background image

INDEX

295

reverse payload, 62
reverse shell, 8

reverse_tcp

 payload, 61, 67, 68

Rex::Text.pattern_create

, 202

Rex::Text.rand_text_alpha

 function, 245

RHOST

 option, 10, 276

RHOSTS

 option, 22–23, 25, 67, 91, 125, 126

RO (read-only) community string, 30

robots.txt

 file, 127

root/.msf3/config

 directory, 64

root/.msf3/modules/exploits/windows/

imap/

 directory, 204

root/.msf3/modules/auxiliary/fuzzers/

 

directory, 198

route add

 command, 91

route

 command, 90

route print

 command, 90

RPC (Remote Procedure Call) 

service, 59

RPORT

 option, 10

RSA company, 110
RT73 chipset, 179
Ruby programming language, 185
Ruby shell, 97
rules for Meterpreter scripts, 244

run_batch(batch)

 method, 31

run

 command, 130, 235, 249

run get_local_subnets

 command, 89

run hashdump

 command, 93

run_host(ip)

 method, 31

run migrate

 script, 117

run_range(range)

 method, 31

run screen_unlock

 command, 92

run scriptname

 command, 92, 277

run vnc

 command, 92

RW (read/write) community string, 30

S

sa

 

(system administrator)

 

account, 77, 

79, 168, 186

SAM (Security Account Manager) data-

base, 83, 282

Samba exploit, 69, 90

save

 command, 64

scanner/ftp/ anonymous 

module, anony-

mous logins, 29

scanner/http

 modules, 126

scanner/ip/ipidseq

 module, 22

scanner 

mixin, 31

scanner/portscan/syn

 module, 257

scanner/portscan/tcp

 module, 91, 257

scanner/snmp/snmp_enum

 module, 30

scanning

Metasploitable system, 258–259
a number of systems, 27
only one system, 27

scan policies, list of available, 50

scraper

 command, 93–94

screenshot

 command, 80–81, 278

scripts, for Meterpreter, 92–95, 235–250

API for, 241–244
creating, 244–250

hashdump

, 93

killav

, 93

migrate

, 92–93

overview, 235–241

packetrecorder

, 93

persistence

, 94–95

rules for, 244

scraper

, 93–94

--script=smb-check-vulns

 plug-in, 65

scripts/meterpreter/

 directory, 89, 235, 244

Search button, Login-New window, 272

search

 command, 58, 60

search 

name

 command, 275

search scanner/http

 command, 126

Secure Shell (SSH), 28, 259
Secure Sockets Layer (SSL), 31
Security Account Manager (SAM) data-

base, 83, 282

SEH (Structured Exception Handler)

controlling, 201–203
overwrite exploits for, porting to 

Metasploit, 226–232

restrictions for, 204–206
three-byte overwrite of the, 207

SEH chain option, Immunity Debugger, 

201, 208

send_request_cgi

 method, 130

separate process, automigrating to, 282
Server Message Block (SMB). 

See

 SMB 

(Server Message Block)

service_(name)

 function, 243

sessions -c 

cmd

 command, 277

sessions -i 1

 command, 68

sessions -i sessionid

, 86

sessions -K

 command, 277

sessions -l

 command, 68, 86, 276

sessions -l -v

 command, 68, 277

sessions -s 

script

 command, 277

sessions -u 1

 command, 96

sessions -u

 command, 95

sessions -u 

sessionID

 command, 277