Exploits

High-quality exploits are a double-edged sword. Pentesters can use them to get into your network. But they also give security engineers the ability to verify they have patched or protected a computer sufficiently. The exploits available in the store are two different types of Metasploit modules. Exploit modules are what most people associate with Metasploit. These modules generally give you remote shell access to a vulnerable machine. The other type of exploits available in the store are called auxiliary modules. Auxiliary modules generally attempt to exploit vulnerabilities that yield some sort of information disclosure (such as SQL injection or file disclosure), but do not yield remote shell access to the vulnerable machine directly.

Using exploit and auxiliary modules

While exploit and auxiliary modules share some similarties, there are important differences as well. Let's go over some of the similarities and differences between the two types of modules.

Using exploit modules

Exploit modules are meant to provide remote shell access to a vulnerable computer by exploiting a vulnerability, such as a buffer overflow or arbitrary file upload mechanism. Sometimes these modules abuse administrative functionality that is intended by design. These are the best types of exploits because they generally aren't patched. The downside for these administrative modules is that they generally require valid credentials to use.

For example, here is using our Splunk bruteforce and exploit module to gain a remote shell on a Splunk search head.

Using auxiliary modules

Auxiliary modules are meant to make exploiting vulnerabilities that don't necessarily allow for remote shell access, but still can provide useful information from an attacker's standpoint. Many times, as an example, auxiliary modules might exploit a SQL injection in order to read and store all the usernames and password hashes from the vulnerable application's database. Like the exploit modules, sometimes these abuse administrative functionality and may require valid credentials.

Here is an example run of one of our exploits running against a vulnerable MantisBT instance to reset a password.