All this time you were just using mainstream exploits which were famous but old. They worked well, but only with old unpatched operating systems, not the updated ones. Now it's time to move on to the next step. Our poor experience against Windows 8 and Java 7u60 left us shattered, and we realized that fully patched and updated machines with strong antivirus and firewall can be pretty hard to break into. Now we will move into the world of real pentesting, and the first step would be introduction to exploit-db. (If you don't want the theory and just want to know how to use the exploits, keep scrolling till you see bold text, some of which is in red and/or blue. Just keep using those commands and you'll be done or click here to skip to that part) Exploit-db As usual, a few official words from the developers before I express my personal views. The Exploit Database is the ultimate archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. (offensive security) Some more The Exploit Database is a CVE-Compatible Database and (where applicable) CVE numbers are assigned to the individual exploit entries in the database. The public database archive does not contain the mapped CVE numbers, but we make them available to our partnering organizations, making links to The Exploit Database entries available within their products. As many exploit developers lament, it is frequently more difficult to locate a vulnerable application than it is to take a public proof of concept and change it into a working exploit. For this reason, The Exploit Database also hosts the vulnerable application versions whenever possible. In addition, the team of volunteers that maintain the site also make every effort to verify the submitted exploits and a visual indicator is provided whether or not a successful verification was performed. (Offensive Security) Now, what exploit db really is, is nothing more than a database where the pentestors who write an exploit for a vulnerability upload the source code of the exploit of other pentestors too see. It is maintained by Offensive Security (the force behind Backtrack, Kali, Metasploit Unleashed). The exploit-db.com site itself is pretty easy to navigate, and you can find all sorts of exploits there. Just finding an exploit, however, is not enough, as you need to add it to Metasploit in order to use it. Adobe Flash Player Shader Buffer Overflow This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on IE 6 to IE 11 with Flash 11, Flash 12 and Flash 13 over Windows XP SP3, Windows 7 SP1 and Windows 8. (rapid7) Now the site suggest that the exploit can be found here. exploit/windows/browser/adobe_flash_pixel_bender_bof But using the command use exploit/windows/browser/adobe_flash_pixel_bender_bof shows that the exploit is not in Metasploit yet (chances are good it's there if you update metasploit regularly or if you are reading this tutorial a long time after it was written. Either ways, the method will not differ even if the exploit is already there, so don't worry. Also you can use a different exploit as per your liking, and just replace the name wherever you see it being used in commands) Now, there are two alternates. First, update the metasploit framework using msfupdate This will update the framework with new modules. The second alternate the to download the exploit from exploit-db, then put it in the ~/.msf4/modules/exploit/<your_folder> directory. Any exploit put here will be detected my Metasploit when it starts. It will show up when you type use /exploit/your_folder/exploit_name. An important point here is while the <your_folder is arbitrary and can be set to any value, it is recommended to use a proper directory structure. For example, this exploit should be placed in ~/.msf4/modules/exploit/windows/browser/ directory .Also, it is mandatory to place exploits in a subdirectory of ~/.msf4/modules/exploit/ or you won't be able to use it. For newbies in Linux, here is a detailed step by step guide. Get the exploit For examples sake, we'll use the adobe shader exploit from http://www.exploit-db.com/exploits/33333/ Click on the Save icon to download the exploit. Save it on you Kali Desktop. .msf4 directory method Now if you are not well versed with linux, you will need help with creating the directory and placing files there. Although I'm guiding you how to do it, you should be proficient in linux usage and should be able to do the basic stuff like this atleast. So, you can either use the command to line create the directories or do it using the GUI. Command line method First, say hi to mkdir mkdir --help Usage: mkdir [OPTION]... DIRECTORY... Create the DIRECTORY(ies), if they do not already exist. Mandatory arguments to long options are mandatory for short options too. -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask -p, --parents no error if existing, make parent directories as needed -v, --verbose print a message for each created directory -Z, --context=CTX set the SELinux security context of each created directory to CTX --help display this help and exit --version output version information and exit First we'll move to the already existent directory using (you need to be in root directory for this to work. Type just cd if unsure, it will automatically take you to root directory)[email protected]:~# cd .msf4/modules/ To see what the directory has, execute ls. It will return nothing as the directory is empty. [email protected]:~/.msf4/modules# ls Now we'll use mkdir to create what we need. [email protected]:~/.msf4/modules# mkdir exploits [email protected]:~/.msf4/modules# cd exploits [email protected]:~/.msf4/modules/exploits# mkdir windows [email protected]:~/.msf4/modules/exploits# cd windows [email protected]:~/.msf4/modules/exploits/windows# mkdir browser [email protected]:~/.msf4/modules/exploits/windows# cp If you read the mkdir help thing, you might have noticed the -p option. It makes everything much easier. Everything above can be achieved with something as simple as [email protected]:~# mkdir -p ~/.msf4/modules/exploits/windows/browser Now meet cp [email protected]:~/.msf4/modules/exploits/windows# cp --help Usage: cp [OPTION]... [-T] SOURCE DEST or: cp [OPTION]... SOURCE... DIRECTORY or: cp [OPTION]... -t DIRECTORY SOURCE... Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY. Assume you have adobe_flash_pixel_bender_bof.rb file on your desktop. Then use the following commands. [email protected]:~/Desktop# cp adobe_flash_pixel_bender_bof.rb ~/.msf4/modules/exploits/windows [email protected]:~# ls Desktop app.apk [email protected]:~# cd Desktop [email protected]:~/Desktop# cp adobe_flash_pixel_bender_bof.rb ~/.msf4/modules/exploits/windows/browser Now check for yourself [email protected]:~# cd ~/.msf4/modules/exploits/windows/browser [email protected]:~/.msf4/modules/exploits/windows/browser# ls adobe_flash_pixel_bender_bof.rb GUI Method Go to computer -> Filesystem->Home. Now you won't see .msf4 there, because the . prefix is for hidden files. So go to view and select show hidden items. Now it will be visible. Now the rest is going to be a piece of cake. Copy the exploit from desktop, and create the directories by using the easy peasy right click -> New folder method. After that just paste the file where it needs to be. You'll be done. Now start msfconsole again or type reload_all to reload the module. This will add the module to metasploit and you can use it as you normally would.