Exploits customization
The bread and butter of Exploit Pack
Exploit Pack allows you to rapidly reconfigure, modify or add new exploits to the framework. For this purpose, we provide you with a set of unique features to assist you during your Exploit Development process.
How to add a new module to Exploit Pack? Exploit Pack uses a database of exploits, these can be found inside your exploits folder. You can see all the .xml files that contain the properties of each exploit. These XMLs files will populate your exploit tree and one of the references will point to your exploit code. The code of each exploit can be found under the code/ folder, these properties can be edited directly with a plain text editor or using Exploit Pack's exploit wizard.
Let's add your first exploit to Exploit Pack, click on the button "Add module" to bring the Exploit Module wizard, as shown in the image below:
Module name: Your Exploit name goes here!
Author: Your name :-)
Platform: The affected platform by this exploit
Special arguments: If there are any special arguments for this exploit to work
CVE Mitre ID: Does this exploit have a mitre ID associated with it?
Service affected: Type here the service, for example, HTTP, FTP, RDP, etc.
Tested on: Where did you test your exploit. Windows version, Linux version?
Shellcode: Can you get a shell or is this exploit only a Proof Of Concept?
Module description: Type a description about this exploit to explain the impact, severity and what is affected by this exploit.
Once you are ready, click on "Finish" to drop your code into the exploit you have created.
The exploit has now been added to the database of Exploit Pack, you should be able to find it through the search box or directly under the exploit tree, as shown in the following screenshot:
What's next? Write your own exploit! Do you need help with that? Join our community chat on discord!
Besides the described features Exploit Pack has a built-in editor to help you modify your exploit code on the fly in any language, with syntax highlighting, autocompletion, and handy features like directly adding shellcodes, cyclic patterns and searching for offsets to name a few.
This becomes useful when you have that latest exploit and it needs to quickly be adapted to the needs of the targeted environment. Using Vi, Emacs, Notepad++ could work but if you are serious about it then an editor like this is what you need, one screen with your favourite debugger and the other with Exploit Pack to directly adapt the code as fast as you can type.
How to access the autocompletion: CTRL+SPACE and navigate the menu with the arrow keys.
After you have edited your exploit just click on the "Save" button to save your changes. You can then click "Execute Exploit" to launch it or from the right top corner. Debug: to run it on a local console.
Another useful function is "Import Module". From the top menu bar go to "File" and "New module" this will open a new window in which you can export your .XML file to have your module saved and share it or simply use it again later.
Working on something important? Back up your work! Select File -> Backup Exploits
Then you can navigate to your Exploit Pack root folder where you will find a backup-compressed file with your current exploits.
Last updated