31 lines
1.5 KiB
Markdown
31 lines
1.5 KiB
Markdown
|
The Local Exploit Suggester is a post-exploitation module that you can use to check a system for local vulnerabilities. It performs local exploit checks; it does not actually run any exploits, which is useful because this means you to scan a system without being intrusive. In addition to being stealthy, it's a time saver. You don't have to manually search for local exploits that will work; it'll show you which exploits the target is vulnerable to based on the system's platform and architecture.
|
||
|
|
|
||
|
|
The Local Exploit Suggester is available for Python, PHP, and Windows Meterpreter.
|
||
|
|
|
||
|
|
|
||
|
|
## Vulnerable Application
|
||
|
|
|
||
|
|
To use the Local Exploit Suggester:
|
||
|
|
|
||
|
|
* You must have an open Meterpreter session.
|
||
|
|
|
||
|
|
## Verification Steps
|
||
|
|
|
||
|
|
Please see the Overview section.
|
||
|
|
|
||
|
|
##Options
|
||
|
|
|
||
|
|
You can set the following options for the Local Exploit Suggester:
|
||
|
|
|
||
|
|
* **showdescription** - Set this option to true to see more details about each exploit.
|
||
|
|
|
||
|
|
|
||
|
|
## Scenarios
|
||
|
|
|
||
|
|
When the Local Exploit Suggester runs, it displays a list of local exploits that the target may be vulnerable to, and it tells you the likelihood of exploitation.
|
||
|
|
|
||
|
|
The following terms are used to help you understand how vulnerable a target is to a particular exploit:
|
||
|
|
|
||
|
|
* **Vulnerable** - Indicates that the target is vulnerable.
|
||
|
|
* **Appears** - Indicates that the target may be vulnerable based on the file version, but the vulnerable code has not been tested.
|
||
|
|
* **Detected** - Indicates that the target has the file, but it cannot be determined whether or not the target is vulnerable.
|