
--------------------
bool
--------------------
Starting attack... failed!
No guest user found.
objectType type: null
====================

====================
0xD16B564
--------------------
ainesetitlefont
--------------------
Searching required library net.so => found!

Starting attack...success!
Privileges obtained from user: volk
objectType type: file
====================