Exploiting Scanner Findings
Using Tools
Custom Scripts
You can find exploits for vulnerabilities that wereen't in Metasploit or other framework. Usualy searching for vulnerabilities based on version numbers from the banner grabbing script, you can find exploits in other places. A lot of the time, the scripts will be written exploits will be wrirten in some scripting language.
As a penetration tester, you need to be familiar with how to edit, modify, execute, and understand regardless of the language and be able to understand why an exploit works.
-
How do you run the exploit? What language is it? Do you need to compile it or are there any libraries you need to import?
-
Are there any depedencies required such as a given version of Windows or Linux? DEP or ASLR?
-
Are the EIP addresses or any other registers or padding values hardcoded to specific versions? Do they need to be modified?
-
Will the exploit take down the service? Do you only have one change at compromising the host?