INDEX
295
reverse payload, 62
reverse shell, 8
reverse_tcp
payload, 61, 67, 68
Rex::Text.pattern_create
, 202
Rex::Text.rand_text_alpha
function, 245
RHOST
option, 10, 276
RHOSTS
option, 22–23, 25, 67, 91, 125, 126
RO (read-only) community string, 30
robots.txt
file, 127
root/.msf3/config
directory, 64
root/.msf3/modules/exploits/windows/
imap/
directory, 204
root/.msf3/modules/auxiliary/fuzzers/
directory, 198
route add
command, 91
route
command, 90
route print
command, 90
RPC (Remote Procedure Call)
service, 59
RPORT
option, 10
RSA company, 110
RT73 chipset, 179
Ruby programming language, 185
Ruby shell, 97
rules for Meterpreter scripts, 244
run_batch(batch)
method, 31
run
command, 130, 235, 249
run get_local_subnets
command, 89
run hashdump
command, 93
run_host(ip)
method, 31
run migrate
script, 117
run_range(range)
method, 31
run screen_unlock
command, 92
run scriptname
command, 92, 277
run vnc
command, 92
RW (read/write) community string, 30
S
sa
(system administrator)
account, 77,
79, 168, 186
SAM (Security Account Manager) data-
base, 83, 282
Samba exploit, 69, 90
save
command, 64
scanner/ftp/ anonymous
module, anony-
mous logins, 29
scanner/http
modules, 126
scanner/ip/ipidseq
module, 22
scanner
mixin, 31
scanner/portscan/syn
module, 257
scanner/portscan/tcp
module, 91, 257
scanner/snmp/snmp_enum
module, 30
scanning
Metasploitable system, 258–259
a number of systems, 27
only one system, 27
scan policies, list of available, 50
scraper
command, 93–94
screenshot
command, 80–81, 278
scripts, for Meterpreter, 92–95, 235–250
API for, 241–244
creating, 244–250
hashdump
, 93
killav
, 93
migrate
, 92–93
overview, 235–241
packetrecorder
, 93
persistence
, 94–95
rules for, 244
scraper
, 93–94
--script=smb-check-vulns
plug-in, 65
scripts/meterpreter/
directory, 89, 235, 244
Search button, Login-New window, 272
search
command, 58, 60
search
name
command, 275
search scanner/http
command, 126
Secure Shell (SSH), 28, 259
Secure Sockets Layer (SSL), 31
Security Account Manager (SAM) data-
base, 83, 282
SEH (Structured Exception Handler)
controlling, 201–203
overwrite exploits for, porting to
Metasploit, 226–232
restrictions for, 204–206
three-byte overwrite of the, 207
SEH chain option, Immunity Debugger,
201, 208
send_request_cgi
method, 130
separate process, automigrating to, 282
Server Message Block (SMB).
See
SMB
(Server Message Block)
service_(name)
function, 243
sessions -c
cmd
command, 277
sessions -i 1
command, 68
sessions -i sessionid
, 86
sessions -K
command, 277
sessions -l
command, 68, 86, 276
sessions -l -v
command, 68, 277
sessions -s
script
command, 277
sessions -u 1
command, 96
sessions -u
command, 95
sessions -u
sessionID
command, 277