background image

298

INDEX

THREADS 

number

 option, 27

THREADS

 option, 126

THREADS

 value, 22–23, 25, 125

threat modeling

phase of PTES, 2–3
simulated penetration test, 253–255

three-byte overwrite, of SEH, 207
time-based iframe replacement, 151

timestomp

 command, 264, 279

token impersonation, with Meterpreter, 

87–89

toor 

password, in PostgreSQL 

database, 20

Total size

 value, 205

Transmission Control Protocol (TCP). 

See

 TCP (Transmission Control 

Protocol)

Trivial File Transfer Protocol (TFTP), 

228–231

Trojan backdoor, 125
Turn off Automatic Updates option, 

Windows XP, 269

Twitter, auxiliary module, 129
types of penetration testing, 4–5

U

UAC (User Account Control), 243, 248
Ubuntu, 68–71, 259–260, 267–268
UDP (User Datagram Protocol)

port 69, 228
port 1434, 27, 77, 168

uictl enable keyboard/mouse

 

command, 279

unset

 command, 63

unsetg

 command, 64

upgrading command shell, to 

Meterpreter, 95–97

upload 

file

 command, 279

UPX

 packer, 107–108

URIPATH

 option, 117

usage

 function, 238

use

 command, 51, 60, 125, 126, 132, 249

use incognito

 command, 88, 278

use multi/handler

 command, 94

use 

name

 command, 276

use priv

 command, 83, 86, 119, 278

use scanner/http/webdav_scanner

 

command, 125

use scanner/mssql/mssql_ping

 

command, 78

use scanner/portscan/syn

 command, 25

use scanner/snmp/snmp_login

 module, 30

use sniffer

 command, 279

Use them all - A.K.A. 'Tactical Nuke' 

option

, SET main menu, 154

use windows/smb/ms08_067_netapi

 

command, 59

UsePowerShell

 method, 190, 191

User Account Control (UAC), 243, 248
User Datagram Protocol (UDP). 

See

 

UDP (User Datagram Protocol)

User Mapping option, User Properties 

window, 272

User Properties window, 272

user32.dll

, 97

username harvesting, 148–150
utilities, for Metasploit, 12–14

msfencode

, 13

msfpayload

, 12–13

nasm shell

, 13–14

V

variables, using uppercase characters, 63
VBScript, 95
VenueID, 132

version

 command, 72

virtual network computing (VNC) 

authentication, 52–54

VMware Player, 268

.vmx

 file, 268

VNC (remote GUI), getting, 283
VNC (virtual network computing) 

authentication, 52–54

vnc_none_auth

 command, 53

vncviewer

, connecting to VNC with no 

authentication, 53

VNC window, 92
vulnerability scanning, 35–73

defined, 5
with Nessus, 44–51

configuring, 44–45
creating scan policy, 45–47
importing report from, 48–49
reports in, 47–48
running scan, 47
scanning from within Metasploit, 

49–51

with NeXpose, 37–44

configuring, 37–42
importing report from, 42–43
running within 

msfconsole

, 43–44

for open VNC authentication, 52–54