background image

294

INDEX

porting exploits to Metasploit, 215–233

assembly languages, 216
buffer overflow exploits, 216–226

adding randomization, 222–223
completed module, 224–226
configuring exploit definition, 

219–220

implementing features of the 

Framework, 221–222

removing dummy shellcode, 

223–224

removing NOP Slide, 223
stripping existing exploit, 218–219
testing base exploit, 220–221

SEH overwrite exploit, 226–232

port scanning with 

nmap

, 18–20, 76

portscan syn

 module, 26

post exploitation

modules for Meterpreter, 95
phase of PTES, 3–4

Postfix mail server, 260
PostgreSQL database, 20

postgres 

username, in PostgreSQL 

database, 20

POST parameter attack, Microsoft SQL 

injection, 166–167

POST parameters, 148
PowerShell, 185, 189–190, 192–194

powershell_upload_exec

 function, 191

pre-engagement interactions, 2

print_error()

 function, 242

printing output, for Meterpreter scripts, 

241–242

print_line()

 function, 241

print_status()

 function, 241

priv

 extensions, 86

privilege escalation, 85–87, 119
privilege-escalation attack, 110
PRNG exploit, 262
Process Explorer, Windows, 105
process ID (PID), 236
ProFTPD 1.3.1, 259
protection mechanisms, 283
Protocols for SQLEXPRESS option, 

SQL Server Configuration 
Manager window, 270

Protocol tab, SQL Server Configuration 

Manager window, 270

ps

 command, 81–82, 87–89, 180, 278

PTES (Penetration Testing Execution 

Standard). 

See

 Penetration Test-

ing Execution Standard (PTES)

PureBasic language, 54

PUT 

method, HTTP, 261, 264

PuTTY Windows SSH client, 106

Q

query string attack, Microsoft SQL 

injection, 165–166

Query String Parameter Attack 

option, 165

Quick TFTP Pro 2.1, 226

R

Railgun add-on, manipulating Windows 

APIs with, 97

rainbow table attack, 84
random characters, 229, 230
random dynamic port, TCP, 27
random payload name, 193

rand_text_alpha_upper

 buffer, 223

Rapid7, 37
RATTE (Remote Administration Tool 

Tommy Edition), 160

raw hexadecimal format, convert 

executable to, 192

RDP (Remote Desktop Protocol), 257
read-only (RO) community string, 30
read/write (RW) community string, 30

reboot

 command, 279

reg 

command

 command, 278

regedit

, 95

registry keys, 95
registry manipulation, 243
Remote Administration Tool Tommy 

Edition (RATTE), 160

Remote Desktop Protocol (RDP), 257
remote GUI (VNC), getting, 283
Remote Procedure Call (RPC) 

service, 59

reporting phase of PTES, 4
Reports tab

Nessus, 45, 48
NeXpose home page, 37, 40, 42

Required column, 51

resource

 command, 72

resource files, for exploitation, 72–73

resource karma.rc

 command, 180

resource.rc

 file, 72

restrictions for SEH, 204–206

rev2self

 command, 87, 278

reverse Meterpreter payload, 145, 155