# Exploit

## Identification

1. Check the version of services
2. Check the service
3. Check the OS version

{% embed url="<https://www.exploit-db.com/search>" %}

## Build C Script

With the update to Kernel 5.18.0-kali7-amd64 in Kali 2022.3 (2022 Kali Rolling release), GCC 12.2.0 no longer includes libraries required by older Linux Kernels. In order to compile C and C++ exploits that can be run on older generation targets (< Kernel 2.6), this is recommendation:

Use gcc with docker

<pre class="language-bash"><code class="lang-bash"><strong>docker pull gcc:4.9
</strong># 4.9: Pulling from library/gcc
# Digest: sha256:6356ef8b29cc3522527a85b6c58a28626744514bea87a10ff2bf67599a7474f5
# Status: Image is up to date for gcc:4.9
# docker.io/library/gcc:4.9


# copy the exploit.c in the current directory
docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:4.9 <a data-footnote-ref href="#user-content-fn-1">gcc -o exploit exploit.c</a>

</code></pre>

```bash
gcc code.c -o programname

#if need 32 bit
gcc -m32 -Wl,--hash-style=both exploit.c -o exploit


# if error when execute binary
./exploit: /lib/tls/libc.so.6: version `GLIBC_2.34' not found (required by ./exploit)

# compile with docker
```

### Compile with Docker

1. Preparation

```
docker pull debian:10
mkdir ~/docker_shared
docker run --name debian10 -v ~/docker_shared:/media -it debian:10 /bin/bash
```

2. Install gcc

```
apt update && apt install gcc-multilib build-essential
```

3. Manage docker

```
docker stop/start debian10

docker exec -it debian10 /bin/bash
```

### Windows

Indicators:

if you see this in c script it should compile with windows:

```c
#include <windows.h>
#pragma comment(lib, "ws2_32")
```

```bash
# install migw32 first

sudo apt install gcc-mingw-w64
```

Compile the script

```bash
# compile
i686-w64-mingw32-gcc code.c -o programname

# if need lib use -l
i686-w64-mingw32-gcc code.c -o programname -l<libname>

# example
i686-w64-mingw32-gcc code.c -o programname -lws2_32
```

run the exe program with [**wine**](https://wiki.winehq.org/Download)**.**

```bash
wine programname.exe
```

if wine have a problem `Error "wine is a 64-bit installation, it cannot be used with a 32-bit wineserver."`go to this website :

<https://forums.linuxmint.com/viewtopic.php?t=74356>

Alternative using [mono](https://www.mono-project.com/docs/getting-started/mono-basics/):

```
sudo apt install mono-runtime
```

Note:

<pre class="language-bash"><code class="lang-bash"><strong>
</strong><strong># win 64
</strong><strong>sudo apt install wine
</strong>

# if need wine 32
dpkg --add-architecture i386 &#x26;&#x26; apt-get update &#x26;&#x26;
apt-get install wine32:i386
</code></pre>

[^1]: this is gcc command


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hacker-mind.gitbook.io/hacker-mind/exploit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.