background image

292

INDEX

MSSQL Injector option, 165

mssql_login

 module, 78–79

mssql_payload

 exploit, and 

PowerShell, 189

mssql_payload

 module, 79–80

mssql_ping

 module, 27, 77–78

mssql_powershell

 module, 185

mssql_powershell.rb

 file, 189, 191, 195

mssql.rb

 file, 188, 191, 192, 195

Mudge, Raphael, 11
multi-attack vector, 153–157

Multi-Attack Web Method

 option, SET 

main menu, 154

multi-encoding, 103–104
multi-handler, Meterpreter sessions, 239
multi-handler listener, 120

multi/handler

 module, 100–101, 249

multi/http/tomcat_mgr_deploy

 exploit, 261

multi_meter_inject

 command, 235, 237

Muts, 226

N

Nano, 

CTRL

-W shortcut, 188

nasm shell

, 13–14

nasm_shell.rb

 utility, 13

NAT (Network Address Translation), 25
Nessus, 44–51

Add button, 45, 47
Bridge plug-in, 49–50
Browse button, 47
configuring, 44–45
creating scan policy, 45–47
Discovered Assets section, 40
General settings, 46
Home Feed, 44
importing report from, 48–49
Launch Scan button, 47

nessus_connect

 command, 50

.nessus 

file format, 48

nessus_help

 command, 49

nessus_report_get

 command, 50

nessus_report_list

 command, 50

nessus_scan_new

 command, 50

nessus_scan_status

 command, 50

Nessus window, 44–45
Plugins page, 46
Policies tab, 45
Preferences page, 47
reports in, 47–48
running scan, 47
scanning from within Metasploit, 

49–51

Scans tab, 45, 47
Submit button, 47, 48
Users tab, 45

netcat 

listener, 32, 36

Netcraft, passive information gathering 

using, 17

Netgear switch, 30

net localgroup administrators metasploit 

/ADD

 command, 187

netstat -an

 command, 114

net user

 command, 85

NetWin SurgeMail 3.8k4-4 

vulnerability, 197

Network Address Translation (NAT), 25
Network Connections Control Panel, 

Windows XP, 269

Network Service account, 271
New Database option, SQL Server Man-

agement Studio Express, 272

New Login option, User Properties 

window, 272

New Table option, SQL Server Manage-

ment Studio Express, 272

NeXpose, 37–44

Administration tab, 37
Assets tab, 37
configuring, 37–42
Community edition, 37
Credentials tab, 38
Devices tab, 38
Home tab, 39
importing report from, 42–43
NeXpose Simple XML Export 

option, 41

New Login button, 38
New Manual Scan button, 39
New Report button, 41
New Site button, 38
New Site wizard, 39
Report Configuration wizard, 42
Report format field, 41
running within 

msfconsole

, 43–44

Scan Progress section, 40
Scan Setup tab, 38
Select Devices dialog, 42
Select Sites button, 41
Start New Scan dialog, 39
Start Now button, 39
Test Login button, 38
Vulnerabilities tab, 37

nexpose_connect -h

 command, 43

nexpose_scan

, 43