INDEX
289
Immunity Debugger, 112–115, 200,
201, 208
F2 shortcut, 113, 114, 208
F5 shortcut, 114
F7 shortcut, 114, 208
impersonate_token DOMAIN_NAME\\
USERNAME
command, 278
INC ECX
instructions, 209
include Msf::Exploit::Remote::
BrowserAutopwn:
directive, 179
include
statement, 188
incognito
command, 88, 282
incremental IP IDs, 22
indirect information gathering, 16
Infectious Media Generator, 157
info
command, 63, 126, 130, 205, 275
init.d
scripts, 20
initialization constructor, 130
'INJECTHERE
, SQL injection, 165
insecure.org
site, 257
INT3 instructions, 222, 223
intelligence gathering, 15–33
active information gathering, port
scanning, 18–26
custom scanners for, 31–33
passive information gathering, 16–18
using Netcraft, 17
using
nslookup
, 18
whois
lookups, 16–17
phase of PTES, 2
simulated penetration test, 252–253
targeted scanning, 26–31
FTP scanning, 29
for Microsoft SQL Servers, 27–28
SMB
scanning, 26–27
SNMP sweeping, 30–31
SSH server scanning, 28
Intel x86 architecture,
NOP
, 111, 112
interactive Ruby shell, 241
interfaces, for Metasploit, 8–12
armitage
, 11–12
msfcli
, 9–11
msfconsole
, 9
Internet-based penetration tests, 19
Internet Control Message Protocol
(ICMP), 19
Internet Explorer 7 Uninitialized Mem-
ory Corruption (MS09-002), 155
Internet Explorer Aurora exploit,
116–119, 147
Internet Information Server (IIS), 269
Internet Message Access Protocol
(IMAP) fuzzer, 198
intrusion detection systems (IDS), 13,
18, 229
intrusion prevention system (IPS), 18,
110, 252
IP address, using Netcraft to find, 17
ipidseq
scan, 22
IPS (intrusion prevention system), 18,
110, 252
irb
command, 241, 242
irb
shell, 97
is_admin?()
function, 243
is_uac_enabled?()
function, 243
ISO disc image, VMware Player, 268
J
Java applet attack, 136, 142–146,
153–154, 156
Java Applet Attack Method
option, SET
main menu, 144, 154
Java Development Kit (JDK), Java applet
attack, 136
JavaScript output, 12
JDK (Java Development Kit), Java applet
attack, 136
jduck, 79
JMP ESP address, 221
jmp esp
command, 14
JMP instruction set, 216
K
KARMA, 177–178
karma.rc
file, 178, 182
Karmetasploit, 177–184
configuring, 178–179
credential harvesting, 181–182
getting shell, 182–184
launching attack, 179–181
Kelley, Josh, 185
Kennedy, David, 79, 135, 163, 185, 248
Kerberos token, 87, 89
keylog_recorder
module, 82
keystroke logging, for Meterpreter,
81–82
keyscan_dump
command, 279
keyscan_start
command, 279
keyscan_stop
command, 279
keystrokes, capturing, 282
Killav, 93, 282