background image

x

Contents in Detail

Packers ............................................................................................................... 107
A Final Note on Antivirus Software Evasion ............................................................. 108

8
EX PLOITATION USING CLIENT-SIDE ATTACKS

109

Browser-Based Exploits ......................................................................................... 110

How Browser-Based Exploits Work ............................................................ 111
Looking at NOPs ..................................................................................... 112

Using Immunity Debugger to Decipher NOP Shellcode ............................................. 112
Exploring the Internet Explorer Aurora Exploit .......................................................... 116
File Format Exploits .............................................................................................. 119
Sending the Payload ............................................................................................ 120
Wrapping Up ...................................................................................................... 121

9
METASPLOIT AUXILIARY MODULES

123

Auxiliary Modules in Use ...................................................................................... 126
Anatomy of an Auxiliary Module ............................................................................ 128
Going Forward .................................................................................................... 133

10
THE SOCIAL-ENGINEER TOOLKIT

135

Configuring the Social-Engineer Toolkit ................................................................... 136
Spear-Phishing Attack Vector ................................................................................. 137
Web Attack Vectors .............................................................................................. 142

Java Applet ............................................................................................ 142
Client-Side Web Exploits .......................................................................... 146
Username and Password Harvesting .......................................................... 148
Tabnabbing ............................................................................................ 150
Man-Left-in-the-Middle .............................................................................. 150
Web Jacking .......................................................................................... 151
Putting It All Together with a Multipronged Attack ........................................ 153

Infectious Media Generator ................................................................................... 157
Teensy USB HID Attack Vector ............................................................................... 157
Additional SET Features ........................................................................................ 160
Looking Ahead .................................................................................................... 161

11
FAST-TRACK

163

Microsoft SQL Injection ......................................................................................... 164

SQL Injector—Query String Attack ............................................................. 165
SQL Injector—POST Parameter Attack ........................................................ 166
Manual Injection ..................................................................................... 167
MSSQL Bruter ......................................................................................... 168
SQLPwnage ............................................................................................ 172

Binary-to-Hex Generator ........................................................................................ 174
Mass Client-Side Attack ........................................................................................ 175
A Few Words About Automation ............................................................................ 176