290
INDEX
L
LAN Manager (LM) hashes, 82, 84
LHOST
option, 62, 67, 86, 91, 96, 181,
246, 276
lib/msf/core/exploit/http.rb
file, 130
Linux system
dumping hashes on, 283
Metasploitable virtual machine, 251
as target machine, 268
LIST
command, 197, 199
listener, 8
listener handler, 86
list_tokens -g
command, 278
list_tokens -u
command, 88, 278
little-endian format, 207, 221
LM (LAN Manager) hashes, 82, 84
load auto_add_route
command, 91,
256, 258
load nessus
command, 49
load nexpose
command, 43
load sounds
command, 72
Local System option, SQL Server Con-
figuration Manager window, 271
Log on as option, SQL Server Configu-
ration Manager window, 271
LPORT
option, 62, 67, 72, 86, 96, 246
lsass.exe
process, 117
ls
command, 277
M
Macaulay, Shane, 177
MailCarrier 2.51 SMTP commands, 216
mailcarrier_book.rb
file, 220
MailCarrier exploit, 218
make_nops()
function, 223
malicious ActiveX control, 184
malicious files, 119
Management and Monitoring Tools
checkbox,
Windows Components
Wizard
, 269
man-left-in-the-middle attack, 150
mass brute force attack,
SQLPwnage, 172
mass client-side attack, 175–176
mass emails, 142
mass scan and dictionary brute option,
Fast-Track, 169
McAfee antivirus software, 80
MD5 checksum, 242
Melvin, John, 163
Memelli, Matteo, 197
MessageBoxA
function, 97
messages
log file, 180
Metasploitable, 251–252, 262
Metasploit Browser Exploit Method
option, SET main menu,
147, 154
Metasploit client-side exploit, 153–154
Metasploit Express, vs. Pro, 14
Metasploit Framework (MSF), 7–14
interfaces for, 8–12
armitage
, 11–12
msfcli
, 9–11
msfconsole
, 9
terminology in, 7–8
utilities for, 12–14
msfencode
, 13
msfpayload
, 12–13
nasm shell
, 13–14
working with databases in, 20–25
Metasploit listener, 141, 256
Metasploit Pro, vs. Express, 14
Meterpreter, 75–97
commands for, 80–82, 277–279
keystroke logging, 81–82
post exploitation, 282–283
screenshot, 80–81
sysinfo, 81
compromising Windows XP virtual
machine, 76–82
attacking MS SQL, 76–78
brute forcing MS SQL server,
78–79
scanning for ports with
nmap
, 76
xp_cmdshell
, 79–80
manipulating Windows APIs with
Railgun add-on, 97
and password hashes, 82–84
dumping, 83–84
extracting, 82–83
passing, 84–85
pivoting with, 89–91
post exploitation modules for, 95
privilege escalation with, 85–87
scripts for, 92–95
API for, 241–244
creating, 244–250
hashdump
, 93
killav
, 93
migrate
, 92–93
overview, 235–241
packetrecorder
, 93
persistence
, 94–95