286
INDEX
Base64, 102, 189, 193–194
binaries, creating with
msfpayload
,
100–101
Binary paste option, Immunity
Debugger window, 113
binary-to-hex generator, Fast-Track
tool, 174
Binary to Hex Payload Converter,
Fast-Track, 174
bin/dict/wordlist.txt file
, Fast-Track, 169
bind shell, 8, 70
bind_tcp
format, 113
bind_tcp
payload, 281
blank password, 53, 84
Blowfish encryption algorithm,
RATTE, 160
breakpoint, in Immunity Debugger
window, 113
browser_autopwn
server, 179
browser-based exploits, 110–112
browser exploit menu,
armitage
, 11–12
brute force attack, Apache Tomcat,
260–261
brute forcing ports, 71–72
buffer overflow exploits, porting to
Metasploit, 216–226
adding randomization, 222–223
completed module, 224–226
configuring exploit definition,
219–220
implementing features of the Frame-
work, 221–222
removing dummy shellcode, 223–224
removing NOP Slide, 223
stripping existing exploit, 218–219
testing base exploit, 220–221
Burp Suite, 253
C
captive portal, Karmetasploit, 182
check
command, 276
Check Names button, Login-New
window, 272
CIDR (Classless Inter-Domain Routing)
notation, 22, 44
clearev
command, 279
client.framework.payloads.create(payload)
function, 246
client-side attacks, 109–121
browser-based exploits, 110–112
file format exploits, 119–120
Internet Explorer Aurora exploit,
116–119
sending malicious file, 120–121
web exploits, 146–148
cmd_exec(cmd)
function, 242
cmd
variable, 188
cnt
counter, 194
code reuse, and modules, 196
Collab.collectEmailInfo
Adobe
vulnerability, 139
commands
for Meterpreter, 80–82, 277–279
keystroke logging, 81–82
post exploitation, 282–283
screenshot
command, 80–81
sysinfo
command, 81
for
msfcli
, 281
for
msfconsole
, 275–277
for
msfencode
, 280
for
msfpayload
, 280
command shell, dropping into, 283
Common Vulnerabilities and Expo-
sures (CVE) numbers, 42
community strings, 30
Conficker worm, 59
connect
command, 9
Convert::ToByte
, 193
copycat domain name, 142
covert penetration testing, 4, 5
credentialed scan, 43
Credential Harvester
option, SET
main menu, 149
credential harvesting, 149, 153–154,
181–182
cross-site scripting (XSS)
vulnerability, 150
C-style output, 12
CTRL
-C shortcut, 149
CTRL
-W shortcut, in
Nano
, 188
CTRL
-Z shortcut, 86, 97
custom scanners, for intelligence
gathering, 31–33
CVE (Common Vulnerabilities and
Exposures) numbers, 42
D
Dai Zovi, Dino, 177
databases, working with in Metasploit,
20–25
Data Execution Prevention (DEP), 65
data/templates/template.exe
template, 105