298
INDEX
THREADS
number
option, 27
THREADS
option, 126
THREADS
value, 22–23, 25, 125
threat modeling
phase of PTES, 2–3
simulated penetration test, 253–255
three-byte overwrite, of SEH, 207
time-based iframe replacement, 151
timestomp
command, 264, 279
token impersonation, with Meterpreter,
87–89
toor
password, in PostgreSQL
database, 20
Total size
value, 205
Transmission Control Protocol (TCP).
See
TCP (Transmission Control
Protocol)
Trivial File Transfer Protocol (TFTP),
228–231
Trojan backdoor, 125
Turn off Automatic Updates option,
Windows XP, 269
Twitter, auxiliary module, 129
types of penetration testing, 4–5
U
UAC (User Account Control), 243, 248
Ubuntu, 68–71, 259–260, 267–268
UDP (User Datagram Protocol)
port 69, 228
port 1434, 27, 77, 168
uictl enable keyboard/mouse
command, 279
unset
command, 63
unsetg
command, 64
upgrading command shell, to
Meterpreter, 95–97
upload
file
command, 279
UPX
packer, 107–108
URIPATH
option, 117
usage
function, 238
use
command, 51, 60, 125, 126, 132, 249
use incognito
command, 88, 278
use multi/handler
command, 94
use
name
command, 276
use priv
command, 83, 86, 119, 278
use scanner/http/webdav_scanner
command, 125
use scanner/mssql/mssql_ping
command, 78
use scanner/portscan/syn
command, 25
use scanner/snmp/snmp_login
module, 30
use sniffer
command, 279
Use them all - A.K.A. 'Tactical Nuke'
option
, SET main menu, 154
use windows/smb/ms08_067_netapi
command, 59
UsePowerShell
method, 190, 191
User Account Control (UAC), 243, 248
User Datagram Protocol (UDP).
See
UDP (User Datagram Protocol)
User Mapping option, User Properties
window, 272
User Properties window, 272
user32.dll
, 97
username harvesting, 148–150
utilities, for Metasploit, 12–14
msfencode
, 13
msfpayload
, 12–13
nasm shell
, 13–14
V
variables, using uppercase characters, 63
VBScript, 95
VenueID, 132
version
command, 72
virtual network computing (VNC)
authentication, 52–54
VMware Player, 268
.vmx
file, 268
VNC (remote GUI), getting, 283
VNC (virtual network computing)
authentication, 52–54
vnc_none_auth
command, 53
vncviewer
, connecting to VNC with no
authentication, 53
VNC window, 92
vulnerability scanning, 35–73
defined, 5
with Nessus, 44–51
configuring, 44–45
creating scan policy, 45–47
importing report from, 48–49
reports in, 47–48
running scan, 47
scanning from within Metasploit,
49–51
with NeXpose, 37–44
configuring, 37–42
importing report from, 42–43
running within
msfconsole
, 43–44
for open VNC authentication, 52–54