background image

INDEX

289

Immunity Debugger, 112–115, 200, 

201, 208 

F2 shortcut, 113, 114, 208
F5 shortcut, 114
F7 shortcut, 114, 208

impersonate_token DOMAIN_NAME\\

USERNAME

 command, 278

INC ECX

 instructions, 209

include Msf::Exploit::Remote::

BrowserAutopwn:

 directive, 179

include

 statement, 188

incognito

 command, 88, 282

incremental IP IDs, 22
indirect information gathering, 16
Infectious Media Generator, 157

info

 command, 63, 126, 130, 205, 275

init.d 

scripts, 20

initialization constructor, 130

'INJECTHERE

, SQL injection, 165

insecure.org

 site, 257

INT3 instructions, 222, 223
intelligence gathering, 15–33

active information gathering, port 

scanning, 18–26

custom scanners for, 31–33
passive information gathering, 16–18

using Netcraft, 17
using 

nslookup

, 18

whois

 lookups, 16–17

phase of PTES, 2
simulated penetration test, 252–253
targeted scanning, 26–31

FTP scanning, 29
for Microsoft SQL Servers, 27–28
SMB

 

scanning, 26–27

SNMP sweeping, 30–31
SSH server scanning, 28

Intel x86 architecture, 

NOP

, 111, 112

interactive Ruby shell, 241
interfaces, for Metasploit, 8–12

armitage

, 11–12

msfcli

, 9–11

msfconsole

, 9

Internet-based penetration tests, 19
Internet Control Message Protocol 

(ICMP), 19

Internet Explorer 7 Uninitialized Mem-

ory Corruption (MS09-002), 155

Internet Explorer Aurora exploit, 

116–119, 147

Internet Information Server (IIS), 269

Internet Message Access Protocol 

(IMAP) fuzzer, 198

intrusion detection systems (IDS), 13, 

18, 229

intrusion prevention system (IPS), 18, 

110, 252

IP address, using Netcraft to find, 17

ipidseq

 scan, 22

IPS (intrusion prevention system), 18, 

110, 252

irb

 command, 241, 242

irb

 shell, 97

is_admin?()

 function, 243

is_uac_enabled?()

 function, 243

ISO disc image, VMware Player, 268

J

Java applet attack, 136, 142–146, 

153–154, 156

Java Applet Attack Method

 option, SET 

main menu, 144, 154

Java Development Kit (JDK), Java applet 

attack, 136

JavaScript output, 12
JDK (Java Development Kit), Java applet 

attack, 136

jduck, 79
JMP ESP address, 221

jmp esp 

command, 14

JMP instruction set, 216

K

KARMA, 177–178

karma.rc

 file, 178, 182

Karmetasploit, 177–184

configuring, 178–179
credential harvesting, 181–182
getting shell, 182–184
launching attack, 179–181

Kelley, Josh, 185
Kennedy, David, 79, 135, 163, 185, 248
Kerberos token, 87, 89

keylog_recorder

 module, 82

keystroke logging, for Meterpreter, 

81–82

keyscan_dump

 command, 279

keyscan_start

 command, 279

keyscan_stop

 command, 279

keystrokes, capturing, 282
Killav, 93, 282