Identifying CVE

  • CMS Name exploit as google search --> Rapid 7 will provide t CVE ID (mostly) --> Search CVE ID --> CVE Mitre site provides information about the exploit
  • CVE-ID github provides opensource exploit scripts


  • When ever you face an RCE exploit first check with a ping command because some RCE's are blind RCE (meaning the oupt for whoami /other commands will not be shown )