x
Contents in Detail
Packers ............................................................................................................... 107
A Final Note on Antivirus Software Evasion ............................................................. 108
8
EX PLOITATION USING CLIENT-SIDE ATTACKS
How Browser-Based Exploits Work ............................................................ 111
Looking at NOPs ..................................................................................... 112
Using Immunity Debugger to Decipher NOP Shellcode ............................................. 112
Exploring the Internet Explorer Aurora Exploit .......................................................... 116
File Format Exploits .............................................................................................. 119
Sending the Payload ............................................................................................ 120
Wrapping Up ...................................................................................................... 121
Auxiliary Modules in Use ...................................................................................... 126
Anatomy of an Auxiliary Module ............................................................................ 128
Going Forward .................................................................................................... 133
Configuring the Social-Engineer Toolkit ................................................................... 136
Spear-Phishing Attack Vector ................................................................................. 137
Web Attack Vectors .............................................................................................. 142
Java Applet ............................................................................................ 142
Client-Side Web Exploits .......................................................................... 146
Username and Password Harvesting .......................................................... 148
Tabnabbing ............................................................................................ 150
Man-Left-in-the-Middle .............................................................................. 150
Web Jacking .......................................................................................... 151
Putting It All Together with a Multipronged Attack ........................................ 153
Infectious Media Generator ................................................................................... 157
Teensy USB HID Attack Vector ............................................................................... 157
Additional SET Features ........................................................................................ 160
Looking Ahead .................................................................................................... 161
SQL Injector—Query String Attack ............................................................. 165
SQL Injector—POST Parameter Attack ........................................................ 166
Manual Injection ..................................................................................... 167
MSSQL Bruter ......................................................................................... 168
SQLPwnage ............................................................................................ 172
Binary-to-Hex Generator ........................................................................................ 174
Mass Client-Side Attack ........................................................................................ 175
A Few Words About Automation ............................................................................ 176