xii
Contents in Detail
Meterpreter Scripting Basics .................................................................................. 235
Meterpreter API .................................................................................................... 241
Printing Output ........................................................................................ 241
Base API Calls ........................................................................................ 242
Meterpreter Mixins .................................................................................. 242
Rules for Writing Meterpreter Scripts ...................................................................... 244
Creating Your Own Meterpreter Script .................................................................... 244
Wrapping Up ...................................................................................................... 250
Pre-engagement Interactions .................................................................................. 252
Intelligence Gathering ........................................................................................... 252
Threat Modeling .................................................................................................. 253
Exploitation ......................................................................................................... 255
Customizing MSFconsole ...................................................................................... 255
Post Exploitation ................................................................................................... 257
Scanning the Metasploitable System .......................................................... 258
Identifying Vulnerable Services ................................................................. 259
Attacking Apache Tomcat ..................................................................................... 260
Attacking Obscure Services ................................................................................... 262
Covering Your Tracks ........................................................................................... 264
Wrapping Up ...................................................................................................... 266
A
CONFIGURING YOUR TARGET MACHINES
Installing and Setting Up the System ....................................................................... 267
Booting Up the Linux Virtual Machines .................................................................... 268
Setting Up a Vulnerable Windows XP Installation ..................................................... 269
Configuring Your Web Server on Windows XP ........................................... 269
Building a SQL Server .............................................................................. 269
Creating a Vulnerable Web Application .................................................... 272
Updating Back|Track .............................................................................. 273
MSFconsole Commands ........................................................................................ 275
Meterpreter Commands ........................................................................................ 277
MSFpayload Commands ....................................................................................... 280
MSFencode Commands ........................................................................................ 280
MSFcli Commands ............................................................................................... 281
MSF, Ninja, Fu .................................................................................................... 281
MSFvenom .......................................................................................................... 281
Meterpreter Post Exploitation Commands ................................................................ 282
285