background image

288

INDEX

F

false negatives, in vulnerability scans, 36
false positives, in vulnerability scans, 36

fasttrack-launching 

command, 163

Fast-Track tool, 163–176

binary-to-hex generator, 174
defined, 79
main menu

BLIND

 SQL Injection attacks, 173

ERROR BASED

 SQL Injection 

attacks, 173

Mass Client-Side Attack

 option, 75

Metasploit Meterpreter Reflective 

Reverse TCP

 option, 173

mass client-side attack, 175–176
Microsoft SQL injection with, 

164–174

manual injection, 167–168
MSSQL Bruter, 168–172
POST parameter attack, 166–167
query string attack, 165–166

SQLPwnage

, 172–174

file exploits

file format exploits, 119–120
sending a malicious file, 120–121

file format vulnerability, 121
File Transfer Protocol (FTP)

scanning, 29
service, 269

Find SQL Ports option, Fast-Track, 169
fingerprinting targets, 5
Follow address in stack option, 

Immunity Debugger, 201

forensics analysis, 264
Foursquare credentials, 132
Foursquare service, 132
FTP (File Transfer Protocol) 

scanning, 29
service, 269

FTP (File Transfer Protocol) Service 

checkbox, 269

ftp_version

 module, 29

Furr, Joey, 163

fuzzed

 variable, 199

fuzzers 

directory, 124

fuzzing, 198–201
fuzz string, 199

G

Gates, Chris, 129

generate_seh_payload

 function, 230

generic/debug_trap

 payload, 208, 220

getgui

 script, 257

GET HTTP 

request, 36

getprivs

 command, 279

getsystem

 command, 86, 119, 249, 

278, 282

getuid

 command, 86

Google, to identify potential 

vulnerabilities, 260

H

h2b

 conversion method, 193

Hadnagy, Chris, 135

hashdump

 command, 83, 84, 93, 95, 

279, 282

hashdump

 post exploitation module, 82

haystack, 111
heap, 111
heap-based attack, 70
heap spraying technique, 111

help

 command, 9, 43, 80, 277

hex-blob, 185

host_process.memory.allocate

 function, 238

host_process.memory.write

 function, 239

host_process.thread.create

 function, 239

HTTP (HyperText Transfer Protocol)

man-left-in-the-middle attack, 150

PUT

 command, 264

PUT

 method, 261

HVE, Patrick, 97
HyperText Transfer Protocol (HTTP). 

See

 HTTP (Hyper Text Trans-

fer Protocol)

I

ICMP (Internet Control Message 

Protocol), 19

IDS (intrusion detection systems), 13, 

18, 229

idx

 counter, 194

iexplorer.exe

, 113, 117, 237

iframe injection, 147
iframe replacement, 151
IIS (Internet Information Server), 269
IMAP (Internet Message Access Proto-

col) fuzzer, 198