INDEX
287
db_autopwn
command, 56, 277
db_connect
command, 42, 43, 48, 49,
56, 277
db_create
name
command, 277
db_destroy
command, 43, 49, 277
db_hosts
command, 21–22, 27, 42, 44,
48, 51
db_import
command, 21, 42, 48, 56
db_nmap
command, 24, 277
db_owner role membership, User
Properties window, 272
db_services
command, 25
db_status
command, 20
db_vulns
command, 44, 49
debug
command, 192
Defcon 18 Hacking Conference, 185
def exploit
line, 191
def inject
function, 238
def powershell_upload_exec
function, 192
DEP (Data Execution Prevention), 65
desktop screen captures, 80
DHCP (Dynamic Host Configuration
Protocol) server, 178
dhcpd.conf
file, 178
DistCC, 263
DNS (Domain Name System), 17, 175
domain administrator token,
stealing, 282
Domain Admins group, 282
Domain Name System (DNS), 17, 175
download
file
command, 279
Drake, Joshua, 79
drop_token
command, 278
dummy shellcode, 222, 230–231
dumping password hashes, 83–84
Dynamic Host Configuration Protocol
(DHCP) server, 178
dynamic memory allocation, 70
dynamic ports, 168
E
eb
operation code, 209
egg hunter, 204
EHLO
command, 219
EIP (extended instruction pointer)
register, 216, 217, 219, 220
Encase, 265
-EncodedCommand
command, 193, 194
encoders, 13
endian-ness, 207, 221
error message, SQL injection, 255
ESP registers, 216
ESSID, 179
/etc/dhcp3/dhcpd.conf/ etc/dhcp3/
dhcpd.conf.back
command, 178
Ettercap, 175
eventlog_clear(evt = "")
function, 242
eventlog_list()
function, 242
event_manager
tool, 265
evil
string, 207
Excellent ranking
Autopwn tool, 56
encoders, 13
exe
command, 192
execute -f cmd.exe
command, 278
execute_upload.rb
file, 244
exploitation, 57–73
brute forcing ports, 71–72
client-side attacks, 109–121
browser-based exploits, 110–112
file format exploits, 119–120
Internet Explorer Aurora exploit,
116–119
sending a malicious file, 120–121
creating exploits, 197–213
and bad characters, 210–213
controlling SEH, 201–203
and fuzzing, 198–201
getting return address for,
206–210
and SEH restrictions, 204–206
defined, 8
phase of PTES, 3
resource files for, 72–73
simulated penetration test, 255,
257–260
for Ubuntu, 68–71
for Windows XP SP2, 64–68
exploit
command, 68, 70, 91, 97,
187, 276
Exploit Database site, 198
exploit-db
, to identify potential
vulnerabilities, 260
exploit module, 8
exploit
section, 206
Exploits Database, 264
Exploits menu, 164
explorer.exe
process, 82
extended instruction pointer (EIP)
register, 216, 217, 219, 220
extracting password hashes, 82–83