288
INDEX
F
false negatives, in vulnerability scans, 36
false positives, in vulnerability scans, 36
fasttrack-launching
command, 163
Fast-Track tool, 163–176
binary-to-hex generator, 174
defined, 79
main menu
BLIND
SQL Injection attacks, 173
ERROR BASED
SQL Injection
attacks, 173
Mass Client-Side Attack
option, 75
Metasploit Meterpreter Reflective
Reverse TCP
option, 173
mass client-side attack, 175–176
Microsoft SQL injection with,
164–174
manual injection, 167–168
MSSQL Bruter, 168–172
POST parameter attack, 166–167
query string attack, 165–166
SQLPwnage
, 172–174
file exploits
file format exploits, 119–120
sending a malicious file, 120–121
file format vulnerability, 121
File Transfer Protocol (FTP)
scanning, 29
service, 269
Find SQL Ports option, Fast-Track, 169
fingerprinting targets, 5
Follow address in stack option,
Immunity Debugger, 201
forensics analysis, 264
Foursquare credentials, 132
Foursquare service, 132
FTP (File Transfer Protocol)
scanning, 29
service, 269
FTP (File Transfer Protocol) Service
checkbox, 269
ftp_version
module, 29
Furr, Joey, 163
fuzzed
variable, 199
fuzzers
directory, 124
fuzzing, 198–201
fuzz string, 199
G
Gates, Chris, 129
generate_seh_payload
function, 230
generic/debug_trap
payload, 208, 220
getgui
script, 257
GET HTTP
request, 36
getprivs
command, 279
getsystem
command, 86, 119, 249,
278, 282
getuid
command, 86
Google, to identify potential
vulnerabilities, 260
H
h2b
conversion method, 193
Hadnagy, Chris, 135
hashdump
command, 83, 84, 93, 95,
279, 282
hashdump
post exploitation module, 82
haystack, 111
heap, 111
heap-based attack, 70
heap spraying technique, 111
help
command, 9, 43, 80, 277
hex-blob, 185
host_process.memory.allocate
function, 238
host_process.memory.write
function, 239
host_process.thread.create
function, 239
HTTP (HyperText Transfer Protocol)
man-left-in-the-middle attack, 150
PUT
command, 264
PUT
method, 261
HVE, Patrick, 97
HyperText Transfer Protocol (HTTP).
See
HTTP (Hyper Text Trans-
fer Protocol)
I
ICMP (Internet Control Message
Protocol), 19
IDS (intrusion detection systems), 13,
18, 229
idx
counter, 194
iexplorer.exe
, 113, 117, 237
iframe injection, 147
iframe replacement, 151
IIS (Internet Information Server), 269
IMAP (Internet Message Access Proto-
col) fuzzer, 198