294
INDEX
porting exploits to Metasploit, 215–233
assembly languages, 216
buffer overflow exploits, 216–226
adding randomization, 222–223
completed module, 224–226
configuring exploit definition,
219–220
implementing features of the
Framework, 221–222
removing dummy shellcode,
223–224
removing NOP Slide, 223
stripping existing exploit, 218–219
testing base exploit, 220–221
SEH overwrite exploit, 226–232
port scanning with
nmap
, 18–20, 76
portscan syn
module, 26
post exploitation
modules for Meterpreter, 95
phase of PTES, 3–4
Postfix mail server, 260
PostgreSQL database, 20
postgres
username, in PostgreSQL
database, 20
POST parameter attack, Microsoft SQL
injection, 166–167
POST parameters, 148
PowerShell, 185, 189–190, 192–194
powershell_upload_exec
function, 191
pre-engagement interactions, 2
print_error()
function, 242
printing output, for Meterpreter scripts,
241–242
print_line()
function, 241
print_status()
function, 241
priv
extensions, 86
privilege escalation, 85–87, 119
privilege-escalation attack, 110
PRNG exploit, 262
Process Explorer, Windows, 105
process ID (PID), 236
ProFTPD 1.3.1, 259
protection mechanisms, 283
Protocols for SQLEXPRESS option,
SQL Server Configuration
Manager window, 270
Protocol tab, SQL Server Configuration
Manager window, 270
ps
command, 81–82, 87–89, 180, 278
PTES (Penetration Testing Execution
Standard).
See
Penetration Test-
ing Execution Standard (PTES)
PureBasic language, 54
PUT
method, HTTP, 261, 264
PuTTY Windows SSH client, 106
Q
query string attack, Microsoft SQL
injection, 165–166
Query String Parameter Attack
option, 165
Quick TFTP Pro 2.1, 226
R
Railgun add-on, manipulating Windows
APIs with, 97
rainbow table attack, 84
random characters, 229, 230
random dynamic port, TCP, 27
random payload name, 193
rand_text_alpha_upper
buffer, 223
Rapid7, 37
RATTE (Remote Administration Tool
Tommy Edition), 160
raw hexadecimal format, convert
executable to, 192
RDP (Remote Desktop Protocol), 257
read-only (RO) community string, 30
read/write (RW) community string, 30
reboot
command, 279
reg
command
command, 278
regedit
, 95
registry keys, 95
registry manipulation, 243
Remote Administration Tool Tommy
Edition (RATTE), 160
Remote Desktop Protocol (RDP), 257
remote GUI (VNC), getting, 283
Remote Procedure Call (RPC)
service, 59
reporting phase of PTES, 4
Reports tab
Nessus, 45, 48
NeXpose home page, 37, 40, 42
Required column, 51
resource
command, 72
resource files, for exploitation, 72–73
resource karma.rc
command, 180
resource.rc
file, 72
restrictions for SEH, 204–206
rev2self
command, 87, 278
reverse Meterpreter payload, 145, 155