For Different vulnerability ,different exploits are available.Use the particular exploits that will specifically take advantage of a vulnerability in the system that you are attacking.
Attacker can find the exploit "Online" as well as using the Kali Linux tool "Search sploit".
How to Find The Exploit Online?
Step 1: Start Kali Linux & Open a BrowserLet's start Kali and open a browser, such as Iceweasel, the default browser in Kali. If we use the default browser in Kali, we can see that there is a built-in shortcut to the "Exploit-DB" in the browser shortcut bar, as seen below.
When we click on it, it takes us to the Exploit Database, as seen below.
If you are not using Iceweasel and its built-in shortcut, you can go to following URL www.exploit-db.com in the URL bar.
Step 2: Search the Exploit DatabaseIf we look at the top menu bar in the Exploit Database website,Click On "Search" Tab. When we click on it, it enables us to search the database of exploits and returns a search function screen.
Let's use this search function to find some recent Windows exploits (we are always looking for new Windows exploits, aren't we?). In the search function window, we can enter any of the following information;
Step 3: Open an ExploitFrom the search results page, we can click on any of the two pages of search results and it will take us to the particular exploit. I clicked on the very first exploit in the list "Internet Explorer TextRange Use-After Free (MS14_012)". When I do so, I am brought to a screen that displays the exploit code like that below. I have circled the description in the code of the exploit.
This exploit works against Internet Explorer that was built between August 2013 and March 2014. If you want to use it, you can simply copy and paste this text file and put it into the exploit directory in Metasploit (if you are using an up-to-date version of Metasploit, it is already included). This is a good example of how specific an exploit can be.
How to Find The Exploit Using SearchSploit
searchsploit – a shell script to search a local repository of exploit-db. It will find the different Exploit on the Kali Linux.
Go to the Application > Kali Linux > Exploration Tools > Exploit Database > Select the Searchexploit option.
It will open a searchsploit window
Finding Exploit for Windows :- use the below command
root@kali:~# searchsploit windows
Finding Exploit for Android :- use the below command
root@kali:~# searchsploit android