background image

INDEX

297

SQL injection

attempting to leverage, 254
error message, 255

SQL Injector - Query String Parameter 

Attack

 option, 166

SQL Ping attempt, Fast-Track, 169
SQL Server 2005 Services option, SQL 

Server Configuration Manager 
window, 270

SQL Server Authentication option, SQL 

Server Management Studio 
Express, 272

SQL Server Browser service, 270, 271
SQL Server Configuration Manager win-

dow, 270–271

SQL Server Management Studio Express 

option, Windows XP, 272

SQL Server (SQLEXPRESS) option, 

SQL Server Configuration 
Manager window, 270

SQLPwnage

, Microsoft SQL injection, 

172–174

SRVHOST

 option, 117

SRVPORT

 option, 117

-sS

 

flag, 

nmap

, 19

SSH (Secure Shell), 28, 259

ssh_version

 module, 28

SSL (Secure Sockets Layer), 31

-sT

 flag, 65

stand-alone exploits, 215
Start Mode option, SQL Server Browser 

service, 270

Start MSF option, 

armitage

, 11

Start option, SQL Server Configuration 

Manager window, 271

Status Report

 email template, 140

steal_token

 command, 88

steal_token 

PID

 command, 278

Stealth TCP connect, 65
stealth TCP scan, 252
stored procedure, in SQL Server 2005 

and 2008, 186

Structured Exception Handler (SEH). 

See

 SEH (Structured Exception 

Handler)

Subnet1.xml

 file, 21

sudo

 feature, 248

surgemail.exe

 file, 200, 204

surgemail

 service, 201–202

SurgeMail vulnerability, 204
SVN certificate, 274

svn update command, 274
SYN Port Scanner, 25

sysadmin

 role, 186

sysinfo

 command, 81, 277

SYSTEM-level permissions, 79

T

t

 switch, in 

db_autopwn

 command, 56

TAB

 key, 95, 235

tabnabbing attack, 150
targeted scanning, 26–31

FTP scanning, 29
for Microsoft SQL Servers, 27–28
SMB

 

scanning, 26–27

SNMP sweeping, 30–31
SSH server scanning, 28

target machines, 267–274

Linux, 268
setting up, 267–268
Windows XP, 269–274

configuring web server on, 269
creating vulnerable web applica-

tion, 271–272

MS SQL server on, 269–271
updating Back|Track, 272–274

[target['Ret']].pack('V')

, 221

target return address, 221

'Targets'

 section, 206, 207, 221, 222, 

230

Task Manager, Windows, 117
TCP (Transmission Control Protocol)

Dynamic Ports option, TCP/IP 

Properties dialog, 270

idle scan, 2223
port 80, 36
port 443, 70, 112, 114
port 1433, 27, 76–77, 168, 270
port 4444, 62
random dynamic port, 27
scanning with, 19

TCP/IP option, 270
TCP/IP Properties dialog, 270
technical findings, 4
Teensy USB HID attack vector, 157–160

Temp

 directory, 192

template.pdf

 file, 139

Tenable Security, 44
terminology, in Metasploit, 7–8

text.rb

 file, 223

TFTP (Trivial File Transfer Protocol), 

228–231