background image

INDEX

287

db_autopwn

 command, 56, 277

db_connect

 command, 42, 43, 48, 49, 

56, 277

db_create 

name

 command, 277

db_destroy

 command, 43, 49, 277

db_hosts

 command, 21–22, 27, 42, 44, 

48, 51

db_import

 command, 21, 42, 48, 56

db_nmap

 command, 24, 277

db_owner role membership, User 

Properties window, 272

db_services

 command, 25

db_status

 command, 20

db_vulns

 command, 44, 49

debug

 command, 192

Defcon 18 Hacking Conference, 185

def exploit

 line, 191

def inject

 function, 238

def powershell_upload_exec

 function, 192

DEP (Data Execution Prevention), 65
desktop screen captures, 80
DHCP (Dynamic Host Configuration 

Protocol) server, 178

dhcpd.conf

 file, 178

DistCC, 263
DNS (Domain Name System), 17, 175
domain administrator token, 

stealing, 282

Domain Admins group, 282
Domain Name System (DNS), 17, 175

download 

file

 command, 279

Drake, Joshua, 79

drop_token

 command, 278

dummy shellcode, 222, 230–231
dumping password hashes, 83–84
Dynamic Host Configuration Protocol 

(DHCP) server, 178

dynamic memory allocation, 70
dynamic ports, 168

E

eb

 operation code, 209

egg hunter, 204

EHLO

 command, 219

EIP (extended instruction pointer) 

register, 216, 217, 219, 220

Encase, 265

-EncodedCommand

 command, 193, 194

encoders, 13
endian-ness, 207, 221

error message, SQL injection, 255
ESP registers, 216
ESSID, 179

/etc/dhcp3/dhcpd.conf/ etc/dhcp3/

dhcpd.conf.back

 command, 178

Ettercap, 175

eventlog_clear(evt = "")

 function, 242

eventlog_list()

 function, 242

event_manager

 tool, 265

evil

 string, 207

Excellent ranking

Autopwn tool, 56
encoders, 13

exe

 command, 192

execute -f cmd.exe 

command, 278

execute_upload.rb

 file, 244

exploitation, 57–73

brute forcing ports, 71–72
client-side attacks, 109–121

browser-based exploits, 110–112
file format exploits, 119–120
Internet Explorer Aurora exploit, 

116–119

sending a malicious file, 120–121

creating exploits, 197–213

and bad characters, 210–213
controlling SEH, 201–203
and fuzzing, 198–201
getting return address for, 

206–210

and SEH restrictions, 204–206

defined, 8
phase of PTES, 3
resource files for, 72–73
simulated penetration test, 255, 

257–260

for Ubuntu, 68–71
for Windows XP SP2, 64–68

exploit

 command, 68, 70, 91, 97, 

187, 276

Exploit Database site, 198

exploit-db

, to identify potential 

vulnerabilities, 260

exploit module, 8

exploit

 section, 206

Exploits Database, 264
Exploits menu, 164

explorer.exe

 process, 82

extended instruction pointer (EIP) 

register, 216, 217, 219, 220

extracting password hashes, 82–83