Exploit-DB Issues

Does anyone else have problems compiling / running exploit-db exploits? Almost every one that I use has some sort of compile error or syntax error when I go to run it. Does anyone have suggestions on how to have better success with these exploits?

@sha1ofthedead
U must know programing language like C, C++, python, bash and so on…
You must resolve syntax error by yourself…
and google other errors.
A hacker must know programing language.

Most of the times, the exact compiler flags aren’t listed. So, you essentially need to know what libs an exploit might be linked against (assuming that you talk about C code).
In case of scripting languages, especially for Python, there can be huge differences between the version you use and the version the exploit author used :wink:

@sha1ofthedead said:

Does anyone else have problems compiling / running exploit-db exploits? Almost every one that I use has some sort of compile error or syntax error when I go to run it. Does anyone have suggestions on how to have better success with these exploits?

So without having exact figures, I’d guess ~50% of the code on ExploitDB won’t work out of the box. There are a good few reasons for this.

The main one is that the POC code there is designed for a specific set of circumstances - often its little things like how the victim service is configured or specific environments.

Remember. ExploitDB isn’t trying to give you a compile-once-run-everywhere solution, its showing you a proof of concept for an exploit. If you want to to work in a specific situation, most of the time you need to reconfigure it to make it work rather than try a click-click-pwn. As @HomeSen has mentioned the lack of configuration/compiler details can cause massive issues.

Just to add to the problem, most box creators are aware of whats on ExploitDB and will make modifications to their boxes so the default exploit doesn’t work.

It helps to look at ExploitDB as a starting point to build your own stuff rather than relying on a compile the POC solution. (Although I agree this is easier said than done!)