background image

286

INDEX

Base64, 102, 189, 193–194
binaries, creating with 

msfpayload

100–101

Binary paste option, Immunity 

Debugger window, 113

binary-to-hex generator, Fast-Track 

tool, 174

Binary to Hex Payload Converter, 

Fast-Track, 174

bin/dict/wordlist.txt file

, Fast-Track, 169

bind shell, 8, 70

bind_tcp

 format, 113

bind_tcp

 payload, 281

blank password, 53, 84
Blowfish encryption algorithm, 

RATTE, 160

breakpoint, in Immunity Debugger 

window, 113

browser_autopwn

 server, 179

browser-based exploits, 110–112
browser exploit menu, 

armitage

, 11–12

brute force attack, Apache Tomcat, 

260–261

brute forcing ports, 71–72
buffer overflow exploits, porting to 

Metasploit, 216–226

adding randomization, 222–223
completed module, 224–226
configuring exploit definition, 

219–220

implementing features of the Frame-

work, 221–222

removing dummy shellcode, 223–224
removing NOP Slide, 223
stripping existing exploit, 218–219
testing base exploit, 220–221

Burp Suite, 253

C

captive portal, Karmetasploit, 182

check

 command, 276

Check Names button, Login-New 

window, 272

CIDR (Classless Inter-Domain Routing) 

notation, 22, 44

clearev

 command, 279

client.framework.payloads.create(payload)

 

function, 246

client-side attacks, 109–121

browser-based exploits, 110–112
file format exploits, 119–120

Internet Explorer Aurora exploit, 

116–119

sending malicious file, 120–121
web exploits, 146–148

cmd_exec(cmd)

 function, 242

cmd

 variable, 188

cnt

 counter, 194

code reuse, and modules, 196

Collab.collectEmailInfo

 Adobe 

vulnerability, 139

commands

for Meterpreter, 80–82, 277–279

keystroke logging, 81–82
post exploitation, 282–283

screenshot

 command, 80–81

sysinfo

 command, 81

for 

msfcli

, 281

for 

msfconsole

, 275–277

for 

msfencode

, 280

for 

msfpayload

, 280

command shell, dropping into, 283
Common Vulnerabilities and Expo-

sures (CVE) numbers, 42

community strings, 30
Conficker worm, 59

connect

 command, 9

Convert::ToByte

, 193

copycat domain name, 142
covert penetration testing, 4, 5
credentialed scan, 43

Credential Harvester

 option, SET 

main menu, 149

credential harvesting, 149, 153–154, 

181–182

cross-site scripting (XSS) 

vulnerability, 150

C-style output, 12

CTRL

-C shortcut, 149

CTRL

-W shortcut, in 

Nano

, 188

CTRL

-Z shortcut, 86, 97

custom scanners, for intelligence 

gathering, 31–33

CVE (Common Vulnerabilities and 

Exposures) numbers, 42

D

Dai Zovi, Dino, 177
databases, working with in Metasploit, 

20–25

Data Execution Prevention (DEP), 65

data/templates/template.exe

 template, 105