background image

290

INDEX

L

LAN Manager (LM) hashes, 82, 84

LHOST

 option, 62, 67, 86, 91, 96, 181, 

246, 276

lib/msf/core/exploit/http.rb

 file, 130

Linux system

dumping hashes on, 283
Metasploitable virtual machine, 251
as target machine, 268

LIST

 command, 197, 199

listener, 8
listener handler, 86

list_tokens -g

 command, 278

list_tokens -u

 command, 88, 278

little-endian format, 207, 221
LM (LAN Manager) hashes, 82, 84

load auto_add_route

 command, 91, 

256, 258

load nessus

 command, 49

load nexpose

 command, 43

load sounds

 command, 72

Local System option, SQL Server Con-

figuration Manager window, 271

Log on as option, SQL Server Configu-

ration Manager window, 271

LPORT

 option, 62, 67, 72, 86, 96, 246

lsass.exe 

process, 117

ls

 command, 277

M

Macaulay, Shane, 177
MailCarrier 2.51 SMTP commands, 216

mailcarrier_book.rb

 file, 220

MailCarrier exploit, 218

make_nops()

 function, 223

malicious ActiveX control, 184
malicious files, 119
Management and Monitoring Tools 

checkbox, 

Windows Components 

Wizard

, 269

man-left-in-the-middle attack, 150
mass brute force attack, 

SQLPwnage, 172

mass client-side attack, 175–176
mass emails, 142
mass scan and dictionary brute option, 

Fast-Track, 169

McAfee antivirus software, 80
MD5 checksum, 242
Melvin, John, 163
Memelli, Matteo, 197

MessageBoxA

 function, 97

messages

 log file, 180

Metasploitable, 251–252, 262
Metasploit Browser Exploit Method 

option, SET main menu, 
147, 154

Metasploit client-side exploit, 153–154
Metasploit Express, vs. Pro, 14
Metasploit Framework (MSF), 7–14

interfaces for, 8–12

armitage

, 11–12

msfcli

, 9–11

msfconsole

, 9

terminology in, 7–8
utilities for, 12–14

msfencode

, 13

msfpayload

, 12–13

nasm shell

, 13–14

working with databases in, 20–25

Metasploit listener, 141, 256
Metasploit Pro, vs. Express, 14
Meterpreter, 75–97

commands for, 80–82, 277–279

keystroke logging, 81–82
post exploitation, 282–283
screenshot, 80–81
sysinfo, 81

compromising Windows XP virtual 

machine, 76–82

attacking MS SQL, 76–78
brute forcing MS SQL server, 

78–79

scanning for ports with 

nmap

, 76

xp_cmdshell

, 79–80

manipulating Windows APIs with

 

Railgun add-on, 97

and password hashes, 82–84

dumping, 83–84
extracting, 82–83
passing, 84–85

pivoting with, 89–91
post exploitation modules for, 95
privilege escalation with, 85–87
scripts for, 92–95

API for, 241–244
creating, 244–250

hashdump

, 93

killav

, 93

migrate

, 92–93

overview, 235–241

packetrecorder

, 93

persistence

, 94–95